From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 7EB051FF16E
	for <inbox@lore.proxmox.com>; Mon, 14 Apr 2025 17:45:11 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id F3DA7372B6;
	Mon, 14 Apr 2025 17:44:59 +0200 (CEST)
From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Mon, 14 Apr 2025 17:44:53 +0200
Message-Id: <20250414154455.274151-2-s.hanreich@proxmox.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20250414154455.274151-1-s.hanreich@proxmox.com>
References: <20250414154455.274151-1-s.hanreich@proxmox.com>
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.235 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery
 methods
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_NONE                0.001 SPF: sender does not publish an SPF Record
Subject: [pve-devel] [PATCH proxmox-firewall 1/2] firewall: use proxmox_log
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

The firewall did not yet use proxmox-log as its logging provider.
Adapt the existing code to setup logging via proxmox-log over the
current custom solution and import proxmox-log in all files as an
alias to the log cate.

This commit removes the ability to debug proxmox-firewall via running
it in the foreground and dumping the log output, since it now always
gets written to the journal. This will be fixed in a future commit,
that introduces dedicated subcommands for debugging.

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 debian/control                               |  3 +-
 debian/proxmox-firewall.service              |  2 --
 proxmox-firewall/Cargo.toml                  |  3 +-
 proxmox-firewall/src/bin/proxmox-firewall.rs | 33 ++++++--------------
 proxmox-firewall/src/config.rs               |  2 ++
 proxmox-firewall/src/firewall.rs             |  2 ++
 proxmox-firewall/src/object.rs               |  2 ++
 proxmox-firewall/src/rule.rs                 |  2 ++
 8 files changed, 19 insertions(+), 30 deletions(-)

diff --git a/debian/control b/debian/control
index 6323a4b..be6e584 100644
--- a/debian/control
+++ b/debian/control
@@ -5,10 +5,9 @@ Maintainer: Proxmox Support Team <support@proxmox.com>
 Build-Depends: cargo:native,
                debhelper-compat (= 13),
                librust-anyhow-1+default-dev,
-               librust-env-logger-0.11+default-dev,
                librust-insta-1+default-dev (>= 1.21-~~),
                librust-insta-1+json-dev (>= 1.21-~~),
-               librust-log-0.4+default-dev,
+               librust-proxmox-log-0.2+default-dev (>= 0.2.9-~~),
                librust-proxmox-sys-0.6+default-dev,
                librust-proxmox-ve-config-dev (>= 0.2.3-~~),
                librust-serde-1+default-dev,
diff --git a/debian/proxmox-firewall.service b/debian/proxmox-firewall.service
index c2dc903..ececa75 100644
--- a/debian/proxmox-firewall.service
+++ b/debian/proxmox-firewall.service
@@ -6,8 +6,6 @@ After=pvefw-logger.service pve-cluster.service network.target systemd-modules-lo
 [Service]
 ExecStart=/usr/libexec/proxmox/proxmox-firewall
 Type=simple
-Environment="RUST_LOG_STYLE=SYSTEMD"
-Environment="RUST_LOG=warn"
 
 [Install]
 WantedBy=multi-user.target
diff --git a/proxmox-firewall/Cargo.toml b/proxmox-firewall/Cargo.toml
index a9abf93..a7031a3 100644
--- a/proxmox-firewall/Cargo.toml
+++ b/proxmox-firewall/Cargo.toml
@@ -11,8 +11,6 @@ description = "Proxmox VE nftables firewall implementation"
 license = "AGPL-3"
 
 [dependencies]
-log = "0.4"
-env_logger = "0.11"
 anyhow = "1"
 
 serde = { version = "1", features = [ "derive" ] }
@@ -20,6 +18,7 @@ serde_json = "1"
 
 signal-hook = "0.3"
 
