From c5b706ac804f039b298cbe6e4213f15f3a030482 Mon Sep 17 00:00:00 2001
From: Thomas Eizinger <thomas@eizinger.io>
Date: Wed, 16 Oct 2024 14:58:43 +1100
Subject: [PATCH] Improve logging on rejected packets

---
 src/iface/interface/ipv4.rs | 26 ++++++++++++++++++++------
 src/iface/interface/ipv6.rs | 27 +++++++++++++++++++--------
 2 files changed, 39 insertions(+), 14 deletions(-)

diff --git a/src/iface/interface/ipv4.rs b/src/iface/interface/ipv4.rs
index a00044ae8..7fda3ae3b 100644
--- a/src/iface/interface/ipv4.rs
+++ b/src/iface/interface/ipv4.rs
@@ -181,13 +181,27 @@ impl InterfaceInner {
         {
             // Ignore IP packets not directed at us, or broadcast, or any of the multicast groups.
             // If AnyIP is enabled, also check if the packet is routed locally.
-            if !self.any_ip
-                || !ipv4_repr.dst_addr.x_is_unicast()
-                || self
-                    .routes
-                    .lookup(&IpAddress::Ipv4(ipv4_repr.dst_addr), self.now)
-                    .map_or(true, |router_addr| !self.has_ip_addr(router_addr))
+
+            if !self.any_ip {
+                net_trace!("Rejecting IPv4 packet; any_ip=false");
+                return None;
+            }
+
+            if !ipv4_repr.dst_addr.x_is_unicast() {
+                net_trace!(
+                    "Rejecting IPv4 packet; {} is not a unicast address",
+                    ipv4_repr.dst_addr
+                );
+                return None;
+            }
+
+            if self
+                .routes
+                .lookup(&IpAddress::Ipv4(ipv4_repr.dst_addr), self.now)
+                .map_or(true, |router_addr| !self.has_ip_addr(router_addr))
             {
+                net_trace!("Rejecting IPv4 packet; no matching routes");
+
                 return None;
             }
         }
diff --git a/src/iface/interface/ipv6.rs b/src/iface/interface/ipv6.rs
index 9922c500b..96e999f7e 100644
--- a/src/iface/interface/ipv6.rs
+++ b/src/iface/interface/ipv6.rs
@@ -212,15 +212,26 @@ impl InterfaceInner {
             && !self.has_multicast_group(ipv6_repr.dst_addr)
             && !ipv6_repr.dst_addr.is_loopback()
         {
-            // If AnyIP is enabled, also check if the packet is routed locally.
-            if !self.any_ip
-                || !ipv6_repr.dst_addr.x_is_unicast()
-                || self
-                    .routes
-                    .lookup(&IpAddress::Ipv6(ipv6_repr.dst_addr), self.now)
-                    .map_or(true, |router_addr| !self.has_ip_addr(router_addr))
+            if !self.any_ip {
+                net_trace!("Rejecting IPv6 packet; any_ip=false");
+                return None;
+            }
+
+            if !ipv6_repr.dst_addr.x_is_unicast() {
+                net_trace!(
+                    "Rejecting IPv6 packet; {} is not a unicast address",
+                    ipv6_repr.dst_addr
+                );
+                return None;
+            }
+
+            if self
+                .routes
+                .lookup(&IpAddress::Ipv6(ipv6_repr.dst_addr), self.now)
+                .map_or(true, |router_addr| !self.has_ip_addr(router_addr))
             {
-                net_trace!("packet IP address not for this interface");
+                net_trace!("Rejecting IPv6 packet; no matching routes");
+
                 return None;
             }
         }