From 43afe007f80845a508da13b36ab52dc9b7c6e640 Mon Sep 17 00:00:00 2001 From: Donald Sharp Date: Thu, 14 Jun 2018 10:38:40 -0400 Subject: [PATCH] bgpd, lib, zebra: Convert LIB_ERR_PRIVILEGES For all the places we zlog_err about raising/lowering privileges, use zlog_ferr. Signed-off-by: Donald Sharp --- bgpd/bgp_network.c | 13 ++++++----- lib/lib_errors.c | 22 +++++++++---------- lib/sockunion.c | 7 ++++-- lib/vrf.c | 14 +++++------- zebra/if_ioctl_solaris.c | 13 ++++++----- zebra/if_netlink.c | 5 +++-- zebra/ioctl.c | 19 ++++++++-------- zebra/ioctl_solaris.c | 13 ++++++----- zebra/ipforward_proc.c | 45 ++++++++++++++++++++++++-------------- zebra/ipforward_solaris.c | 13 +++++++---- zebra/ipforward_sysctl.c | 31 +++++++++++++------------- zebra/kernel_netlink.c | 19 +++++++++------- zebra/kernel_socket.c | 10 ++++++--- zebra/rt_socket.c | 5 +++-- zebra/zebra_mpls_openbsd.c | 9 ++++---- zebra/zebra_netns_notify.c | 17 +++++++------- zebra/zebra_ns.c | 5 +++-- zebra/zserv.c | 5 +++-- 18 files changed, 151 insertions(+), 114 deletions(-) diff --git a/bgpd/bgp_network.c b/bgpd/bgp_network.c index 84a959d0e8cb..3b844297123d 100644 --- a/bgpd/bgp_network.c +++ b/bgpd/bgp_network.c @@ -35,6 +35,7 @@ #include "hash.h" #include "filter.h" #include "ns.h" +#include "lib_errors.h" #include "bgpd/bgpd.h" #include "bgpd/bgp_open.h" @@ -544,12 +545,12 @@ int bgp_connect(struct peer *peer) return 0; } if (bgpd_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); /* Make socket for the peer. */ peer->fd = vrf_sockunion_socket(&peer->su, peer->bgp->vrf_id, bgp_get_bound_name(peer)); if (bgpd_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); if (peer->fd < 0) return -1; @@ -703,11 +704,11 @@ int bgp_socket(struct bgp *bgp, unsigned short port, const char *address) port_str[sizeof(port_str) - 1] = '\0'; if (bgpd_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); ret = vrf_getaddrinfo(address, port_str, &req, &ainfo_save, bgp->vrf_id); if (bgpd_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); if (ret != 0) { zlog_err("getaddrinfo: %s", gai_strerror(ret)); return -1; @@ -721,13 +722,13 @@ int bgp_socket(struct bgp *bgp, unsigned short port, const char *address) continue; if (bgpd_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); sock = vrf_socket(ainfo->ai_family, ainfo->ai_socktype, ainfo->ai_protocol, bgp->vrf_id, (bgp->inst_type == BGP_INSTANCE_TYPE_VRF ? bgp->name : NULL)); if (bgpd_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); if (sock < 0) { zlog_err("socket: %s", safe_strerror(errno)); continue; diff --git a/lib/lib_errors.c b/lib/lib_errors.c index 4ae69589a2c9..44d9ecd0337f 100644 --- a/lib/lib_errors.c +++ b/lib/lib_errors.c @@ -25,7 +25,7 @@ static struct ferr_ref ferr_lib_err[] = { { .code = LIB_ERR_PRIVILEGES, .title = "Failure to raise or lower privileges", - .description = "FRR attempted to raise or lower it's privileges and was unable to do so", + .description = "FRR attempted to raise or lower its privileges and was unable to do so", .suggestion = "Ensure that you are running FRR as the frr user and that the user has\nSufficient privileges to properly access root privileges" }, { @@ -38,41 +38,41 @@ static struct ferr_ref ferr_lib_err[] = { .code = LIB_ERR_SOCKET, .title = "Socket Error", .description = "When attempting to access a socket a system error has occured\nand we were unable to properly complete the request", - .suggestion = "Ensure that there is sufficient system resources available and\nensure that the frr user has sufficient permisions to work", + .suggestion = "Ensure that there are sufficient system resources available and\nensure that the frr user has sufficient permisions to work", }, { .code = LIB_ERR_ZAPI_MISSMATCH, - .title = "Zapi Error", + .title = "ZAPI Error", .description = "A version miss-match has been detected between zebra and client protocol", - .suggestion = "Two different versions of FRR have been installed and the install is\nnot properly setup. Completely stop FRR, remove it from the system and\nreinstall. Typically only developers should see this issue" + .suggestion = "Two different versions of FRR have