Convert pf debug logging to using log()/addlog(), a single standardised

definition of DPFPRINTF(), and log priorities from syslog.h. Old debug
levels will still work for now, but will eventually be phased out.

discussed with henning, ok dlg

4 files changed, 114 insertions, 77 deletions

diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8
index 7c59a593594..d98ee96e7e4 100644
--- a/sbin/pfctl/pfctl.8
+++ b/sbin/pfctl/pfctl.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pfctl.8,v 1.141 2009/09/28 22:13:20 dlg Exp $
+.\" $OpenBSD: pfctl.8,v 1.142 2010/01/18 23:52:46 mcbride Exp $
 .\"
 .\" Copyright (c) 2001 Kjell Wooding.  All rights reserved.
 .\"
@@ -24,7 +24,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 28 2009 $
+.Dd $Mdocdate: January 18 2010 $
 .Dt PFCTL 8
 .Os
 .Sh NAME
@@ -640,19 +640,21 @@ will produce even more verbose output including ruleset warnings.
 See the previous section for its effect on table commands.
 .It Fl x Ar level
 Set the debug
-.Ar level
-(may be abbreviated) to one of the following:
-.Pp
-.Bl -tag -width xxxxxxxxxxxx -compact
-.It Fl x Cm none
-Don't generate debug messages.
-.It Fl x Cm urgent
-Generate debug messages only for serious errors.
-.It Fl x Cm misc
-Generate debug messages for various errors.
-.It Fl x Cm loud
-Generate debug messages for common conditions.
-.El
+.Ar level ,
+which limits the severity of log messages printed by pf. This should be is a
+keyword from the following ordered list (highest to lowest):
+.Ar emerg ,
+.Ar alert ,
+.Ar crit ,
+.Ar err ,
+.Ar warning ,
+.Ar notice ,
+.Ar info ,
+and 
+.Ar debug .
+These keywords correspond to the similar (LOG_) values specified
+to the syslog library routine, and may be abbreviated on the command
+line.
 .It Fl z
 Clear per-rule statistics.
 .El
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 3681d43faee..c9bcb4f84d6 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl.c,v 1.293 2010/01/13 01:41:58 jsg Exp $ */
+/*	$OpenBSD: pfctl.c,v 1.294 2010/01/18 23:52:46 mcbride Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -53,6 +53,8 @@
 #include <string.h>
 #include <unistd.h>
 
+#include <syslog.h>
+
 #include "pfctl_parser.h"
 #include "pfctl.h"
 
@@ -214,7 +216,10 @@ static const char *tblcmdopt_list[] = {
 };
 
 static const char *debugopt_list[] = {
-	"none", "urgent", "misc", "loud", NULL
+	"debug", "info", "notice", "warning",
+	"error", "crit", "alert", "emerg",
+	"none", "urgent", "misc", "loud",
+	NULL
 };
 
 static const char *optiopt_list[] = {
@@ -1382,7 +1387,8 @@ pfctl_init_options(struct pfctl *pf)
 	if (mem <= 100*1024*1024)
 		pf->limit[PF_LIMIT_TABLE_ENTRIES] = PFR_KENTRY_HIWAT_SMALL; 
 
-	pf->debug = PF_DEBUG_URGENT;
+	pf->debug = LOG_ERR;
+	pf->debug_set = 0;
 	pf->reassemble = PF_REASS_ENABLED;
 }
 
