Convert warning and info logs in filtering rules to fine debug logs

src/protohttp.c

@@ -451,17 +451,15 @@ protohttp_filter(pxy_conn_ctx_t *ctx, filter_list_t *list)
 		filter_site_t *site = list->host;
 		while (site) {
 			if (protohttp_filter_match_host(ctx, site)) {
-				// Do not print the surrounding slashes
-				log_err_level_printf(LOG_INFO, "Found site: %s for %s:%s, %s:%s"
 #ifndef WITHOUT_USERAUTH
-					", %s, %s"
-#endif /* !WITHOUT_USERAUTH */
-					", %s\n", site->site,
+				log_fine_va("Found site: %s for %s:%s, %s:%s, %s, %s, %s", site->site,
+					STRORDASH(ctx->srchost_str), STRORDASH(ctx->srcport_str), STRORDASH(ctx->dsthost_str), STRORDASH(ctx->dstport_str),
+					STRORDASH(ctx->user), STRORDASH(ctx->desc), STRORDASH(http_ctx->http_host));
+#else /* WITHOUT_USERAUTH */
+				log_fine_va("Found site: %s for %s:%s, %s:%s, %s", site->site,
 					STRORDASH(ctx->srchost_str), STRORDASH(ctx->srcport_str), STRORDASH(ctx->dsthost_str), STRORDASH(ctx->dstport_str),
-#ifndef WITHOUT_USERAUTH
-					STRORDASH(ctx->user), STRORDASH(ctx->desc),
-#endif /* !WITHOUT_USERAUTH */
 					STRORDASH(http_ctx->http_host));
+#endif /* WITHOUT_USERAUTH */
 				return pxyconn_set_filter_action(ctx, site->action, site->site);
 			}
 			site = site->next;
@@ -481,17 +479,15 @@ protohttp_filter(pxy_conn_ctx_t *ctx, filter_list_t *list)
 		filter_site_t *site = list->uri;
 		while (site) {
 			if (protohttp_filter_match_uri(ctx, site)) {
-				// Do not print the surrounding slashes
-				log_err_level_printf(LOG_INFO, "Found site: %s for %s:%s, %s:%s"
 #ifndef WITHOUT_USERAUTH
-					", %s, %s"
-#endif /* !WITHOUT_USERAUTH */
-					", %s\n", site->site,
+				log_fine_va("Found site: %s for %s:%s, %s:%s, %s, %s, %s", site->site,
+					STRORDASH(ctx->srchost_str), STRORDASH(ctx->srcport_str), STRORDASH(ctx->dsthost_str), STRORDASH(ctx->dstport_str),
+					STRORDASH(ctx->user), STRORDASH(ctx->desc), STRORDASH(http_ctx->http_uri));
+#else /* WITHOUT_USERAUTH */
+				log_fine_va("Found site: %s for %s:%s, %s:%s, %s", site->site,
 					STRORDASH(ctx->srchost_str), STRORDASH(ctx->srcport_str), STRORDASH(ctx->dsthost_str), STRORDASH(ctx->dstport_str),
-#ifndef WITHOUT_USERAUTH
-					STRORDASH(ctx->user), STRORDASH(ctx->desc),
-#endif /* !WITHOUT_USERAUTH */
 					STRORDASH(http_ctx->http_uri));
+#endif /* WITHOUT_USERAUTH */
 				return pxyconn_set_filter_action(ctx, site->action, site->site);
 			}
 			site = site->next;
@@ -522,7 +518,7 @@ protohttp_apply_filter(pxy_conn_ctx_t *ctx)
 				// Override any deferred block action, if already in divert mode (keep divert mode)
 				ctx->deferred_action = FILTER_ACTION_NONE;
 			} else {
-				log_err_level_printf(LOG_WARNING, "HTTP filter cannot enable divert mode\n");
+				log_fine("HTTP filter cannot enable divert mode");
 			}
 		}
 		else if (action & FILTER_ACTION_SPLIT) {
@@ -530,11 +526,11 @@ protohttp_apply_filter(pxy_conn_ctx_t *ctx)
 				// Override any deferred block action, if already in split mode (keep split mode)
 				ctx->deferred_action = FILTER_ACTION_NONE;
 			} else {
-				log_err_level_printf(LOG_WARNING, "HTTP filter cannot enable split mode\n");
+				log_fine("HTTP filter cannot enable split mode");
 			}
 		}
 		else if (action & FILTER_ACTION_PASS) {
-			log_err_level_printf(LOG_WARNING, "HTTP filter cannot take pass action\n");
+			log_fine("HTTP filter cannot take pass action");
 		}
 		else if (action & FILTER_ACTION_BLOCK) {
 			ctx->deferred_action = FILTER_ACTION_NONE;
@@ -549,9 +545,9 @@ protohttp_apply_filter(pxy_conn_ctx_t *ctx)
 #endif /* !WITHOUT_MIRROR */
 				)) {
 #ifndef WITHOUT_MIRROR
-			log_err_level_printf(LOG_WARNING, "HTTP filter cannot enable content, pcap, or mirror logging\n");
+			log_fine("HTTP filter cannot enable content, pcap, or mirror logging");
 #else /* !WITHOUT_MIRROR */
-			log_err_level_printf(LOG_WARNING, "HTTP filter cannot enable content or pcap logging\n");
+			log_fine("HTTP filter cannot enable content or pcap logging");
 #endif /* WITHOUT_MIRROR */
 		}
 

