summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/cache_iterators.c10
-rw-r--r--src/log.c76
-rw-r--r--src/main.c12
-rw-r--r--src/netlink.c12
-rw-r--r--src/read_config_lex.l3
-rw-r--r--src/read_config_yy.y57
-rw-r--r--src/run.c28
-rw-r--r--src/stats-mode.c17
-rw-r--r--src/sync-mode.c33
-rw-r--r--src/sync-nack.c8
10 files changed, 176 insertions, 80 deletions
diff --git a/src/cache_iterators.c b/src/cache_iterators.c
index 287f92f..24506e4 100644
--- a/src/cache_iterators.c
+++ b/src/cache_iterators.c
@@ -139,14 +139,14 @@ void cache_commit(struct cache *c)
commit_exist = c->commit_exist - commit_exist;
/* log results */
- dlog(STATE(log), "Committed %u new entries", commit_ok);
+ dlog(STATE(log), LOG_INFO, "Committed %u new entries", commit_ok);
if (commit_exist)
- dlog(STATE(log), "%u entries ignored, "
- "already exist", commit_exist);
+ dlog(STATE(log), LOG_INFO, "%u entries ignored, "
+ "already exist", commit_exist);
if (commit_fail)
- dlog(STATE(log), "%u entries can't be "
- "committed", commit_fail);
+ dlog(STATE(log), LOG_INFO, "%u entries can't be "
+ "committed", commit_fail);
}
static int do_flush(void *data1, void *data2)
diff --git a/src/log.c b/src/log.c
index 88cadea..5fea1c3 100644
--- a/src/log.c
+++ b/src/log.c
@@ -22,36 +22,74 @@
#include <time.h>
#include <stdarg.h>
#include <string.h>
+#include "conntrackd.h"
FILE *init_log(char *filename)
{
- FILE *fd;
+ FILE *fd = NULL;
- fd = fopen(filename, "a+");
- if (fd == NULL) {
- fprintf(stderr, "can't open log file `%s'\n", filename);
- return NULL;
+ if (filename[0]) {
+ fd = fopen(filename, "a+");
+ if (fd == NULL) {
+ fprintf(stderr, "can't open log file `%s'\n", filename);
+ return NULL;
+ }
}
+ if (CONFIG(syslog_facility) != -1)
+ openlog(PACKAGE, LOG_PID, CONFIG(syslog_facility));
+
return fd;
}
-void dlog(FILE *fd, char *format, ...)
-{
- time_t t = time(NULL);
- char *buf = ctime(&t);
- va_list args;
-
- buf[strlen(buf)-1]='\0';
- va_start(args, format);
- fprintf(fd, "[%s] (pid=%d) ", buf, getpid());
- vfprintf(fd, format, args);
- va_end(args);
- fprintf(fd, "\n");
- fflush(fd);
+void dlog(FILE *fd, int priority, char *format, ...)
