From: Alberto Leiva Popper Date: Fri, 13 Sep 2019 16:44:55 +0000 (-0500) Subject: Add syslog X-Git-Tag: v1.1.0~1^2~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e1c0ab6b0e917ce80e7cb0fd016529dd2c41dc98;p=thirdparty%2FFORT-validator.git Add syslog --- diff --git a/docs/README.md b/docs/README.md index 281e8a99..e64cd8a8 100644 --- a/docs/README.md +++ b/docs/README.md @@ -2,7 +2,7 @@ This directory contains the source files of FORT's site and documentation. -Github automatically compiles and publishes it at [https://nicmx.github.io/FORT-validator/](https://nicmx.github.io/FORT-validator/). **It's still under construction**. +Github automatically compiles and publishes it at [https://nicmx.github.io/FORT-validator/](https://nicmx.github.io/FORT-validator/). You can also compile the documentation yourself by running [Jekyll](http://jekyllrb.com/) right here. diff --git a/docs/_layouts/default.html b/docs/_layouts/default.html index fbc8a4d0..c69afa32 100644 --- a/docs/_layouts/default.html +++ b/docs/_layouts/default.html @@ -67,10 +67,13 @@ Compilation and Installation
  • - Running Fort + Basic Usage
  • - Fort usage + Program Arguments +
    • +
  • + Logging
  • SLURM diff --git a/docs/incidence.md b/docs/incidence.md index 5749ca20..236ea96b 100644 --- a/docs/incidence.md +++ b/docs/incidence.md @@ -13,9 +13,9 @@ title: Incidence ## Introduction -The RPKI RFCs define fairly strict profiles for RPKI objects, and are unequivocal in stating that incorrectly-formed objects are supposed to be rejected by Relying Party validation. In practice, however, this does not prevent a significant amount of Certificate Authorities from issuing incorrect objects. +The RPKI RFCs define fairly strict profiles for RPKI objects, and are unequivocal in stating that incorrectly-formed objects are supposed to be rejected by Relying Party validation. In practice, however, this does not prevent a significant amount of legitimate Certificate Authorities from issuing incorrect objects. -By default, Fort is lax with some of this bad practices. The `incidence` section of its configuration file is a means to modify its behavior upon encountering profile violations that, from experience, are often overlooked. +The `incidence` section of Fort's configuration file is a means to modify its behavior upon encountering profile violations that, from experience, are often overlooked. ## `incidences` definition @@ -30,7 +30,7 @@ By default, Fort is lax with some of this bad practices. The `incidence` section ] ``` -`name` is the identifier of an incidence. It is case-sensitive and developer-defined. It states an ID of the particular error condition that will be handled by the remaining field. +`name` is the identifier of an incidence. It is case-sensitive and developer-defined. It states the ID of the particular error condition that will be handled by the remaining field. `action` is an enumeration that states the outcome of a violation of the corresponding incidence. It can take one of three values: @@ -38,7 +38,7 @@ By default, Fort is lax with some of this bad practices. The `incidence` section 2. `warn`: Print error message in `warning` log level, continue validation as if nothing happened. 