@@ -1667,23 +1673,26 @@ int
 pfctl_set_debug(struct pfctl *pf, char *d)
 {
 	u_int32_t	level;
+	int		loglevel;
 
 	if ((loadopt & PFCTL_FLAG_OPTION) == 0)
 		return (0);
 
 	if (!strcmp(d, "none"))
-		pf->debug = PF_DEBUG_NONE;
+		level = LOG_CRIT;
 	else if (!strcmp(d, "urgent"))
-		pf->debug = PF_DEBUG_URGENT;
+		level = LOG_ERR;
 	else if (!strcmp(d, "misc"))
-		pf->debug = PF_DEBUG_MISC;
+		level = LOG_NOTICE;
 	else if (!strcmp(d, "loud"))
-		pf->debug = PF_DEBUG_NOISY;
+		level = LOG_DEBUG;
+	else if ((loglevel = string_to_loglevel(d)) >= 0)
+		level = loglevel;
 	else {
 		warnx("unknown debug level \"%s\"", d);
 		return (-1);
 	}
-
+	pf->debug = level;
 	pf->debug_set = 1;
 
 	if ((pf->opts & PF_OPT_NOACTION) == 0)
@@ -1746,27 +1755,9 @@ pfctl_debug(int dev, u_int32_t level, int opts)
 	    pfctl_trans(dev, &t, DIOCXCOMMIT, 0))
 		err(1, "pfctl_debug ioctl");
 
-	if ((opts & PF_OPT_QUIET) == 0) {
-		fprintf(stderr, "debug level set to '");
-		switch (level) {
-		case PF_DEBUG_NONE:
-			fprintf(stderr, "none");
-			break;
-		case PF_DEBUG_URGENT:
-			fprintf(stderr, "urgent");
-			break;
-		case PF_DEBUG_MISC:
-			fprintf(stderr, "misc");
-			break;
-		case PF_DEBUG_NOISY:
-			fprintf(stderr, "loud");
-			break;
-		default:
-			fprintf(stderr, "<invalid>");
-			break;
-		}
-		fprintf(stderr, "'\n");
-	}
+	if ((opts & PF_OPT_QUIET) == 0)
+		fprintf(stderr, "debug level set to '%s'\n",
+		    loglevel_to_string(level));
 }
 
 int
@@ -1828,11 +1819,17 @@ pfctl_show_anchors(int dev, int opts, char *anchorname)
 const char *
 pfctl_lookup_option(char *cmd, const char **list)
 {
+	const char *item = NULL;
 	if (cmd != NULL && *cmd)
 		for (; *list; list++)
-			if (!strncmp(cmd, *list, strlen(cmd)))
-				return (*list);
-	return (NULL);
+			if (!strncmp(cmd, *list, strlen(cmd))) {
+				if (item == NULL)
+					item = *list;
+				else
+					errx(1, "%s is ambigious", cmd);
+			}
+
+	return (item);
 }
 
 
@@ -1912,6 +1909,7 @@ main(int argc, char *argv[])
 	int	 mode = O_RDONLY;
 	int	 opts = 0;
 	int	 optimize = PF_OPTIMIZE_BASIC;
+	int	 level;
 	char	 anchorname[MAXPATHLEN];
 	char	*path;
 	char	*lfile = NULL, *sfile = NULL;
@@ -2277,20 +2275,24 @@ main(int argc, char *argv[])
 			error = 1;
 
 	if (debugopt != NULL) {
-		switch (*debugopt) {
-		case 'n':
-			pfctl_debug(dev, PF_DEBUG_NONE, opts);
-			break;
-		case 'u':
-			pfctl_debug(dev, PF_DEBUG_URGENT, opts);
-			break;
-		case 'm':
-			pfctl_debug(dev, PF_DEBUG_MISC, opts);
-			break;
-		case 'l':
-			pfctl_debug(dev, PF_DEBUG_NOISY, opts);
-			break;
+		if ((level = string_to_loglevel((char *)debugopt)) < 0) {
+			switch (*debugopt) {
+			case 'n':
+				level = LOG_CRIT;
+				break;
+			case 'u':
+				level = LOG_ERR;
+				break;
+			case 'm':
+				level = LOG_NOTICE;
+				break;
+			case 'l':
+				level = LOG_DEBUG;
+				break;
+			}
 		}
+		if (level >= 0)
+			pfctl_debug(dev, level, opts);
 	}
 
 	if (sfile != NULL)
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index c661fe4f74a..a5837f2943e 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl_parser.c,v 1.261 2010/01/13 05:09:07 deraadt Exp $ */
+/*	$OpenBSD: pfctl_parser.c,v 1.262 2010/01/18 23:52:46 mcbride Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -56,6 +56,9 @@
 #include <ifaddrs.h>
 #include <unistd.h>
 