been installed and the install is\nnot properly setup. Completely stop FRR, remove it from the system and\nreinstall. Typically only developers should see this issue." }, { .code = LIB_ERR_ZAPI_ENCODE, - .title = "Zapi Error", - .description = "The Zapi subsystem has detected an encoding issue, between zebra and a client protocol", + .title = "ZAPI Error", + .description = "The ZAPI subsystem has detected an encoding issue, between zebra and a client protocol", .suggestion = "Restart FRR" }, { .code = LIB_ERR_ZAPI_SOCKET, - .title = "Zapi Error", - .description = "The Zapi subsystem has detected a socket error between zebra and a client", + .title = "ZAPI Error", + .description = "The ZAPI subsystem has detected a socket error between zebra and a client", .suggestion = "Restart FRR" }, { .code = LIB_ERR_SYSTEM_CALL, .title = "System Call Error", .description = "FRR has detected a error from using a vital system call and has probably\nalready exited", - .suggestion = "Ensure permissions are correct for FRR and FRR user and groups are correct\nAdditionally check that system resources are still available" + .suggestion = "Ensure permissions are correct for FRR files, users and groups are correct.\nAdditionally check that sufficient system resources are available." }, { .code = LIB_ERR_VTY, - .title = "VTY subsystem Error", + .title = "VTY Subsystem Error", .description = "FRR has detected a problem with the specified configuration file", .suggestion = "Ensure configuration file exists and has correct permissions for operations\nAdditionally ensure that all config lines are correct as well", }, { .code = LIB_ERR_SNMP, - .title = "SNMP subsystem Error", + .title = "SNMP Subsystem Error", .description = "FRR has detected a problem with the snmp library it uses\nA callback from this subsystem has indicated some error", .suggestion = "Examine callback message and ensure snmp is properly setup and working" }, diff --git a/lib/sockunion.c b/lib/sockunion.c index 28a7f647cba7..2ff8d8072607 100644 --- a/lib/sockunion.c +++ b/lib/sockunion.c @@ -26,6 +26,7 @@ #include "memory.h" #include "log.h" #include "jhash.h" +#include "lib_errors.h" DEFINE_MTYPE_STATIC(LIB, SOCKUNION, "Socket union") @@ -363,12 +364,14 @@ int sockopt_mark_default(int sock, int mark, struct zebra_privs_t *cap) int ret; if (cap->change(ZPRIVS_RAISE)) - zlog_err("routing_socket: Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, + "routing_socket: Can't raise privileges"); ret = setsockopt(sock, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)); if (cap->change(ZPRIVS_LOWER)) - zlog_err("routing_socket: Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, + "routing_socket: Can't lower privileges"); return ret; #else diff --git a/lib/vrf.c b/lib/vrf.c index 7153174283cd..0053f13ba3c6 100644 --- a/lib/vrf.c +++ b/lib/vrf.c @@ -729,18 +729,16 @@ DEFUN (vrf_netns, if (!pathname) return CMD_WARNING_CONFIG_FAILED; - if (vrf_daemon_privs && - vrf_daemon_privs->change(ZPRIVS_RAISE)) - zlog_ferr(LIB_ERR_PRIVILEGES, - "%s: Can't raise privileges", __func__); + if (vrf_daemon_privs && vrf_daemon_privs->change(ZPRIVS_RAISE)) + zlog_ferr(LIB_ERR_PRIVILEGES, "%s: Can't raise privileges", + __func__); ret = vrf_netns_handler_create(vty, vrf, pathname, NS_UNKNOWN, NS_UNKNOWN); - if (vrf_daemon_privs && - vrf_daemon_privs->change(ZPRIVS_LOWER)) - zlog_ferr(LIB_ERR_PRIVILEGES, - "%s: Can't lower privileges", __func__); + if (vrf_daemon_privs && vrf_daemon_privs->change(ZPRIVS_LOWER)) + zlog_ferr(LIB_ERR_PRIVILEGES, "%s: Can't lower privileges", + __func__); return ret; } diff --git a/zebra/if_ioctl_solaris.c b/zebra/if_ioctl_solaris.c index 6627787fdc26..64412fba9262 100644 --- a/zebra/if_ioctl_solaris.c +++ b/zebra/if_ioctl_solaris.c @@ -34,6 +34,7 @@ #include "privs.h" #include "vrf.h" #include "vty.h" +#include "lib_errors.h" #include "zebra/interface.h" #include "zebra/ioctl_solaris.h" @@ -59,7 +60,7 @@ static int interface_list_ioctl(int af) char *buf = NULL; if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); sock = socket(af, SOCK_DGRAM, 0); if (sock < 0) { @@ -68,7 +69,7 @@ static int interface_list_ioctl(int