3. `ignore`: Do not print error message, continue validation as if nothing happened. -Since most of the incidences are result of a bad practice at the global RPKI, they have an `action` of `ignore` by default. If a strict behavior is desired, then the corresponding incidences should be configured with an `action` of `error`. +Some incidences are `ignore`d by default, because they stem from bad practices (which are nonetheless likely harmless) in the global RPKI repositories. If a strict behavior is desired, then the corresponding incidence `action` should be upgraded. ## Incidence types diff --git a/docs/logging.md b/docs/logging.md new file mode 100644 index 00000000..89a776eb --- /dev/null +++ b/docs/logging.md @@ -0,0 +1,11 @@ +--- +title: Logging +--- + +# {{ page.title }} + +- If Fort is run in [server mode](usage.html#--mode), all logging is sent to syslog. +- If Fort is run in standalone mode, informational messages are printed in standard output and error messages are thrown to standard error. + +During the brief period in which configuration has not been completely parsed yet (and therefore, Fort is not yet aware of the desired running mode), the standard streams and syslog are used simultaneously. + diff --git a/docs/run.md b/docs/run.md index 27a48c31..bb7da434 100644 --- a/docs/run.md +++ b/docs/run.md @@ -1,5 +1,5 @@ --- -title: Running Fort +title: Basic Usage --- # {{ page.title }} @@ -35,4 +35,4 @@ fort \ --server.port {% endhighlight %} -These are some examples to run Fort with distinct configurations; see [usage](usage.html) for more details. \ No newline at end of file +These are some examples to run Fort with distinct configurations; see [Program Arguments](usage.html) for more details. diff --git a/docs/usage.md b/docs/usage.md index 8a2db419..9aac448e 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -1,5 +1,5 @@ --- -title: Fort Usage +title: Program Arguments command: fort --- diff --git a/src/asn1/signed_data.c b/src/asn1/signed_data.c index 7bcd57b0..5bf7bd86 100644 --- a/src/asn1/signed_data.c +++ b/src/asn1/signed_data.c @@ -73,7 +73,7 @@ handle_sdata_certificate(ANY_t *cert_encoded, struct signed_object_args *args, * to a tree leaf. Loops aren't possible. */ - pr_debug_add("EE Certificate (embedded) {"); + pr_debug("EE Certificate (embedded) {"); /* * "If the call is successful *in is incremented to the byte following @@ -114,7 +114,7 @@ handle_sdata_certificate(ANY_t *cert_encoded, struct signed_object_args *args, end2: X509_free(cert); end1: - pr_debug_rm("}"); + pr_debug("}"); return error; } diff --git a/src/config.c b/src/config.c index 98e348b2..dbd349eb 100644 --- a/src/config.c +++ b/src/config.c @@ -478,13 +478,11 @@ print_config(void) struct option_field const *opt; pr_info("Configuration {"); - pr_indent_add(); FOREACH_OPTION(options, opt, 0xFFFF) if (is_rpki_config_field(opt) && opt->type->print != NULL) opt->type->print(opt, get_rpki_config_field(opt)); - pr_indent_rm(); pr_info("}"); } diff --git a/src/config/string_array.c b/src/config/string_array.c index c0ccae9d..f401d876 100644 --- a/src/config/string_array.c +++ b/src/config/string_array.c @@ -60,14 +60,11 @@ string_array_print(struct option_field const *field, void *_value) size_t i; pr_info("%s:", field->name); - pr_indent_add(); if (value->length == 0) - pr_info(""); + pr_info(" "); else for (i = 0; i < value->length; i++) - pr_info("%s", value->array[i]); - - pr_indent_rm(); + pr_info(" %s", value->array[i]); } static int diff --git a/src/crypto/hash.c b/src/crypto/hash.c index fa5ecdf8..e7cc0ed1 100644 --- a/src/crypto/hash.c +++ b/src/crypto/hash.c @@ -15,7 +15,7 @@ get_md(char const *algorithm, EVP_MD const **result) md = EVP_get_digestbyname(algorithm); if (md == NULL) { - printf("Unknown message digest %s\n", algorithm); + pr_err("Unknown message digest %s", algorithm); return -EINVAL; } diff --git a/src/debug.c b/src/debug.c index f1e325ee..49c5f68a 100644 --- a/src/debug.c +++ b/src/debug.c @@ -7,7 +7,7 @@ /** * Important: -rdynamic needs to be enabled, otherwise this does not print - * function names. See rpki_validator_LDFLAGS in Makefile.am. + * function names. See LDFLAGS_DEBUG in Makefile.am. * Also: Only non-static functions will be labeled. * * During a segfault, the first three printed entries are