Improve logging and make linter happy

firewall/interception/ebpf/bandwidth/interface.go

@@ -142,6 +142,9 @@ func reportBandwidth(ctx context.Context, objs bpfObjects, bandwidthUpdates chan
 		case bandwidthUpdates <- update:
 		case <-ctx.Done():
 			return
+		default:
+			log.Warning("ebpf: bandwidth update queue is full, skipping rest of batch")
+			return
 		}
 	}
 }

firewall/interception/ebpf/connection_listener/worker.go

@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"net"
 	"sync/atomic"
+	"time"
 
 	"github.com/cilium/ebpf/link"
 	"github.com/cilium/ebpf/ringbuf"
@@ -112,6 +113,7 @@ func ConnectionListenerWorker(ctx context.Context, packets chan packet.Packet) e
 			Src:      convertArrayToIPv4(event.Saddr, packet.IPVersion(event.IpVersion)),
 			Dst:      convertArrayToIPv4(event.Daddr, packet.IPVersion(event.IpVersion)),
 			PID:      int(event.Pid),
+			SeenAt:   time.Now(),
 		})
 		if isEventValid(event) {
 			// DEBUG:

firewall/interception/windowskext/bandwidth_stats.go

@@ -55,7 +55,7 @@ func reportBandwidth(ctx context.Context, bandwidthUpdates chan *packet.Bandwidt
 	}
 
 	// Report all statistics.
-	for _, stat := range stats {
+	for i, stat := range stats {
 		connID := packet.CreateConnectionID(
 			packet.IPProtocol(stat.protocol),
 			convertArrayToIP(stat.localIP, stat.ipV6 == 1), stat.localPort,
@@ -72,6 +72,9 @@ func reportBandwidth(ctx context.Context, bandwidthUpdates chan *packet.Bandwidt
 		case bandwidthUpdates <- update:
 		case <-ctx.Done():
 			return nil
+		default:
+			log.Warningf("kext: bandwidth update queue is full, skipping rest of batch (%d entries)", len(stats)-i)
+			return nil
 		}
 	}
 

firewall/packet_handler.go

@@ -511,7 +511,7 @@ func issueVerdict(conn *network.Connection, pkt packet.Packet, verdict network.V
 		atomic.AddUint64(packetsFailed, 1)
 		err = pkt.Drop()
 	case network.VerdictUndecided, network.VerdictUndeterminable:
-		log.Warningf("filter: tried to apply verdict %s to pkt %s: dropping instead", verdict, pkt)
+		log.Tracer(pkt.Ctx()).Warningf("filter: tried to apply verdict %s to pkt %s: dropping instead", verdict, pkt)
 		fallthrough
 	default:
 		atomic.AddUint64(packetsDropped, 1)
@@ -519,7 +519,7 @@ func issueVerdict(conn *network.Connection, pkt packet.Packet, verdict network.V
 	}
 
 	if err != nil {
-		log.Warningf("filter: failed to apply verdict to pkt %s: %s", pkt, err)
+		log.Tracer(pkt.Ctx()).Warningf("filter: failed to apply verdict to pkt %s: %s", pkt, err)
 	}
 }
 
@@ -656,8 +656,10 @@ func updateBandwidth(ctx context.Context, bwUpdate *packet.BandwidthUpdate) {
 		conn.BytesSent += bwUpdate.BytesSent
 	default:
 		log.Warningf("filter: unsupported bandwidth update method: %d", bwUpdate.Method)
+		return
 	}
 
+	// Update bandwidth in the netquery module.
 	if netquery.DefaultModule != nil && conn.BandwidthEnabled {
 		if err := netquery.DefaultModule.Store.UpdateBandwidth(
 			ctx,
@@ -667,7 +669,7 @@ func updateBandwidth(ctx context.Context, bwUpdate *packet.BandwidthUpdate) {
 			conn.BytesReceived,
 			conn.BytesSent,
 		); err != nil {
-			log.Errorf("firewall: failed to persist bandwidth data: %s", err)
+			log.Errorf("filter: failed to persist bandwidth data: %s", err)
 		}
 	}
 }

firewall/prompt.go

@@ -91,12 +91,12 @@ func createPrompt(ctx context.Context, conn *network.Connection) (n *notificatio
 	layeredProfile := conn.Process().Profile()
 	if layeredProfile == nil {
 		log.Tracer(ctx).Warningf("filter: tried creating prompt for connection without profile")
-		return
+		return nil
 	}
 	localProfile := layeredProfile.LocalProfile()
 	if localProfile == nil {
 		log.Tracer(ctx).Warningf("filter: tried creating prompt for connection without local profile")
-		return
+		return nil
 	}
 
 	// first check if there is an existing notification for this.