+ {
+ time_t t;
+ char *buf;
+ char *prio;
+ va_list args;
+
+ if (fd) {
+ t = time(NULL);
+ buf = ctime(&t);
+ buf[strlen(buf)-1]='\0';
+ switch (priority) {
+ case LOG_INFO:
+ prio = "info";
+ break;
+ case LOG_NOTICE:
+ prio = "notice";
+ break;
+ case LOG_WARNING:
+ prio = "warning";
+ break;
+ case LOG_ERR:
+ prio = "ERROR";
+ break;
+ default:
+ prio = "?";
+ break;
+ }
+ va_start(args, format);
+ fprintf(fd, "[%s] (pid=%d) [%s] ", buf, getpid(), prio);
+ vfprintf(fd, format, args);
+ va_end(args);
+ fprintf(fd, "\n");
+ fflush(fd);
+ }
+
+ if (CONFIG(syslog_facility) != -1) {
+ va_start(args, format);
+ vsyslog(priority, format, args);
+ va_end(args);
+ }
}
void close_log(FILE *fd)
{
- fclose(fd);
+ if (fd != NULL)
+ fclose(fd);
+
+ if (CONFIG(syslog_facility) != -1)
+ closelog();
}
diff --git a/src/main.c b/src/main.c
index 007b76e..712b572 100644
--- a/src/main.c
+++ b/src/main.c
@@ -244,10 +244,10 @@ int main(int argc, char *argv[])
}
/*
- * Setting up logfile
+ * Setting up logging
*/
STATE(log) = init_log(CONFIG(logfile));
- if (!STATE(log)) {
+ if (config_set && !STATE(log)) {
fprintf(stdout, "can't open logfile `%s\n'", CONFIG(logfile));
exit(EXIT_FAILURE);
}
@@ -276,15 +276,15 @@ int main(int argc, char *argv[])
pid_t pid;
if ((pid = fork()) == -1) {
- dlog(STATE(log), "fork() failed: "
- "%s", strerror(errno));
+ dlog(STATE(log), LOG_ERR, "fork() failed: "
+ "%s", strerror(errno));
exit(EXIT_FAILURE);
} else if (pid)
exit(EXIT_SUCCESS);
- dlog(STATE(log), "--- starting in daemon mode ---");
+ dlog(STATE(log), LOG_INFO, "--- starting in daemon mode ---");
} else
- dlog(STATE(log), "--- starting in console mode ---");
+ dlog(STATE(log), LOG_INFO, "--- starting in console mode ---");
/*
* initialization process
diff --git a/src/netlink.c b/src/netlink.c
index be5f82e..693646f 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -75,7 +75,7 @@ static int event_handler(enum nf_conntrack_msg_type type,
update_traffic_stats(ct);
break;
default:
- dlog(STATE(log), "received unknown msg from ctnetlink\n");
+ dlog(STATE(log), LOG_WARNING, "unknown msg from ctnetlink\n");
break;
}
@@ -136,7 +136,7 @@ static int dump_handler(enum nf_conntrack_msg_type type,
STATE(mode)->dump(ct);
break;
default:
- dlog(STATE(log), "received unknown msg from ctnetlink");
+ dlog(STATE(log), LOG_WARNING, "unknown msg from ctnetlink");
break;
}
return NFCT_CB_CONTINUE;
@@ -169,7 +169,8 @@ void nl_resize_socket_buffer(struct nfct_handle *h)
return;
if (s > CONFIG(netlink_buffer_size_max_grown)) {
- dlog(STATE(log), "WARNING: maximum netlink socket buffer "
+ dlog(STATE(log), LOG_WARNING,
+ "maximum netlink socket buffer "
"size has been reached. We are likely to "
"be losing events, this may lead to "
"unsynchronized replicas. Please, consider "
@@ -184,8 +185,9 @@ void nl_resize_socket_buffer(struct nfct_handle *h)
CONFIG(netlink_buffer_size) = nfnl_rcvbufsiz(nfct_nfnlh(h), s);
/* notify the sysadmin */
- dlog(STATE(log), "netlink socket buffer size has been set to %u bytes",
- CONFIG(netlink_buffer_size));
+ dlog(STATE(log), LOG_INFO, "netlink socket buffer size "
+ "has been set to %u bytes",
+ CONFIG(netlink_buffer_size));
}
int nl_dump_conntrack_table(void)
diff --git a/src/read_config_lex.l b/src/read_config_lex.l
index 87e98d1..48c0409 100644
--- a/src/read_config_lex.l
+++ b/src/read_config_lex.l
@@ -42,7 +42,7 @@ ip6_part {hex_255}":"?