+proxmox-log = "0.2.9"
 proxmox-nftables = { path = "../proxmox-nftables", features = ["config-ext"] }
 proxmox-ve-config = { workspace = true }
 
diff --git a/proxmox-firewall/src/bin/proxmox-firewall.rs b/proxmox-firewall/src/bin/proxmox-firewall.rs
index 4732e51..70dca73 100644
--- a/proxmox-firewall/src/bin/proxmox-firewall.rs
+++ b/proxmox-firewall/src/bin/proxmox-firewall.rs
@@ -1,4 +1,3 @@
-use std::io::Write;
 use std::sync::atomic::{AtomicBool, Ordering};
 use std::sync::Arc;
 use std::time::{Duration, Instant};
@@ -7,6 +6,8 @@ use anyhow::{Context, Error};
 
 use proxmox_firewall::config::{FirewallConfig, PveFirewallConfigLoader, PveNftConfigLoader};
 use proxmox_firewall::firewall::Firewall;
+use proxmox_log as log;
+use proxmox_log::{LevelFilter, Logger};
 use proxmox_nftables::{client::NftError, NftClient};
 
 const RULE_BASE: &str = include_str!("../../resources/proxmox-firewall.nft");
@@ -54,31 +55,14 @@ fn handle_firewall() -> Result<(), Error> {
     Ok(())
 }
 
-fn init_logger() {
-    match std::env::var("RUST_LOG_STYLE") {
-        Ok(s) if s == "SYSTEMD" => env_logger::builder()
-            .format(|buf, record| {
-                writeln!(
-                    buf,
-                    "<{}>{}: {}",
-                    match record.level() {
-                        log::Level::Error => 3,
-                        log::Level::Warn => 4,
-                        log::Level::Info => 6,
-                        log::Level::Debug => 7,
-                        log::Level::Trace => 7,
-                    },
-                    record.target(),
-                    record.args()
-                )
-            })
-            .init(),
-        _ => env_logger::init(),
-    };
+fn init_logger() -> Result<(), Error> {
+    Logger::from_env("PVE_LOG", LevelFilter::WARN)
+        .journald()
+        .init()
 }
 
-fn main() -> Result<(), std::io::Error> {
-    init_logger();
+fn main() -> Result<(), Error> {
+    init_logger()?;
 
     let term = Arc::new(AtomicBool::new(false));
 
@@ -111,4 +95,5 @@ fn main() -> Result<(), std::io::Error> {
     }
 
     remove_firewall()
+        .with_context(|| "Could not remove firewall rules")
 }
diff --git a/proxmox-firewall/src/config.rs b/proxmox-firewall/src/config.rs
index ec9849e..ebfbabb 100644
--- a/proxmox-firewall/src/config.rs
+++ b/proxmox-firewall/src/config.rs
@@ -5,6 +5,8 @@ use std::io::{self, BufReader};
 
 use anyhow::{bail, format_err, Context, Error};
 
+use proxmox_log as log;
+
 use proxmox_ve_config::firewall::bridge::Config as BridgeConfig;
 use proxmox_ve_config::firewall::cluster::Config as ClusterConfig;
 use proxmox_ve_config::firewall::guest::Config as GuestConfig;
diff --git a/proxmox-firewall/src/firewall.rs b/proxmox-firewall/src/firewall.rs
index 086b96c..4448514 100644
--- a/proxmox-firewall/src/firewall.rs
+++ b/proxmox-firewall/src/firewall.rs
@@ -3,6 +3,8 @@ use std::fs;
 
 use anyhow::{bail, Error};
 
+use proxmox_log as log;
+
 use proxmox_nftables::command::{Add, Commands, Delete, Flush};
 use proxmox_nftables::expression::{Meta, Payload};
 use proxmox_nftables::helper::NfVec;
diff --git a/proxmox-firewall/src/object.rs b/proxmox-firewall/src/object.rs
index cf7e773..50ae7ba 100644
--- a/proxmox-firewall/src/object.rs
+++ b/proxmox-firewall/src/object.rs
@@ -1,4 +1,6 @@
 use anyhow::{format_err, Error};
+
+use proxmox_log as log;
 use proxmox_nftables::{
     command::{Add, Flush},
     expression::Prefix,
diff --git a/proxmox-firewall/src/rule.rs b/proxmox-firewall/src/rule.rs
index 14ee544..a1db01a 100644
--- a/proxmox-firewall/src/rule.rs
+++ b/proxmox-firewall/src/rule.rs
@@ -1,6 +1,8 @@
 use std::ops::{Deref, DerefMut};
 
 use anyhow::{bail, format_err, Error};
+
+use proxmox_log as log;
 use proxmox_nftables::{
     expression::{Ct, IpFamily, Meta, Payload, Prefix},
     statement::{Log, LogLevel, Match, Operator},
-- 
2.39.5


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel