Working with egress log

containerscrew · Jan 9, 2025 · 77b464d · 77b464d
1 parent 581dc8c
commit 77b464d
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 13 deletions.
diff --git a/nflux.toml b/nflux.toml
@@ -3,7 +3,7 @@ log_level = "info" # trace, debug, info, warn, or error (default: info)
 log_type = "text"  # text or json (default: text)
 
 [firewall]
-enabled = "true" # Decide if the firewall is enabled or not
+enabled = "false" # Decide if the firewall is enabled or not
 interfaces = ["wlp2s0"] # Interfaces to protect (can be only physical interfaces)
 icmp_ping = "true" # Allow or deny ICMP ping requests
 
@@ -17,7 +17,8 @@ icmp_ping = "true" # Allow or deny ICMP ping requests
 [egress]
 # By the moment, working with physical interfaces (not virtual, like VPNs)
 enabled = "true"
-interfaces = ["wlp2s0"]
+interfaces = ["wlo1"]
+log_private_connections = "false" # Do not show private connections in the logs
 
 #[egress_rules]
 # TODO: filter outgoint traffic (block/deny)

diff --git a/nflux/src/config.rs b/nflux/src/config.rs
@@ -40,6 +40,8 @@ pub struct Firewall {
 pub struct Egress {
     pub enabled: IsEnabled,
     pub interfaces: Vec<String>,
+    #[allow(dead_code)]
+    pub log_private_connections: IsEnabled,
 }
 
 // Generic rule for both IPv4 and IPv6

diff --git a/nflux/src/egress.rs b/nflux/src/egress.rs
@@ -5,9 +5,10 @@ use aya::maps::MapData;
 use aya::maps::perf::{AsyncPerfEventArrayBuffer, PerfBufferError};
 use aya::programs::{tc, SchedClassifier, TcAttachType};
 use bytes::BytesMut;
-use tracing::{error, info, warn};
+use tracing::{debug, error, info, warn};
 use nflux_common::{convert_protocol, EgressEvent};
-use crate::utils::lookup_address;
+use crate::config::IsEnabled;
+use crate::utils::{is_private_ip, lookup_address};
 
 pub fn attach_tc_egress_program(bpf: &mut Ebpf, interface_names: &[String]) -> anyhow::Result<()>{
     // Retrieve the eBPF program
@@ -63,6 +64,7 @@ pub fn attach_tc_egress_program(bpf: &mut Ebpf, interface_names: &[String]) -> a
 pub async fn process_egress_events(
     mut buf: AsyncPerfEventArrayBuffer<MapData>,
     cpu_id: u32,
+    log_private_connections: &IsEnabled,
 ) -> Result<(), PerfBufferError> {
     let mut buffers = vec![BytesMut::with_capacity(1024); 10];
 
@@ -75,14 +77,30 @@ pub async fn process_egress_events(
             let buf = &buffers[i];
             match parse_egress_event(buf) {
                 Ok(event) => {
-                    info!(
-                        "program=tc_egress protocol={}, ip={}, src_port={}, dst_port={}, fqdn={}",
-                        convert_protocol(event.protocol),
-                        Ipv4Addr::from(event.dst_ip),
-                        event.src_port,
-                        event.dst_port,
-                        lookup_address(event.dst_ip),
-                    );
+                    match log_private_connections {
+                        IsEnabled::True => {
+                             info!(
+                                "program=tc_egress protocol={}, ip={}, src_port={}, dst_port={}, fqdn={}",
+                                convert_protocol(event.protocol),
+                                Ipv4Addr::from(event.dst_ip),
+                                event.src_port,
+                                event.dst_port,
+                                "Private IP",
+                            );
+                        }
+                        IsEnabled::False => {
+                            if ! is_private_ip(event.dst_ip) {
+                             info!(
+                                "program=tc_egress protocol={}, ip={}, src_port={}, dst_port={}, fqdn={}",
+                                convert_protocol(event.protocol),
+                                Ipv4Addr::from(event.dst_ip),
+                                event.src_port,
+                                event.dst_port,
+                                lookup_address(event.dst_ip),
+                            );
+                        }
+                        }
+                    }
                 }
                 Err(e) => error!("Failed to parse egress event on CPU {}: {}", cpu_id, e),
             }

diff --git a/nflux/src/main.rs b/nflux/src/main.rs
@@ -92,7 +92,7 @@ async fn main() -> anyhow::Result<()> {
         // Spawn task for egress events
         {
             let buf = egress_events.open(cpu_id, None)?;
-            task::spawn(process_egress_events(buf, cpu_id));
+            task::spawn(process_egress_events(buf, cpu_id, &IsEnabled::False));
         }
     }