af) safe_strerror(errno)); if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); return -1; } @@ -80,7 +81,7 @@ static int interface_list_ioctl(int af) save_errno = errno; if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); if (ret < 0) { zlog_warn("interface_list_ioctl: SIOCGLIFNUM failed %s", @@ -110,7 +111,7 @@ static int interface_list_ioctl(int af) lifconf.lifc_buf = buf; if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); ret = ioctl(sock, SIOCGLIFCONF, &lifconf); @@ -122,13 +123,13 @@ static int interface_list_ioctl(int af) zlog_warn("SIOCGLIFCONF: %s", safe_strerror(errno)); if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); goto end; } if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); /* Allocate interface. */ lifreq = lifconf.lifc_req; diff --git a/zebra/if_netlink.c b/zebra/if_netlink.c index e6d324ab6a64..1667b8f9b55b 100644 --- a/zebra/if_netlink.c +++ b/zebra/if_netlink.c @@ -52,6 +52,7 @@ #include "vrf.h" #include "vrf_int.h" #include "mpls.h" +#include "lib_errors.h" #include "vty.h" #include "zebra/zserv.h" @@ -374,7 +375,7 @@ static int get_iflink_speed(struct interface *interface) /* use ioctl to get IP address of an interface */ if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); sd = vrf_socket(PF_INET, SOCK_DGRAM, IPPROTO_IP, interface->vrf_id, NULL); if (sd < 0) { @@ -386,7 +387,7 @@ static int get_iflink_speed(struct interface *interface) /* Get the current link state for the interface */ rc = vrf_ioctl(interface->vrf_id, sd, SIOCETHTOOL, (char *)&ifdata); if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); if (rc < 0) { if (IS_ZEBRA_DEBUG_KERNEL) zlog_debug( diff --git a/zebra/ioctl.c b/zebra/ioctl.c index a577b008d5b4..981393965f36 100644 --- a/zebra/ioctl.c +++ b/zebra/ioctl.c @@ -27,6 +27,7 @@ #include "ioctl.h" #include "log.h" #include "privs.h" +#include "lib_errors.h" #include "vty.h" #include "zebra/rib.h" @@ -55,13 +56,13 @@ int if_ioctl(unsigned long request, caddr_t buffer) int err = 0; if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) { int save_errno = errno; if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); zlog_err("Cannot create UDP socket: %s", safe_strerror(save_errno)); exit(1); @@ -69,7 +70,7 @@ int if_ioctl(unsigned long request, caddr_t buffer) if ((ret = ioctl(sock, request, buffer)) < 0) err = errno; if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); close(sock); if (ret < 0) { @@ -87,13 +88,13 @@ int vrf_if_ioctl(unsigned long request, caddr_t buffer, vrf_id_t vrf_id) int err = 0; if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); sock = vrf_socket(AF_INET, SOCK_DGRAM, 0, vrf_id, NULL); if (sock < 0) { int save_errno = errno; if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); zlog_err("Cannot create UDP socket: %s", safe_strerror(save_errno)); exit(1); @@ -102,7 +103,7 @@ int vrf_if_ioctl(unsigned long request, caddr_t buffer, vrf_id_t vrf_id) if (ret < 0) err = errno; if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); close(sock); if (ret < 0) { @@ -120,13 +121,13 @@ static int if_ioctl_ipv6(unsigned long request, caddr_t buffer) int err = 0; if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); sock = socket(AF_INET6, SOCK_DGRAM, 0); if (sock < 0) { int save_errno = errno; if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); zlog_err("Cannot create IPv6 datagram socket: %s", safe_strerror(save_errno)); exit(1); @@ -135,7 +136,7 @@ static int if_ioctl_ipv6(unsigned long request, caddr_t buffer) if ((ret = ioctl(sock, request, buffer)) < 0) err = errno; if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); close(sock); if (ret < 0) { diff --git a/zebra/ioctl_solaris.c b/zebra/ioctl_solaris.c index eb68451f7ca3..24f5fde7943f 100644 --- a/zebra/ioctl_solaris.c +++ b/zebra/ioctl_solaris.c @@ -31,6 +31,7 @@ #include "privs.h" #include "vty.h" #include "vrf.h" +#include "lib_errors.h" #include "zebra/rib.h" #include "zebra/rt.h" @@ -58,13 +59,13 @@ int if_ioctl(unsigned long request, caddr_t buffer) int err; if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) { int save_errno = errno; if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); zlog_err("Cannot