Skip to content

Commit

Permalink
odyn: clean up the logs
Browse files Browse the repository at this point in the history 
Reduce verbosity and fix "Staring" strings to
be printed only if the given proxy is enabled.
  • Loading branch information
@eyakubovich @russellhaering
eyakubovich authored and russellhaering committed Nov 1, 2022
1 parent 4368ee0 commit 48e7c38
Show file tree
Hide file tree
Showing 7 changed files with 21 additions and 27 deletions.
5 changes: 4 additions & 1 deletion enclaver/src/bin/odyn/egress.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@ use std::sync::Arc;

use tokio::task::JoinHandle;
use anyhow::Result;
use enclaver::constants::HTTP_EGRESS_VSOCK_PORT;
use log::info;

use enclaver::constants::HTTP_EGRESS_VSOCK_PORT;
use enclaver::proxy::egress_http::EnclaveHttpProxy;
use enclaver::policy::EgressPolicy;
use crate::config::Configuration;
Expand All @@ -15,6 +16,8 @@ pub struct EgressService {
impl EgressService {
pub async fn start(config: &Configuration) -> Result<Self> {
let task = if let Some(proxy_uri) = config.egress_proxy_uri() {
info!("Startng egress");

let policy = Arc::new(EgressPolicy::new(config.manifest.egress.as_ref().unwrap()));

set_proxy_env_var(&proxy_uri.to_string());
Expand Down
3 changes: 3 additions & 0 deletions enclaver/src/bin/odyn/ingress.rs
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
use tokio::task::JoinHandle;
use anyhow::Result;
use log::info;

use enclaver::proxy::ingress::EnclaveProxy;
use crate::config::{Configuration, ListenerConfig};
Expand All @@ -15,10 +16,12 @@ impl IngressService {
for (port, cfg) in &config.listener_configs {
match cfg {
ListenerConfig::TCP => {
info!("Startng TCP ingress on port {}", *port);
let proxy = EnclaveProxy::bind(*port)?;
tasks.push(tokio::spawn(proxy.serve()));
},
ListenerConfig::TLS(tls_cfg) => {
info!("Startng TLS ingress on port {}", *port);
let proxy = EnclaveProxy::bind_tls(*port, tls_cfg.clone())?;
tasks.push(tokio::spawn(proxy.serve()));
},
Expand Down
1 change: 1 addition & 0 deletions enclaver/src/bin/odyn/kms_proxy.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ impl KmsProxyService {
pub async fn start(config: Arc<Configuration>, nsm: Arc<Nsm>) -> Result<Self> {
let task = if let Some(port) = config.kms_proxy_port() {
if let Some(proxy_uri) = config.egress_proxy_uri() {
info!("Starting KMS proxy");
let attester = Box::new(NsmAttestationProvider::new(nsm));

// If a keypair will be needed elsewhere, this should be moved out
Expand Down
7 changes: 0 additions & 7 deletions enclaver/src/bin/odyn/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,11 +55,8 @@ async fn run(args: &CliArgs) -> Result<()> {
info!("Enclave initialized");
}

info!("Startng egress");
let egress = EgressService::start(&config).await?;
info!("Startng ingress");
let ingress = IngressService::start(&config)?;
info!("Starting KMS proxy");
let kms_proxy = KmsProxyService::start(config.clone(), nsm.clone()).await?;

let creds = launcher::Credentials{
Expand All @@ -71,12 +68,8 @@ async fn run(args: &CliArgs) -> Result<()> {
let exit_status = launcher::start_child(args.entrypoint.clone(), creds).await??;
info!("Entrypoint {}", exit_status);

info!("Stopping kms proxy");
kms_proxy.stop().await;

info!("Stopping ingress");
ingress.stop().await;
info!("Stopping egress");
egress.stop().await;

app_status.exited(exit_status);
Expand Down
10 changes: 3 additions & 7 deletions enclaver/src/proxy/egress_http.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,6 @@ impl HostHttpProxy {

debug!("Connected to {}:{}, starting to proxy bytes", host, conn_req.port);
_ = tokio::io::copy_bidirectional(&mut vsock, &mut tcp).await;
debug!("Proxying is done");
},
Err(err) => {
ConnectResponse::failed(&err)
Expand All @@ -198,8 +197,6 @@ async fn proxy(egress_port: u32, req: Request<Body>,
}

async fn handle_connect(egress_port: u32, req: Request<Body>, egress_policy: &EgressPolicy) -> Response<Body> {
debug!("Handling CONNECT request");

match req.uri().authority() {
Some(authority) => {
let port = match authority.port() {
Expand All @@ -217,19 +214,18 @@ async fn handle_connect(egress_port: u32, req: Request<Body>, egress_policy: &Eg

