wgengine/wglog: quieten WireGuard logs for allowedips

An increasing number of users have very large subnet route configurations, which can produce very large amounts of log data when WireGuard is reconfigured. The logs don't contain the actual routes, so they're largely useless for diagnostics, so we'll just suppress them. Fixes tailscale/corp#17532 Signed-off-by: James Tucker <james@tailscale.com>
2025-01-05 23:07:44 +00:00 · 2024-02-23 09:38:25 -08:00 · 2024-02-23 09:38:25 -08:00 · 131f9094fd
commit 131f9094fd
parent e8d2fc7f7f
2 changed files with 24 additions and 0 deletions
--- a/wgengine/wglog/wglog.go
+++ b/wgengine/wglog/wglog.go
@ -52,6 +52,13 @@ func NewLogger(logf logger.Logf) *Logger {
 			// See https://github.com/tailscale/tailscale/issues/1388.
 			return
 		}
+		if strings.Contains(format, "Adding allowedip") {
+			// Drop. See https://github.com/tailscale/corp/issues/17532.
+			// AppConnectors (as one example) may have many subnet routes, and
+			// the messaging related to these is not specific enough to be
+			// useful.
+			return
+		}
 		replace := ret.replace.Load()
 		if replace == nil {
 			// No replacements specified; log as originally planned.
--- a/wgengine/wglog/wglog_test.go
+++ b/wgengine/wglog/wglog_test.go
@ -64,6 +64,23 @@ type log struct {
 	}
 }

+func TestSuppressLogs(t *testing.T) {
+	var logs []string
+	logf := func(format string, args ...any) {
+		logs = append(logs, fmt.Sprintf(format, args...))
+	}
+	x := wglog.NewLogger(logf)
+	x.DeviceLogger.Verbosef("pass")
+	x.DeviceLogger.Verbosef("UAPI: Adding allowedip")
+
+	if len(logs) != 1 {
+		t.Fatalf("got %d logs, want 1", len(logs))
+	}
+	if logs[0] != "wg: [v2] pass" {
+		t.Errorf("got %q, want \"wg: [v2] pass\"", logs[0])
+	}
+}
+
 func stringer(s string) stringerString {
 	return stringerString(s)
 }