[pve-devel] [PATCH proxmox-firewall 1/2] firewall: use proxmox_log
Stefan Hanreich
s.hanreich at proxmox.com
Mon Apr 14 17:44:53 CEST 2025
The firewall did not yet use proxmox-log as its logging provider.
Adapt the existing code to setup logging via proxmox-log over the
current custom solution and import proxmox-log in all files as an
alias to the log cate.
This commit removes the ability to debug proxmox-firewall via running
it in the foreground and dumping the log output, since it now always
gets written to the journal. This will be fixed in a future commit,
that introduces dedicated subcommands for debugging.
Signed-off-by: Stefan Hanreich <s.hanreich at proxmox.com>
---
debian/control | 3 +-
debian/proxmox-firewall.service | 2 --
proxmox-firewall/Cargo.toml | 3 +-
proxmox-firewall/src/bin/proxmox-firewall.rs | 33 ++++++--------------
proxmox-firewall/src/config.rs | 2 ++
proxmox-firewall/src/firewall.rs | 2 ++
proxmox-firewall/src/object.rs | 2 ++
proxmox-firewall/src/rule.rs | 2 ++
8 files changed, 19 insertions(+), 30 deletions(-)
diff --git a/debian/control b/debian/control
index 6323a4b..be6e584 100644
--- a/debian/control
+++ b/debian/control
@@ -5,10 +5,9 @@ Maintainer: Proxmox Support Team <support at proxmox.com>
Build-Depends: cargo:native,
debhelper-compat (= 13),
librust-anyhow-1+default-dev,
- librust-env-logger-0.11+default-dev,
librust-insta-1+default-dev (>= 1.21-~~),
librust-insta-1+json-dev (>= 1.21-~~),
- librust-log-0.4+default-dev,
+ librust-proxmox-log-0.2+default-dev (>= 0.2.9-~~),
librust-proxmox-sys-0.6+default-dev,
librust-proxmox-ve-config-dev (>= 0.2.3-~~),
librust-serde-1+default-dev,
diff --git a/debian/proxmox-firewall.service b/debian/proxmox-firewall.service
index c2dc903..ececa75 100644
--- a/debian/proxmox-firewall.service
+++ b/debian/proxmox-firewall.service
@@ -6,8 +6,6 @@ After=pvefw-logger.service pve-cluster.service network.target systemd-modules-lo
[Service]
ExecStart=/usr/libexec/proxmox/proxmox-firewall
Type=simple
-Environment="RUST_LOG_STYLE=SYSTEMD"
-Environment="RUST_LOG=warn"
[Install]
WantedBy=multi-user.target
diff --git a/proxmox-firewall/Cargo.toml b/proxmox-firewall/Cargo.toml
index a9abf93..a7031a3 100644
--- a/proxmox-firewall/Cargo.toml
+++ b/proxmox-firewall/Cargo.toml
@@ -11,8 +11,6 @@ description = "Proxmox VE nftables firewall implementation"
license = "AGPL-3"
[dependencies]
-log = "0.4"
-env_logger = "0.11"
anyhow = "1"
serde = { version = "1", features = [ "derive" ] }
@@ -20,6 +18,7 @@ serde_json = "1"
signal-hook = "0.3"
+proxmox-log = "0.2.9"
proxmox-nftables = { path = "../proxmox-nftables", features = ["config-ext"] }
proxmox-ve-config = { workspace = true }
diff --git a/proxmox-firewall/src/bin/proxmox-firewall.rs b/proxmox-firewall/src/bin/proxmox-firewall.rs
index 4732e51..70dca73 100644
--- a/proxmox-firewall/src/bin/proxmox-firewall.rs
+++ b/proxmox-firewall/src/bin/proxmox-firewall.rs
@@ -1,4 +1,3 @@
-use std::io::Write;
use std::sync::atomic::{AtomicBool, Ordering};
use std::sync::Arc;
