From: sthen Date: Sun, 23 Apr 2017 11:37:11 +0000 (+0000) Subject: Some of the LOG_NOTICE messages from PF were seen in normal operations X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=c50ff513ead7a870f854b743e69a6750ba8572f7;p=openbsd Some of the LOG_NOTICE messages from PF were seen in normal operations with certain rulesets and excessively noisy; move them to LOG_INFO (which was previously unused). ok benno@ --- diff --git a/sys/net/pf_lb.c b/sys/net/pf_lb.c index f2509a40228..74acc538b8f 100644 --- a/sys/net/pf_lb.c +++ b/sys/net/pf_lb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_lb.c,v 1.59 2017/02/08 01:20:40 jsg Exp $ */ +/* $OpenBSD: pf_lb.c,v 1.60 2017/04/23 11:37:11 sthen Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -619,9 +619,9 @@ pf_map_addr(sa_family_t af, struct pf_rule *r, struct pf_addr *saddr, return (1); } - if (pf_status.debug >= LOG_NOTICE && + if (pf_status.debug >= LOG_INFO && (rpool->opts & PF_POOL_TYPEMASK) != PF_POOL_NONE) { - log(LOG_NOTICE, "pf: pf_map_addr: selected address "); + log(LOG_INFO, "pf: pf_map_addr: selected address "); pf_print_host(naddr, 0, af); if ((rpool->opts & PF_POOL_TYPEMASK) == PF_POOL_LEASTSTATES) @@ -707,8 +707,8 @@ pf_get_transaddr_af(struct pf_rule *r, struct pf_pdesc *pd, u_int16_t nport; int prefixlen = 96; - if (pf_status.debug >= LOG_NOTICE) { - log(LOG_NOTICE, "pf: af-to %s %s, ", + if (pf_status.debug >= LOG_INFO) { + log(LOG_INFO, "pf: af-to %s %s, ", pd->naf == AF_INET ? "inet" : "inet6", r->rdr.addr.type == PF_ADDR_NONE ? "nat" : "rdr"); pf_print_host(&pd->nsaddr, pd->nsport, pd->af); @@ -815,8 +815,8 @@ pf_get_transaddr_af(struct pf_rule *r, struct pf_pdesc *pd, PF_ACPY(&pd->nsaddr, &nsaddr, pd->naf); PF_ACPY(&pd->ndaddr, &ndaddr, pd->naf); - if (pf_status.debug >= LOG_NOTICE) { - log(LOG_NOTICE, "pf: af-to %s %s done, prefixlen %d, ", + if (pf_status.debug >= LOG_INFO) { + log(LOG_INFO, "pf: af-to %s %s done, prefixlen %d, ", pd->naf == AF_INET ? "inet" : "inet6", r->rdr.addr.type == PF_ADDR_NONE ? "nat" : "rdr", prefixlen); @@ -904,8 +904,8 @@ pf_postprocess_addr(struct pf_state *cur) } } if (slbcount > -1) { - if (pf_status.debug >= LOG_NOTICE) { - log(LOG_NOTICE, "pf: %s: selected address ", __func__); + if (pf_status.debug >= LOG_INFO) { + log(LOG_INFO, "pf: %s: selected address ", __func__); pf_print_host(&lookup_addr, sks->port[0], sks->af); addlog(" decreased state count to %u\n", diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index ce020ef96fd..3dfa98abecf 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.202 2017/03/17 17:19:16 mpi Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.203 2017/04/23 11:37:11 sthen Exp $ */ /* * Copyright 2001 Niels Provos @@ -286,7 +286,7 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, goto bad_fragment; } - DPFPRINTF(LOG_NOTICE, key->fr_af == AF_INET ? + DPFPRINTF(LOG_INFO, key->fr_af == AF_INET ? "reass frag %d @ %d-%d" : "reass frag %#08x @ %d-%d", key->fr_id, frent->fe_off, frent->fe_off + frent->fe_len); @@ -456,7 +456,7 @@ pf_isfull_fragment(struct pf_fragment *frag) return (0); } } - DPFPRINTF(LOG_NOTICE, "%d < %d?", off, total); + DPFPRINTF(LOG_INFO, "%d < %d?", off, total); if (off < total) return (0); KASSERT(off == total); @@ -569,7 +569,7 @@ pf_reassemble(struct mbuf **m0, int dir, u_short *reason) return (PF_DROP); } - DPFPRINTF(LOG_NOTICE, "complete: %p(%d)", m, ntohs(ip->ip_len)); + DPFPRINTF(LOG_INFO, "complete: %p(%d)", m, ntohs(ip->ip_len)); return (PF_PASS); } @@ -676,7 +676,7 @@ pf_reassemble6(struct mbuf **m0, struct ip6_frag *fraghdr, return (PF_DROP); } - DPFPRINTF(LOG_NOTICE, "complete: %p(%d)", m, ntohs(ip6->ip6_plen)); + DPFPRINTF(LOG_INFO, "complete: %p(%d)", m, ntohs(ip6->ip6_plen)); return (PF_PASS); fail: diff --git a/sys/net/pf_osfp.c b/sys/net/pf_osfp.c index d0c59392a4e..5e04d372330 100644 --- a/sys/net/pf_osfp.c +++ b/sys/net/pf_osfp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_osfp.c,v 1.39 2016/11/22 19:29:54 procter Exp $ */ +/* $OpenBSD: pf_osfp.c,v 1.40 2017/04/23 11:37:11 sthen Exp $ */ /* * Copyright (c) 2003 Mike Frantzen @@ -238,7 +238,7 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, optlen = MAX(optlen, 1); /* paranoia */ } - DPFPRINTF(LOG_NOTICE, + DPFPRINTF(LOG_INFO, "fingerprinted %s:%d %d:%d:%d:%d:%llx (%d) " "(TS=%s,M=%s%d,W=%s%d)", srcname, ntohs(tcp->th_sport), @@ -269,7 +269,7 @@ pf_osfp_match(struct pf_osfp_enlist *list, pf_osfp_t os) if (os == PF_OSFP_ANY) return (1); if (list == NULL) { - DPFPRINTF(LOG_NOTICE, "osfp no match against %x", os); + DPFPRINTF(LOG_INFO, "osfp no match against %x", os); return (os == PF_OSFP_UNKNOWN); } PF_OSFP_UNPACK(os, os_class, os_version, os_subtype); @@ -278,14 +278,14 @@ pf_osfp_match(struct pf_osfp_enlist *list, pf_osfp_t os) if ((os_class == PF_OSFP_ANY || en_class == os_class) && (os_version == PF_OSFP_ANY || en_version == os_version) && (os_subtype == PF_OSFP_ANY || en_subtype == os_subtype)) { - DPFPRINTF(LOG_NOTICE, + DPFPRINTF(LOG_INFO, "osfp matched %s %s %s %x==%x", entry->fp_class_nm, entry->fp_version_nm, entry->fp_subtype_nm, os, entry->fp_os); return (1); } } - DPFPRINTF(LOG_NOTICE, "fingerprint 0x%x didn't match", os); + DPFPRINTF(LOG_INFO, "fingerprint 0x%x didn't match", os); return (0); }