diff options
author | Kevin Krakauer <krakauer@google.com> | 2020-04-29 13:36:29 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2020-04-29 13:38:14 -0700 |
commit | a105d185ff9fc24f5bf0c1ca28cbc0f7ec7c4ea5 (patch) | |
tree | 0fcdf3d85925fbd09d4b766b7cd82ce94763e379 | |
parent | d5c34ba2ffef0b0aee38d4f96f06bc00b04b0a53 (diff) |
iptables: don't pollute logs
The netfilter package uses logs to make debugging the (de)serialization of
structs easier. This generates a lot of (usually irrelevant) logs. Logging is
now hidden behind a debug flag.
PiperOrigin-RevId: 309087115
-rw-r--r-- | pkg/sentry/socket/netfilter/netfilter.go | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/pkg/sentry/socket/netfilter/netfilter.go b/pkg/sentry/socket/netfilter/netfilter.go index 878f81fd5..72d093aa8 100644 --- a/pkg/sentry/socket/netfilter/netfilter.go +++ b/pkg/sentry/socket/netfilter/netfilter.go @@ -53,9 +53,14 @@ type metadata struct { Size uint32 } +// enableLogging controls whether to log the (de)serialization of netfilter +// structs between userspace and netstack. These logs are useful when +// developing iptables, but can pollute sentry logs otherwise. +const enableLogging = false + // nflog logs messages related to the writing and reading of iptables. func nflog(format string, args ...interface{}) { - if log.IsLogging(log.Debug) { + if enableLogging && log.IsLogging(log.Debug) { log.Debugf("netfilter: "+format, args...) } } |