From 5047c1b2c92a1ec5285e087a3203d154ff831268 Mon Sep 17 00:00:00 2001
From: Patrick Bogen <pdbogen-github@cernu.us>
Date: Wed, 10 Jun 2020 14:44:37 -0700
Subject: [PATCH 1/2] drop packets even if we aren't going to emit Debug logs
 about it

---
 inside.go  | 10 ++++++----
 outside.go | 11 +++++++----
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/inside.go b/inside.go
index af0135314..7bba4450d 100644
--- a/inside.go
+++ b/inside.go
@@ -109,10 +109,12 @@ func (f *Interface) sendMessageNow(t NebulaMessageType, st NebulaMessageSubType,
 
 	// check if packet is in outbound fw rules
 	dropReason := f.firewall.Drop(p, *fp, false, hostInfo, trustedCAs)
-	if dropReason != nil && l.Level >= logrus.DebugLevel {
-		l.WithField("fwPacket", fp).
-			WithField("reason", dropReason).
-			Debugln("dropping cached packet")
+	if dropReason != nil {
+		if l.Level >= logrus.DebugLevel {
+			l.WithField("fwPacket", fp).
+				WithField("reason", dropReason).
+				Debugln("dropping cached packet")
+		}
 		return
 	}
 
diff --git a/outside.go b/outside.go
index c07b1baee..42e15ef3c 100644
--- a/outside.go
+++ b/outside.go
@@ -7,6 +7,7 @@ import (
 	"github.com/golang/protobuf/proto"
 	"github.com/sirupsen/logrus"
 	"github.com/slackhq/nebula/cert"
+
 	// "github.com/google/gopacket"
 	// "github.com/google/gopacket/layers"
 	// 	"encoding/binary"
@@ -281,10 +282,12 @@ func (f *Interface) decryptToTun(hostinfo *HostInfo, messageCounter uint64, out
 	}
 
 	dropReason := f.firewall.Drop(out, *fwPacket, true, hostinfo, trustedCAs)
-	if dropReason != nil && l.Level >= logrus.DebugLevel {
-		hostinfo.logger().WithField("fwPacket", fwPacket).
-			WithField("reason", dropReason).
-			Debugln("dropping inbound packet")
+	if dropReason != nil {
+		if l.Level >= logrus.DebugLevel {
+			hostinfo.logger().WithField("fwPacket", fwPacket).
+				WithField("reason", dropReason).
+				Debugln("dropping inbound packet")
+		}
 		return
 	}
 

From d909d2db96838c26eecfb195d69bef6af8c64a54 Mon Sep 17 00:00:00 2001
From: Patrick Bogen <pdbogen-github@cernu.us>
Date: Wed, 10 Jun 2020 14:47:11 -0700
Subject: [PATCH 2/2] smallify change

---
 outside.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/outside.go b/outside.go
index 42e15ef3c..adc91caf0 100644
--- a/outside.go
+++ b/outside.go
@@ -7,7 +7,6 @@ import (
 	"github.com/golang/protobuf/proto"
 	"github.com/sirupsen/logrus"
 	"github.com/slackhq/nebula/cert"
-
 	// "github.com/google/gopacket"
 	// "github.com/google/gopacket/layers"
 	// 	"encoding/binary"