Add server option to disable logging of client ips

fixes #265
shadowsocks · Feb 14, 2018 · 9694754 · 9694754
1 parent 5fb62ec
commit 9694754
Showing 1 changed file with 14 additions and 4 deletions.
diff --git a/cmd/shadowsocks-server/server.go b/cmd/shadowsocks-server/server.go
@@ -37,6 +37,7 @@ const (
 )
 
 var debug ss.DebugLog
+var sanitizeIps bool
 var udp bool
 
 func getRequest(conn *ss.Conn, auth bool) (host string, ota bool, err error) {
@@ -108,6 +109,14 @@ const logCntDelta = 100
 var connCnt int
 var nextLogConnCnt int = logCntDelta
 
+func sanitizeAddr(addr net.Addr) string {
+  if sanitizeIps {
+    return "x.x.x.x:zzzz"
+  } else {
+    return addr.String()
+  }
+}
+
 func handleConnection(conn *ss.Conn, auth bool) {
 	var host string
 
@@ -123,12 +132,12 @@ func handleConnection(conn *ss.Conn, auth bool) {
 	// function arguments are always evaluated, so surround debug statement
 	// with if statement
 	if debug {
-		debug.Printf("new client %s->%s\n", conn.RemoteAddr().String(), conn.LocalAddr())
+		debug.Printf("new client %s->%s\n", sanitizeAddr(conn.RemoteAddr()), conn.LocalAddr())
 	}
 	closed := false
 	defer func() {
 		if debug {
-			debug.Printf("closed pipe %s<->%s\n", conn.RemoteAddr(), host)
+			debug.Printf("closed pipe %s<->%s\n", sanitizeAddr(conn.RemoteAddr()), host)
 		}
 		connCnt--
 		if !closed {
@@ -138,7 +147,7 @@ func handleConnection(conn *ss.Conn, auth bool) {
 
 	host, ota, err := getRequest(conn, auth)
 	if err != nil {
-		log.Println("error getting request", conn.RemoteAddr(), conn.LocalAddr(), err)
+		log.Println("error getting request", sanitizeAddr(conn.RemoteAddr()), conn.LocalAddr(), err)
 		closed = true
 		return
 	}
@@ -166,7 +175,7 @@ func handleConnection(conn *ss.Conn, auth bool) {
 		}
 	}()
 	if debug {
-		debug.Printf("piping %s<->%s ota=%v connOta=%v", conn.RemoteAddr(), host, ota, conn.IsOta())
+		debug.Printf("piping %s<->%s ota=%v connOta=%v", sanitizeAddr(conn.RemoteAddr()), host, ota, conn.IsOta())
 	}
 	if ota {
 		go ss.PipeThenCloseOta(conn, remote)
@@ -404,6 +413,7 @@ func main() {
 	flag.StringVar(&cmdConfig.Method, "m", "", "encryption method, default: aes-256-cfb")
 	flag.IntVar(&core, "core", 0, "maximum number of CPU cores to use, default is determinied by Go runtime")
 	flag.BoolVar((*bool)(&debug), "d", false, "print debug message")
+	flag.BoolVar((*bool)(&sanitizeIps), "noip-log", false, "suppress client ip addresses in all output")
 	flag.BoolVar(&udp, "u", false, "UDP Relay")
 	flag.Parse()