create UDP socket: %s", safe_strerror(save_errno)); exit(1); @@ -74,7 +75,7 @@ int if_ioctl(unsigned long request, caddr_t buffer) err = errno; if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); close(sock); @@ -93,13 +94,13 @@ int if_ioctl_ipv6(unsigned long request, caddr_t buffer) int err; if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); sock = socket(AF_INET6, SOCK_DGRAM, 0); if (sock < 0) { int save_errno = errno; if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); zlog_err("Cannot create IPv6 datagram socket: %s", safe_strerror(save_errno)); exit(1); @@ -109,7 +110,7 @@ int if_ioctl_ipv6(unsigned long request, caddr_t buffer) err = errno; if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); close(sock); diff --git a/zebra/ipforward_proc.c b/zebra/ipforward_proc.c index f823ec4384c9..feafbb27cfcd 100644 --- a/zebra/ipforward_proc.c +++ b/zebra/ipforward_proc.c @@ -25,6 +25,7 @@ #include "log.h" #include "privs.h" +#include "lib_errors.h" #include "zebra/ipforward.h" @@ -77,14 +78,16 @@ int ipforward_on(void) FILE *fp; if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges, %s", safe_strerror(errno)); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges, %s", + safe_strerror(errno)); fp = fopen(proc_ipv4_forwarding, "w"); if (fp == NULL) { if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges, %s", - safe_strerror(errno)); + zlog_ferr(LIB_ERR_PRIVILEGES, + "Can't lower privileges, %s", + safe_strerror(errno)); return -1; } @@ -93,7 +96,8 @@ int ipforward_on(void) fclose(fp); if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges, %s", safe_strerror(errno)); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges, %s", + safe_strerror(errno)); return ipforward(); } @@ -103,14 +107,16 @@ int ipforward_off(void) FILE *fp; if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges, %s", safe_strerror(errno)); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges, %s", + safe_strerror(errno)); fp = fopen(proc_ipv4_forwarding, "w"); if (fp == NULL) { if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges, %s", - safe_strerror(errno)); + zlog_ferr(LIB_ERR_PRIVILEGES, + "Can't lower privileges, %s", + safe_strerror(errno)); return -1; } @@ -119,7 +125,8 @@ int ipforward_off(void) fclose(fp); if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges, %s", safe_strerror(errno)); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges, %s", + safe_strerror(errno)); return ipforward(); } @@ -154,14 +161,16 @@ int ipforward_ipv6_on(void) FILE *fp; if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges, %s", safe_strerror(errno)); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges, %s", + safe_strerror(errno)); fp = fopen(proc_ipv6_forwarding, "w"); if (fp == NULL) { if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges, %s", - safe_strerror(errno)); + zlog_ferr(LIB_ERR_PRIVILEGES, + "Can't lower privileges, %s", + safe_strerror(errno)); return -1; } @@ -170,7 +179,8 @@ int ipforward_ipv6_on(void) fclose(fp); if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges, %s", safe_strerror(errno)); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges, %s", + safe_strerror(errno)); return ipforward_ipv6(); } @@ -181,14 +191,16 @@ int ipforward_ipv6_off(void) FILE *fp; if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges, %s", safe_strerror(errno)); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges, %s", + safe_strerror(errno)); fp = fopen(proc_ipv6_forwarding, "w"); if (fp == NULL) { if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges, %s", - safe_strerror(errno)); + zlog_ferr(LIB_ERR_PRIVILEGES, + "Can't lower privileges, %s", + safe_strerror(errno)); return -1; } @@ -197,7 +209,8 @@ int ipforward_ipv6_off(void) fclose(fp); if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges, %s", safe_strerror(errno)); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges, %s", + safe_strerror(errno)); return ipforward_ipv6(); } diff --git a/zebra/ipforward_solaris.c b/zebra/ipforward_solaris.c index 123cf1bd081b..36e2211dae1f 100644 --- a/zebra/ipforward_solaris.c +++ b/zebra/ipforward_solaris.c @@ -25,6 +25,7 @@ #include "log.h" #include "prefix.h" +#include "lib_errors.h" #include "privs.h" #include "zebra/ipforward.h" @@ -82,18 +83,21 @@ static int solaris_nd(const int cmd, const char *parameter, const int value) strioctl.ic_dp = nd_buf; if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("solaris_nd: Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, + "solaris_nd: Can't raise privileges"); if ((fd = open(device, O_RDWR)) < 0) { zlog_warn("failed to open device %s - %s", device, safe_strerror(errno)); if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("solaris_nd: Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, + "solaris_nd: Can't lower privileges"); return -1; } if (ioctl(fd, I_STR, &strioctl) < 0) { int save_errno = errno; if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("solaris_nd: Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, + "solaris_nd: Can't lower privileges"); close(fd); zlog_warn("ioctl I_STR failed on device %s - %s", device, safe_strerror(save_errno)); @@ -101,7 +105,8 @@ static int solaris_nd(const int cmd, const char *parameter, const int value) } close(fd); if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("solaris_nd: Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, + "solaris_nd: Can't lower privileges"); if (cmd == ND_GET) { errno = 0; diff --git a/zebra/ipforward_sysctl.c b/zebra/ipforward_sysctl.c index cdf426b9b8ff..8e34ed73bc36 100644 --- a/zebra/ipforward_sysctl.c +++ b/zebra/ipforward_sysctl.c @@ -26,6 +26,7 @@ #include "zebra/ipforward.h" #include "log.h" +#include "lib_errors.h" #define MIB_SIZ 4 @@ -54,15 +55,15 @@ int ipforward_on(void) len = sizeof ipforwarding; if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); if (sysctl(mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) { if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); zlog_warn("Can't set ipforwarding on"); return -1; } if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); return ipforwarding; } @@ -73,15 +74,15 @@ int ipforward_off(void) len = sizeof ipforwarding; if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); if (sysctl(mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) { if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); zlog_warn("Can't set ipforwarding on"); return -1; } if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); return ipforwarding; } @@ -101,15 +102,15 @@ int ipforward_ipv6(void) len = sizeof ip6forwarding; if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); if (sysctl(mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0) { if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); zlog_warn("can't get ip6forwarding value"); return -1; } if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); return ip6forwarding; } @@ -120,15 +121,15 @@ int ipforward_ipv6_on(void) len = sizeof ip6forwarding; if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); if (sysctl(mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) { if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); zlog_warn("can't get ip6forwarding value"); return -1; } if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); return ip6forwarding; } @@ -139,15 +140,15 @@ int ipforward_ipv6_off(void) len = sizeof ip6forwarding; if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); if (sysctl(mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len) < 0) { if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); zlog_warn("can't get ip6forwarding value"); return -1; } if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); return ip6forwarding; } diff --git a/zebra/kernel_netlink.c b/zebra/kernel_netlink.c index 0e79b8253319..316eadabd38f 100644 --- a/zebra/kernel_netlink.c +++ b/zebra/kernel_netlink.c @@ -36,6 +36,7 @@ #include "nexthop.h" #include "vrf.h" #include "mpls.h" +#include "lib_errors.h" #include "zebra/zserv.h" #include "zebra/zebra_ns.h" @@ -164,11 +165,13 @@ static int netlink_recvbuf(struct nlsock *nl, uint32_t newsize) /* Try force option (linux >= 2.6.14) and fall back to normal set */ if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("routing_socket: Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, + "routing_socket: Can't raise privileges"); ret = setsockopt(nl->sock, SOL_SOCKET, SO_RCVBUFFORCE, &nl_rcvbufsize, sizeof(nl_rcvbufsize)); if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("routing_socket: Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, + "routing_socket: Can't lower privileges"); if (ret < 0) ret = setsockopt(nl->sock, SOL_SOCKET, SO_RCVBUF, &nl_rcvbufsize, sizeof(nl_rcvbufsize)); @@ -201,7 +204,7 @@ static int netlink_socket(struct nlsock *nl, unsigned long groups, int save_errno; if (zserv_privs.change(ZPRIVS_RAISE)) { - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); return -1; } @@ -220,7 +223,7 @@ static int netlink_socket(struct nlsock *nl, unsigned long groups, ret = bind(sock, (struct sockaddr *)&snl, sizeof snl); save_errno = errno; if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); if (ret < 0) { zlog_err("Can't bind %s socket to group 0x%x: %s", nl->name, @@ -761,11 +764,11 @@ int netlink_talk(int (*filter)(struct nlmsghdr *, ns_id_t, int startup), /* Send message to netlink interface. */ if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); status = sendmsg(nl->sock, &msg, 0); save_errno = errno; if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); if (IS_ZEBRA_DEBUG_KERNEL_MSGDUMP_SEND) { zlog_debug("%s: >> netlink message dump [sent]", __func__); @@ -811,7 +814,7 @@ int netlink_request(struct nlsock *nl, struct nlmsghdr *n) /* Raise capabilities and send message, then lower capabilities. */ if (zserv_privs.change(ZPRIVS_RAISE)) { - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); return -1; } @@ -820,7 +823,7 @@ int netlink_request(struct nlsock *nl, struct nlmsghdr *n) save_errno = errno; if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); if (ret < 0) { zlog_err("%s sendto failed: %s", nl->name, diff --git a/zebra/kernel_socket.c b/zebra/kernel_socket.c index b85c4748c4c1..2b18bdc34806 100644 --- a/zebra/kernel_socket.c +++ b/zebra/kernel_socket.c @@ -39,6 +39,7 @@ #include "rib.h" #include "privs.h" #include "vrf.h" +#include "lib_errors.h" #include "zebra/rt.h" #include "zebra/interface.h" @@ -1383,14 +1384,16 @@ static int kernel_read(struct thread *thread) static void routing_socket(struct zebra_ns *zns) { if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("routing_socket: Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, + "routing_socket: Can't raise privileges"); routing_sock = ns_socket(AF_ROUTE, SOCK_RAW, 0, zns->ns_id); if (routing_sock < 0) { if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("routing_socket: Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, + "routing_socket: Can't lower privileges"); zlog_warn("Can't init kernel routing socket"); return; } @@ -1403,7 +1406,8 @@ static void routing_socket(struct zebra_ns *zns) zlog_warn ("Can't set O_NONBLOCK to routing socket");*/ if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("routing_socket: Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, + "routing_socket: Can't lower privileges"); /* kernel_read needs rewrite. */ thread_add_read(zebrad.master, kernel_read, NULL, routing_sock, NULL); diff --git a/zebra/rt_socket.c b/zebra/rt_socket.c index 441f518e9166..45c02d279e0d 100644 --- a/zebra/rt_socket.c +++ b/zebra/rt_socket.c @@ -33,6 +33,7 @@ #include "log.h" #include "privs.h" #include "vxlan.h" +#include "lib_errors.h" #include "zebra/debug.h" #include "zebra/rib.h" @@ -399,7 +400,7 @@ enum dp_req_result kernel_route_rib(struct route_node *rn, } if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); if (old) route |= kernel_rtm(RTM_DELETE, p, old); @@ -408,7 +409,7 @@ enum dp_req_result kernel_route_rib(struct route_node *rn, route |= kernel_rtm(RTM_ADD, p, new); if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); if (new) { kernel_route_rib_pass_fail( diff --git a/zebra/zebra_mpls_openbsd.c b/zebra/zebra_mpls_openbsd.c index 412fe7d3dd3f..c684167e386a 100644 --- a/zebra/zebra_mpls_openbsd.c +++ b/zebra/zebra_mpls_openbsd.c @@ -31,6 +31,7 @@ #include "prefix.h" #include "interface.h" #include "log.h" +#include "lib_errors.h" extern