Skip to content

Commit

Permalink
Merge pull request #101 from telekom-mms/feature/skip-logging-cancel-…
Browse files Browse the repository at this point in the history 
…errors-in-trafpol-filter

Skip logging context cancellation errors in TrafPol filter
  • Loading branch information
@hwipl
hwipl authored Jun 4, 2024
2 parents b721538 + 2266d18 commit 3942521
Showing 1 changed file with 34 additions and 10 deletions.
44 changes: 34 additions & 10 deletions internal/trafpol/filter.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package trafpol

import (
"context"
"errors"
"fmt"
"net"
"strconv"
Expand Down Expand Up @@ -155,7 +156,9 @@ table inet oc-daemon-filter {
`
r := strings.NewReplacer("$FWMARK", fwMark)
rules := r.Replace(filterRules)
if stdout, stderr, err := execs.RunNft(ctx, rules); err != nil {
if stdout, stderr, err := execs.RunNft(ctx, rules); err != nil &&
!errors.Is(err, context.Canceled) {

log.WithError(err).WithFields(log.Fields{
"stdout": string(stdout),
"stderr": string(stderr),
Expand All @@ -165,7 +168,10 @@ table inet oc-daemon-filter {

// unsetFilterRules unsets the filter rules.
func unsetFilterRules(ctx context.Context) {
if stdout, stderr, err := execs.RunNft(ctx, "delete table inet oc-daemon-filter"); err != nil {
if stdout, stderr, err := execs.RunNft(ctx,
"delete table inet oc-daemon-filter"); err != nil &&
!errors.Is(err, context.Canceled) {

log.WithError(err).WithFields(log.Fields{
"stdout": string(stdout),
"stderr": string(stderr),
Expand All @@ -176,7 +182,9 @@ func unsetFilterRules(ctx context.Context) {
// addAllowedDevice adds device to the allowed devices.
func addAllowedDevice(ctx context.Context, device string) {
nftconf := fmt.Sprintf("add element inet oc-daemon-filter allowdevs { %s }", device)
if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil {
if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil &&
!errors.Is(err, context.Canceled) {

log.WithError(err).WithFields(log.Fields{
"stdout": string(stdout),
"stderr": string(stderr),
Expand All @@ -187,7 +195,9 @@ func addAllowedDevice(ctx context.Context, device string) {
// removeAllowedDevice removes device from the allowed devices.
func removeAllowedDevice(ctx context.Context, device string) {
nftconf := fmt.Sprintf("delete element inet oc-daemon-filter allowdevs { %s }", device)
if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil {
if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil &&
!errors.Is(err, context.Canceled) {

log.WithError(err).WithFields(log.Fields{
"stdout": string(stdout),
"stderr": string(stderr),
Expand All @@ -202,13 +212,19 @@ func setAllowedIPs(ctx context.Context, ips []*net.IPNet) {
// runs into "file exists" errors even though we remove duplicates from
// ips before calling this function and we flush the existing entries

if stdout, stderr, err := execs.RunNft(ctx, "flush set inet oc-daemon-filter allowhosts4"); err != nil {
if stdout, stderr, err := execs.RunNft(ctx,
"flush set inet oc-daemon-filter allowhosts4"); err != nil &&
!errors.Is(err, context.Canceled) {

log.WithError(err).WithFields(log.Fields{
"stdout": string(stdout),
"stderr": string(stderr),
}).Error("TrafPol error flushing allowed ipv4s")
}
if stdout, stderr, err := execs.RunNft(ctx, "flush set inet oc-daemon-filter allowhosts6"); err != nil {
if stdout, stderr, err := execs.RunNft(ctx,
"flush set inet oc-daemon-filter allowhosts6"); err != nil &&
!errors.Is(err, context.Canceled) {

log.WithError(err).WithFields(log.Fields{
"stdout": string(stdout),
"stderr": string(stderr),
Expand All @@ -221,7 +237,9 @@ func setAllowedIPs(ctx context.Context, ips []*net.IPNet) {
if ip.IP.To4() != nil {
// ipv4 address
nftconf := fmt.Sprintf(fmt4, ip)
if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil {
if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil &&
!errors.Is(err, context.Canceled) {

log.WithError(err).WithFields(log.Fields{
"stdout": string(stdout),
"stderr": string(stderr),
Expand All @@ -230,7 +248,9 @@ func setAllowedIPs(ctx context.Context, ips []*net.IPNet) {
} else {
// ipv6 address
nftconf := fmt.Sprintf(fmt6, ip)
if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil {
if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil &&
!errors.Is(err, context.Canceled) {

log.WithError(err).WithFields(log.Fields{
"stdout": string(stdout),
"stderr": string(stderr),
Expand All @@ -253,7 +273,9 @@ func portsToString(ports []uint16) string {
func addPortalPorts(ctx context.Context, ports []uint16) {
p := portsToString(ports)
nftconf := fmt.Sprintf("add element inet oc-daemon-filter allowports { %s }", p)
if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil {
if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil &&
!errors.Is(err, context.Canceled) {

log.WithError(err).WithFields(log.Fields{
"stdout": string(stdout),
"stderr": string(stderr),
Expand All @@ -265,7 +287,9 @@ func addPortalPorts(ctx context.Context, ports []uint16) {
func removePortalPorts(ctx context.Context, ports []uint16) {
p := portsToString(ports)
nftconf := fmt.Sprintf("delete element inet oc-daemon-filter allowports { %s }", p)
if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil {
if stdout, stderr, err := execs.RunNft(ctx, nftconf); err != nil &&
!errors.Is(err, context.Canceled) {

log.WithError(err).WithFields(log.Fields{
"stdout": string(stdout),
"stderr": string(stderr),
Expand Down

0 comments on commit 3942521

Please sign in to comment.