}

debug!("Handling CONNECT to {}:{port}", authority.host());

// Connect to remote server before the upgrade so we can return an error if it fails
let mut remote = match remote_connect(egress_port, authority.host(), port).await {
Ok(remote) => remote,
Err(err) => return err_resp(http::StatusCode::SERVICE_UNAVAILABLE, err.to_string()),
};
debug!("Connected to origin server");

tokio::task::spawn(async move {
match hyper::upgrade::on(req).await {
Ok(mut upgraded) => {
debug!("Connection upgraded");
_ = tokio::io::copy_bidirectional(&mut upgraded, &mut remote).await;
debug!("Proxying is done");
}
Err(err) => {
error!("Upgrade failed: {err}");
Expand All @@ -240,7 +236,7 @@ async fn handle_connect(egress_port: u32, req: Request<Body>, egress_policy: &Eg
Response::new(Body::empty())
},
None => {
let err_msg = format!("CONNECT host is not socket addr: {:?}", req.uri());
let err_msg = format!("CONNECT host is not a socket addr: {:?}", req.uri());
error!("{err_msg}");
bad_request(err_msg)
}
Expand Down
2 changes: 0 additions & 2 deletions enclaver/src/proxy/ingress.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,6 @@ where
Ok(mut tcp) => {
debug!("Connected to {target}, proxying data");
_ = tokio::io::copy_bidirectional(&mut vsock, &mut tcp).await;
debug!("Proxying is done");
},
Err(err) => error!("Connection to upstream ({target}) failed: {err}"),
}
Expand Down Expand Up @@ -99,7 +98,6 @@ impl HostProxy {
Ok(mut vsock) => {
debug!("Connected to {target_port}:{target_cid}, proxying data");
_ = tokio::io::copy_bidirectional(&mut vsock, &mut tcp).await;
debug!("Proxying is done");
},
Err(err) => error!("Connection to upstream vsock ({target_cid}:{target_port}) failed: {err}"),
}
Expand Down
20 changes: 10 additions & 10 deletions enclaver/src/vsock.rs
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
use std::sync::Arc;
use log::{info, error};
use log::{info, debug, error};
use anyhow::{Result};
use rustls::{ServerConfig, ClientConfig};
use rustls::client::ServerName;
Expand All @@ -19,18 +19,18 @@ pub type TlsClientStream = tokio_rustls::client::TlsStream<VsockStream>;
pub fn serve(port: u32) -> Result<impl Stream<Item=VsockStream> + Unpin> {
let listener = VsockListener::bind(VMADDR_CID_ANY, port)?;

info!("Listening on vsock port {}", port);
info!("Listening on vsock port {port}");
let stream = listener.incoming()
.filter_map(move |result| {
futures::future::ready(
match result {
Ok(vsock) => {
info!("Connection accepted");
debug!("Connection accepted on port {port}");
Some(vsock)
},

Err(e) => {
error!("Failed to accept a vsock: {}", e);
Err(err) => {
error!("Failed to accept a vsock: {err}");
None
}
}
Expand All @@ -53,18 +53,18 @@ pub fn tls_serve(port: u32, tls_config: Arc<ServerConfig>) -> Result<impl Stream
async move {
match result {
Ok(vsock) => {
info!("Connection accepted");
debug!("Connection accepted on port {port}");
match acceptor.accept(vsock).await {
Ok(vsock) => Some(vsock),
Err(e) => {
error!("TLS handshake failed: {}", e);
Err(err) => {
error!("TLS handshake failed: {err}");
None
}
}
},

Err(e) => {
error!("Failed to accept a vsock: {}", e);
Err(err) => {
error!("Failed to accept a vsock: {err}");
None
}
}
Expand Down

0 comments on commit 48e7c38

Please sign in to comment.