usually not diff --git a/src/incidence/incidence.c b/src/incidence/incidence.c index d9a7b77d..336206ec 100644 --- a/src/incidence/incidence.c +++ b/src/incidence/incidence.c @@ -134,15 +134,12 @@ incidence_print(void) array_index i; pr_info("Custom incidences:"); - pr_indent_add(); for (i = 0; i < __INID_MAX; i++) { - pr_info("%s (%s): %s", incidences[i].name, + pr_info(" %s (%s): %s", incidences[i].name, incidences[i].description, action2str(incidences[i].action)); } - - pr_indent_rm(); } enum incidence_action diff --git a/src/log.c b/src/log.c index e343de99..a801d3b1 100644 --- a/src/log.c +++ b/src/log.c @@ -2,145 +2,190 @@ #include #include +#include #include "config.h" #include "debug.h" #include "thread_var.h" -#ifdef DEBUG -#define COLOR_DEBUG "\x1B[36m" /* Cyan */ -#endif - -#define COLOR_INFO "\x1B[37m" /* Gray */ -#define COLOR_WARNING "\x1B[33m" /* Yellow */ -#define COLOR_ERROR "\x1B[31m" /* Red */ -#define COLOR_CRITICAL "\x1B[35m" /* Pink */ -#define COLOR_RESET "\x1B[0m" /* Reset */ +struct level { + char const *label; + char const *color; + FILE *stream; +}; -#define STDOUT stdout -#define STDERR stderr +static struct level DBG = { "DBG", "\x1B[36m" }; +static struct level INF = { "INF", "\x1B[37m" }; +static struct level WRN = { "WRN", "\x1B[33m" }; +static struct level ERR = { "ERR", "\x1B[31m" }; +static struct level CRT = { "CRT", "\x1B[35m" }; +static struct level UNK = { "UNK", "" }; +#define COLOR_RESET "\x1B[0m" -static unsigned int indent; +/* LOG_PERROR is not portable, apparently, so I implemented it myself */ +static bool fprintf_enabled; +static bool syslog_enabled; -static void -pr_prefix(FILE *stream, char const *color, char const *level) +void +log_setup(void) { - unsigned int i; - if (config_get_color_output()) - fprintf(stream, "%s", color); - fprintf(stream, "%s: ", level); - for (i = 0; i < indent; i++) - fprintf(stream, " "); -} - -static void -pr_file_name(FILE *stream) -{ -#ifndef UNIT_TESTING - char const *file = fnstack_peek(); - if (file == NULL) - return; - fprintf(stream, "%s: ", file); -#endif + /* =_= */ + DBG.stream = stdout; + INF.stream = stdout; + WRN.stream = stderr; + ERR.stream = stderr; + CRT.stream = stderr; + UNK.stream = stdout; + + openlog("Fort", LOG_CONS | LOG_PID, LOG_DAEMON); + fprintf_enabled = true; + syslog_enabled = true; } void -pr_indent_add(void) +log_disable_std(void) { - indent++; + fprintf_enabled = false; } void -pr_indent_rm(void) +log_disable_syslog(void) { - if (indent > 0) - indent--; - else - fprintf(STDERR, "Programming error: Too many pr_rm_indent()s.\n"); + if (syslog_enabled) { + closelog(); + syslog_enabled = false; + } } -#ifdef DEBUG - void -pr_debug_prefix(void) +log_teardown(void) { - pr_prefix(STDOUT, COLOR_DEBUG, "DBG"); + log_disable_std(); + log_disable_syslog(); } -void -pr_debug_suffix(void) +static struct level const * +level2struct(int level) { - if (config_get_color_output()) - fprintf(STDOUT, "%s", COLOR_RESET); - fprintf(STDOUT, "\n"); + switch (level) { + case LOG_CRIT: + return &CRT; + case LOG_ERR: + return &ERR; + case LOG_WARNING: + return &WRN; + case LOG_INFO: + return &INF; + case LOG_DEBUG: + return &DBG; + } + + return &UNK; } -void -pr_debug(const char *format, ...) +static void +__fprintf(int level, char const *format, ...) { + struct level const *lvl; va_list args; - pr_debug_prefix(); + lvl = level2struct(level); + if (config_get_color_output()) + fprintf(lvl->stream, "%s", lvl->color); + + fprintf(lvl->stream, "%s: ", lvl->label); va_start(args, format); - vfprintf(STDOUT, format, args); + vfprintf(lvl->stream, format, args); va_end(args); - pr_debug_suffix(); + + if (config_get_color_output()) + fprintf(lvl->stream, COLOR_RESET); + + fprintf(lvl->stream, "\n"); } -void -pr_debug_add(const char *format, ...) +static bool +pr_file_name(int level) { - va_list args; + char const *file_name; - pr_debug_prefix(); + file_name = fnstack_peek(); + if (file_name == NULL) + return false; - va_start(args, format); - vfprintf(STDOUT, format, args); - va_end(args); - pr_debug_suffix(); + if (syslog_enabled) + syslog(level, "%s:", file_name); + if (fprintf_enabled) + __fprintf(level, "%s:", file_name); - pr_indent_add(); + return true; } -void -pr_debug_rm(const char *format, ...) +#define MSG_LEN 512 + +static void +pr_syslog(int level, bool indent, const char *format, va_list args) { - va_list args; + char msg[MSG_LEN]; + /* Can't use vsyslog(); it's not portable. */ + vsnprintf(msg, MSG_LEN, format, args); + syslog(level, "%s%s", indent ? " " : "", msg); +} + +static void +pr_stream(int level, bool indent, const char *format, va_list args) +{ + struct level const *lvl = level2struct(level); - pr_indent_rm(); + if (config_get_color_output()) + fprintf(lvl->stream, "%s", lvl->color); - pr_debug_prefix(); + fprintf(lvl->stream, "%s: ", lvl->label); + if (indent) + fprintf(lvl->stream, " "); + vfprintf(lvl->stream, format, args); - va_start(args, format); - vfprintf(STDOUT, format, args); - va_end(args); - pr_debug_suffix(); -} + if (config_get_color_output()) + fprintf(lvl->stream, "%s", COLOR_RESET); -#endif + fprintf(lvl->stream, "\n"); +} -#define PR_PREFIX(stream, color, level, args) do { \ - pr_prefix(stream, color, level); \ - pr_file_name(stream); \ +#define PR_SIMPLE(level) \ + do { \ + va_list args; \ + bool indent; \ + \ + indent = pr_file_name(level); \ \ - va_start(args, format); \ - vfprintf(stream, format, args); \ - va_end(args); \ -} while (0) + if (syslog_enabled) { \ + va_start(args, format); \ + pr_syslog(level, indent, format, args); \ + va_end(args); \ + } \ + \ + if (fprintf_enabled) { \ + va_start(args, format); \ + pr_stream(level, indent, format, args); \ + va_end(args); \ + } \ + } while (0) -#define PR_SUFFIX(stream) do { \ - if (config_get_color_output()) \ - fprintf(stream, "%s", COLOR_RESET); \ - fprintf(stream, "\n"); \ -} while (0) +#ifdef DEBUG + +void +pr_debug(const char *format, ...) +{ + PR_SIMPLE(LOG_DEBUG); +} + +#endif void pr_info(const char *format, ...) { - va_list args; - PR_PREFIX(STDOUT, COLOR_INFO, "INF", args); - PR_SUFFIX(STDOUT); + PR_SIMPLE(LOG_INFO); } /** @@ -150,9 +195,7 @@ pr_info(const char *format, ...) int pr_warn(const char *format, ...) { - va_list args; - PR_PREFIX(STDERR, COLOR_WARNING, "WRN", args); - PR_SUFFIX(STDERR); + PR_SIMPLE(LOG_WARNING); return 0; } @@ -162,9 +205,7 @@ pr_warn(const char *format, ...) int pr_err(const char *format, ...) { - va_list args; - PR_PREFIX(STDERR, COLOR_ERROR, "ERR", args); - PR_SUFFIX(STDERR); + PR_SIMPLE(LOG_ERR); return -EINVAL; } @@ -185,89 +226,78 @@ pr_err(const char *format, ...) int pr_errno(int error, const char *format, ...) { - va_list args; + PR_SIMPLE(LOG_ERR); - PR_PREFIX(STDERR, COLOR_ERROR, "ERR", args); - - if (error) { - fprintf(STDERR, ": %s", strerror(error)); - } else { - /* - * If this function was called, then we need to assume that - * there WAS an error; go generic. - */ - fprintf(STDERR, ": (Unknown)"); - error = -EINVAL; - } + if (!error) + return -EINVAL; + + if (syslog_enabled) + syslog(LOG_ERR, " - %s", strerror(error)); + if (fprintf_enabled) + __fprintf(LOG_ERR, " - %s", strerror(error)); - PR_SUFFIX(STDERR); return error; } +static int log_crypto_error(const char *str, size_t len, void *arg) +{ + if (syslog_enabled) + syslog(LOG_ERR, " - %s", str); + if (fprintf_enabled) + __fprintf(LOG_ERR, " - %s", str); + return 1; +} + /** * This is like pr_err() and pr_errno(), except meant to log an error made * during a libcrypto routine. * * This differs from