tcp,udp,icmp: guard verbose/debug logs

some logs are in the critical path, that is, exec on every packet flow and so
they cause connection slow downs. The Golang logger is not lightweight and
acquires mutexes on every write. Firestack's logger also does a bunch of
bookkeeping to prevent spammy logs and calls up the runtime to print
stacktraces.

Author: ignoramous

intra/common.go

@@ -189,7 +189,7 @@ func (h *baseHandler) onFlow(localaddr, target netip.AddrPort) (fm *Mark, undidA
 		hasNewIPs := false
 		if hasPre {
 			for d := range strings.SplitSeq(doms, ",") {
-				if len(d) <= 0 {
+				if len(d) <= 0 && settings.Debug {
 					log.V("com: %s: onFlow: preflow: empty domain in %v from %v => %v for %s; skip!",
 						h.proto, doms, src, target, preuid)
 					continue
@@ -211,12 +211,16 @@ func (h *baseHandler) onFlow(localaddr, target netip.AddrPort) (fm *Mark, undidA
 			return fm, undidAlg, "", ""
 		} // else: if we've got target and/or old ips, dial them
 	} else {
-		log.D("com: %s: onFlow: noalg? %t or hasips? %t", h.proto, !undidAlg, hasOldIPs)
+		if settings.Debug {
+			log.D("com: %s: onFlow: noalg? %t or hasips? %t", h.proto, !undidAlg, hasOldIPs)
+		}
 	}
 
 	if len(ips) <= 0 || len(doms) <= 0 {
-		log.D("com: %s: onFlow: no realips(%s) or domains(%s + %s), for src=%s dst=%s",
-			h.proto, ips, doms, pdoms, localaddr, target)
+		if settings.Debug {
+			log.D("com: %s: onFlow: no realips(%s) or domains(%s + %s), for src=%s dst=%s",
+				h.proto, ips, doms, pdoms, localaddr, target)
+		}
 	}
 
 	fm, ok := core.Grx(h.proto+".flow", func(_ context.Context) (*Mark, error) {
@@ -306,7 +310,9 @@ func (h *baseHandler) queueSummary(s *SocketSummary) {
 	// log.VV("com: %s: queueSummary: %x %x %s", h.proto, h.smmch, h.ctx, s.ID)
 	select {
 	case <-h.ctx.Done():
-		log.D("%s: queueSummary: end: %s", h.proto, s)
+		if settings.Debug {
+			log.D("%s: queueSummary: end: %s", h.proto, s)
+		}
 	default:
 		select {
 		case <-h.ctx.Done():
@@ -343,7 +349,9 @@ func (h *baseHandler) sendSummary(s *SocketSummary, after time.Duration) {
 		time.Sleep(after)
 	}
 
-	log.VV("com: %s: end? sendNotif: %s", h.proto, s)
+	if settings.Debug {
+		log.VV("com: %s: end? sendNotif: %s", h.proto, s)
+	}
 	h.listener.OnSocketClosed(s) // s.Duration may be uninitialized (zero)
 }
 
@@ -431,8 +439,10 @@ func upload(id string, local, remote net.Conn, ioch chan<- ioinfo) {
 
 	n, err := core.Pipe(remote, local)
 
-	log.D("com: %s upload(%d) done(%v) b/w %s",
-		id, n, err, conn2str(local, remote))
+	if settings.Debug {
+		log.D("com: %s upload(%d) done(%v) b/w %s",
+			id, n, err, conn2str(local, remote))
+	}
 	ioch <- ioinfo{n, err}
 }
 
@@ -442,8 +452,10 @@ func download(id string, local, remote net.Conn) (n int64, err error) {
 
 	n, err = core.Pipe(local, remote)
 
-	log.D("com: %s download(%d) done(%v) b/w %s",
-		id, n, err, conn2str(local, remote))
+	if settings.Debug {
+		log.D("com: %s download(%d) done(%v) b/w %s",
+			id, n, err, conn2str(local, remote))
+	}
 	return
 }
 
@@ -488,8 +500,10 @@ func makeIPPorts(ips []netip.Addr, origipp netip.AddrPort, cap int) []netip.Addr
 		} // else: discard ip
 	}
 
