wgengine/magicsock: make debug-level stuff not logged by default

And add a CLI/localapi and c2n mechanism to enable it for a fixed amount of time. Updates #1548 Change-Id: I71674aaf959a9c6761ff33bbf4a417ffd42195a7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-10-20 06:32:01 +00:00 · 2022-10-03 20:39:45 -07:00
parent 5c69961a57
commit 1841d0bf98
10 changed files with 241 additions and 21 deletions
--- a/ipn/localapi/localapi.go
+++ b/ipn/localapi/localapi.go
@@ -146,6 +146,8 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		h.serveMetrics(w, r)
 	case "/localapi/v0/debug":
 		h.serveDebug(w, r)
+	case "/localapi/v0/component-debug-logging":
+		h.serveComponentDebugLogging(w, r)
 	case "/localapi/v0/set-expiry-sooner":
 		h.serveSetExpirySooner(w, r)
 	case "/localapi/v0/dial":
@@ -329,6 +331,24 @@ func (h *Handler) serveDebug(w http.ResponseWriter, r *http.Request) {
 	io.WriteString(w, "done\n")
 }

+func (h *Handler) serveComponentDebugLogging(w http.ResponseWriter, r *http.Request) {
+	if !h.PermitWrite {
+		http.Error(w, "debug access denied", http.StatusForbidden)
+		return
+	}
+	component := r.FormValue("component")
+	secs, _ := strconv.Atoi(r.FormValue("secs"))
+	err := h.b.SetComponentDebugLogging(component, time.Now().Add(time.Duration(secs)*time.Second))
+	var res struct {
+		Error string
+	}
+	if err != nil {
+		res.Error = err.Error()
+	}
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(res)
+}
+
 // serveProfileFunc is the implementation of Handler.serveProfile, after auth,
 // for platforms where we want to link it in.
 var serveProfileFunc func(http.ResponseWriter, *http.Request)