Skip to content

Commit 4c3981e

Browse files
tych0tych0
authored
Merge pull request #296 from stgraber/main
incusd/endpoints: Also hide read errors from proxies
2 parents e338ca7 + 6223cbf commit 4c3981e

File tree

2 files changed

+30
-5
lines changed

2 files changed

+30
-5
lines changed

internal/server/endpoints/network_util.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ type networkServerErrorLogWriter struct {
1313
}
1414

1515
// Regex for the log we want to ignore.
16-
var unwantedLogRegex = regexp.MustCompile(`^http: TLS handshake error from ([^\[:]+?|\[([^\]]+?)\]):[0-9]+: .+write: connection reset by peer$`)
16+
var unwantedLogRegex = regexp.MustCompile(`^http: TLS handshake error from ([^\[:]+?|\[([^\]]+?)\]):[0-9]+: .+: connection reset by peer$`)
1717

1818
func (d networkServerErrorLogWriter) Write(p []byte) (int, error) {
1919
strippedLog := d.stripLog(p)

internal/server/endpoints/network_util_test.go

Lines changed: 29 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -15,29 +15,54 @@ func Test_networkServerErrorLogWriter_shouldDiscard(t *testing.T) {
1515
want string
1616
}{
1717
{
18-
name: "ipv4 trusted proxy",
18+
name: "ipv4 trusted proxy (write)",
1919
proxies: []net.IP{net.ParseIP("10.24.0.32")},
2020
log: []byte("Sep 17 04:58:30 abydos incus.daemon[21884]: 2021/09/17 04:58:30 http: TLS handshake error from 10.24.0.32:55672: write tcp 10.24.0.22:8443->10.24.0.32:55672: write: connection reset by peer\n"),
2121
want: "",
2222
},
2323
{
24-
name: "ipv4 non-trusted proxy",
24+
name: "ipv4 non-trusted proxy (write)",
2525
proxies: []net.IP{net.ParseIP("10.24.0.33")},
2626
log: []byte("Sep 17 04:58:30 abydos incus.daemon[21884]: 2021/09/17 04:58:30 http: TLS handshake error from 10.24.0.32:55672: write tcp 10.24.0.22:8443->10.24.0.32:55672: write: connection reset by peer\n"),
2727
want: "http: TLS handshake error from 10.24.0.32:55672: write tcp 10.24.0.22:8443->10.24.0.32:55672: write: connection reset by peer",
2828
},
2929
{
30-
name: "ipv6 trusted proxy",
30+
name: "ipv6 trusted proxy (write)",
3131
proxies: []net.IP{net.ParseIP("2602:fd23:8:1003:216:3eff:fefa:7670")},
3232
log: []byte("Sep 17 04:58:30 abydos incus.daemon[21884]: 2021/09/17 04:58:30 http: TLS handshake error from [2602:fd23:8:1003:216:3eff:fefa:7670]:55672: write tcp [2602:fd23:8:101::100]:8443->[2602:fd23:8:1003:216:3eff:fefa:7670]:55672: write: connection reset by peer\n"),
3333
want: "",
3434
},
3535
{
36-
name: "ipv6 non-trusted proxy",
36+
name: "ipv6 non-trusted proxy (write)",
3737
proxies: []net.IP{net.ParseIP("2602:fd23:8:1003:216:3eff:fefa:7671")},
3838
log: []byte("Sep 17 04:58:30 abydos incus.daemon[21884]: 2021/09/17 04:58:30 http: TLS handshake error from [2602:fd23:8:1003:216:3eff:fefa:7670]:55672: write tcp [2602:fd23:8:101::100]:8443->[2602:fd23:8:1003:216:3eff:fefa:7670]:55672: write: connection reset by peer\n"),
3939
want: "http: TLS handshake error from [2602:fd23:8:1003:216:3eff:fefa:7670]:55672: write tcp [2602:fd23:8:101::100]:8443->[2602:fd23:8:1003:216:3eff:fefa:7670]:55672: write: connection reset by peer",
4040
},
41+
{
42+
name: "ipv4 trusted proxy (read)",
43+
proxies: []net.IP{net.ParseIP("10.24.0.32")},
44+
log: []byte("Sep 17 04:58:30 abydos incus.daemon[21884]: 2021/09/17 04:58:30 http: TLS handshake error from 10.24.0.32:55672: read tcp 10.24.0.22:8443->10.24.0.32:55672: read: connection reset by peer\n"),
45+
want: "",
46+
},
47+
{
48+
name: "ipv4 non-trusted proxy (read)",
49+
proxies: []net.IP{net.ParseIP("10.24.0.33")},
50+
log: []byte("Sep 17 04:58:30 abydos incus.daemon[21884]: 2021/09/17 04:58:30 http: TLS handshake error from 10.24.0.32:55672: read tcp 10.24.0.22:8443->10.24.0.32:55672: read: connection reset by peer\n"),
51+
want: "http: TLS handshake error from 10.24.0.32:55672: read tcp 10.24.0.22:8443->10.24.0.32:55672: read: connection reset by peer",
52+
},
53+
{
54+
name: "ipv6 trusted proxy (read)",
55+
proxies: []net.IP{net.ParseIP("2602:fd23:8:1003:216:3eff:fefa:7670")},
56+
log: []byte("Sep 17 04:58:30 abydos incus.daemon[21884]: 2021/09/17 04:58:30 http: TLS handshake error from [2602:fd23:8:1003:216:3eff:fefa:7670]:55672: read tcp [2602:fd23:8:101::100]:8443->[2602:fd23:8:1003:216:3eff:fefa:7670]:55672: read: connection reset by peer\n"),
57+
want: "",
58+
},
59+
{
60+
name: "ipv6 non-trusted proxy (read)",
61+
proxies: []net.IP{net.ParseIP("2602:fd23:8:1003:216:3eff:fefa:7671")},
62+
log: []byte("Sep 17 04:58:30 abydos incus.daemon[21884]: 2021/09/17 04:58:30 http: TLS handshake error from [2602:fd23:8:1003:216:3eff:fefa:7670]:55672: read tcp [2602:fd23:8:101::100]:8443->[2602:fd23:8:1003:216:3eff:fefa:7670]:55672: read: connection reset by peer\n"),
63+
want: "http: TLS handshake error from [2602:fd23:8:1003:216:3eff:fefa:7670]:55672: read tcp [2602:fd23:8:101::100]:8443->[2602:fd23:8:1003:216:3eff:fefa:7670]:55672: read: connection reset by peer",
64+
},
65+
4166
{
4267
name: "unrelated",
4368
proxies: []net.IP{},

0 commit comments

Comments
 (0)