-	log.VV("com: makeIPPorts(v4? %t, v6? %t) for %v; tot: %d; in: %v, out: %v",
-		use4, use6, origipp, len(ips), ips, r)
+	if settings.Debug {
+		log.VV("com: makeIPPorts(v4? %t, v6? %t) for %v; tot: %d; in: %v, out: %v",
+			use4, use6, origipp, len(ips), ips, r)
+	}
 
 	if len(r) > 0 {
 		return core.ShuffleInPlace(r)
@@ -604,8 +618,10 @@ func (h *baseHandler) maybeReplaceDest(res *Mark, target *netip.AddrPort) {
 		return
 	} else if resip, err := netip.ParseAddr(res.IP); resip.IsValid() && err == nil {
 		// if res.IP is set, then use it as the target
-		log.D("%s: proxy: %s %s target instead of %s",
-			h.proto, res.CID, resip, target)
+		if settings.Debug {
+			log.D("%s: proxy: %s %s target instead of %s",
+				h.proto, res.CID, resip, target)
+		}
 		*target = netip.AddrPortFrom(resip, target.Port())
 	}
 }

intra/tcp.go

@@ -168,7 +168,9 @@ func (h *tcpHandler) Proxy(gconn *netstack.GTCPConn, src, target netip.AddrPort)
 
 	if h.status.Load() == HDLEND {
 		err = errTcpEnd
-		log.D("tcp: proxy: %s end %s => %s [%v]", cid, src, target, actualTargets)
+		if settings.Debug {
+			log.D("tcp: proxy: %s end %s => %s [%v]", cid, src, target, actualTargets)
+		}
 		clos(gconn)
 		h.queueSummary(smm.done(err))
 		return deny
@@ -206,8 +208,10 @@ func (h *tcpHandler) Proxy(gconn *netstack.GTCPConn, src, target netip.AddrPort)
 		} // else not a dns request
 	} // if ipn.Exit then let it connect as-is (aka exit)
 
-	log.VV("tcp: %s proxying %s => %s [%v] for %s; pids: %s",
-		cid, src, target, actualTargets, uid, pids)
+	if settings.Debug {
+		log.VV("tcp: %s proxying %s => %s [%v] for %s; pids: %s",
+			cid, src, target, actualTargets, uid, pids)
+	}
 
 	boundSrc := makeAnyAddrPort(src)
 	// pick all realips to connect to
@@ -251,8 +255,10 @@ func (h *tcpHandler) handle(px ipn.Proxy, src *netstack.GTCPConn, boundSrc, targ
 
 	start := time.Now()
 
-	log.VV("tcp: %s dial %s: attempt:  %s [%s] => %s for %s",
-		smm.ID, pidstr(px), src.LocalAddr(), boundSrc, target, smm.UID)
+	if settings.Debug {
+		log.VV("tcp: %s dial %s: attempt:  %s [%s] => %s for %s",
+			smm.ID, pidstr(px), src.LocalAddr(), boundSrc, target, smm.UID)
+	}
 
 	// github.com/google/gvisor/blob/5ba35f516b5c2/test/benchmarks/tcp/tcp_proxy.go#L359
 	// ref: stackoverflow.com/questions/63656117

intra/udp.go

@@ -195,7 +195,9 @@ func (h *udpHandler) Connect(gconn *netstack.GUDPConn, src, target netip.AddrPor
 	smm = udpSummary(cid, uid, actualTargets[0].Addr())
 
 	if h.status.Load() == HDLEND {
-		log.D("udp: connect: %s %v => %v, end", cid, src, target)
+		if settings.Debug {
+			log.D("udp: connect: %s %v => %v, end", cid, src, target)
+		}
 		return nil, smm, errUdpEnd // disconnect, no nat
 	}
 
@@ -259,14 +261,18 @@ func (h *udpHandler) Connect(gconn *netstack.GUDPConn, src, target netip.AddrPor
 
 	if mux {
 		if muxpid := h.mux.pid(src); len(muxpid) > 0 && containsPid(pids, muxpid) {
-			log.D("udp: connect: %s mux: %s => %s using muxed-pid %s; all pids %s",
-				cid, src, target, muxpid, pids)
+			if settings.Debug {
+				log.D("udp: connect: %s mux: %s => %s using muxed-pid %s; all pids %s",
+					cid, src, target, muxpid, pids)
+			}
 			pids = []string{muxpid}
 		} // else: mxr will dial this conn with a different pid
 	}
 
-	log.VV("udp: connect: %s proxying %s => %s [%v] for %s; pids: %s, mux? %t",
-		cid, src, target, actualTargets, uid, pids, mux)
+	if settings.Debug {
+		log.VV("udp: connect: %s proxying %s => %s [%v] for %s; pids: %s, mux? %t",
+			cid, src, target, actualTargets, uid, pids, mux)
+	}
 
