trace

crowdsecurity · Jan 8, 2024 · 420dac0 · 420dac0
1 parent e5a58e7
commit 420dac0
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 10 deletions.
diff --git a/pkg/backend/backend.go b/pkg/backend/backend.go
@@ -41,6 +41,7 @@ func (b *BackendCTX) Delete(decision *models.Decision) error {
 }
 
 func (b *BackendCTX) CollectMetrics() {
+	log.Trace("Collecting backend-specific metrics")
 	b.firewall.CollectMetrics()
 }
 
@@ -62,7 +63,7 @@ func NewBackend(config *cfg.BouncerConfig) (*BackendCTX, error) {
 
 	b := &BackendCTX{}
 
-	log.Printf("backend type : %s", config.Mode)
+	log.Printf("backend type: %s", config.Mode)
 
 	if config.DisableIPV6 {
 		log.Println("IPV6 is disabled")

diff --git a/pkg/pf/metrics.go b/pkg/pf/metrics.go
@@ -93,11 +93,9 @@ func (pf *pf) countIPs(table string) int {
 }
 
 // CollectMetrics collects metrics from pfctl.
-// The firewall rules are not controlled by this package, so we can only
-// trust they are set up correctly, and retrieve stats from the firewall tables.
+// In pf mode the firewall rules are not controlled by the bouncer, so we can only
+// trust they are set up correctly, and retrieve stats from the pfctl tables.
 func (pf *pf) CollectMetrics() {
-	t := time.NewTicker(metrics.MetricCollectionInterval)
-
 	droppedPackets := float64(0)
 	droppedBytes := float64(0)
 
@@ -111,13 +109,15 @@ func (pf *pf) CollectMetrics() {
 		tables = append(tables, pf.inet6.table)
 	}
 
+	t := time.NewTicker(metrics.MetricCollectionInterval)
+
 	for range t.C {
 		cmd := execPfctl("", "-v", "-sr")
 
 		out, err := cmd.Output()
 		if err != nil {
 			log.Errorf("failed to run 'pfctl -v -sr': %s", err)
-			return
+			continue
 		}
 
 		reader := strings.NewReader(string(out))

diff --git a/test/bouncer/test_firewall_bouncer.py b/test/bouncer/test_firewall_bouncer.py
@@ -28,7 +28,7 @@ def test_backend_mode(bouncer, fw_cfg_factory):
     with bouncer(cfg) as fw:
         fw.wait_for_lines_fnmatch([
             "*Starting crowdsec-firewall-bouncer*",
-            "*backend type : dry-run*",
+            "*backend type: dry-run*",
             "*backend.Init() called*",
             "*unable to configure bouncer: config does not contain LAPI url*",
         ])

diff --git a/test/bouncer/test_tls.py b/test/bouncer/test_tls.py
@@ -33,7 +33,7 @@ def test_tls_server(crowdsec, certs_dir, api_key_factory, bouncer, fw_cfg_factor
 
         with bouncer(cfg) as cb:
             cb.wait_for_lines_fnmatch([
-                "*backend type : dry-run*",
+                "*backend type: dry-run*",
                 "*Using API key auth*",
                 "*auth-api: auth with api key failed*",
                 "*tls: failed to verify certificate: x509: certificate signed by unknown authority*",
@@ -43,7 +43,7 @@ def test_tls_server(crowdsec, certs_dir, api_key_factory, bouncer, fw_cfg_factor
 
         with bouncer(cfg) as cb:
             cb.wait_for_lines_fnmatch([
-                "*backend type : dry-run*",
+                "*backend type: dry-run*",
                 "*Using CA cert *ca.crt*",
                 "*Using API key auth*",
                 "*Processing new and deleted decisions*",
@@ -95,7 +95,7 @@ def test_tls_mutual(crowdsec, certs_dir, api_key_factory, bouncer, fw_cfg_factor
 
         with bouncer(cfg) as cb:
             cb.wait_for_lines_fnmatch([
-                "*backend type : dry-run*",
+                "*backend type: dry-run*",
                 "*Using CA cert*",
                 "*Using cert auth with cert * and key *",
                 "*Processing new and deleted decisions . . .*",