diff options
| author | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-03-09 22:54:06 +0100 |
|---|---|---|
| committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-03-09 22:54:06 +0100 |
| commit | 631c13d2473e475096c77f129282671711c379bb (patch) | |
| tree | 46271e037bcf2041f9e3156389a919d3f348e35a | |
| parent | ec8109fa53082d242459893373f009e27f6732df (diff) | |
| download | fastd-631c13d2473e475096c77f129282671711c379bb.tar fastd-631c13d2473e475096c77f129282671711c379bb.zip | |
Add options to hide IP and MAC addresses from log output
| -rw-r--r-- | src/config.c | 10 | ||||
| -rw-r--r-- | src/config.l | 4 | ||||
| -rw-r--r-- | src/config.y | 13 | ||||
| -rw-r--r-- | src/fastd.h | 3 | ||||
| -rw-r--r-- | src/printf.c | 15 |
5 files changed, 41 insertions, 4 deletions
diff --git a/src/config.c b/src/config.c index 1789723..f514f18 100644 --- a/src/config.c +++ b/src/config.c @@ -552,6 +552,8 @@ static void count_peers(fastd_context_t *ctx, fastd_config_t *conf) { OPTION_ARG(option_log_level, "--log-level", "error|warn|info|verbose|debug", "Sets the stderr log level; default is info, if no alternative log destination is configured") \ OPTION_ARG(option_syslog_level, "--syslog-level", "error|warn|info|verbose|debug", "Sets the log level for syslog output; default is not to use syslog") \ OPTION_ARG(option_syslog_ident, "--syslog-ident", "<ident>", "Sets the syslog identification; default is 'fastd'") \ + OPTION(option_hide_ip_addresses, "--hide-ip-addresses", "Hides IP addresses in log output") \ + OPTION(option_hide_mac_addresses, "--hide-mac-addresses", "Hides MAC addresses in log output") \ OPTION_ARG(option_config, "--config" OR "-c", "<filename>", "Loads a config file") \ OPTION_ARG(option_config_peer, "--config-peer", "<filename>", "Loads a config file for a single peer") \ OPTION_ARG(option_config_peer_dir, "--config-peer-dir", "<dir>", "Loads all files from a directory as peer configs") \ @@ -650,6 +652,14 @@ static void option_syslog_ident(fastd_context_t *ctx, fastd_config_t *conf, cons conf->log_syslog_ident = strdup(arg); } +static void option_hide_ip_addresses(fastd_context_t *ctx, fastd_config_t *conf) { + conf->hide_ip_addresses = true; +} + +static void option_hide_mac_addresses(fastd_context_t *ctx, fastd_config_t *conf) { + conf->hide_mac_addresses = true; +} + static void option_config(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) { if (!strcmp(arg, "-")) arg = NULL; diff --git a/src/config.l b/src/config.l index 1ff90c8..1837185 100644 --- a/src/config.l +++ b/src/config.l @@ -107,6 +107,10 @@ drop { TOKEN(TOK_DROP); } capabilities { TOKEN(TOK_CAPABILITIES); } early { TOKEN(TOK_EARLY); } limit { TOKEN(TOK_LIMIT); } +hide { TOKEN(TOK_HIDE); } +ip { TOKEN(TOK_IP); } +mac { TOKEN(TOK_MAC); } +addresses { TOKEN(TOK_ADDRESSES); } [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} { UPDATE_LOCATION; diff --git a/src/config.y b/src/config.y index 0fec8d7..c62d5ba 100644 --- a/src/config.y +++ b/src/config.y @@ -107,6 +107,10 @@ %token TOK_CAPABILITIES %token TOK_EARLY %token TOK_LIMIT +%token TOK_HIDE +%token TOK_IP +%token TOK_MAC +%token TOK_ADDRESSES %token <addr4> TOK_ADDR4 %token <addr6> TOK_ADDR6 @@ -156,6 +160,7 @@ statement: peer_group_statement | TOK_GROUP group ';' | TOK_DROP TOK_CAPABILITIES drop_capabilities ';' | TOK_LOG log ';' + | TOK_HIDE hide ';' | TOK_INTERFACE interface ';' | TOK_BIND bind ';' | TOK_MTU mtu ';' @@ -225,6 +230,14 @@ log: TOK_LEVEL log_level { } ; +hide: TOK_IP TOK_ADDRESSES boolean { + conf->hide_ip_addresses = $3; + } + | TOK_MAC TOK_ADDRESSES boolean { + conf->hide_mac_addresses = $3; + } + ; + maybe_log_level: TOK_LEVEL log_level { $$ = $2; } | { $$ = FASTD_DEFAULT_LOG_LEVEL; } diff --git a/src/fastd.h b/src/fastd.h index 11f6dfb..9b1191a 100644 --- a/src/fastd.h +++ b/src/fastd.h @@ -251,6 +251,9 @@ struct fastd_config { bool daemon; char *pid_file; + bool hide_ip_addresses; + bool hide_mac_addresses; + bool machine_readable; bool generate_key; bool show_key; diff --git a/src/printf.c b/src/printf.c index bd06727..d5f47ee 100644 --- a/src/printf.c +++ b/src/printf.c @@ -50,12 +50,16 @@ static int snprint_peer_address(const fastd_context_t *ctx, char *buffer, size_t return snprintf(buffer, size, "any"); case AF_INET: - if (inet_ntop(AF_INET, &address->in.sin_addr, addr_buf, sizeof(addr_buf))) + if (!bind_address && ctx->conf->hide_ip_addresses) + return snprintf_safe(buffer, size, "[hidden]:%u", ntohs(address->in.sin_port)); + else if (inet_ntop(AF_INET, &address->in.sin_addr, addr_buf, sizeof(addr_buf))) return snprintf_safe(buffer, size, "%s:%u", addr_buf, ntohs(address->in.sin_port)); else return 0; case AF_INET6: + if (!bind_address && ctx->conf->hide_ip_addresses) + return snprintf_safe(buffer, size, "[hidden]:%u", ntohs(address->in.sin_port)); if (inet_ntop(AF_INET6, &address->in6.sin6_addr, addr_buf, sizeof(addr_buf))) return snprintf_safe(buffer, size, "[%s]:%u", addr_buf, ntohs(address->in6.sin6_port)); else @@ -121,9 +125,12 @@ int fastd_vsnprintf(const fastd_context_t *ctx, char *buffer, size_t size, const eth_addr = va_arg(ap, const fastd_eth_addr_t*); if (eth_addr) { - buffer += snprintf_safe(buffer, buffer_end-buffer, "%02x:%02x:%02x:%02x:%02x:%02x", - eth_addr->data[0], eth_addr->data[1], eth_addr->data[2], - eth_addr->data[3], eth_addr->data[4], eth_addr->data[5]); + if (ctx->conf->hide_mac_addresses) + buffer += snprintf_safe(buffer, buffer_end-buffer, "[hidden]"); + else + buffer += snprintf_safe(buffer, buffer_end-buffer, "%02x:%02x:%02x:%02x:%02x:%02x", + eth_addr->data[0], eth_addr->data[1], eth_addr->data[2], + eth_addr->data[3], eth_addr->data[4], eth_addr->data[5]); } else { buffer += snprintf_safe(buffer, buffer_end-buffer, "(null)"); |