ip6_form1 {ip6_part}{0,16}"::"{ip6_part}{0,16}
ip6_form2 ({hex_255}":"){16}{hex_255}
ip6 {ip6_form1}|{ip6_form2}
-string [a-zA-Z0-9]*
+string [a-zA-Z][a-zA-Z0-9]*
persistent [P|p][E|e][R|r][S|s][I|i][S|s][T|t][E|e][N|n][T|T]
nack [N|n][A|a][C|c][K|k]
@@ -73,6 +73,7 @@ nack [N|n][A|a][C|c][K|k]
"Backlog" { return T_BACKLOG; }
"Group" { return T_GROUP; }
"LogFile" { return T_LOG; }
+"Syslog" { return T_SYSLOG; }
"LockFile" { return T_LOCK; }
"General" { return T_GENERAL; }
"Sync" { return T_SYNC; }
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index de592d2..8bc83fe 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -25,6 +25,7 @@
#include <errno.h>
#include "conntrackd.h"
#include "ignore.h"
+#include <syslog.h>
extern char *yytext;
extern int yylineno;
@@ -48,6 +49,7 @@ struct ct_conf conf;
%token T_REPLICATE T_FOR T_IFACE
%token T_ESTABLISHED T_SYN_SENT T_SYN_RECV T_FIN_WAIT
%token T_CLOSE_WAIT T_LAST_ACK T_TIME_WAIT T_CLOSE T_LISTEN
+%token T_SYSLOG
%token <string> T_IP T_PATH_VAL
@@ -72,11 +74,56 @@ line : ignore_protocol
| stats
;
-log : T_LOG T_PATH_VAL
+logfile_bool : T_LOG T_ON
+{
+ strncpy(conf.logfile, DEFAULT_LOGFILE, FILENAME_MAXLEN);
+};
+
+logfile_bool : T_LOG T_OFF
+{
+};
+
+logfile_path : T_LOG T_PATH_VAL
{
strncpy(conf.logfile, $2, FILENAME_MAXLEN);
};
+syslog_bool : T_SYSLOG T_ON
+{
+ conf.syslog_facility = DEFAULT_SYSLOG_FACILITY;
+};
+
+syslog_bool : T_SYSLOG T_OFF
+{
+ conf.syslog_facility = -1;
+}
+
+syslog_facility : T_SYSLOG T_STRING
+{
+ if (!strcmp($2, "daemon"))
+ conf.syslog_facility = LOG_DAEMON;
+ else if (!strcmp($2, "local0"))
+ conf.syslog_facility = LOG_LOCAL0;
+ else if (!strcmp($2, "local1"))
+ conf.syslog_facility = LOG_LOCAL1;
+ else if (!strcmp($2, "local2"))
+ conf.syslog_facility = LOG_LOCAL2;
+ else if (!strcmp($2, "local3"))
+ conf.syslog_facility = LOG_LOCAL3;
+ else if (!strcmp($2, "local4"))
+ conf.syslog_facility = LOG_LOCAL4;
+ else if (!strcmp($2, "local5"))
+ conf.syslog_facility = LOG_LOCAL5;
+ else if (!strcmp($2, "local6"))
+ conf.syslog_facility = LOG_LOCAL6;
+ else if (!strcmp($2, "local7"))
+ conf.syslog_facility = LOG_LOCAL7;
+ else {
+ fprintf(stderr, "'%s' is not a known syslog facility, ignoring.\n", $2);
+ return;
+ }
+};
+
lock : T_LOCK T_PATH_VAL
{
strncpy(conf.lockfile, $2, FILENAME_MAXLEN);
@@ -461,7 +508,10 @@ general_list:
general_line: hashsize
| hashlimit
- | log
+ | logfile_bool
+ | logfile_path
+ | syslog_facility
+ | syslog_bool
| lock
| unix_line
| netlink_buffer_size
@@ -516,6 +566,9 @@ init_config(char *filename)
if (!fp)
return -1;
+ /* Zero may be a valid facility */
+ CONFIG(syslog_facility) = -1;
+
yyrestart(fp);
yyparse();
fclose(fp);
diff --git a/src/run.c b/src/run.c
index 644f82e..9ce9923 100644
--- a/src/run.c
+++ b/src/run.c
@@ -40,7 +40,7 @@ void killer(int foo)
STATE(mode)->kill();
destroy_alarm_scheduler();
unlink(CONFIG(lockfile));
