From: Alex Rousskov Date: Tue, 14 Feb 2023 00:00:20 +0000 (+0000) Subject: Place more msgs under cache_log_message control, downgrade some (#1273) X-Git-Tag: SQUID_6_0_1~12 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9259c796ff1ede2ef255d4d8578bdf66ab296ebf;p=thirdparty%2Fsquid.git Place more msgs under cache_log_message control, downgrade some (#1273) Also support cache_log_message-controlled messages in ::Config-unaware libraries (e.g., libip) used by tools (e.g., cachemgr.cgi). Restricting the very first (i.e. "depth 0") "Processing Configuration File" message does not work during startup (before that file is parsed), and does not work during reconfiguration (because the old configuration is reset shortly before logging that line). Future reconfiguration support improvements may fix the reset problem. Restrictions do work as expected for included files (i.e. positive "depth" levels). Restricting "BCP 177 violation" WARNINGs does not work because the warnings are printed _before_ Squid configuration is parsed. Future initialization improvements may fix this. Also downgraded the importance of a few (re)configuration progress-reporting messages from level 1 to level 2. --- diff --git a/doc/debug-messages.dox b/doc/debug-messages.dox index 0b11301995..c5db63c9f7 100644 --- a/doc/debug-messages.dox +++ b/doc/debug-messages.dox @@ -63,5 +63,8 @@ ID Message gist 63 Resuming indexing cache_dir # ... from ... 64 DNS IPv4 socket created at ..., FD ... 65 WARNING: Indexer ignores a cache_dir entry: ... +66 WARNING: BCP 177 violation. Detected non-functional IPv6 loopback. +67 WARNING: BCP 177 violation. IPv6 transport forced OFF by build parameters. +68 Processing Configuration File: ... (depth ...) \endverbatim */ diff --git a/src/AuthReg.cc b/src/AuthReg.cc index b4698d8bba..32adbf8aab 100644 --- a/src/AuthReg.cc +++ b/src/AuthReg.cc @@ -30,18 +30,18 @@ void Auth::Init() { - debugs(29,DBG_IMPORTANT,"Startup: Initializing Authentication Schemes ..."); + debugs(29, 2, "Initializing Authentication Schemes ..."); #if HAVE_AUTH_MODULE_BASIC static const char *basic_type = Auth::Basic::Scheme::GetInstance()->type(); - debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" << basic_type << "'"); + debugs(29, 2, "Initialized Authentication Scheme '" << basic_type << "'"); #endif #if HAVE_AUTH_MODULE_DIGEST static const char *digest_type = Auth::Digest::Scheme::GetInstance()->type(); - debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" << digest_type << "'"); + debugs(29, 2, "Initialized Authentication Scheme '" << digest_type << "'"); #endif #if HAVE_AUTH_MODULE_NEGOTIATE static const char *negotiate_type = Auth::Negotiate::Scheme::GetInstance()->type(); - debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" << negotiate_type << "'"); + debugs(29, 2, "Initialized Authentication Scheme '" << negotiate_type << "'"); #endif } diff --git a/src/SquidConfig.h b/src/SquidConfig.h index 9258dd0dee..76f22d1ad6 100644 --- a/src/SquidConfig.h +++ b/src/SquidConfig.h @@ -552,8 +552,6 @@ public: int connect_gap; int connect_timeout; } happyEyeballs; - - DebugMessages *debugMessages; ///< cache_log_message }; extern SquidConfig Config; diff --git a/src/adaptation/icap/ServiceRep.cc b/src/adaptation/icap/ServiceRep.cc index 85d3886af2..ddefdfefaa 100644 --- a/src/adaptation/icap/ServiceRep.cc +++ b/src/adaptation/icap/ServiceRep.cc @@ -80,7 +80,7 @@ Adaptation::Icap::ServiceRep::finalize() writeableCfg().secure.encryptTransport = true; if (cfg().secure.encryptTransport) { - debugs(3, DBG_IMPORTANT, "Initializing service " << cfg().resource << " SSL context"); + debugs(3, 2, "initializing service " << cfg().resource << " SSL context"); sslContext = writeableCfg().secure.createClientContext(true); } diff --git a/src/cache_cf.cc b/src/cache_cf.cc index 4deb38c095..aa12ba54f0 100644 --- a/src/cache_cf.cc +++ b/src/cache_cf.cc @@ -443,7 +443,7 @@ parseOneConfigFile(const char *file_name, unsigned int depth) int err_count = 0; int is_pipe = 0; - debugs(3, DBG_IMPORTANT, "Processing Configuration File: " << file_name << " (depth " << depth << ")"); + debugs(3, Important(68), "Processing Configuration File: " << file_name << " (depth " << depth << ")"); if (depth > 16) { fatalf("WARNING: can't include %s: includes are nested too deeply (>16)!\n", file_name); return 1; @@ -961,7 +961,7 @@ configDoConfigure(void) #endif if (Security::ProxyOutgoingConfig.encryptTransport) { - debugs(3, DBG_IMPORTANT, "Initializing https:// proxy context"); + debugs(3, 2, "initializing https:// proxy context"); Config.ssl_client.sslContext = Security::ProxyOutgoingConfig.createClientContext(false); if (!Config.ssl_client.sslContext) { #if USE_OPENSSL @@ -982,7 +982,7 @@ configDoConfigure(void) p->secure.sslDomain = p->host; if (p->secure.encryptTransport) { - debugs(3, DBG_IMPORTANT, "Initializing TLS context for cache_peer " << *p); + debugs(3, 2, "initializing TLS context for cache_peer " << *p); p->sslContext = p->secure.createClientContext(true); if (!p->sslContext) { debugs(3, DBG_CRITICAL, "ERROR: Could not initialize TLS context for cache_peer " << *p); @@ -995,7 +995,7 @@ configDoConfigure(void) for (AnyP::PortCfgPointer s = HttpPortList; s != nullptr; s = s->next) { if (!s->secure.encryptTransport) continue; - debugs(3, DBG_IMPORTANT, "Initializing " << AnyP::UriScheme(s->transport.protocol) << "_port " << s->s << " TLS contexts"); + debugs(3, 2, "initializing " << AnyP::UriScheme(s->transport.protocol) << "_port " << s->s << " TLS contexts"); s->secure.initServerContexts(*s); } diff --git a/src/cf.data.pre b/src/cf.data.pre index c65fe664c9..33087f70ff 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -5644,7 +5644,7 @@ NAME: cache_log_message TYPE: cache_log_message DEFAULT: none DEFAULT_DOC: Use debug_options. -LOC: Config.debugMessages +LOC: DebugMessagesConfig DOC_START Configures logging of individual cache.log messages. diff --git a/src/debug/Messages.h b/src/debug/Messages.h index 6c0f1dc4c5..c7b0c06e5d 100644 --- a/src/debug/Messages.h +++ b/src/debug/Messages.h @@ -12,7 +12,6 @@ #define SQUID_DEBUG_MESSAGES_H #include "debug/Stream.h" -#include "SquidConfig.h" #include #include @@ -62,7 +61,7 @@ private: }; /// The maximum used DebugMessage::id plus 1. Increase as you add new IDs. -constexpr DebugMessageId DebugMessageIdUpperBound = 66; +constexpr DebugMessageId DebugMessageIdUpperBound = 69; /// a collection of DebugMessage objects (with fast access by message IDs) class DebugMessages @@ -73,6 +72,9 @@ public: Storage messages; }; +/// Global configuration for DebugMessageLevel() (where/when supported). +inline DebugMessages *DebugMessagesConfig = nullptr; + // Using a template