From eec0652abec24f76d45f3bae2b4bf283da291283 Mon Sep 17 00:00:00 2001
From: Thomas Eizinger <thomas@eizinger.io>
Date: Tue, 25 Jun 2024 11:16:29 +1000
Subject: [PATCH] chore(connlib): shrink "packet not allowed" log (#5476)

All allowed IPs can be a fair few which clutters the log. Remove the
`HashSet` from the error and also remove the stuttering; the error
already says "Packet not allowed".
---
 rust/connlib/shared/src/error.rs  |  9 +++------
 rust/connlib/tunnel/src/client.rs |  2 +-
 rust/connlib/tunnel/src/peer.rs   | 11 +----------
 3 files changed, 5 insertions(+), 17 deletions(-)

diff --git a/rust/connlib/shared/src/error.rs b/rust/connlib/shared/src/error.rs
index 5700d4695..6ea76d626 100644
--- a/rust/connlib/shared/src/error.rs
+++ b/rust/connlib/shared/src/error.rs
@@ -1,6 +1,6 @@
 //! Error module.
 use base64::DecodeError;
-use std::{collections::HashSet, net::IpAddr};
+use std::net::IpAddr;
 use thiserror::Error;
 
 /// Unified Result type to use across connlib.
@@ -79,11 +79,8 @@ pub enum ConnlibError {
     #[error("Error while rewriting `/etc/resolv.conf`: {0}")]
     ResolvConf(anyhow::Error),
 
-    #[error("Unallowed packet! source: {src}; allowed_ips: {allowed_ips:?}")]
-    UnallowedPacket {
-        src: IpAddr,
-        allowed_ips: HashSet<IpAddr>,
-    },
+    #[error("Packet not allowed; source = {src}")]
+    UnallowedPacket { src: IpAddr },
 
     // Error variants for `systemd-resolved` DNS control
     #[error("Failed to control system DNS with `resolvectl`")]
diff --git a/rust/connlib/tunnel/src/client.rs b/rust/connlib/tunnel/src/client.rs
index 6a1a7db99..959a5dbe0 100644
--- a/rust/connlib/tunnel/src/client.rs
+++ b/rust/connlib/tunnel/src/client.rs
@@ -473,7 +473,7 @@ impl ClientState {
         };
 
         peer.ensure_allowed_src(&packet)
-            .inspect_err(|e| tracing::warn!(%conn_id, %local, %from, "Packet not allowed: {e}"))
+            .inspect_err(|e| tracing::warn!(%conn_id, %local, %from, "{e}"))
             .ok()?;
 
         let packet = maybe_mangle_dns_response_from_cidr_resource(
diff --git a/rust/connlib/tunnel/src/peer.rs b/rust/connlib/tunnel/src/peer.rs
index 43c5dcc65..86f9e06c7 100644
--- a/rust/connlib/tunnel/src/peer.rs
+++ b/rust/connlib/tunnel/src/peer.rs
@@ -446,7 +446,6 @@ impl ClientOnGateway {
         if !self.allowed_ips().contains(&packet.source()) {
             return Err(connlib_shared::Error::UnallowedPacket {
                 src: packet.source(),
-                allowed_ips: HashSet::from(self.allowed_ips()),
             });
         }
 
@@ -508,15 +507,7 @@ impl GatewayOnClient {
         pkt: &MutableIpPacket,
     ) -> Result<(), connlib_shared::Error> {
         if self.allowed_ips.longest_match(pkt.source()).is_none() {
-            return Err(connlib_shared::Error::UnallowedPacket {
-                src: pkt.source(),
-
-                allowed_ips: self
-                    .allowed_ips
-                    .iter()
-                    .map(|(ip, _)| ip.network_address())
-                    .collect(),
-            });
+            return Err(connlib_shared::Error::UnallowedPacket { src: pkt.source() });
         }
 
         Ok(())