Change most PRG_TRACE prints to PRG_DEBUG

Use PRG_TRACE for the really noisy (and performance-impacting) log
prints, like packet info and "No work to do" polling.  Use PRG_DEBUG for
other verbose-but-infrequent debug output.  Change the command line
parsing so that "-v" enables PRG_DEBUG and "-vv" enables PRG_TRACE.

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>

auth.c

@@ -240,7 +240,7 @@ static int parse_form(struct openconnect_info *vpninfo, struct oc_auth_form *for
 			continue;
 		}
 		if (strcmp((char *)xml_node->name, "input")) {
-			vpn_progress(vpninfo, PRG_TRACE,
+			vpn_progress(vpninfo, PRG_DEBUG,
 				     _("name %s not input\n"), xml_node->name);
 			continue;
 		}
@@ -555,7 +555,7 @@ int parse_xml_response(struct openconnect_info *vpninfo, char *response, struct
 		*cert_rq = 0;
 
 	if (!response) {
-		vpn_progress(vpninfo, PRG_TRACE,
+		vpn_progress(vpninfo, PRG_DEBUG,
 			     _("Empty response from server\n"));
 		return -EINVAL;
 	}
@@ -568,7 +568,7 @@ int parse_xml_response(struct openconnect_info *vpninfo, char *response, struct
 	if (!xml_doc) {
 		vpn_progress(vpninfo, PRG_ERR,
 			     _("Failed to parse server response\n"));
-		vpn_progress(vpninfo, PRG_TRACE,
+		vpn_progress(vpninfo, PRG_DEBUG,
 			     _("Response was:%s\n"), response);
 		free(form);
 		return -EINVAL;

cstp.c

@@ -105,7 +105,7 @@ static void calculate_mtu(struct openconnect_info *vpninfo, int *base_mtu, int *
 
 		if (!getsockopt(vpninfo->ssl_fd, IPPROTO_TCP, TCP_INFO,
 				&ti, &ti_size)) {
-			vpn_progress(vpninfo, PRG_TRACE,
+			vpn_progress(vpninfo, PRG_DEBUG,
 				     _("TCP_INFO rcv mss %d, snd mss %d, adv mss %d, pmtu %d\n"),
 				     ti.tcpi_rcv_mss, ti.tcpi_snd_mss, ti.tcpi_advmss, ti.tcpi_pmtu);
 			if (!*base_mtu)
@@ -125,7 +125,7 @@ static void calculate_mtu(struct openconnect_info *vpninfo, int *base_mtu, int *
 		socklen_t mss_size = sizeof(mss);
 		if (!getsockopt(vpninfo->ssl_fd, IPPROTO_TCP, TCP_MAXSEG,
 				&mss, &mss_size)) {
-			vpn_progress(vpninfo, PRG_TRACE, _("TCP_MAXSEG %d\n"), mss);
+			vpn_progress(vpninfo, PRG_DEBUG, _("TCP_MAXSEG %d\n"), mss);
 			*mtu = mss - 13;
 		}
 	}
@@ -309,9 +309,9 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
 
 		/* This contains the whole document, including the webvpn cookie. */
 		if (!strcasecmp(buf, "X-CSTP-Post-Auth-XML"))
-			vpn_progress(vpninfo, PRG_TRACE, "%s: %s\n", buf, _("<elided>"));
+			vpn_progress(vpninfo, PRG_DEBUG, "%s: %s\n", buf, _("<elided>"));
 		else
-			vpn_progress(vpninfo, PRG_TRACE, "%s: %s\n", buf, colon);
+			vpn_progress(vpninfo, PRG_DEBUG, "%s: %s\n", buf, colon);
 
 		if (!strncmp(buf, "X-DTLS-", 7)) {
 			*next_dtls_option = new_option;
@@ -756,18 +756,18 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout)
 		vpninfo->ssl_times.last_rx = time(NULL);
 		switch (buf[6]) {
 		case AC_PKT_DPD_OUT:
-			vpn_progress(vpninfo, PRG_TRACE,
+			vpn_progress(vpninfo, PRG_DEBUG,
 				     _("Got CSTP DPD request\n"));
 			vpninfo->owe_ssl_dpd_response = 1;
 			continue;
 
 		case AC_PKT_DPD_RESP:
-			vpn_progress(vpninfo, PRG_TRACE,
+			vpn_progress(vpninfo, PRG_DEBUG,
 				     _("Got CSTP DPD response\n"));
 			continue;
 
 		case AC_PKT_KEEPALIVE:
-			vpn_progress(vpninfo, PRG_TRACE,
+			vpn_progress(vpninfo, PRG_DEBUG,
 				     _("Got CSTP Keepalive\n"));
 			continue;
 
@@ -919,7 +919,7 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout)
 		return 1;
 
 	case KA_DPD:
-		vpn_progress(vpninfo, PRG_TRACE, _("Send CSTP DPD\n"));
+		vpn_progress(vpninfo, PRG_DEBUG, _("Send CSTP DPD\n"));
 
 		vpninfo->current_ssl_pkt = &dpd_pkt;
 		goto handle_outgoing;
@@ -930,7 +930,7 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout)
 		if (vpninfo->dtls_state != DTLS_CONNECTED && vpninfo->outgoing_queue)
 			break;
 
-		vpn_progress(vpninfo, PRG_TRACE, _("Send CSTP Keepalive\n"));
+		vpn_progress(vpninfo, PRG_DEBUG, _("Send CSTP Keepalive\n"));
 
 		vpninfo->current_ssl_pkt = &keepalive_pkt;
 		goto handle_outgoing;

dtls.c

@@ -291,7 +291,7 @@ int dtls_try_handshake(struct openconnect_info *vpninfo)
 			vpn_progress(vpninfo, PRG_ERR, _("This is probably because your OpenSSL is broken\n"
 				"See http://rt.openssl.org/Ticket/Display.html?id=2984\n"));
 		} else {
-			vpn_progress(vpninfo, PRG_TRACE, _("DTLS handshake timed out\n"));
+			vpn_progress(vpninfo, PRG_DEBUG, _("DTLS handshake timed out\n"));
 		}
 	}
 
@@ -438,7 +438,7 @@ int dtls_try_handshake(struct openconnect_info *vpninfo)
 	if (err == GNUTLS_E_AGAIN) {
 		if (time(NULL) < vpninfo->new_dtls_started + 12)
 			return 0;
-		vpn_progress(vpninfo, PRG_TRACE, _("DTLS handshake timed out\n"));
+		vpn_progress(vpninfo, PRG_DEBUG, _("DTLS handshake timed out\n"));
 	}
 
 	vpn_progress(vpninfo, PRG_ERR, _("DTLS handshake failed: %s\n"),
@@ -602,7 +602,7 @@ int openconnect_setup_dtls(struct openconnect_info *vpninfo, int dtls_attempt_pe
 #endif
 
 	while (dtls_opt) {
-		vpn_progress(vpninfo, PRG_TRACE,
+		vpn_progress(vpninfo, PRG_DEBUG,
 			     _("DTLS option %s : %s\n"),
 			     dtls_opt->option, dtls_opt->value);
 
@@ -660,7 +660,7 @@ int openconnect_setup_dtls(struct openconnect_info *vpninfo, int dtls_attempt_pe
 	if (connect_dtls_socket(vpninfo))
 		return -EINVAL;
 
-	vpn_progress(vpninfo, PRG_TRACE,
+	vpn_progress(vpninfo, PRG_DEBUG,
 		     _("DTLS initialised. DPD %d, Keepalive %d\n"),
 		     vpninfo->dtls_times.dpd, vpninfo->dtls_times.keepalive);
 
@@ -684,7 +684,7 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
 		int when = vpninfo->new_dtls_started + vpninfo->dtls_attempt_period - time(NULL);
 
 		if (when <= 0) {
-			vpn_progress(vpninfo, PRG_TRACE, _("Attempt new DTLS connection\n"));
+			vpn_progress(vpninfo, PRG_DEBUG, _("Attempt new DTLS connection\n"));
 			connect_dtls_socket(vpninfo);
 		} else if ((when * 1000) < *timeout) {
 			*timeout = when * 1000;
@@ -725,7 +725,7 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
 			break;
 
 		case AC_PKT_DPD_OUT:
-			vpn_progress(vpninfo, PRG_TRACE, _("Got DTLS DPD request\n"));
+			vpn_progress(vpninfo, PRG_DEBUG, _("Got DTLS DPD request\n"));
 