usual printf-like functions: * - * - It returns the last error code libcrypto threw, not bytes written. + * - It returns -EINVAL, not bytes written. * - It prints a newline. - * - Also prints the cryptolib's error message after a colon. - * (So don't include periods at the end of @format.) + * - Also prints the cryptolib's error message stack. * * Always appends a newline at the end. */ int crypto_err(const char *format, ...) { - va_list args; - int error; - - PR_PREFIX(STDERR, COLOR_ERROR, "ERR", args); - fprintf(STDERR, ": "); - - error = ERR_GET_REASON(ERR_peek_last_error()); - if (error) { - /* - * Reminder: This clears the error queue. - * BTW: The string format is pretty ugly. Maybe override this. - */ - ERR_print_errors_fp(STDERR); - } else { - /* - * If this function was called, then we need to assume that - * there WAS an error; go generic. - */ - fprintf(STDERR, "(There are no error messages in libcrypto's stack.)"); - error = -EINVAL; + unsigned int stack_size; + + PR_SIMPLE(LOG_ERR); + + if (syslog_enabled) + syslog(LOG_ERR, " libcrypto error stack:"); + if (fprintf_enabled) + __fprintf(LOG_ERR, " libcrypto error stack:"); + + stack_size = 0; + ERR_print_errors_cb(log_crypto_error, &stack_size); + if (stack_size == 0) { + if (syslog_enabled) + syslog(LOG_ERR, " "); + if (fprintf_enabled) + __fprintf(LOG_ERR, " \n"); } - PR_SUFFIX(STDERR); - return error; + return -EINVAL; } int pr_enomem(void) { - pr_err("Out of memory."); + if (syslog_enabled) + syslog(LOG_ERR, "Out of memory."); + if (fprintf_enabled) + __fprintf(LOG_ERR, "Out of memory.\n"); return -ENOMEM; } __dead void pr_crit(const char *format, ...) { - va_list args; - - pr_prefix(STDERR, COLOR_CRITICAL, "CRT"); - pr_file_name(STDERR); - - fprintf(STDERR, "Programming error: "); - va_start(args, format); - vfprintf(STDERR, format, args); - va_end(args); - - PR_SUFFIX(STDERR); - + PR_SIMPLE(LOG_CRIT); print_stack_trace(); exit(-1); } @@ -280,19 +310,16 @@ int incidence(enum incidence_id id, const char *format, ...) { enum incidence_action action; - va_list args; action = incidence_get_action(id); switch (action) { case INAC_IGNORE: return 0; case INAC_WARN: - PR_PREFIX(STDERR, COLOR_WARNING, "WRN", args); - PR_SUFFIX(STDERR); + PR_SIMPLE(LOG_WARNING); return 0; case INAC_ERROR: - PR_PREFIX(STDERR, COLOR_ERROR, "ERR", args); - PR_SUFFIX(STDERR); + PR_SIMPLE(LOG_ERR); return -EINVAL; } diff --git a/src/log.h b/src/log.h index 146179da..51cf6c40 100644 --- a/src/log.h +++ b/src/log.h @@ -21,8 +21,9 @@ * error printing functions, but we kind of need to do it: * * - It's convoluted to use err() and warn() on libcrypto errors. - * - If debug is enabled, we want the error messages to be printed as a tree - * to ease debugging. + * - I was tasked with using syslog anyway, but the API is kind of limited + * (especially since vsyslog() is not portable.) + * - We want to transparently always print offending file name. */ #if __GNUC__ @@ -36,34 +37,22 @@ #define CHECK_FORMAT(str, args) /* Nothing */ #endif -void pr_indent_add(void); -void pr_indent_rm(void); +/* Only call this group of functions when you know there's only one thread. */ +void log_setup(void); +void log_disable_std(void); +void log_disable_syslog(void); +void log_teardown(void); -#ifdef DEBUG - -void pr_debug(const char *, ...) CHECK_FORMAT(1, 2); -void pr_debug_add(const char *, ...) CHECK_FORMAT(1, 2); -void pr_debug_rm(const char *, ...) CHECK_FORMAT(1, 2); -void pr_debug_prefix(void); -void pr_debug_suffix(void); - -#else /* - * I want to define these as empty, but then we get compiler warnings on - * - * ``` - * else - * pr_debug(...); - * ``` - * - * Oh well. + * Please note: The log message (excluding pr_errno's strerror and libcrypto's + * error stack) cannot