From 3b70c5587ca520c96b5b3fe6cabed9d4d65337fb Mon Sep 17 00:00:00 2001 From: Daniel Date: Fri, 11 Aug 2023 11:56:22 +0200 Subject: [PATCH] Do not add internal and localhost connections to history --- netquery/manager.go | 2 +- network/connection.go | 14 +++++++++++--- profile/config.go | 10 ++++++---- 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/netquery/manager.go b/netquery/manager.go index 19a79ab1..8749f482 100644 --- a/netquery/manager.go +++ b/netquery/manager.go @@ -127,7 +127,7 @@ func (mng *Manager) HandleFeed(ctx context.Context, feed <-chan *network.Connect // Save to netquery database. // Do not include internal connections in history. - if err := mng.store.Save(ctx, *model, conn.HistoryEnabled && !conn.Internal); err != nil { + if err := mng.store.Save(ctx, *model, conn.HistoryEnabled); err != nil { log.Errorf("netquery: failed to save connection %s in sqlite database: %s", conn.ID, err) return } diff --git a/network/connection.go b/network/connection.go index 10d5d586..fd2cc35c 100644 --- a/network/connection.go +++ b/network/connection.go @@ -578,8 +578,8 @@ func (conn *Connection) SetLocalIP(ip net.IP) { conn.LocalIPScope = netutils.GetIPScope(ip) } -// UpdateFeatures checks which connection related features may be used and sets -// the flags accordingly. +// UpdateFeatures checks which connection related features may and should be +// used and sets the flags accordingly. // The caller must hold a lock on the connection. func (conn *Connection) UpdateFeatures() error { // Get user. @@ -591,7 +591,15 @@ func (conn *Connection) UpdateFeatures() error { // Check if history may be used and if it is enabled for this application. conn.HistoryEnabled = false - if user.MayUse(account.FeatureHistory) { + switch { + case conn.Internal: + // Do not record internal connections, as they are of low interest in the history. + // TODO: Should we create a setting for this? + case conn.Entity.IPScope.IsLocalhost(): + // Do not record localhost-only connections, as they are very low interest in the history. + // TODO: Should we create a setting for this? + case user.MayUse(account.FeatureHistory): + // Check if history may be used and is enabled. lProfile := conn.Process().Profile() if lProfile != nil { conn.HistoryEnabled = lProfile.EnableHistory() diff --git a/profile/config.go b/profile/config.go index 761102ca..45be8ce3 100644 --- a/profile/config.go +++ b/profile/config.go @@ -196,7 +196,7 @@ func registerConfiguration() error { //nolint:maintidx err := config.Register(&config.Option{ Name: "Default Network Action", Key: CfgOptionDefaultActionKey, - Description: `The default network action is applied when nothing else allows or blocks an outgoing connection. Incoming connections are always blocked by default.`, + Description: `The default network action is applied when nothing else allows or blocks a connection. This affects both outgoing and incoming connections. This setting is the weakest of all and is commonly overruled by Force Block settings or Rules.`, OptType: config.OptTypeString, DefaultValue: DefaultActionPermitValue, Annotations: config.Annotations{ @@ -252,9 +252,11 @@ func registerConfiguration() error { //nolint:maintidx // Enable History err = config.Register(&config.Option{ - Name: "Enable Network History", - Key: CfgOptionEnableHistoryKey, - Description: "Save connections in a database (on disk) in order to view and search them later. Changes might take a couple minutes to apply to all connections.", + Name: "Enable Network History", + Key: CfgOptionEnableHistoryKey, + Description: `Save connections in a database (on disk) in order to view and search them later. Changes might take a couple minutes to apply to all connections. + +In order to reduce noise optimize performance, internal and device-only (localhost) connections are not saved to history.`, OptType: config.OptTypeBool, ReleaseLevel: config.ReleaseLevelStable, ExpertiseLevel: config.ExpertiseLevelUser,