src/protossl.c

@@ -693,16 +693,15 @@ protossl_filter(pxy_conn_ctx_t *ctx, filter_list_t *list)
 		filter_site_t *site = list->sni;
 		while (site) {
 			if (protossl_filter_match_sni(ctx, site)) {
-				log_err_level_printf(LOG_INFO, "Found site: %s for %s:%s, %s:%s"
 #ifndef WITHOUT_USERAUTH
-					", %s, %s"
-#endif /* !WITHOUT_USERAUTH */
-					", %s\n", site->site,
+				log_fine_va("Found site: %s for %s:%s, %s:%s, %s, %s, %s", site->site,
+					STRORDASH(ctx->srchost_str), STRORDASH(ctx->srcport_str), STRORDASH(ctx->dsthost_str), STRORDASH(ctx->dstport_str),
+					STRORDASH(ctx->user), STRORDASH(ctx->desc), STRORDASH(ctx->sslctx->sni));
+#else /* WITHOUT_USERAUTH */
+				log_fine_va("Found site: %s for %s:%s, %s:%s, %s", site->site,
 					STRORDASH(ctx->srchost_str), STRORDASH(ctx->srcport_str), STRORDASH(ctx->dsthost_str), STRORDASH(ctx->dstport_str),
-#ifndef WITHOUT_USERAUTH
-					STRORDASH(ctx->user), STRORDASH(ctx->desc),
-#endif /* !WITHOUT_USERAUTH */
 					STRORDASH(ctx->sslctx->sni));
+#endif /* WITHOUT_USERAUTH */
 				return pxyconn_set_filter_action(ctx, site->action, site->site);
 			}
 			site = site->next;
@@ -722,16 +721,15 @@ protossl_filter(pxy_conn_ctx_t *ctx, filter_list_t *list)
 		filter_site_t *site = list->cn;
 		while (site) {
 			if (protossl_filter_match_cn(ctx, site)) {
-				log_err_level_printf(LOG_INFO, "Found site: %s for %s:%s, %s:%s"
 #ifndef WITHOUT_USERAUTH
-					", %s, %s"
-#endif /* !WITHOUT_USERAUTH */
-					", %s\n", site->site,
+				log_fine_va("Found site: %s for %s:%s, %s:%s, %s, %s, %s", site->site,
+					STRORDASH(ctx->srchost_str), STRORDASH(ctx->srcport_str), STRORDASH(ctx->dsthost_str), STRORDASH(ctx->dstport_str),
+					STRORDASH(ctx->user), STRORDASH(ctx->desc), STRORDASH(ctx->sslctx->ssl_names));
+#else /* WITHOUT_USERAUTH */
+				log_fine_va("Found site: %s for %s:%s, %s:%s, %s", site->site,
 					STRORDASH(ctx->srchost_str), STRORDASH(ctx->srcport_str), STRORDASH(ctx->dsthost_str), STRORDASH(ctx->dstport_str),
-#ifndef WITHOUT_USERAUTH
-					STRORDASH(ctx->user), STRORDASH(ctx->desc),
-#endif /* !WITHOUT_USERAUTH */
 					STRORDASH(ctx->sslctx->ssl_names));
+#endif /* WITHOUT_USERAUTH */
 				return pxyconn_set_filter_action(ctx, site->action, site->site);
 			}
 			site = site->next;

