From a105d185ff9fc24f5bf0c1ca28cbc0f7ec7c4ea5 Mon Sep 17 00:00:00 2001 From: Kevin Krakauer Date: Wed, 29 Apr 2020 13:36:29 -0700 Subject: iptables: don't pollute logs The netfilter package uses logs to make debugging the (de)serialization of structs easier. This generates a lot of (usually irrelevant) logs. Logging is now hidden behind a debug flag. PiperOrigin-RevId: 309087115 --- pkg/sentry/socket/netfilter/netfilter.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'pkg/sentry/socket') diff --git a/pkg/sentry/socket/netfilter/netfilter.go b/pkg/sentry/socket/netfilter/netfilter.go index 878f81fd5..72d093aa8 100644 --- a/pkg/sentry/socket/netfilter/netfilter.go +++ b/pkg/sentry/socket/netfilter/netfilter.go @@ -53,9 +53,14 @@ type metadata struct { Size uint32 } +// enableLogging controls whether to log the (de)serialization of netfilter +// structs between userspace and netstack. These logs are useful when +// developing iptables, but can pollute sentry logs otherwise. +const enableLogging = false + // nflog logs messages related to the writing and reading of iptables. func nflog(format string, args ...interface{}) { - if log.IsLogging(log.Debug) { + if enableLogging && log.IsLogging(log.Debug) { log.Debugf("netfilter: "+format, args...) } } -- cgit v1.2.3