Do not add internal and localhost connections to history

2025-09-02 02:29:12 +00:00 · 2023-08-11 11:56:22 +02:00 · 2023-08-11 11:56:22 +02:00 · 3b70c5587c
commit 3b70c5587c
parent 9ccdfad328
3 changed files with 18 additions and 8 deletions
--- a/netquery/manager.go
+++ b/netquery/manager.go
@ -127,7 +127,7 @@ func (mng *Manager) HandleFeed(ctx context.Context, feed <-chan *network.Connect

 				// Save to netquery database.
 				// Do not include internal connections in history.
-				if err := mng.store.Save(ctx, *model, conn.HistoryEnabled && !conn.Internal); err != nil {
+				if err := mng.store.Save(ctx, *model, conn.HistoryEnabled); err != nil {
 					log.Errorf("netquery: failed to save connection %s in sqlite database: %s", conn.ID, err)
 					return
 				}
--- a/network/connection.go
+++ b/network/connection.go
@ -578,8 +578,8 @@ func (conn *Connection) SetLocalIP(ip net.IP) {
 	conn.LocalIPScope = netutils.GetIPScope(ip)
 }

-// UpdateFeatures checks which connection related features may be used and sets
-// the flags accordingly.
+// UpdateFeatures checks which connection related features may and should be
+// used and sets the flags accordingly.
 // The caller must hold a lock on the connection.
 func (conn *Connection) UpdateFeatures() error {
 	// Get user.
@ -591,7 +591,15 @@ func (conn *Connection) UpdateFeatures() error {

 	// Check if history may be used and if it is enabled for this application.
 	conn.HistoryEnabled = false
-	if user.MayUse(account.FeatureHistory) {
+	switch {
+	case conn.Internal:
+		// Do not record internal connections, as they are of low interest in the history.
+		// TODO: Should we create a setting for this?
+	case conn.Entity.IPScope.IsLocalhost():
+		// Do not record localhost-only connections, as they are very low interest in the history.
+		// TODO: Should we create a setting for this?
+	case user.MayUse(account.FeatureHistory):
+		// Check if history may be used and is enabled.
 		lProfile := conn.Process().Profile()
 		if lProfile != nil {
 			conn.HistoryEnabled = lProfile.EnableHistory()
--- a/profile/config.go
+++ b/profile/config.go
@ -196,7 +196,7 @@ func registerConfiguration() error { //nolint:maintidx
 	err := config.Register(&config.Option{
 		Name:         "Default Network Action",
 		Key:          CfgOptionDefaultActionKey,
-		Description:  `The default network action is applied when nothing else allows or blocks an outgoing connection. Incoming connections are always blocked by default.`,
+		Description:  `The default network action is applied when nothing else allows or blocks a connection. This affects both outgoing and incoming connections. This setting is the weakest of all and is commonly overruled by Force Block settings or Rules.`,
 		OptType:      config.OptTypeString,
 		DefaultValue: DefaultActionPermitValue,
 		Annotations: config.Annotations{
@ -254,7 +254,9 @@ func registerConfiguration() error { //nolint:maintidx
 	err = config.Register(&config.Option{
 		Name: "Enable Network History",
 		Key:  CfgOptionEnableHistoryKey,
-		Description:    "Save connections in a database (on disk) in order to view and search them later. Changes might take a couple minutes to apply to all connections.",
+		Description: `Save connections in a database (on disk) in order to view and search them later. Changes might take a couple minutes to apply to all connections.
+
+In order to reduce noise optimize performance, internal and device-only (localhost) connections are not saved to history.`,
 		OptType:        config.OptTypeBool,
 		ReleaseLevel:   config.ReleaseLevelStable,
 		ExpertiseLevel: config.ExpertiseLevelUser,