src/prototcp.c

@@ -564,14 +564,14 @@ prototcp_filter_match_ip(pxy_conn_ctx_t *ctx, filter_site_t *site)
 	}
 
 	if (action) {
-		log_err_level_printf(LOG_INFO, "Found site: %s for %s:%s, %s:%s\n", site->site,
+		log_fine_va("Found site: %s for %s:%s, %s:%s", site->site,
 			STRORDASH(ctx->srchost_str), STRORDASH(ctx->srcport_str), STRORDASH(ctx->dsthost_str), STRORDASH(ctx->dstport_str));
 
 		if (site->port) {
 			filter_port_t *port = site->port;
 			while (port) {
 				if (prototcp_filter_match_port(ctx, port)) {
-					log_err_level_printf(LOG_INFO, "Found port: %s for %s:%s, %s:%s\n", port->port,
+					log_fine_va("Found port: %s for %s:%s, %s:%s", port->port,
 						STRORDASH(ctx->srchost_str), STRORDASH(ctx->srcport_str), STRORDASH(ctx->dsthost_str), STRORDASH(ctx->dstport_str));
 					return &port->action;
 				}

src/pxyconn.c

@@ -2007,58 +2007,58 @@ pxyconn_apply_deferred_block_action(pxy_conn_ctx_t *ctx)
 }
 
 unsigned int
-pxyconn_set_filter_action(pxy_conn_ctx_t *ctx, filter_action_t a, char *site)
+pxyconn_set_filter_action(pxy_conn_ctx_t *ctx, filter_action_t a, UNUSED char *site)
 {
 	unsigned int action = FILTER_ACTION_NONE;
 	if (a.divert) {
-		log_err_level_printf(LOG_INFO, "Filter divert action for %s, precedence %d\n", site, a.precedence);
+		log_fine_va("Filter divert action for %s, precedence %d", site, a.precedence);
 		action = FILTER_ACTION_DIVERT;
 	}
 	else if (a.split) {
-		log_err_level_printf(LOG_INFO, "Filter split action for %s, precedence %d\n", site, a.precedence);
+		log_fine_va("Filter split action for %s, precedence %d", site, a.precedence);
 		action = FILTER_ACTION_SPLIT;
 	}
 	else if (a.pass) {
 		// Ignore pass action if already in passthrough mode
 		if (!ctx->pass) {
-			log_err_level_printf(LOG_INFO, "Filter pass action for %s, precedence %d\n", site, a.precedence);
+			log_fine_va("Filter pass action for %s, precedence %d", site, a.precedence);
 			action = FILTER_ACTION_PASS;
 		}
 	}
 	else if (a.block) {
-		log_err_level_printf(LOG_INFO, "Filter block action for %s, precedence %d\n", site, a.precedence);
+		log_fine_va("Filter block action for %s, precedence %d", site, a.precedence);
 		action = FILTER_ACTION_BLOCK;
 	}
 	else if (a.match) {
-		log_err_level_printf(LOG_INFO, "Filter match action for %s, precedence %d\n", site, a.precedence);
+		log_fine_va("Filter match action for %s, precedence %d", site, a.precedence);
 		action = FILTER_ACTION_MATCH;
 	}
 