allows us to check message ID range at compile time. /// \returns configured debugging level for the given message or defaultLevel template @@ -81,7 +83,7 @@ DebugMessageLevel(const int defaultLevel) { static_assert(id > 0, "debugs() message ID must be positive"); static_assert(id < DebugMessageIdUpperBound, "debugs() message ID must be smaller than DebugMessageIdUpperBound"); - if (const auto configured = Config.debugMessages) + if (const auto configured = DebugMessagesConfig) return (configured->messages)[id].currentLevel(defaultLevel); return defaultLevel; } diff --git a/src/ip/tools.cc b/src/ip/tools.cc index 96a5c5bde7..0697221b5e 100644 --- a/src/ip/tools.cc +++ b/src/ip/tools.cc @@ -9,7 +9,7 @@ /* DEBUG: section 21 Misc Functions */ #include "squid.h" -#include "debug/Stream.h" +#include "debug/Messages.h" #include "ip/Address.h" #include "ip/tools.h" @@ -64,7 +64,7 @@ Ip::ProbeTransport() struct sockaddr_in6 sin; ip.getSockAddr(sin); if (bind(s, reinterpret_cast(&sin), sizeof(sin)) != 0) { - debugs(3, DBG_CRITICAL, "WARNING: BCP 177 violation. Detected non-functional IPv6 loopback."); + debugs(3, Critical(66), "WARNING: BCP 177 violation. Detected non-functional IPv6 loopback."); EnableIpv6 = IPV6_OFF; } else { debugs(3, 2, "Detected functional IPv6 loopback ..."); @@ -78,7 +78,7 @@ Ip::ProbeTransport() #else debugs(3, 2, "IPv6 transport " << (EnableIpv6?"Available":"Disabled")); if (EnableIpv6 != IPV6_OFF) { - debugs(3, DBG_CRITICAL, "WARNING: BCP 177 violation. IPv6 transport forced OFF by build parameters."); + debugs(3, Critical(67), "WARNING: BCP 177 violation. IPv6 transport forced OFF by build parameters."); EnableIpv6 = IPV6_OFF; } #endif diff --git a/src/security/KeyData.cc b/src/security/KeyData.cc index c7e1fb8b0d..f32b9bd3ab 100644 --- a/src/security/KeyData.cc +++ b/src/security/KeyData.cc @@ -20,7 +20,7 @@ bool Security::KeyData::loadCertificates() { - debugs(83, DBG_IMPORTANT, "Using certificate in " << certFile); + debugs(83, 2, "from " << certFile); cert.reset(); // paranoid: ensure cert is unset #if USE_OPENSSL @@ -136,7 +136,7 @@ Security::KeyData::loadCertificates() bool Security::KeyData::loadX509PrivateKeyFromFile() { - debugs(83, DBG_IMPORTANT, "Using key in " << privateKeyFile); + debugs(83, 2, "from " << privateKeyFile); #if USE_OPENSSL const char *keyFilename = privateKeyFile.c_str(); diff --git a/src/ssl/support.cc b/src/ssl/support.cc index eec2f3f773..ce7896ead6 100644 --- a/src/ssl/support.cc +++ b/src/ssl/support.cc @@ -727,7 +727,7 @@ Ssl::InitClientContext(Security::ContextPointer &ctx, Security::PeerOptions &pee // TODO: support loading multiple cert/key pairs auto &keys = peer.certs.front(); if (!keys.certFile.isEmpty()) { - debugs(83, DBG_IMPORTANT, "Using certificate in " << keys.certFile); + debugs(83, 2, "loading client certificate from " << keys.certFile); const char *certfile = keys.certFile.c_str(); if (!SSL_CTX_use_certificate_chain_file(ctx.get(), certfile)) { @@ -736,7 +736,7 @@ Ssl::InitClientContext(Security::ContextPointer &ctx, Security::PeerOptions &pee certfile, Security::ErrorString(ssl_error)); } - debugs(83, DBG_IMPORTANT, "Using private key in " << keys.privateKeyFile); + debugs(83, 2, "loading private key from " << keys.privateKeyFile); const char *keyfile = keys.privateKeyFile.c_str(); ssl_ask_password(ctx.get(), keyfile);