- dlog(STATE(log), "------- shutdown received ----");
+ dlog(STATE(log), LOG_INFO, "------- shutdown received ----");
close_log(STATE(log));
sigprocmask(SIG_UNBLOCK, &STATE(block), NULL);
@@ -60,31 +60,31 @@ void local_handler(int fd, void *data)
ret = read(fd, &type, sizeof(type));
if (ret == -1) {
- dlog(STATE(log), "can't read from unix socket");
+ dlog(STATE(log), LOG_INFO, "can't read from unix socket");
return;
}
if (ret == 0) {
- dlog(STATE(log), "local request: nothing to process?");
+ dlog(STATE(log), LOG_INFO, "local request: nothing received?");
return;
}
switch(type) {
case FLUSH_MASTER:
- dlog(STATE(log), "[DEPRECATED] `conntrackd -F' is deprecated. "
- "Use conntrack -F instead.");
+ dlog(STATE(log), LOG_NOTICE, "`conntrackd -F' is deprecated. "
+ "Use conntrack -F instead.");
if (fork() == 0) {
execlp("conntrack", "conntrack", "-F", NULL);
exit(EXIT_SUCCESS);
}
return;
case RESYNC_MASTER:
- dlog(STATE(log), "[REQ] resync with master table");
+ dlog(STATE(log), LOG_NOTICE, "resync with master table");
nl_dump_conntrack_table();
return;
}
if (!STATE(mode)->local(fd, type, data))
- dlog(STATE(log), "[FAIL] unknown local request %d", type);
+ dlog(STATE(log), LOG_ERR, "unknown local request %d", type);
}
int init(int mode)
@@ -105,30 +105,30 @@ int init(int mode)
/* Initialization */
if (STATE(mode)->init() == -1) {
- dlog(STATE(log), "[FAIL] initialization failed");
+ dlog(STATE(log), LOG_ERR, "initialization failed");
return -1;
}
if (init_alarm_scheduler() == -1) {
- dlog(STATE(log), "[FAIL] can't initialize alarm scheduler");
+ dlog(STATE(log), LOG_ERR, "can't initialize alarm scheduler");
return -1;
}
/* local UNIX socket */
STATE(local) = local_server_create(&CONFIG(local));
if (!STATE(local)) {
- dlog(STATE(log), "[FAIL] can't open unix socket!");
+ dlog(STATE(log), LOG_ERR, "can't open unix socket!");
return -1;
}
if (nl_init_event_handler() == -1) {
- dlog(STATE(log), "[FAIL] can't open netlink handler! "
- "no ctnetlink kernel support?");
+ dlog(STATE(log), LOG_ERR, "can't open netlink handler! "
+ "no ctnetlink kernel support?");
return -1;
}
if (nl_init_dump_handler() == -1) {
- dlog(STATE(log), "[FAIL] can't open netlink handler! "
+ dlog(STATE(log), LOG_ERR, "can't open netlink handler! "
"no ctnetlink kernel support?");
return -1;
}
@@ -152,7 +152,7 @@ int init(int mode)
if (signal(SIGCHLD, child) == SIG_ERR)
return -1;
- dlog(STATE(log), "[OK] initialization completed");
+ dlog(STATE(log), LOG_INFO, "initialization completed");
return 0;
}
diff --git a/src/stats-mode.c b/src/stats-mode.c
index 65bab1b..1d68e02 100644
--- a/src/stats-mode.c
+++ b/src/stats-mode.c
@@ -32,7 +32,7 @@ static int init_stats(void)
state.stats = malloc(sizeof(struct ct_stats_state));
if (!state.stats) {
- dlog(STATE(log), "[FAIL] can't allocate memory for stats sync");
+ dlog(STATE(log), LOG_ERR, "can't allocate memory for stats");
return -1;
}
