X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=src%2Fpvefw-logger.c;h=181d5f1e8b7520b008b7761943ce9d04f6e3b6cc;hb=13d39f198ad142a013077f4b3cc436257f7a1a11;hp=506568caccfa0ee71e5e085385508dcaacf0b805;hpb=fdf943fe82bf37f381248d2a6260019c8088c391;p=pve-firewall.git

diff --git a/src/pvefw-logger.c b/src/pvefw-logger.c
index 506568c..181d5f1 100644
--- a/src/pvefw-logger.c
+++ b/src/pvefw-logger.c
@@ -196,8 +196,7 @@ queue_log_entry(struct log_entry *le)
 static void
 log_status_message(guint loglevel, const char *fmt, ...)
 {
-    va_list ap;
-    va_start(ap, fmt);
+    va_list ap, ap2;
 
     if (loglevel > 7 ) loglevel = 7; // syslog defines level 0-7
 
@@ -207,7 +206,10 @@ log_status_message(guint loglevel, const char *fmt, ...)
 
     LEPRINTTIME(time(NULL));
 
+    va_start(ap, fmt);
+    va_copy(ap2, ap);
     le->len += vsnprintf(le->buf + le->len, LE_MAX - le->len, fmt, ap);
+    va_end(ap);
 
     LEPRINTF("\n");
 
@@ -215,7 +217,8 @@ log_status_message(guint loglevel, const char *fmt, ...)
 
     // also log to syslog
 
-    vsyslog(loglevel, fmt, ap);
+    vsyslog(loglevel, fmt, ap2);
+    va_end(ap2);
 }
 
 static int
@@ -572,6 +575,7 @@ print_nexthdr(struct log_entry *le, char *hdr, int payload_len, u_int8_t proto)
             return 0;
 
         struct ip6_ext *exthdr = (struct ip6_ext*)hdr;
+        int ext_len = 0;
 
         switch (proto) {
         /* protocols (these return) */
@@ -598,6 +602,7 @@ print_nexthdr(struct log_entry *le, char *hdr, int payload_len, u_int8_t proto)
                 return -1;
             if (print_fragment(le, (struct ip6_frag*)hdr, payload_len) < 0)
                 return -1;
+            ext_len = sizeof(struct ip6_frag);
             break;
         case IPPROTO_HOPOPTS:
             LEPRINTF("NEXTHDR=HOPOPTS ");
@@ -625,8 +630,12 @@ print_nexthdr(struct log_entry *le, char *hdr, int payload_len, u_int8_t proto)
         /* next header: */
         if (check_ip6ext(le, exthdr, payload_len) < 0)
             return -1;
-        hdr += exthdr->ip6e_len;
-        payload_len -= exthdr->ip6e_len;
+        if(ext_len == 0) {
+            ext_len = (exthdr->ip6e_len+1) * 8;
+        }
+        hdr += ext_len;
+        payload_len -= ext_len;
+        proto = exthdr->ip6e_nxt;
     }
 }
 
@@ -951,8 +960,12 @@ nfct_read_cb(GIOChannel *source,
 {
     int res;
     if ((res = nfct_catch(nfcth)) < 0) {
-        log_status_message(3, "error catching nfct");
-        return FALSE;
+        if (errno == ENOBUFS) {
+            log_status_message(3, "nfct_catch returned ENOBUFS: conntrack information may be incomplete");
+        } else {
+            log_status_message(3, "error catching nfct: %s", strerror(errno));
+            return FALSE;
+        }
     }
     return TRUE;
 }