bump version to 5.0.5

[pve-firewall.git] / src / pvefw-logger.c

diff --git a/src/pvefw-logger.c b/src/pvefw-logger.c
index 506568caccfa0ee71e5e085385508dcaacf0b805..f76250516b92b61fc650c26f743520f024c74591 100644 (file)
--- a/src/pvefw-logger.c
+++ b/src/pvefw-logger.c
@@ -1,6 +1,6 @@
 /*
 
-  Copyright (C) 2014 Proxmox Server Solutions GmbH
+  Copyright (C) 2014 - 2021 Proxmox Server Solutions GmbH
 
   This software is written by Proxmox Server Solutions GmbH <support@proxmox.com>
 
@@ -65,7 +65,7 @@ gboolean conntrack = FALSE;
 
 LOG FORMAT:
 
-Special care was taken to allow fast parsing (and filer messages for a singl VM).
+Special care was taken to allow fast parsing and filering messages for a single VM.
 
 <VMID> <LOGLEVEL> <CHAIN> <TIME> <TIMEZONE> <MSG>
 
@@ -196,8 +196,7 @@ queue_log_entry(struct log_entry *le)
 static void
 log_status_message(guint loglevel, const char *fmt, ...)
 {
-    va_list ap;
-    va_start(ap, fmt);
+    va_list ap, ap2;
 
     if (loglevel > 7 ) loglevel = 7; // syslog defines level 0-7
 
@@ -207,7 +206,10 @@ log_status_message(guint loglevel, const char *fmt, ...)
 
     LEPRINTTIME(time(NULL));
 
+    va_start(ap, fmt);
+    va_copy(ap2, ap);
     le->len += vsnprintf(le->buf + le->len, LE_MAX - le->len, fmt, ap);
+    va_end(ap);
 
     LEPRINTF("\n");
 
@@ -215,7 +217,8 @@ log_status_message(guint loglevel, const char *fmt, ...)
 
     // also log to syslog
 
-    vsyslog(loglevel, fmt, ap);
+    vsyslog(loglevel, fmt, ap2);
+    va_end(ap2);
 }
 
 static int
@@ -572,6 +575,7 @@ print_nexthdr(struct log_entry *le, char *hdr, int payload_len, u_int8_t proto)
             return 0;
 
         struct ip6_ext *exthdr = (struct ip6_ext*)hdr;
+        int ext_len = 0;
 
         switch (proto) {
         /* protocols (these return) */
@@ -598,6 +602,7 @@ print_nexthdr(struct log_entry *le, char *hdr, int payload_len, u_int8_t proto)
                 return -1;
             if (print_fragment(le, (struct ip6_frag*)hdr, payload_len) < 0)
                 return -1;
+            ext_len = sizeof(struct ip6_frag);
             break;
         case IPPROTO_HOPOPTS:
             LEPRINTF("NEXTHDR=HOPOPTS ");
@@ -625,8 +630,12 @@ print_nexthdr(struct log_entry *le, char *hdr, int payload_len, u_int8_t proto)
         /* next header: */
         if (check_ip6ext(le, exthdr, payload_len) < 0)
             return -1;
-        hdr += exthdr->ip6e_len;
-        payload_len -= exthdr->ip6e_len;
+        if(ext_len == 0) {
+            ext_len = (exthdr->ip6e_len+1) * 8;
+        }
+        hdr += ext_len;
+        payload_len -= ext_len;
+        proto = exthdr->ip6e_nxt;
     }
 }
 
@@ -951,8 +960,12 @@ nfct_read_cb(GIOChannel *source,
 {
     int res;
     if ((res = nfct_catch(nfcth)) < 0) {
-        log_status_message(3, "error catching nfct");
-        return FALSE;
+        if (errno == ENOBUFS) {
+            log_status_message(3, "nfct_catch returned ENOBUFS: conntrack information may be incomplete");
+        } else {
+            log_status_message(3, "error catching nfct: %s", strerror(errno));
+            return FALSE;
+        }
     }
     return TRUE;
 }
@@ -1022,11 +1035,11 @@ main(int argc, char *argv[])
     for (int i = 10; i >= 0; i--) {
         if (flock(lockfd, LOCK_EX|LOCK_NB) != 0) {
             if (!i) {
-                fprintf(stderr, "unable to aquire lock '%s': %s\n", LOCKFILE, strerror (errno));
+                fprintf(stderr, "unable to acquire lock '%s': %s\n", LOCKFILE, strerror (errno));
                 exit(-1);
             }
             if (i == 10)
-                fprintf(stderr, "unable to aquire lock '%s' - trying again.\n", LOCKFILE);
+                fprintf(stderr, "unable to acquire lock '%s' - trying again.\n", LOCKFILE);
 
             sleep(1);
         }