memset(state.stats, 0, sizeof(struct ct_stats_state));
@@ -42,8 +42,8 @@ static int init_stats(void)
CONFIG(family),
NULL);
if (!STATE_STATS(cache)) {
- dlog(STATE(log), "[FAIL] can't allocate memory for the "
- "external cache");
+ dlog(STATE(log), LOG_ERR, "can't allocate memory for the "
+ "external cache");
return -1;
}
@@ -68,7 +68,7 @@ static int local_handler_stats(int fd, int type, void *data)
cache_dump(STATE_STATS(cache), fd, NFCT_O_XML);
break;
case FLUSH_CACHE:
- dlog(STATE(log), "[REQ] flushing caches");
+ dlog(STATE(log), LOG_NOTICE, "flushing caches");
cache_flush(STATE_STATS(cache));
break;
case KILL:
@@ -122,7 +122,7 @@ static void overrun_stats()
h = nfct_open(CONNTRACK, 0);
if (!h) {
- dlog(STATE(log), "can't open overrun handler");
+ dlog(STATE(log), LOG_ERR, "can't open overrun handler");
return;
}
@@ -132,7 +132,8 @@ static void overrun_stats()
ret = nfct_query(h, NFCT_Q_DUMP, &family);
if (ret == -1)
- dlog(STATE(log), "overrun query error %s", strerror(errno));
+ dlog(STATE(log), LOG_ERR,
+ "overrun query error %s", strerror(errno));
nfct_close(h);
}
@@ -143,8 +144,8 @@ static void event_new_stats(struct nf_conntrack *ct)
debug_ct(ct, "cache new");
} else {
if (errno != EEXIST) {
- dlog(STATE(log), "can't add to cache cache: "
- "%s\n", strerror(errno));
+ dlog(STATE(log), LOG_ERR,
+ "can't add to cache cache: %s\n", strerror(errno));
debug_ct(ct, "can't add");
}
}
diff --git a/src/sync-mode.c b/src/sync-mode.c
index 917a3b2..e48b121 100644
--- a/src/sync-mode.c
+++ b/src/sync-mode.c
@@ -77,7 +77,7 @@ retry:
debug_ct(ct, "can't destroy");
break;
default:
- dlog(STATE(log), "mcast received unknown query %d\n", query);
+ dlog(STATE(log), LOG_ERR, "mcast unknown query %d\n", query);
break;
}
}
@@ -97,7 +97,7 @@ static void mcast_handler()
struct nethdr *net = (struct nethdr *) ptr;
if (ntohs(net->len) > remain) {
- dlog(STATE(log), "fragmented messages");
+ dlog(STATE(log), LOG_ERR, "fragmented messages");
break;
}
@@ -121,7 +121,7 @@ static int init_sync(void)
state.sync = malloc(sizeof(struct ct_sync_state));
if (!state.sync) {
- dlog(STATE(log), "[FAIL] can't allocate memory for state sync");
+ dlog(STATE(log), LOG_ERR, "can't allocate memory for sync");
return -1;
}
memset(state.sync, 0, sizeof(struct ct_sync_state));
@@ -142,8 +142,8 @@ static int init_sync(void)
STATE_SYNC(sync)->internal_cache_extra);
if (!STATE_SYNC(internal)) {
- dlog(STATE(log), "[FAIL] can't allocate memory for "
- "the internal cache");
+ dlog(STATE(log), LOG_ERR, "can't allocate memory for "
+ "the internal cache");
return -1;
}
@@ -154,27 +154,27 @@ static int init_sync(void)
NULL);
if (!STATE_SYNC(external)) {
- dlog(STATE(log), "[FAIL] can't allocate memory for the "
- "external cache");
+ dlog(STATE(log), LOG_ERR, "can't allocate memory for the "
+ "external cache");
return -1;
}
/* multicast server to receive events from the wire */