 	// Multiple log actions can be defined, hence no 'else'
 	// 0: don't change, 1: disable, 2: enable
 	if (a.log_connect) {
-		log_err_level_printf(LOG_INFO, "Filter %s connect log for %s, precedence %d\n", a.log_connect % 2 ? "disable" : "enable", site, a.precedence);
+		log_fine_va("Filter %s connect log for %s, precedence %d", a.log_connect % 2 ? "disable" : "enable", site, a.precedence);
 		action |= (a.log_connect % 2) ? FILTER_LOG_NOCONNECT : FILTER_LOG_CONNECT;
 	}
 	if (a.log_master) {
-		log_err_level_printf(LOG_INFO, "Filter %s master log for %s, precedence %d\n", a.log_master % 2 ? "disable" : "enable", site, a.precedence);
+		log_fine_va("Filter %s master log for %s, precedence %d", a.log_master % 2 ? "disable" : "enable", site, a.precedence);
 		action |= (a.log_master % 2) ? FILTER_LOG_NOMASTER : FILTER_LOG_MASTER;
 	}
 	if (a.log_cert) {
-		log_err_level_printf(LOG_INFO, "Filter %s cert log for %s, precedence %d\n", a.log_cert % 2 ? "disable" : "enable", site, a.precedence);
+		log_fine_va("Filter %s cert log for %s, precedence %d", a.log_cert % 2 ? "disable" : "enable", site, a.precedence);
 		action |= (a.log_cert % 2) ? FILTER_LOG_NOCERT : FILTER_LOG_CERT;
 	}
 	if (a.log_content) {
-		log_err_level_printf(LOG_INFO, "Filter %s content log for %s, precedence %d\n", a.log_content % 2 ? "disable" : "enable", site, a.precedence);
+		log_fine_va("Filter %s content log for %s, precedence %d", a.log_content % 2 ? "disable" : "enable", site, a.precedence);
 		action |= (a.log_content % 2) ? FILTER_LOG_NOCONTENT : FILTER_LOG_CONTENT;
 	}
 	if (a.log_pcap) {
-		log_err_level_printf(LOG_INFO, "Filter %s pcap log for %s, precedence %d\n", a.log_pcap % 2 ? "disable" : "enable", site, a.precedence);
+		log_fine_va("Filter %s pcap log for %s, precedence %d", a.log_pcap % 2 ? "disable" : "enable", site, a.precedence);
 		action |= (a.log_pcap % 2) ? FILTER_LOG_NOPCAP : FILTER_LOG_PCAP;
 	}
 #ifndef WITHOUT_MIRROR
 	if (a.log_mirror) {
-		log_err_level_printf(LOG_INFO, "Filter %s mirror log for %s, precedence %d\n", a.log_mirror % 2 ? "disable" : "enable", site, a.precedence);
+		log_fine_va("Filter %s mirror log for %s, precedence %d", a.log_mirror % 2 ? "disable" : "enable", site, a.precedence);
 		action |= (a.log_mirror % 2) ? FILTER_LOG_NOMIRROR : FILTER_LOG_MIRROR;
 	}
 #endif /* !WITHOUT_MIRROR */

src/pxyconn.h

@@ -446,7 +446,7 @@ void pxy_classify_user(pxy_conn_ctx_t *) NONNULL(1);
 void pxy_userauth(pxy_conn_ctx_t *) NONNULL(1);
 #endif /* !WITHOUT_USERAUTH */
 int pxyconn_apply_deferred_block_action(pxy_conn_ctx_t *) NONNULL(1) WUNRES;
-unsigned int pxyconn_set_filter_action(pxy_conn_ctx_t *, filter_action_t, char *) NONNULL(1,3) WUNRES;
+unsigned int pxyconn_set_filter_action(pxy_conn_ctx_t *, filter_action_t, UNUSED char *) NONNULL(1,3) WUNRES;
 unsigned int pxyconn_filter(pxy_conn_ctx_t *, proto_filter_func_t) NONNULL(1) WUNRES;
 void pxy_conn_setup(evutil_socket_t, struct sockaddr *, int,
                     pxy_thrmgr_ctx_t *, proxyspec_t *, global_t *,