exceed 512 bytes at present. */ +#ifdef DEBUG +void pr_debug(const char *, ...) CHECK_FORMAT(1, 2); +#else #define pr_debug(...) do {} while (0) -#define pr_debug_add(...) do {} while (0) -#define pr_debug_rm(...) do {} while (0) - #endif void pr_info(const char *, ...) CHECK_FORMAT(1, 2); diff --git a/src/main.c b/src/main.c index 66ffb346..6b05427f 100644 --- a/src/main.c +++ b/src/main.c @@ -24,7 +24,7 @@ just_quit: } int -main(int argc, char **argv) +__main(int argc, char **argv) { int error; @@ -41,6 +41,19 @@ main(int argc, char **argv) if (error) return error; + switch (config_get_mode()) { + case SERVER: + pr_info("Server mode configured; disabling logging on standard streams."); + pr_info("(Logs will be sent to syslog only.)"); + log_disable_std(); + break; + case STANDALONE: + pr_info("Standalone mode configured; disabling logging on syslog."); + pr_info("(Logs will be sent to the standard streams only.)"); + log_disable_syslog(); + break; + } + error = nid_init(); if (error) goto revert_config; @@ -56,3 +69,15 @@ revert_config: free_rpki_config(); return error; } + +int +main(int argc, char **argv) +{ + int error; + + log_setup(); + error = __main(argc, argv); + log_teardown(); + + return error; +} diff --git a/src/object/certificate.c b/src/object/certificate.c index 78f4aef3..0036e1b4 100644 --- a/src/object/certificate.c +++ b/src/object/certificate.c @@ -64,7 +64,7 @@ validate_serial_number(X509 *cert) pr_debug_prefix(); fprintf(stdout, "serial Number: "); BN_print_fp(stdout, number); - fprintf(stdout, "\n"); + pr_debug_suffix(); #endif error = x509stack_store_serial(validation_certstack(state), number); @@ -758,9 +758,9 @@ __certificate_get_resources(X509 *cert, struct resources *resources, if (!X509_EXTENSION_get_critical(ext)) return pr_err("The IP extension is not marked as critical."); - pr_debug_add("IP {"); + pr_debug("IP {"); error = handle_ip_extension(ext, resources); - pr_debug_rm("}"); + pr_debug("}"); ip_ext_found = true; if (error) @@ -772,10 +772,10 @@ __certificate_get_resources(X509 *cert, struct resources *resources, if (!X509_EXTENSION_get_critical(ext)) return pr_err("The AS extension is not marked as critical."); - pr_debug_add("ASN {"); + pr_debug("ASN {"); error = handle_asn_extension(ext, resources, allow_asn_inherit); - pr_debug_rm("}"); + pr_debug("}"); asn_ext_found = true; if (error) @@ -1553,10 +1553,10 @@ certificate_traverse(struct rpp *rpp_parent, struct rpki_uri *cert_uri) #ifdef DEBUG if (IS_TA) - pr_debug_add("TA Certificate '%s' {", + pr_debug("TA Certificate '%s' {", uri_get_printable(cert_uri)); else - pr_debug_add("Certificate '%s' {", + pr_debug("Certificate '%s' {", uri_get_printable(cert_uri)); #endif fnstack_push_uri(cert_uri); @@ -1688,6 +1688,6 @@ revert_cert: X509_free(cert); revert_fnstack_and_debug: fnstack_pop(); - pr_debug_rm("}"); + pr_debug("}"); return error; } diff --git a/src/object/crl.c b/src/object/crl.c index 53d0d6f4..911217c6 100644 --- a/src/object/crl.c +++ b/src/object/crl.c @@ -72,8 +72,8 @@ validate_revoked(X509_CRL *crl) pr_debug_prefix(); fprintf(stdout, "Revoked: "); BN_print_fp(stdout, serial_bn); - fprintf(stdout, "\n"); BN_free(serial_bn); + pr_debug_suffix(); #endif if (X509_REVOKED_get0_revocationDate(revoked) == NULL) { @@ -142,12 +142,12 @@ int crl_load(struct rpki_uri *uri, X509_CRL **result) { int error; - pr_debug_add("CRL '%s' {", uri_get_printable(uri)); + pr_debug("CRL '%s' {", uri_get_printable(uri)); error = __crl_load(uri, result); if (!error) error = crl_validate(*result); - pr_debug_rm("}"); + pr_debug("}"); return error; } diff --git a/src/object/ghostbusters.c b/src/object/ghostbusters.c index 5dabb963..46abc41d 100644 --- a/src/object/ghostbusters.c +++ b/src/object/ghostbusters.c @@ -25,7 +25,7 @@ ghostbusters_traverse(struct rpki_uri *uri, struct rpp *pp) int error; /* Prepare */ - pr_debug_add("Ghostbusters '%s' {", uri_get_printable(uri)); + pr_debug("Ghostbusters '%s' {", uri_get_printable(uri)); fnstack_push_uri(uri); /* Decode */ @@ -55,7 +55,7 @@ revert_args: revert_sobj: signed_object_cleanup(&sobj); revert_log: - pr_debug_rm("}"); + pr_debug("}"); fnstack_pop(); return error; } diff --git a/src/object/manifest.c b/src/object/manifest.c index 78069256..af910170 100644 --- a/src/object/manifest.c +++ b/src/object/manifest.c @@ -221,7 +221,7 @@ handle_manifest(struct rpki_uri *uri, struct rpp **pp) int error; /* Prepare */ - pr_debug_add("Manifest '%s' {", uri_get_printable(uri)); + pr_debug("Manifest '%s' {", uri_get_printable(uri)); fnstack_push_uri(uri); /* Decode */ @@ -269,7 +269,7 @@ revert_manifest: revert_sobj: signed_object_cleanup(&sobj); revert_log: - pr_debug_rm("}"); + pr_debug("}"); fnstack_pop(); return error; } diff --git a/src/object/roa.c b/src/object/roa.c index 71024026..55da9ead 100644 --- a/src/object/roa.c +++ b/src/object/roa.c @@ -35,7 +35,7 @@ ____handle_roa_v4(struct resources *parent, unsigned long asn, if (error) return error; - pr_debug_add("ROAIPAddress {"); + pr_debug("ROAIPAddress {"); pr_debug("address: %s/%u", v4addr2str(&prefix.addr), prefix.len); if (roa_addr->maxLength != NULL) { @@ -70,10 +70,10 @@ ____handle_roa_v4(struct resources *parent, unsigned long asn, goto end_error; } - pr_debug_rm("}"); + pr_debug("}"); return vhandler_handle_roa_v4(asn, &prefix, max_length); end_error: - pr_debug_rm("}"); + pr_debug("}"); return error; } @@ -89,7 +89,7 @@ ____handle_roa_v6(struct resources *parent, unsigned long asn, if (error) return error; - pr_debug_add("ROAIPAddress {"); + pr_debug("ROAIPAddress {"); pr_debug("address: %s/%u", v6addr2str(&prefix.addr), prefix.len); if (roa_addr->maxLength != NULL) { @@ -124,10 +124,10 @@ ____handle_roa_v6(struct resources *parent, unsigned long asn, goto end_error; } - pr_debug_rm("}"); + pr_debug("}"); return vhandler_handle_roa_v6(asn, &prefix, max_length); end_error: - pr_debug_rm("}"); + pr_debug("}"); return error; } @@ -155,7 +155,7 @@ __handle_roa(struct RouteOriginAttestation *roa, struct resources *parent) int a; int error; - pr_debug_add("eContent {"); + pr_debug("eContent {"); if (roa->version != NULL) { error = asn_INTEGER2ulong(roa->version, &version); if (error) { @@ -193,7 +193,7 @@ __handle_roa(struct RouteOriginAttestation *roa, struct resources *parent) goto end_error; } - pr_debug_add("ipAddrBlocks {"); + pr_debug("ipAddrBlocks {"); for (b = 0; b < roa->ipAddrBlocks.list.count; b++) { block = roa->ipAddrBlocks.list.array[b]; if (block == NULL) { @@ -208,12 +208,12 @@ __handle_roa(struct RouteOriginAttestation *roa, struct resources *parent) if (block->addressFamily.buf[1] != 1 && block->addressFamily.buf[1] != 2) goto family_error; - pr_debug_add("%s {", + pr_debug("%s {", block->addressFamily.buf[1] == 1 ? "v4" : "v6"); if (block->addresses.list.array == NULL) { error = pr_err("ROA's address list array is NULL."); - pr_debug_rm("}"); + pr_debug("}"); goto ip_error; } @@ -222,11 +222,11 @@ __handle_roa(struct RouteOriginAttestation *roa, struct resources *parent) block->addressFamily.buf[1], block->addresses.list.array[a]); if (error) { - pr_debug_rm("}"); + pr_debug("}"); goto ip_error; } } - pr_debug_rm("}"); + pr_debug("}"); } /* Error 0 it's ok */ @@ -236,9 +236,9 @@ __handle_roa(struct RouteOriginAttestation *roa, struct resources *parent) family_error: error = pr_err("ROA's IP family is not v4 or v6."); ip_error: - pr_debug_rm("}"); + pr_debug("}"); end_error: - pr_debug_rm("}"); + pr_debug("}"); return error; } @@ -254,7 +254,7 @@ roa_traverse(struct rpki_uri *uri, struct