STATE_SYNC(mcast_server) = mcast_server_create(&CONFIG(mcast));
if (STATE_SYNC(mcast_server) == NULL) {
- dlog(STATE(log), "[FAIL] can't open multicast server!");
+ dlog(STATE(log), LOG_ERR, "can't open multicast server!");
return -1;
}
/* multicast client to send events on the wire */
STATE_SYNC(mcast_client) = mcast_client_create(&CONFIG(mcast));
if (STATE_SYNC(mcast_client) == NULL) {
- dlog(STATE(log), "[FAIL] can't open client multicast socket!");
+ dlog(STATE(log), LOG_ERR, "can't open client multicast socket");
return -1;
}
if (mcast_buffered_init(&CONFIG(mcast)) == -1) {
- dlog(STATE(log), "[FAIL] can't init tx buffer!");
+ dlog(STATE(log), LOG_ERR, "can't init tx buffer!");
return -1;
}
@@ -269,13 +269,13 @@ static int local_handler_sync(int fd, int type, void *data)
case COMMIT:
ret = fork();
if (ret == 0) {
- dlog(STATE(log), "[REQ] committing external cache");
+ dlog(STATE(log), LOG_INFO, "committing external cache");
cache_commit(STATE_SYNC(external));
exit(EXIT_SUCCESS);
}
break;
case FLUSH_CACHE:
- dlog(STATE(log), "[REQ] flushing caches");
+ dlog(STATE(log), LOG_INFO, "flushing caches");
cache_flush(STATE_SYNC(internal));
cache_flush(STATE_SYNC(external));
break;
@@ -398,7 +398,7 @@ static void overrun_sync()
h = nfct_open(CONNTRACK, 0);
if (!h) {
- dlog(STATE(log), "can't open overrun handler");
+ dlog(STATE(log), LOG_ERR, "can't open overrun handler");
return;
}
@@ -406,7 +406,8 @@ static void overrun_sync()
ret = nfct_query(h, NFCT_Q_DUMP, &family);
if (ret == -1)
- dlog(STATE(log), "overrun query error %s", strerror(errno));
+ dlog(STATE(log), LOG_ERR,
+ "overrun query error %s", strerror(errno));
nfct_callback_unregister(h);
@@ -436,8 +437,8 @@ retry:
goto retry;
}
- dlog(STATE(log), "can't add to internal cache: "
- "%s\n", strerror(errno));
+ dlog(STATE(log), LOG_ERR, "can't add to internal cache: "
+ "%s\n", strerror(errno));
debug_ct(ct, "can't add");
}
}
diff --git a/src/sync-nack.c b/src/sync-nack.c
index dbda0a7..fa61be4 100644
--- a/src/sync-nack.c
+++ b/src/sync-nack.c
@@ -74,13 +74,13 @@ static int nack_init()
{
tx_queue = buffer_create(CONFIG(resend_buffer_size));
if (tx_queue == NULL) {
- dlog(STATE(log), "[FAIL] cannot create tx buffer");
+ dlog(STATE(log), LOG_ERR, "cannot create tx buffer");
return -1;
}
rs_queue = buffer_create(CONFIG(resend_buffer_size));
if (rs_queue == NULL) {
- dlog(STATE(log), "[FAIL] cannot create rs buffer");
+ dlog(STATE(log), LOG_ERR, "cannot create rs buffer");
return -1;
}
@@ -125,11 +125,11 @@ static int nack_local(int fd, int type, void *data)
switch(type) {
case REQUEST_DUMP:
- dlog(STATE(log), "[REQ] request resync");
+ dlog(STATE(log), LOG_NOTICE, "request resync");
tx_queue_add_ctlmsg(NET_F_RESYNC, 0, 0);
break;
case SEND_BULK:
- dlog(STATE(log), "[REQ] sending bulk update");
+ dlog(STATE(log), LOG_NOTICE, "sending bulk update");
cache_iterate(STATE_SYNC(internal), NULL, do_cache_to_tx);
break;
default: