Reduce log noise + honor log redact config option

master
dma 7 years ago
parent 139c4a08b8
commit a3e38de6e5

@ -69,7 +69,9 @@ func (dc *dnsCache) processDNS(pkt *nfqueue.NFQPacket) {
pinfo, _ = findProcessForPacket(pkt, true, procsnitch.MATCH_LOOSEST)
if pinfo == nil {
if !FirewallConfig.LogRedact {
log.Warningf("Skipping attempted DNS cache entry for process that can't be found: %v -> %v\n", q.Name, dns.answer)
}
return
}
}
@ -77,7 +79,11 @@ func (dc *dnsCache) processDNS(pkt *nfqueue.NFQPacket) {
dc.processRecordAddress(q.Name, dns.answer, pinfo.Pid)
return
}
if !FirewallConfig.LogRedact {
log.Infof("Unhandled DNS message: %v", dns)
} else {
log.Infof("Unhandled DNS message [redacted]")
}
}
@ -118,7 +124,11 @@ func (dc *dnsCache) processRecordAddress(name string, answers []dnsRR, pid int)
case *dnsRR_CNAME:
// Not that exotic; just ignore it
default:
if !FirewallConfig.LogRedact {
log.Warningf("Unexpected RR type in answer section of A response: %v", rec)
} else {
log.Warningf("Unexpected RR type in answer section of A response: [redacted]")
}
}
if aBytes == nil {
@ -134,7 +144,8 @@ func (dc *dnsCache) processRecordAddress(name string, answers []dnsRR, pid int)
if pid < 0 {
pid = 0
}
log.Noticef("______ Adding to dns map: %s: %s -> pid %d", name, ip, pid)
// log.Noticef("______ Adding to dns map: %s: %s -> pid %d", name, ip, pid)
_, ok := dc.ipMap[pid]
if !ok {
@ -169,11 +180,13 @@ func (dc *dnsCache) Lookup(ip net.IP, pid int) string {
// log.Noticef("XXX: LOOKUP on %v / %v = %v, ttl = %v / %v\n", pid, ip.String(), entry.name, entry.ttl, entry.exp)
return entry.name
} else {
if !FirewallConfig.LogRedact {
log.Warningf("Skipping expired per-pid (%d) DNS cache entry: %s -> %s / exp. %v (%ds)\n",
pid, ip.String(), entry.name, entry.exp, entry.ttl)
}
}
}
}
str := ""
entry, ok := dc.ipMap[0][ip.String()]
@ -182,10 +195,12 @@ func (dc *dnsCache) Lookup(ip net.IP, pid int) string {
str = entry.name
// log.Noticef("XXX: LOOKUP on %v / 0 RETURNING %v, ttl = %v / %v\n", ip.String(), str, entry.ttl, entry.exp)
} else {
if !FirewallConfig.LogRedact {
log.Warningf("Skipping expired global DNS cache entry: %s -> %s / exp. %v (%ds)\n",
ip.String(), entry.name, entry.exp, entry.ttl)
}
}
}
//log.Noticef("XXX: LOOKUP on %v / 0 RETURNING %v\n", ip.String(), str)
return str

@ -230,7 +230,7 @@ func (p *prompter) processConnection(pc pendingConnection) {
r.mode = RULE_MODE_PERMANENT
policy.fw.saveRules()
}
log.Warningf("Prompt returning rule: %v", tempRule)
//log.Warningf("Prompt returning rule: %v", tempRule)
dbusp.alertRule("sgfw prompt added new rule")
}

@ -404,16 +404,20 @@ func (c *socksChainSession) handleConnect(tls bool) {
func (c *socksChainSession) forwardTraffic(tls bool) {
if tls == true {
err := TLSGuard(c.clientConn, c.upstreamConn, c.req.Addr.addrStr)
dest := STR_REDACTED
if !FirewallConfig.LogRedact {
dest = c.req.Addr.addrStr
}
if err != nil {
if c.pinfo.Sandbox != "" {
log.Errorf("TLSGuard violation: Dropping traffic from %s (sandbox: %s) to %s: %v", c.pinfo.ExePath, c.pinfo.Sandbox, c.req.Addr.addrStr, err)
log.Errorf("TLSGuard violation: Dropping traffic from %s (sandbox: %s) to %s: %v", c.pinfo.ExePath, c.pinfo.Sandbox, dest, err)
} else {
log.Errorf("TLSGuard violation: Dropping traffic from %s (unsandboxed) to %s: %v", c.pinfo.ExePath, c.req.Addr.addrStr, err)
log.Errorf("TLSGuard violation: Dropping traffic from %s (unsandboxed) to %s: %v", c.pinfo.ExePath, dest, err)
}
return
} else {
log.Notice("TLSGuard approved certificate presented for connection to: ", c.req.Addr.addrStr)
log.Notice("TLSGuard approved certificate presented for connection to: ", dest)
}
}

@ -125,7 +125,7 @@ func findUDPSocketAll(srcAddr net.IP, srcPort uint16, dstAddr net.IP, dstPort ui
*/
if (ss.local.port == srcPort && (ss.local.ip.Equal(net.IPv4(0,0,0,0)) && ss.remote.ip.Equal(net.IPv4(0,0,0,0)))) {
fmt.Printf("Matching for UDP socket bound to *:%d\n",ss.local.port)
// fmt.Printf("Matching for UDP socket bound to *:%d\n",ss.local.port)
return true
} else if (ss.remote.ip.Equal(dstAddr) && ss.local.port == srcPort && ss.local.ip.Equal(srcAddr)) {
return true

Loading…
Cancel
Save