struct zebra_privs_t zserv_privs; @@ -117,10 +118,10 @@ static int kernel_send_rtmsg_v4(int action, mpls_label_t in_label, } if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); ret = writev(kr_state.fd, iov, iovcnt); if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); if (ret == -1) zlog_err("%s: %s", __func__, safe_strerror(errno)); @@ -225,10 +226,10 @@ static int kernel_send_rtmsg_v6(int action, mpls_label_t in_label, } if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); ret = writev(kr_state.fd, iov, iovcnt); if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); if (ret == -1) zlog_err("%s: %s", __func__, safe_strerror(errno)); diff --git a/zebra/zebra_netns_notify.c b/zebra/zebra_netns_notify.c index 30f850597c65..4c60d844e273 100644 --- a/zebra/zebra_netns_notify.c +++ b/zebra/zebra_netns_notify.c @@ -34,6 +34,7 @@ #include "ns.h" #include "command.h" #include "memory.h" +#include "lib_errors.h" #include "zserv.h" #include "zebra_memory.h" @@ -76,10 +77,10 @@ static void zebra_ns_notify_create_context_from_entry_name(const char *name) return; if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); ns_id = zebra_ns_id_get(netnspath); if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); ns_id_external = ns_map_nsid_with_external(ns_id, true); /* if VRF with NS ID already present */ vrf = vrf_lookup_by_id((vrf_id_t)ns_id_external); @@ -95,11 +96,11 @@ static void zebra_ns_notify_create_context_from_entry_name(const char *name) return; } if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); ret = vrf_netns_handler_create(NULL, vrf, netnspath, ns_id_external, ns_id); if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); if (ret != CMD_SUCCESS) { zlog_warn("NS notify : failed to create NS %s", netnspath); ns_map_nsid_with_external(ns_id, false); @@ -166,19 +167,19 @@ static int zebra_ns_ready_read(struct thread *t) if (--zns_info->retries == 0) stop_retry = 1; if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); err = ns_switch_to_netns(netnspath); if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); if (err < 0) return zebra_ns_continue_read(zns_info, stop_retry); /* go back to default ns */ if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); err = ns_switchback_to_initial(); if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); if (err < 0) return zebra_ns_continue_read(zns_info, stop_retry); diff --git a/zebra/zebra_ns.c b/zebra/zebra_ns.c index 25e68cc081a8..8676d3aec800 100644 --- a/zebra/zebra_ns.c +++ b/zebra/zebra_ns.c @@ -26,6 +26,7 @@ #include "lib/logicalrouter.h" #include "lib/prefix.h" #include "lib/memory.h" +#include "lib/lib_errors.h" #include "rtadv.h" #include "zebra_ns.h" @@ -315,10 +316,10 @@ int zebra_ns_init(void) dzns = zebra_ns_alloc(); if (zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); ns_id = zebra_ns_id_get_default(); if (zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); ns_id_external = ns_map_nsid_with_external(ns_id, true); ns_init_management(ns_id_external, ns_id); diff --git a/zebra/zserv.c b/zebra/zserv.c index 14e0db40bfb5..21b5c04d0f7e 100644 --- a/zebra/zserv.c +++ b/zebra/zserv.c @@ -54,6 +54,7 @@ #include "lib/zclient.h" /* for zmsghdr, ZEBRA_HEADER_SIZE, ZEBRA... */ #include "lib/frr_pthread.h" /* for frr_pthread_new, frr_pthread_stop... */ #include "lib/frratomic.h" /* for atomic_load_explicit, atomic_stor... */ +#include "lib/lib_errors.h" /* for generic ferr ids */ #include "zebra/debug.h" /* for various debugging macros */ #include "zebra/rib.h" /* for rib_score_proto */ @@ -778,7 +779,7 @@ void zserv_start(char *path) zserv_privs.change(ZPRIVS_LOWER); if (sa.ss_family != AF_UNIX && zserv_privs.change(ZPRIVS_RAISE)) - zlog_err("Can't raise privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't raise privileges"); ret = bind(zebrad.sock, (struct sockaddr *)&sa, sa_len); if (ret < 0) { @@ -791,7 +792,7 @@ void zserv_start(char *path) return; } if (sa.ss_family != AF_UNIX && zserv_privs.change(ZPRIVS_LOWER)) - zlog_err("Can't lower privileges"); + zlog_ferr(LIB_ERR_PRIVILEGES, "Can't lower privileges"); ret = listen(zebrad.sock, 5); if (ret < 0) {