 	// note: fake-dns-ips shouldn't be un-nated / un-alg'd
 	for i, dstipp := range actualTargets {
@@ -290,8 +296,10 @@ func (h *udpHandler) Connect(gconn *netstack.GUDPConn, src, target netip.AddrPor
 		if mux { // mux is not supported by all proxies (few like Exit, Base, WG support it)
 			pc, err = h.mux.associate(cid, pxid, uid, src, selectedTarget, px.Dialer().Announce, vendor(dmx))
 		} else {
-			log.VV("udp: connect: #%d: attempt: %s proxy(%s) to dst(%s) for %s; mux? %t",
-				i, cid, pxid, selectedTarget, uid, mux)
+			if settings.Debug {
+				log.VV("udp: connect: #%d: attempt: %s proxy(%s) to dst(%s) for %s; mux? %t",
+					i, cid, pxid, selectedTarget, uid, mux)
+			}
 
 			if settings.PortForward.Load() {
 				boundSrc := makeAnyAddrPort(src)

intra/udpmux.go

@@ -148,7 +148,9 @@ func (x *muxer) awaiters() {
 	for {
 		select {
 		case c := <-x.dxconns:
-			log.D("udp: mux: %s awaiter: watching %s => %s", c.cid, c.laddr, c.raddr)
+			if settings.Debug {
+				log.D("udp: mux: %s awaiter: watching %s => %s", c.cid, c.laddr, c.raddr)
+			}
 			x.dxconnWG.Add(1) // accept
 			core.Gx("udpmux.vend.close", func() {
 				<-c.closed // conn closed
@@ -165,7 +167,9 @@ func (x *muxer) awaiters() {
 // stop closes conns in the backlog, stops accepting new conns,
 // closes muxconn, and waits for demuxed conns to close.
 func (x *muxer) stop() error {
-	log.D("udp: mux: %s stop", x.cid)
+	if settings.Debug {
+		log.D("udp: mux: %s stop", x.cid)
+	}
 
 	var err error
 	x.once.Do(func() {
@@ -187,7 +191,9 @@ func (x *muxer) drain() {
 	defer x.rmu.Unlock()
 
 	defer clear(x.routes)
-	log.D("udp: mux: %s drain: closing %d demuxed conns", x.cid, len(x.routes))
+	if settings.Debug {
+		log.D("udp: mux: %s drain: closing %d demuxed conns", x.cid, len(x.routes))
+	}
 	for _, c := range x.routes {
 		clos(c) // will unroute as well
 	}
@@ -225,7 +231,9 @@ func (x *muxer) readers() {
 			if timeouterrors < maxtimeouterrors {
 				// extend by preset (min) udp timeout
 				x.extend(time.Now().Add(time.Second * udptimeout))
-				log.D("udp: mux: %s read timeout(%d): %v", x.cid, timeouterrors, err)
+				if settings.Debug {
+					log.D("udp: mux: %s read timeout(%d): %v", x.cid, timeouterrors, err)
+				}
 				recycle()
 				continue
 			}
@@ -427,8 +435,10 @@ func (c *demuxconn) WriteTo(p []byte, to net.Addr) (int, error) {
 
 // Close implements core.UDPConn.Close
 func (c *demuxconn) Close() error {
-	log.D("udp: mux: %s demux %s => %s close, in: %d, over: %d",
-		c.out.id(), c.laddr, c.raddr, len(c.inCh), len(c.overflowCh))
+	if settings.Debug {
+		log.D("udp: mux: %s demux %s => %s close, in: %d, over: %d",
+			c.out.id(), c.laddr, c.raddr, len(c.inCh), len(c.overflowCh))
+	}
 	c.once.Do(func() {
 		close(c.closed) // sig close
 		defer c.wt.Stop()
@@ -511,7 +521,9 @@ func (c *demuxconn) io(out *[]byte, in *slice) (int, error) {
 			return n, io.ErrShortWrite
 		}
 	} else {
-		log.VV("udp: mux: %s demux: read: %v <= %v done(sz: %d)", id, c.laddr, c.raddr, n)
+		if settings.Debug {
+			log.VV("udp: mux: %s demux: read: %v <= %v done(sz: %d)", id, c.laddr, c.raddr, n)
+		}
 		in.fin()
 	}
 	return n, nil