+#define SYSLOG_NAMES
+#include <syslog.h>
+
 #include "pfctl_parser.h"
 #include "pfctl.h"
 
@@ -292,6 +295,45 @@ geticmpcodebyname(u_long type, char *w, sa_family_t af)
 	return (NULL);
 }
 
+/*
+ *  Decode a symbolic name to a numeric value.
+ *  From syslogd.
+ */
+int
+string_to_loglevel(const char *name)
+{
+	CODE *c;
+	char *p, buf[40];
+
+	if (isdigit(*name))
+		return (atoi(name));
+
+	for (p = buf; *name && p < &buf[sizeof(buf) - 1]; p++, name++) {
+		if (isupper(*name))
+			*p = tolower(*name);
+		else
+			*p = *name;
+	}
+	*p = '\0';
+	for (c = prioritynames; c->c_name; c++)
+		if (!strcmp(buf, c->c_name))
+			return (c->c_val);
+
+	return (-1);
+}
+
+const char *
+loglevel_to_string(int level)
+{
+	CODE *c;
+	
+	for (c = prioritynames; c->c_name; c++)
+		if (c->c_val == level)
+			return (c->c_name);
+	
+	return ("unknown");
+}
+
 void
 print_op(u_int8_t op, const char *a1, const char *a2)
 {
@@ -460,7 +502,7 @@ const char	*pf_scounters[FCNT_MAX+1] = FCNT_NAMES;
 void
 print_status(struct pf_status *s, int opts)
 {
-	char			statline[80], *running;
+	char			statline[80], *running, *debug;
 	time_t			runtime;
 	int			i;
 	char			buf[PF_MD5_DIGEST_LENGTH * 2 + 1];
@@ -484,20 +526,8 @@ print_status(struct pf_status *s, int opts)
 	} else
 		snprintf(statline, sizeof(statline), "Status: %s", running);
 	printf("%-44s", statline);
-	switch (s->debug) {
-	case PF_DEBUG_NONE:
-		printf("%15s\n\n", "Debug: None");
-		break;
-	case PF_DEBUG_URGENT:
-		printf("%15s\n\n", "Debug: Urgent");
-		break;
-	case PF_DEBUG_MISC:
-		printf("%15s\n\n", "Debug: Misc");
-		break;
-	case PF_DEBUG_NOISY:
-		printf("%15s\n\n", "Debug: Loud");
-		break;
-	}
+	asprintf(&debug, "Debug: %s", loglevel_to_string(s->debug));
+	printf("%15s\n\n", debug);
 
 	if (opts & PF_OPT_VERBOSE) {
 		printf("Hostid:   0x%08x\n", ntohl(s->hostid));
diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h
index 1ed6450ef41..a1145a34214 100644
--- a/sbin/pfctl/pfctl_parser.h
+++ b/sbin/pfctl/pfctl_parser.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl_parser.h,v 1.91 2010/01/12 03:20:51 mcbride Exp $ */
+/*	$OpenBSD: pfctl_parser.h,v 1.92 2010/01/18 23:52:46 mcbride Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -257,6 +257,9 @@ const struct icmptypeent *geticmptypebyname(char *, u_int8_t);
 const struct icmpcodeent *geticmpcodebynumber(u_int8_t, u_int8_t, u_int8_t);
 const struct icmpcodeent *geticmpcodebyname(u_long, char *, u_int8_t);
 
+int			  string_to_loglevel(const char *);
+const char		 *loglevel_to_string(int);
+
 struct pf_timeout {
 	const char	*name;
 	int		 timeout;