diff options
Diffstat (limited to 'wgengine')
| -rw-r--r-- | wgengine/netlog/logger.go | 8 | ||||
| -rw-r--r-- | wgengine/userspace.go | 3 | ||||
| -rw-r--r-- | wgengine/wgcfg/config.go | 5 |
3 files changed, 9 insertions, 7 deletions
diff --git a/wgengine/netlog/logger.go b/wgengine/netlog/logger.go index 5eaa52375..4233125a9 100644 --- a/wgengine/netlog/logger.go +++ b/wgengine/netlog/logger.go @@ -92,7 +92,7 @@ var testClient *http.Client // The IP protocol and source port are always zero. // The sock is used to populated the PhysicalTraffic field in Message. // The netMon parameter is optional; if non-nil it's used to do faster interface lookups. -func (nl *Logger) Startup(nodeID tailcfg.StableNodeID, nodeLogID, domainLogID logid.PrivateID, tun, sock Device, netMon *netmon.Monitor) error { +func (nl *Logger) Startup(nodeID tailcfg.StableNodeID, nodeLogID, domainLogID logid.PrivateID, tun, sock Device, netMon *netmon.Monitor, enableExitDstFlowLogs bool) error { nl.mu.Lock() defer nl.mu.Unlock() if nl.logger != nil { @@ -130,7 +130,7 @@ func (nl *Logger) Startup(nodeID tailcfg.StableNodeID, nodeLogID, domainLogID lo addrs := nl.addrs prefixes := nl.prefixes nl.mu.Unlock() - recordStatistics(nl.logger, nodeID, start, end, virtual, physical, addrs, prefixes) + recordStatistics(nl.logger, nodeID, start, end, virtual, physical, addrs, prefixes, enableExitDstFlowLogs) }) // Register the connection tracker into the TUN device. @@ -150,7 +150,7 @@ func (nl *Logger) Startup(nodeID tailcfg.StableNodeID, nodeLogID, domainLogID lo return nil } -func recordStatistics(logger *logtail.Logger, nodeID tailcfg.StableNodeID, start, end time.Time, connstats, sockStats map[netlogtype.Connection]netlogtype.Counts, addrs map[netip.Addr]bool, prefixes map[netip.Prefix]bool) { +func recordStatistics(logger *logtail.Logger, nodeID tailcfg.StableNodeID, start, end time.Time, connstats, sockStats map[netlogtype.Connection]netlogtype.Counts, addrs map[netip.Addr]bool, prefixes map[netip.Prefix]bool, enableExitDstFlowLogs bool) { m := netlogtype.Message{NodeID: nodeID, Start: start.UTC(), End: end.UTC()} classifyAddr := func(a netip.Addr) (isTailscale, withinRoute bool) { @@ -179,7 +179,7 @@ func recordStatistics(logger *logtail.Logger, nodeID tailcfg.StableNodeID, start m.SubnetTraffic = append(m.SubnetTraffic, netlogtype.ConnectionCounts{Connection: conn, Counts: cnts}) default: const anonymize = true - if anonymize { + if anonymize && !enableExitDstFlowLogs { // Only preserve the address if it is a Tailscale IP address. srcOrig, dstOrig := conn.Src, conn.Dst conn = netlogtype.Connection{} // scrub everything by default diff --git a/wgengine/userspace.go b/wgengine/userspace.go index 73ca40336..6357ec064 100644 --- a/wgengine/userspace.go +++ b/wgengine/userspace.go @@ -932,8 +932,9 @@ func (e *userspaceEngine) Reconfig(cfg *wgcfg.Config, routerCfg *router.Config, if netLogRunning && !e.networkLogger.Running() { nid := cfg.NetworkLogging.NodeID tid := cfg.NetworkLogging.DomainID + enableExitDstFlowLogs := cfg.NetworkLogging.ExitDestinationFlowLogs e.logf("wgengine: Reconfig: starting up network logger (node:%s tailnet:%s)", nid.Public(), tid.Public()) - if err := e.networkLogger.Startup(cfg.NodeID, nid, tid, e.tundev, e.magicConn, e.netMon); err != nil { + if err := e.networkLogger.Startup(cfg.NodeID, nid, tid, e.tundev, e.magicConn, e.netMon, enableExitDstFlowLogs); err != nil { e.logf("wgengine: Reconfig: error starting up network logger: %v", err) } e.networkLogger.ReconfigRoutes(routerCfg) diff --git a/wgengine/wgcfg/config.go b/wgengine/wgcfg/config.go index 76583a8e8..937fe3143 100644 --- a/wgengine/wgcfg/config.go +++ b/wgengine/wgcfg/config.go @@ -28,8 +28,9 @@ type Config struct { // NetworkLogging enables network logging. // It is disabled if either ID is the zero value. NetworkLogging struct { - NodeID logid.PrivateID - DomainID logid.PrivateID + NodeID logid.PrivateID + DomainID logid.PrivateID + ExitDestinationFlowLogs bool } } |