github/portmaster
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Add support for unidentified/system processes/profiles

Browse Source
This commit is contained in:
Daniel
2020-04-17 21:52:06 +02:00
parent 10ee7fd7db
commit 033dceab5b
16 changed files with 243 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
network/connection.go
View File

@@ -41,6 +41,7 @@ type Connection struct { //nolint:maligned // TODO: fix alignment
VerdictPermanent bool
Inspecting bool
Encrypted bool // TODO
Hidden bool
pktQueue chan packet.Packet
firewallHandler FirewallHandler
@@ -58,7 +59,7 @@ func NewConnectionFromDNSRequest(ctx context.Context, fqdn string, ip net.IP, po
proc, err := process.GetProcessByEndpoints(ctx, ip, port, dnsAddress, dnsPort, packet.UDP)
if err != nil {
log.Warningf("network: failed to find process of dns request for %s: %s", fqdn, err)
proc = process.UnknownProcess
proc = process.GetUnidentifiedProcess(ctx)
}
timestamp := time.Now().Unix()
@@ -80,7 +81,7 @@ func NewConnectionFromFirstPacket(pkt packet.Packet) *Connection {
proc, inbound, err := process.GetProcessByPacket(pkt)
if err != nil {
log.Warningf("network: failed to find process of packet %s: %s", pkt, err)
proc = process.UnknownProcess
proc = process.GetUnidentifiedProcess(pkt.Ctx())
}
var scope string
@@ -270,7 +271,11 @@ func (conn *Connection) Save() {
// delete deletes a link from the storage and propagates the change. Nothing is locked - both the conns map and the connection itself require locking
func (conn *Connection) delete() {
delete(conns, conn.ID)
if conn.ID == "" {
delete(dnsConns, strconv.Itoa(conn.process.Pid)+"/"+conn.Scope)
} else {
delete(conns, conn.ID)
}
conn.Meta().Delete()
dbController.PushUpdate(conn)

11
network/dns.go
View File

@@ -23,7 +23,16 @@ func removeOpenDNSRequest(pid int, fqdn string) {
defer openDNSRequestsLock.Unlock()
key := strconv.Itoa(pid) + "/" + fqdn
delete(openDNSRequests, key)
_, ok := openDNSRequests[key]
if ok {
delete(openDNSRequests, key)
return
}
// check if there is an open dns request from an unidentified process
if pid >= 0 {
delete(openDNSRequests, "-1/"+fqdn)
}
}
// SaveOpenDNSRequest saves a dns request connection that was allowed to proceed.