 			/* FIXME: What if the packet doesn't get through? */
 			magic_pkt = AC_PKT_DPD_RESP;
@@ -735,11 +735,11 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
 			continue;
 
 		case AC_PKT_DPD_RESP:
-			vpn_progress(vpninfo, PRG_TRACE, _("Got DTLS DPD response\n"));
+			vpn_progress(vpninfo, PRG_DEBUG, _("Got DTLS DPD response\n"));
 			break;
 
 		case AC_PKT_KEEPALIVE:
-			vpn_progress(vpninfo, PRG_TRACE, _("Got DTLS Keepalive\n"));
+			vpn_progress(vpninfo, PRG_DEBUG, _("Got DTLS Keepalive\n"));
 			break;
 
 		default:
@@ -787,7 +787,7 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
 		return 1;
 
 	case KA_DPD:
-		vpn_progress(vpninfo, PRG_TRACE, _("Send DTLS DPD\n"));
+		vpn_progress(vpninfo, PRG_DEBUG, _("Send DTLS DPD\n"));
 
 		magic_pkt = AC_PKT_DPD_OUT;
 		if (DTLS_SEND(vpninfo->dtls_ssl, &magic_pkt, 1) != 1)
@@ -805,7 +805,7 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
 		if (vpninfo->outgoing_queue)
 			break;
 
-		vpn_progress(vpninfo, PRG_TRACE, _("Send DTLS Keepalive\n"));
+		vpn_progress(vpninfo, PRG_DEBUG, _("Send DTLS Keepalive\n"));
 
 		magic_pkt = AC_PKT_KEEPALIVE;
 		if (DTLS_SEND(vpninfo->dtls_ssl, &magic_pkt, 1) != 1)

gnutls.c

@@ -121,7 +121,7 @@ int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len
 			/* We've seen this with HTTP 1.0 responses followed by abrupt
 			   socket closure and no clean SSL shutdown.
 			   https://bugs.launchpad.net/bugs/1225276 */
-			vpn_progress(vpninfo, PRG_TRACE, _("SSL socket closed uncleanly\n"));
+			vpn_progress(vpninfo, PRG_DEBUG, _("SSL socket closed uncleanly\n"));
 			return 0;
 #endif
 		} else {
@@ -378,7 +378,7 @@ static int load_pkcs12_certificate(struct openconnect_info *vpninfo,
 		if (pass == vpninfo->cert_password &&
 		    vpninfo->cert_type == CERT_TYPE_UNKNOWN) {
 			/* Make it non-fatal... */
-			level = PRG_TRACE;
+			level = PRG_DEBUG;
 			ret = NOT_PKCS12;
 		}
 
@@ -962,7 +962,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
 
 	/* Load certificate(s) first... */
 	if (cert_is_p11) {
-		vpn_progress(vpninfo, PRG_TRACE,
+		vpn_progress(vpninfo, PRG_DEBUG,
 			     _("Using PKCS#11 certificate %s\n"), cert_url);
 
 		err = gnutls_x509_crt_init(&cert);
@@ -986,7 +986,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
 #endif /* HAVE_P11KIT */
 
 	/* OK, not a PKCS#11 certificate so it must be coming from a file... */
-	vpn_progress(vpninfo, PRG_TRACE,
+	vpn_progress(vpninfo, PRG_DEBUG,
 		     _("Using certificate file %s\n"), vpninfo->cert);
 
 	/* Load file contents */
@@ -1061,7 +1061,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
 	   them in extra_certs[]. Next we look for the private key ... */
 #if defined(HAVE_P11KIT)
 	if (key_is_p11) {
-		vpn_progress(vpninfo, PRG_TRACE,
+		vpn_progress(vpninfo, PRG_DEBUG,
 			     _("Using PKCS#11 key %s\n"), key_url);
 
 		err = gnutls_pkcs11_privkey_init(&p11key);
@@ -1204,7 +1204,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
 		gnutls_free(fdata.data);
 		fdata.data = NULL;
 
