diff --git a/cmd/proxy/main.go b/cmd/proxy/main.go index 40bd9a7b..53a5ae5b 100644 --- a/cmd/proxy/main.go +++ b/cmd/proxy/main.go @@ -57,7 +57,9 @@ func main() { log.Fatalf("Error unmarshaling policy file content: %v", err) } } - proxyService := proxy.NewTransparentProxyService(p, ca, proxy.PolicyMode(*policyMode), &pl) + proxyService := proxy.NewTransparentProxyService(p, ca, proxy.PolicyMode(*policyMode), proxy.TransparentProxyServiceOpts{ + Policy: &pl, + }) proxyService.Proxy.OnRequest().DoFunc( func(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response) { return proxyService.ApplyNetworkPolicy(req, ctx) diff --git a/pkg/proxy/proxy/transparent.go b/pkg/proxy/proxy/transparent.go index 733af167..da858fc5 100644 --- a/pkg/proxy/proxy/transparent.go +++ b/pkg/proxy/proxy/transparent.go @@ -87,31 +87,41 @@ func (m PolicyMode) IsValid() bool { // TransparentProxyService transparently proxies HTTP and HTTPS traffic. type TransparentProxyService struct { - Proxy *goproxy.ProxyHttpServer - Ca *tls.Certificate - NetworkLog *netlog.NetworkActivityLog - Policy *policy.Policy - Mode PolicyMode + Proxy *goproxy.ProxyHttpServer + Ca *tls.Certificate + Policy *policy.Policy + Mode PolicyMode - mx *sync.Mutex + mx *sync.Mutex + networkLog *netlog.NetworkActivityLog +} + +// TransparentProxyServiceOpts defines the optional parameters for creating a TransparentProxyService. +type TransparentProxyServiceOpts struct { + Policy *policy.Policy + SkipLogging bool } // NewTransparentProxyService creates a new TransparentProxyService. -func NewTransparentProxyService(p *goproxy.ProxyHttpServer, ca *tls.Certificate, mode PolicyMode, pl *policy.Policy) TransparentProxyService { +func NewTransparentProxyService(p *goproxy.ProxyHttpServer, ca *tls.Certificate, mode PolicyMode, opts TransparentProxyServiceOpts) TransparentProxyService { m := new(sync.Mutex) if !mode.IsValid() { log.Fatalf("Invalid proxy mode specified: %v", mode) } - if mode != DisabledMode && pl == nil { - log.Fatalf("Invalid policy: %v", pl) + if mode != DisabledMode && opts.Policy == nil { + log.Fatalf("Invalid policy: %v", opts.Policy) + } + networkLog := &netlog.NetworkActivityLog{} + if !opts.SkipLogging { + networkLog = netlog.CaptureActivityLog(p, m) } return TransparentProxyService{ Proxy: p, Ca: ca, - NetworkLog: netlog.CaptureActivityLog(p, m), Mode: mode, - Policy: pl, + Policy: opts.Policy, mx: m, + networkLog: networkLog, } } @@ -194,7 +204,7 @@ func (t *TransparentProxyService) ServeAdmin(addr string) { defer t.mx.Unlock() enc := json.NewEncoder(w) enc.SetIndent("", " ") - if err := enc.Encode(t.NetworkLog); err != nil { + if err := enc.Encode(t.networkLog); err != nil { log.Printf("Failed to marshal metadata: %v", err) http.Error(w, "Internal Error", http.StatusInternalServerError) } diff --git a/pkg/proxy/proxy/transparent_test.go b/pkg/proxy/proxy/transparent_test.go index fd9b5e14..9a2713c2 100644 --- a/pkg/proxy/proxy/transparent_test.go +++ b/pkg/proxy/proxy/transparent_test.go @@ -207,7 +207,9 @@ func TestPolicyEndpoint(t *testing.T) { wantResp: http.StatusMethodNotAllowed, }, } - proxyService := NewTransparentProxyService(NewTransparentProxyServer(false), nil, "enforce", &policy.Policy{}) + proxyService := NewTransparentProxyService(NewTransparentProxyServer(false), nil, "enforce", TransparentProxyServiceOpts{ + Policy: &policy.Policy{}, + }) policy.RegisterRule("URLMatchRule", func() policy.Rule { return &policy.URLMatchRule{} }) mux := http.NewServeMux() mux.HandleFunc("/policy", proxyService.policyHandler)