rpp *pp) int error; /* Prepare */ - pr_debug_add("ROA '%s' {", uri_get_printable(uri)); + pr_debug("ROA '%s' {", uri_get_printable(uri)); fnstack_push_uri(uri); /* Decode */ @@ -290,6 +290,6 @@ revert_sobj: signed_object_cleanup(&sobj); revert_log: fnstack_pop(); - pr_debug_rm("}"); + pr_debug("}"); return error; } diff --git a/src/object/tal.c b/src/object/tal.c index c198cf5c..f35fa489 100644 --- a/src/object/tal.c +++ b/src/object/tal.c @@ -454,7 +454,7 @@ handle_tal_uri(struct tal *tal, struct rpki_uri *uri, void *arg) return ENSURE_NEGATIVE(error); } - pr_debug_add("TAL URI '%s' {", uri_get_printable(uri)); + pr_debug("TAL URI '%s' {", uri_get_printable(uri)); if (!uri_is_certificate(uri)) { error = pr_err("TAL file does not point to a certificate. (Expected .cer, got '%s')", @@ -510,7 +510,7 @@ handle_tal_uri(struct tal *tal, struct rpki_uri *uri, void *arg) fail: error = ENSURE_NEGATIVE(error); end: validation_destroy(state); - pr_debug_rm("}"); + pr_debug("}"); return error; } diff --git a/src/rtr/rtr.c b/src/rtr/rtr.c index e767b320..1345ece6 100644 --- a/src/rtr/rtr.c +++ b/src/rtr/rtr.c @@ -97,8 +97,8 @@ create_server_socket(int *result) return error; for (addr = addrs; addr != NULL; addr = addr->ai_next) { - printf( - "Attempting to bind socket to address '%s', port '%s'.\n", + pr_info( + "Attempting to bind socket to address '%s', port '%s'.", (addr->ai_canonname != NULL) ? addr->ai_canonname : "any", config_get_server_port()); @@ -122,7 +122,7 @@ create_server_socket(int *result) port = (unsigned char)(addr->ai_addr->sa_data[0]) << 8; port += (unsigned char)(addr->ai_addr->sa_data[1]); - printf("Success, bound to address '%s', port '%ld'.\n", + pr_info("Success; bound to address '%s', port '%ld'.", (addr->ai_canonname != NULL) ? addr->ai_canonname : "any", port); freeaddrinfo(addrs); @@ -388,6 +388,8 @@ rtr_listen(void) if (error) pr_err("Error %d while trying to update the ROA database.", error); + else + pr_info("Validation finished."); goto revert_clients_db; /* Error 0 it's ok */ } diff --git a/src/thread_var.c b/src/thread_var.c index 05f1fdc4..077c3138 100644 --- a/src/thread_var.c +++ b/src/thread_var.c @@ -36,8 +36,8 @@ thvar_init(void) error = pthread_key_create(&state_key, NULL); if (error) { - fprintf(stderr, - "Fatal: Errcode %d while initializing the validation state thread variable.\n", + pr_err( + "Fatal: Errcode %d while initializing the validation state thread variable.", error); return error; } @@ -50,8 +50,8 @@ thvar_init(void) */ error = pthread_key_create(&filenames_key, fnstack_discard); if (error) { - fprintf(stderr, - "Fatal: Errcode %d while initializing the file name stack thread variable.\n", + pr_err( + "Fatal: Errcode %d while initializing the file name stack thread variable.", error); return error; } @@ -67,7 +67,7 @@ state_store(struct validation *state) error = pthread_setspecific(state_key, state); if (error) - fprintf(stderr, "pthread_setspecific() returned %d.", error); + pr_err("pthread_setspecific() returned %d.", error); return error; } @@ -80,7 +80,7 @@ state_retrieve(void) state = pthread_getspecific(state_key); if (state == NULL) - fprintf(stderr, "Programming error: This thread lacks a validation state.\n"); + pr_err("Programming error: This thread lacks a validation state."); return state; } @@ -107,7 +107,7 @@ fnstack_init(void) error = pthread_setspecific(filenames_key, files); if (error) - fprintf(stderr, "pthread_setspecific() returned %d.", error); + pr_err("pthread_setspecific() returned %d.", error); } void @@ -124,7 +124,7 @@ fnstack_cleanup(void) error = pthread_setspecific(filenames_key, NULL); if (error) - fprintf(stderr, "pthread_setspecific() returned %d.", error); + pr_err("pthread_setspecific() returned %d.", error); } /**