From d6a1966a42e7aaaffc051ce4dfd2ee945ce7ea01 Mon Sep 17 00:00:00 2001
From: Thomas Eizinger <thomas@eizinger.io>
Date: Thu, 30 Jan 2025 01:49:57 +0000
Subject: [PATCH] refactor(snownet): reduce log noise for unhandled packets
 (#7952)

When `snownet` originally got developed, its API was designed with the
idea in mind that a packet that doesn't get handled is an error. Whilst
that is technically true, we don't have any other component that
processes packets within Firezone. When a connection is killed by e.g.
an ICE timeout, we may still be receiving packets from the other party.
Those fill the logs until the other party also runs into a timeout. To
prevent this, we don't return errors for these but instead, log them on
TRACE.

For the case where we are given a packet that doesn't match any known
format, we still emit an error.
---
 rust/connlib/snownet/src/node.rs | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/rust/connlib/snownet/src/node.rs b/rust/connlib/snownet/src/node.rs
index cf9812735..40870a107 100644
--- a/rust/connlib/snownet/src/node.rs
+++ b/rust/connlib/snownet/src/node.rs
@@ -140,10 +140,8 @@ pub enum Error {
     Decapsulate(boringtun::noise::errors::WireGuardError),
     #[error("Failed to encapsulate: {0:?}")]
     Encapsulate(boringtun::noise::errors::WireGuardError),
-    #[error("Packet is a STUN message but no agent handled it; num_agents = {num_agents}")]
-    UnhandledStunMessage { num_agents: usize },
-    #[error("Packet was not accepted by any wireguard tunnel; num_tunnels = {num_tunnels}")]
-    UnhandledPacket { num_tunnels: usize },
+    #[error("Packet has unknown format")]
+    UnknownPacketFormat,
     #[error("Not connected")]
     NotConnected,
     #[error("Invalid local address: {0}")]
@@ -866,9 +864,9 @@ where
             }
         }
 
-        ControlFlow::Break(Err(Error::UnhandledStunMessage {
-            num_agents: self.connections.len(),
-        }))
+        tracing::trace!("Packet was a STUN message but no agent handled it. Already disconnected?");
+
+        ControlFlow::Break(Ok(()))
     }
 
     #[must_use]
@@ -908,9 +906,14 @@ where
             };
         }
 
-        ControlFlow::Break(Err(Error::UnhandledPacket {
-            num_tunnels: self.connections.iter_established_mut().count(),
-        }))
+        match Tunn::parse_incoming_packet(packet) {
+            Ok(_) => tracing::trace!(
+                "Packet was a WireGuard packet but no connection handled it. Already disconnected?"
+            ),
+            Err(_) => return ControlFlow::Break(Err(Error::UnknownPacketFormat)),
+        };
+
+        ControlFlow::Break(Ok(()))
     }
 
     fn allocations_drain_events(&mut self) {