-		vpn_progress(vpninfo, PRG_TRACE,
+		vpn_progress(vpninfo, PRG_DEBUG,
 			     _("Using private key file %s\n"), vpninfo->sslkey);
 
 		ret = load_datum(vpninfo, &fdata, vpninfo->sslkey);
@@ -2017,7 +2017,7 @@ int cstp_handshake(struct openconnect_info *vpninfo, unsigned init)
 			return -EIO;
 		} else {
 			/* non-fatal error or warning. Ignore it and continue */
-			vpn_progress(vpninfo, PRG_TRACE,
+			vpn_progress(vpninfo, PRG_DEBUG,
 				     _("GnuTLS non-fatal return during handshake: %s\n"),
 				     gnutls_strerror(err));
 		}

gnutls_tpm.c

@@ -100,7 +100,7 @@ static int tpm_sign_fn(gnutls_privkey_t key, void *_vpninfo,
 	TSS_HHASH hash;
 	int err;
 
-	vpn_progress(vpninfo, PRG_TRACE,
+	vpn_progress(vpninfo, PRG_DEBUG,
 		     _("TPM sign function called for %d bytes.\n"),
 		     data->size);
 

http.c

@@ -205,7 +205,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
 		return -EINVAL;
 	}
 
-	vpn_progress(vpninfo, (*result == 200) ? PRG_TRACE : PRG_INFO,
+	vpn_progress(vpninfo, (*result == 200) ? PRG_DEBUG : PRG_INFO,
 		     _("Got HTTP response: %s\n"), buf);
 
 	/* Eat headers... */
@@ -251,7 +251,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
 			   want people posting it in public with debugging output */
 			if (!strcmp(colon, "webvpn") && *equals)
 				print_equals = _("<elided>");
-			vpn_progress(vpninfo, PRG_TRACE, "%s: %s=%s%s%s\n",
+			vpn_progress(vpninfo, PRG_DEBUG, "%s: %s=%s%s%s\n",
 				     buf, colon, print_equals, semicolon ? ";" : "",
 				     semicolon ? (semicolon+1) : "");
 
@@ -266,7 +266,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
 			if (ret)
 				return ret;
 		} else {
-			vpn_progress(vpninfo, PRG_TRACE, "%s: %s\n", buf, colon);
+			vpn_progress(vpninfo, PRG_DEBUG, "%s: %s\n", buf, colon);
 		}
 
 		if (!strcasecmp(buf, "Connection")) {
@@ -317,7 +317,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
 		goto cont;
 
 	/* Now the body, if there is one */
-	vpn_progress(vpninfo, PRG_TRACE, _("HTTP body %s (%d)\n"),
+	vpn_progress(vpninfo, PRG_DEBUG, _("HTTP body %s (%d)\n"),
 		     bodylen == BODY_HTTP10 ? "http 1.0" :
 		     bodylen == BODY_CHUNKED ? "chunked" : "length: ",
 		     bodylen);
@@ -840,7 +840,7 @@ static void dump_buf(struct openconnect_info *vpninfo, char prefix, char *buf)
 			eol++;
 		}
 
-		vpn_progress(vpninfo, PRG_TRACE, "%c %s\n", prefix, buf);
+		vpn_progress(vpninfo, PRG_DEBUG, "%c %s\n", prefix, buf);
 		if (!eol_char)
 			break;
 

main.c

@@ -862,8 +862,9 @@ int main(int argc, char **argv)
 			break;
 		case OPT_DUMP_HTTP:
 			vpninfo->dump_http_traffic = 1;
+			break;
 		case 'v':
-			verbose = PRG_TRACE;
+			verbose++;
 			break;
 		case 'V':
 			printf(_("OpenConnect version %s\n"), openconnect_version_str);
@@ -935,6 +936,9 @@ int main(int argc, char **argv)
 	if (!vpninfo->sslkey)
 		vpninfo->sslkey = vpninfo->cert;
 
+	if (vpninfo->dump_http_traffic && verbose < PRG_DEBUG)
+		verbose = PRG_DEBUG;
+
 	vpninfo->progress = write_progress;
 
 	if (autoproxy) {

openconnect.8.in

@@ -252,7 +252,7 @@ Set login username to
 Report version number
 .TP
 .B \-v,\-\-verbose
-More output
+More output (may be specified multiple times for additional output)
 .TP
 .B \-x,\-\-xmlconfig=CONFIG
 XML config file