iptables: don't pollute logs

The netfilter package uses logs to make debugging the (de)serialization of structs easier. This generates a lot of (usually irrelevant) logs. Logging is now hidden behind a debug flag. PiperOrigin-RevId: 309087115
2020-04-29 13:36:29 -07:00 · 2020-04-29 13:36:29 -07:00 · a105d185ff
parent d5c34ba2ff
commit a105d185ff
1 changed files with 6 additions and 1 deletions
--- a/pkg/sentry/socket/netfilter/netfilter.go
+++ b/pkg/sentry/socket/netfilter/netfilter.go
@ -53,9 +53,14 @@ type metadata struct {
 	Size       uint32
 }

+// enableLogging controls whether to log the (de)serialization of netfilter
+// structs between userspace and netstack. These logs are useful when
+// developing iptables, but can pollute sentry logs otherwise.
+const enableLogging = false
+
 // nflog logs messages related to the writing and reading of iptables.
 func nflog(format string, args ...interface{}) {
-	if log.IsLogging(log.Debug) {
+	if enableLogging && log.IsLogging(log.Debug) {
 		log.Debugf("netfilter: "+format, args...)
 	}
 }