Allow to set firewall log level

2025-06-21 10:18:50 +02:00 · 2025-01-03 16:02:33 +01:00 · 2025-01-03 16:02:33 +01:00 · f26b418e83
commit f26b418e83
parent 3ce39905c6
7 changed files with 34 additions and 0 deletions
--- a/client/firewall/iptables/manager_linux.go
+++ b/client/firewall/iptables/manager_linux.go
@ -215,6 +215,11 @@ func (m *Manager) AllowNetbird() error {
 // Flush doesn't need to be implemented for this manager
 func (m *Manager) Flush() error { return nil }

+// SetLogLevel sets the log level for the firewall manager
+func (m *Manager) SetLogLevel(log.Level) {
+	// not supported
+}
+
 func getConntrackEstablished() []string {
 	return []string{"-m", "conntrack", "--ctstate", "RELATED,ESTABLISHED", "-j", "ACCEPT"}
 }
--- a/client/firewall/manager/firewall.go
+++ b/client/firewall/manager/firewall.go
@ -100,6 +100,8 @@ type Manager interface {

 	// Flush the changes to firewall controller
 	Flush() error
+
+	SetLogLevel(log.Level)
 }

 func GenKey(format string, pair RouterPair) string {
--- a/client/firewall/nftables/manager_linux.go
+++ b/client/firewall/nftables/manager_linux.go
@ -312,6 +312,11 @@ func (m *Manager) cleanupNetbirdTables() error {
 	return nil
 }

+// SetLogLevel sets the log level for the firewall manager
+func (m *Manager) SetLogLevel(log.Level) {
+	// not supported
+}
+
 // Flush rule/chain/set operations from the buffer
 //
 // Method also get all rules after flush and refreshes handle values in the rulesets
--- a/client/firewall/uspfilter/log/log.go
+++ b/client/firewall/uspfilter/log/log.go
@ -81,6 +81,8 @@ func NewFromLogrus(logrusLogger *log.Logger) *Logger {

 func (l *Logger) SetLevel(level Level) {
 	l.level.Store(uint32(level))
+
+	log.Debugf("Set uspfilter logger loglevel to %v", levelStrings[level])
 }

 func (l *Logger) formatMessage(buf *[]byte, level Level, format string, args ...interface{}) {
--- a/client/firewall/uspfilter/uspfilter.go
+++ b/client/firewall/uspfilter/uspfilter.go
@ -858,3 +858,10 @@ func (m *Manager) RemovePacketHook(hookID string) error {
 	}
 	return fmt.Errorf("hook with given id not found")
 }
+
+// SetLogLevel sets the log level for the firewall manager
+func (m *Manager) SetLogLevel(level log.Level) {
+	if m.logger != nil {
+		m.logger.SetLevel(nblog.Level(level))
+	}
+}
--- a/client/internal/engine.go
+++ b/client/internal/engine.go
@ -1394,6 +1394,11 @@ func (e *Engine) GetRouteManager() routemanager.Manager {
 	return e.routeManager
 }

+// GetFirewallManager returns the firewall manager
+func (e *Engine) GetFirewallManager() manager.Manager {
+	return e.firewall
+}
+
 func findIPFromInterfaceName(ifaceName string) (net.IP, error) {
 	iface, err := net.InterfaceByName(ifaceName)
 	if err != nil {
--- a/client/server/debug.go
+++ b/client/server/debug.go
@ -488,7 +488,15 @@ func (s *Server) SetLogLevel(_ context.Context, req *proto.SetLogLevelRequest) (
 	}

 	log.SetLevel(level)
+
+	if s.connectClient != nil &&
+		s.connectClient.Engine() != nil &&
+		s.connectClient.Engine().GetFirewallManager() != nil {
+		s.connectClient.Engine().GetFirewallManager().SetLogLevel(level)
+	}
+
 	log.Infof("Log level set to %s", level.String())
+
 	return &proto.SetLogLevelResponse{}, nil
 }