Do not add internal and localhost connections to history

netquery/manager.go

@@ -127,7 +127,7 @@ func (mng *Manager) HandleFeed(ctx context.Context, feed <-chan *network.Connect
 
 				// Save to netquery database.
 				// Do not include internal connections in history.
-				if err := mng.store.Save(ctx, *model, conn.HistoryEnabled && !conn.Internal); err != nil {
+				if err := mng.store.Save(ctx, *model, conn.HistoryEnabled); err != nil {
 					log.Errorf("netquery: failed to save connection %s in sqlite database: %s", conn.ID, err)
 					return
 				}

network/connection.go

@@ -578,8 +578,8 @@ func (conn *Connection) SetLocalIP(ip net.IP) {
 	conn.LocalIPScope = netutils.GetIPScope(ip)
 }
 
-// UpdateFeatures checks which connection related features may be used and sets
+// UpdateFeatures checks which connection related features may and should be
-// the flags accordingly.
+// used and sets the flags accordingly.
 // The caller must hold a lock on the connection.
 func (conn *Connection) UpdateFeatures() error {
 	// Get user.
@@ -591,7 +591,15 @@ func (conn *Connection) UpdateFeatures() error {
 
 	// Check if history may be used and if it is enabled for this application.
 	conn.HistoryEnabled = false
-	if user.MayUse(account.FeatureHistory) {
+	switch {
+	case conn.Internal:
+		// Do not record internal connections, as they are of low interest in the history.
+		// TODO: Should we create a setting for this?
+	case conn.Entity.IPScope.IsLocalhost():
+		// Do not record localhost-only connections, as they are very low interest in the history.
+		// TODO: Should we create a setting for this?
+	case user.MayUse(account.FeatureHistory):
+		// Check if history may be used and is enabled.
 		lProfile := conn.Process().Profile()
 		if lProfile != nil {
 			conn.HistoryEnabled = lProfile.EnableHistory()

profile/config.go

@@ -196,7 +196,7 @@ func registerConfiguration() error { //nolint:maintidx
 	err := config.Register(&config.Option{
 		Name:         "Default Network Action",
 		Key:          CfgOptionDefaultActionKey,
-		Description:  `The default network action is applied when nothing else allows or blocks an outgoing connection. Incoming connections are always blocked by default.`,
+		Description:  `The default network action is applied when nothing else allows or blocks a connection. This affects both outgoing and incoming connections. This setting is the weakest of all and is commonly overruled by Force Block settings or Rules.`,
 		OptType:      config.OptTypeString,
 		DefaultValue: DefaultActionPermitValue,
 		Annotations: config.Annotations{
@@ -254,7 +254,9 @@ func registerConfiguration() error { //nolint:maintidx
 	err = config.Register(&config.Option{
 		Name: "Enable Network History",
 		Key:  CfgOptionEnableHistoryKey,
-		Description:    "Save connections in a database (on disk) in order to view and search them later. Changes might take a couple minutes to apply to all connections.",
+		Description: `Save connections in a database (on disk) in order to view and search them later. Changes might take a couple minutes to apply to all connections.
+
+In order to reduce noise optimize performance, internal and device-only (localhost) connections are not saved to history.`,
 		OptType:        config.OptTypeBool,
 		ReleaseLevel:   config.ReleaseLevelStable,
 		ExpertiseLevel: config.ExpertiseLevelUser,