From 631c13d2473e475096c77f129282671711c379bb Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Sat, 9 Mar 2013 22:54:06 +0100
Subject: Add options to hide IP and MAC addresses from log output

---
 src/config.c | 10 ++++++++++
 src/config.l |  4 ++++
 src/config.y | 13 +++++++++++++
 src/fastd.h  |  3 +++
 src/printf.c | 15 +++++++++++----
 5 files changed, 41 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/config.c b/src/config.c
index 1789723..f514f18 100644
--- a/src/config.c
+++ b/src/config.c
@@ -552,6 +552,8 @@ static void count_peers(fastd_context_t *ctx, fastd_config_t *conf) {
 	OPTION_ARG(option_log_level, "--log-level", "error|warn|info|verbose|debug", "Sets the stderr log level; default is info, if no alternative log destination is configured") \
 	OPTION_ARG(option_syslog_level, "--syslog-level", "error|warn|info|verbose|debug", "Sets the log level for syslog output; default is not to use syslog") \
 	OPTION_ARG(option_syslog_ident, "--syslog-ident", "<ident>", "Sets the syslog identification; default is 'fastd'") \
+	OPTION(option_hide_ip_addresses, "--hide-ip-addresses", "Hides IP addresses in log output") \
+	OPTION(option_hide_mac_addresses, "--hide-mac-addresses", "Hides MAC addresses in log output") \
 	OPTION_ARG(option_config, "--config" OR "-c", "<filename>", "Loads a config file") \
 	OPTION_ARG(option_config_peer, "--config-peer", "<filename>", "Loads a config file for a single peer") \
 	OPTION_ARG(option_config_peer_dir, "--config-peer-dir", "<dir>", "Loads all files from a directory as peer configs") \
@@ -650,6 +652,14 @@ static void option_syslog_ident(fastd_context_t *ctx, fastd_config_t *conf, cons
 	conf->log_syslog_ident = strdup(arg);
 }
 
+static void option_hide_ip_addresses(fastd_context_t *ctx, fastd_config_t *conf) {
+	conf->hide_ip_addresses = true;
+}
+
+static void option_hide_mac_addresses(fastd_context_t *ctx, fastd_config_t *conf) {
+	conf->hide_mac_addresses = true;
+}
+
 static void option_config(fastd_context_t *ctx, fastd_config_t *conf, const char *arg) {
 	if (!strcmp(arg, "-"))
 		arg = NULL;
diff --git a/src/config.l b/src/config.l
index 1ff90c8..1837185 100644
--- a/src/config.l
+++ b/src/config.l
@@ -107,6 +107,10 @@ drop		{ TOKEN(TOK_DROP); }
 capabilities	{ TOKEN(TOK_CAPABILITIES); }
 early		{ TOKEN(TOK_EARLY); }
 limit		{ TOKEN(TOK_LIMIT); }
+hide		{ TOKEN(TOK_HIDE); }
+ip		{ TOKEN(TOK_IP); }
+mac		{ TOKEN(TOK_MAC); }
+addresses	{ TOKEN(TOK_ADDRESSES); }
 
 [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} {
 			UPDATE_LOCATION;
diff --git a/src/config.y b/src/config.y
index 0fec8d7..c62d5ba 100644
--- a/src/config.y
+++ b/src/config.y
@@ -107,6 +107,10 @@
 %token TOK_CAPABILITIES
 %token TOK_EARLY
 %token TOK_LIMIT
+%token TOK_HIDE
+%token TOK_IP
+%token TOK_MAC
+%token TOK_ADDRESSES
 
 %token <addr4> TOK_ADDR4
 %token <addr6> TOK_ADDR6
@@ -156,6 +160,7 @@ statement:	peer_group_statement
 	|	TOK_GROUP group ';'
 	|	TOK_DROP TOK_CAPABILITIES drop_capabilities ';'
 	|	TOK_LOG log ';'
+	|	TOK_HIDE hide ';'
 	| 	TOK_INTERFACE interface ';'
 	| 	TOK_BIND bind ';'
 	|	TOK_MTU mtu ';'
@@ -225,6 +230,14 @@ log:		TOK_LEVEL log_level {
 		}
 	;
 
+hide:		TOK_IP TOK_ADDRESSES boolean {
+			conf->hide_ip_addresses = $3;
+		}
+	|	TOK_MAC TOK_ADDRESSES boolean {
+			conf->hide_mac_addresses = $3;
+		}
+	;
+
 maybe_log_level:
 		TOK_LEVEL log_level	{ $$ = $2; }
 	|				{ $$ = FASTD_DEFAULT_LOG_LEVEL; }
diff --git a/src/fastd.h b/src/fastd.h
index 11f6dfb..9b1191a 100644
--- a/src/fastd.h
+++ b/src/fastd.h
@@ -251,6 +251,9 @@ struct fastd_config {
 	bool daemon;
 	char *pid_file;
 
+	bool hide_ip_addresses;
+	bool hide_mac_addresses;
+
 	bool machine_readable;
 	bool generate_key;
 	bool show_key;
diff --git a/src/printf.c b/src/printf.c
index bd06727..d5f47ee 100644
--- a/src/printf.c
+++ b/src/printf.c
@@ -50,12 +50,16 @@ static int snprint_peer_address(const fastd_context_t *ctx, char *buffer, size_t
 			return snprintf(buffer, size, "any");
 
 	case AF_INET:
-		if (inet_ntop(AF_INET, &address->in.sin_addr, addr_buf, sizeof(addr_buf)))
+		if (!bind_address && ctx->conf->hide_ip_addresses)
+			return snprintf_safe(buffer, size, "[hidden]:%u", ntohs(address->in.sin_port));
+		else if (inet_ntop(AF_INET, &address->in.sin_addr, addr_buf, sizeof(addr_buf)))
 			return snprintf_safe(buffer, size, "%s:%u", addr_buf, ntohs(address->in.sin_port));
 		else
 			return 0;
 
 	case AF_INET6:
+		if (!bind_address && ctx->conf->hide_ip_addresses)
+			return snprintf_safe(buffer, size, "[hidden]:%u", ntohs(address->in.sin_port));
 		if (inet_ntop(AF_INET6, &address->in6.sin6_addr, addr_buf, sizeof(addr_buf)))
 			return snprintf_safe(buffer, size, "[%s]:%u", addr_buf, ntohs(address->in6.sin6_port));
 		else
@@ -121,9 +125,12 @@ int fastd_vsnprintf(const fastd_context_t *ctx, char *buffer, size_t size, const
 			eth_addr = va_arg(ap, const fastd_eth_addr_t*);
 
 			if (eth_addr) {
-				buffer += snprintf_safe(buffer, buffer_end-buffer, "%02x:%02x:%02x:%02x:%02x:%02x",
-							eth_addr->data[0], eth_addr->data[1], eth_addr->data[2],
-							eth_addr->data[3], eth_addr->data[4], eth_addr->data[5]);
+				if (ctx->conf->hide_mac_addresses)
+					buffer += snprintf_safe(buffer, buffer_end-buffer, "[hidden]");
+				else
+					buffer += snprintf_safe(buffer, buffer_end-buffer, "%02x:%02x:%02x:%02x:%02x:%02x",
+								eth_addr->data[0], eth_addr->data[1], eth_addr->data[2],
+								eth_addr->data[3], eth_addr->data[4], eth_addr->data[5]);
 			}
 			else {
 				buffer += snprintf_safe(buffer, buffer_end-buffer, "(null)");
-- 
cgit v1.2.3