Skip to content

Commit

Permalink
Merge pull request #296 from stgraber/main
Browse files Browse the repository at this point in the history 
incusd/endpoints: Also hide read errors from proxies
  • Loading branch information
@tych0
tych0 authored Dec 11, 2023
2 parents e338ca7 + 6223cbf commit 4c3981e
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 5 deletions.
2 changes: 1 addition & 1 deletion internal/server/endpoints/network_util.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ type networkServerErrorLogWriter struct {
}

// Regex for the log we want to ignore.
var unwantedLogRegex = regexp.MustCompile(`^http: TLS handshake error from ([^\[:]+?|\[([^\]]+?)\]):[0-9]+: .+write: connection reset by peer$`)
var unwantedLogRegex = regexp.MustCompile(`^http: TLS handshake error from ([^\[:]+?|\[([^\]]+?)\]):[0-9]+: .+: connection reset by peer$`)

func (d networkServerErrorLogWriter) Write(p []byte) (int, error) {
strippedLog := d.stripLog(p)
Expand Down
33 changes: 29 additions & 4 deletions internal/server/endpoints/network_util_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,29 +15,54 @@ func Test_networkServerErrorLogWriter_shouldDiscard(t *testing.T) {
want string
}{
{
name: "ipv4 trusted proxy",
name: "ipv4 trusted proxy (write)",
proxies: []net.IP{net.ParseIP("10.24.0.32")},
log: []byte("Sep 17 04:58:30 abydos incus.daemon[21884]: 2021/09/17 04:58:30 http: TLS handshake error from 10.24.0.32:55672: write tcp 10.24.0.22:8443->10.24.0.32:55672: write: connection reset by peer\n"),
want: "",
},
{
name: "ipv4 non-trusted proxy",
name: "ipv4 non-trusted proxy (write)",
proxies: []net.IP{net.ParseIP("10.24.0.33")},
log: []byte("Sep 17 04:58:30 abydos incus.daemon[21884]: 2021/09/17 04:58:30 http: TLS handshake error from 10.24.0.32:55672: write tcp 10.24.0.22:8443->10.24.0.32:55672: write: connection reset by peer\n"),
want: "http: TLS handshake error from 10.24.0.32:55672: write tcp 10.24.0.22:8443->10.24.0.32:55672: write: connection reset by peer",
},
{
name: "ipv6 trusted proxy",
name: "ipv6 trusted proxy (write)",
proxies: []net.IP{net.ParseIP("2602:fd23:8:1003:216:3eff:fefa:7670")},
log: []byte("Sep 17 04:58:30 abydos incus.daemon[21884]: 2021/09/17 04:58:30 http: TLS handshake error from [2602:fd23:8:1003:216:3eff:fefa:7670]:55672: write tcp [2602:fd23:8:101::100]:8443->[2602:fd23:8:1003:216:3eff:fefa:7670]:55672: write: connection reset by peer\n"),
want: "",
},
{
name: "ipv6 non-trusted proxy",
name: "ipv6 non-trusted proxy (write)",
proxies: []net.IP{net.ParseIP("2602:fd23:8:1003:216:3eff:fefa:7671")},
log: []byte("Sep 17 04:58:30 abydos incus.daemon[21884]: 2021/09/17 04:58:30 http: TLS handshake error from [2602:fd23:8:1003:216:3eff:fefa:7670]:55672: write tcp [2602:fd23:8:101::100]:8443->[2602:fd23:8:1003:216:3eff:fefa:7670]:55672: write: connection reset by peer\n"),
want: "http: TLS handshake error from [2602:fd23:8:1003:216:3eff:fefa:7670]:55672: write tcp [2602:fd23:8:101::100]:8443->[2602:fd23:8:1003:216:3eff:fefa:7670]:55672: write: connection reset by peer",
},
{
name: "ipv4 trusted proxy (read)",
proxies: []net.IP{net.ParseIP("10.24.0.32")},
log: []byte("Sep 17 04:58:30 abydos incus.daemon[21884]: 2021/09/17 04:58:30 http: TLS handshake error from 10.24.0.32:55672: read tcp 10.24.0.22:8443->10.24.0.32:55672: read: connection reset by peer\n"),
want: "",
},
{
name: "ipv4 non-trusted proxy (read)",
proxies: []net.IP{net.ParseIP("10.24.0.33")},
log: []byte("Sep 17 04:58:30 abydos incus.daemon[21884]: 2021/09/17 04:58:30 http: TLS handshake error from 10.24.0.32:55672: read tcp 10.24.0.22:8443->10.24.0.32:55672: read: connection reset by peer\n"),
want: "http: TLS handshake error from 10.24.0.32:55672: read tcp 10.24.0.22:8443->10.24.0.32:55672: read: connection reset by peer",
},
{
name: "ipv6 trusted proxy (read)",
proxies: []net.IP{net.ParseIP("2602:fd23:8:1003:216:3eff:fefa:7670")},
log: []byte("Sep 17 04:58:30 abydos incus.daemon[21884]: 2021/09/17 04:58:30 http: TLS handshake error from [2602:fd23:8:1003:216:3eff:fefa:7670]:55672: read tcp [2602:fd23:8:101::100]:8443->[2602:fd23:8:1003:216:3eff:fefa:7670]:55672: read: connection reset by peer\n"),
want: "",
},
{
name: "ipv6 non-trusted proxy (read)",
proxies: []net.IP{net.ParseIP("2602:fd23:8:1003:216:3eff:fefa:7671")},
log: []byte("Sep 17 04:58:30 abydos incus.daemon[21884]: 2021/09/17 04:58:30 http: TLS handshake error from [2602:fd23:8:1003:216:3eff:fefa:7670]:55672: read tcp [2602:fd23:8:101::100]:8443->[2602:fd23:8:1003:216:3eff:fefa:7670]:55672: read: connection reset by peer\n"),
want: "http: TLS handshake error from [2602:fd23:8:1003:216:3eff:fefa:7670]:55672: read tcp [2602:fd23:8:101::100]:8443->[2602:fd23:8:1003:216:3eff:fefa:7670]:55672: read: connection reset by peer",
},

{
name: "unrelated",
proxies: []net.IP{},
Expand Down

0 comments on commit 4c3981e

Please sign in to comment.