summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorKevin Krakauer <krakauer@google.com>2020-04-29 13:36:29 -0700
committergVisor bot <gvisor-bot@google.com>2020-04-29 13:38:14 -0700
commita105d185ff9fc24f5bf0c1ca28cbc0f7ec7c4ea5 (patch)
tree0fcdf3d85925fbd09d4b766b7cd82ce94763e379
parentd5c34ba2ffef0b0aee38d4f96f06bc00b04b0a53 (diff)
iptables: don't pollute logs
The netfilter package uses logs to make debugging the (de)serialization of structs easier. This generates a lot of (usually irrelevant) logs. Logging is now hidden behind a debug flag. PiperOrigin-RevId: 309087115
-rw-r--r--pkg/sentry/socket/netfilter/netfilter.go7
1 files changed, 6 insertions, 1 deletions
diff --git a/pkg/sentry/socket/netfilter/netfilter.go b/pkg/sentry/socket/netfilter/netfilter.go
index 878f81fd5..72d093aa8 100644
--- a/pkg/sentry/socket/netfilter/netfilter.go
+++ b/pkg/sentry/socket/netfilter/netfilter.go
@@ -53,9 +53,14 @@ type metadata struct {
Size uint32
}
+// enableLogging controls whether to log the (de)serialization of netfilter
+// structs between userspace and netstack. These logs are useful when
+// developing iptables, but can pollute sentry logs otherwise.
+const enableLogging = false
+
// nflog logs messages related to the writing and reading of iptables.
func nflog(format string, args ...interface{}) {
- if log.IsLogging(log.Debug) {
+ if enableLogging && log.IsLogging(log.Debug) {
log.Debugf("netfilter: "+format, args...)
}
}