use std::time::{Duration, Instant};
@@ -7,6 +6,8 @@ use anyhow::{Context, Error};
use proxmox_firewall::config::{FirewallConfig, PveFirewallConfigLoader, PveNftConfigLoader};
use proxmox_firewall::firewall::Firewall;
+use proxmox_log as log;
+use proxmox_log::{LevelFilter, Logger};
use proxmox_nftables::{client::NftError, NftClient};
const RULE_BASE: &str = include_str!("../../resources/proxmox-firewall.nft");
@@ -54,31 +55,14 @@ fn handle_firewall() -> Result<(), Error> {
Ok(())
}
-fn init_logger() {
- match std::env::var("RUST_LOG_STYLE") {
- Ok(s) if s == "SYSTEMD" => env_logger::builder()
- .format(|buf, record| {
- writeln!(
- buf,
- "<{}>{}: {}",
- match record.level() {
- log::Level::Error => 3,
- log::Level::Warn => 4,
- log::Level::Info => 6,
- log::Level::Debug => 7,
- log::Level::Trace => 7,
- },
- record.target(),
- record.args()
- )
- })
- .init(),
- _ => env_logger::init(),
- };
+fn init_logger() -> Result<(), Error> {
+ Logger::from_env("PVE_LOG", LevelFilter::WARN)
+ .journald()
+ .init()
}
-fn main() -> Result<(), std::io::Error> {
- init_logger();
+fn main() -> Result<(), Error> {
+ init_logger()?;
let term = Arc::new(AtomicBool::new(false));
@@ -111,4 +95,5 @@ fn main() -> Result<(), std::io::Error> {
}
remove_firewall()
+ .with_context(|| "Could not remove firewall rules")
}
diff --git a/proxmox-firewall/src/config.rs b/proxmox-firewall/src/config.rs
index ec9849e..ebfbabb 100644
--- a/proxmox-firewall/src/config.rs
+++ b/proxmox-firewall/src/config.rs
@@ -5,6 +5,8 @@ use std::io::{self, BufReader};
use anyhow::{bail, format_err, Context, Error};
+use proxmox_log as log;
+
use proxmox_ve_config::firewall::bridge::Config as BridgeConfig;
use proxmox_ve_config::firewall::cluster::Config as ClusterConfig;
use proxmox_ve_config::firewall::guest::Config as GuestConfig;
diff --git a/proxmox-firewall/src/firewall.rs b/proxmox-firewall/src/firewall.rs
index 086b96c..4448514 100644
--- a/proxmox-firewall/src/firewall.rs
+++ b/proxmox-firewall/src/firewall.rs
@@ -3,6 +3,8 @@ use std::fs;
use anyhow::{bail, Error};
+use proxmox_log as log;
+
use proxmox_nftables::command::{Add, Commands, Delete, Flush};
use proxmox_nftables::expression::{Meta, Payload};
use proxmox_nftables::helper::NfVec;
diff --git a/proxmox-firewall/src/object.rs b/proxmox-firewall/src/object.rs
index cf7e773..50ae7ba 100644
--- a/proxmox-firewall/src/object.rs
+++ b/proxmox-firewall/src/object.rs
@@ -1,4 +1,6 @@
use anyhow::{format_err, Error};
+
+use proxmox_log as log;
use proxmox_nftables::{
command::{Add, Flush},
expression::Prefix,
diff --git a/proxmox-firewall/src/rule.rs b/proxmox-firewall/src/rule.rs
index 14ee544..a1db01a 100644
--- a/proxmox-firewall/src/rule.rs
+++ b/proxmox-firewall/src/rule.rs
@@ -1,6 +1,8 @@
use std::ops::{Deref, DerefMut};
use anyhow::{bail, format_err, Error};
+
+use proxmox_log as log;
use proxmox_nftables::{
expression::{Ct, IpFamily, Meta, Payload, Prefix},
statement::{Log, LogLevel, Match, Operator},
--
2.39.5
More information about the pve-devel
mailing list