Add PID in ETW DNS event in the integration dll (#1768)

* [service] Add reading of PID in ETW DNS event * [service] Use PID of the ETW DNS events * [service] Fix use of nil pointer * [service] Fix compiler error
2025-01-27 17:21:54 +02:00
parent 726159427b
commit 0f28af66cd
6 changed files with 34 additions and 15 deletions
--- a/service/firewall/interception/dnsmonitor/etwlink_windows.go
+++ b/service/firewall/interception/dnsmonitor/etwlink_windows.go
@@ -22,8 +22,8 @@ type ETWSession struct {
 	state uintptr
 }

-// NewSession creates new ETW event listener and initilizes it. This is a low level interface, make sure to call DestorySession when you are done using it.
-func NewSession(etwInterface *integration.ETWFunctions, callback func(domain string, result string)) (*ETWSession, error) {
+// NewSession creates new ETW event listener and initializes it. This is a low level interface, make sure to call DestroySession when you are done using it.
+func NewSession(etwInterface *integration.ETWFunctions, callback func(domain string, pid uint32, result string)) (*ETWSession, error) {
 	if etwInterface == nil {
 		return nil, fmt.Errorf("etw interface was nil")
 	}
@@ -35,8 +35,8 @@ func NewSession(etwInterface *integration.ETWFunctions, callback func(domain str
 	_ = etwSession.i.StopOldSession()

 	// Initialize notification activated callback
-	win32Callback := windows.NewCallback(func(domain *uint16, result *uint16) uintptr {
-		callback(windows.UTF16PtrToString(domain), windows.UTF16PtrToString(result))
+	win32Callback := windows.NewCallback(func(domain *uint16, pid uint32, result *uint16) uintptr {
+		callback(windows.UTF16PtrToString(domain), pid, windows.UTF16PtrToString(result))
 		return 0
 	})
 	// The function only allocates memory it will not fail.
@@ -83,7 +83,7 @@ func (l *ETWSession) FlushTrace() error {
 	return l.i.FlushTrace(l.state)
 }

-// StopTrace stopes the trace. This will cause StartTrace to return.
+// StopTrace stops the trace. This will cause StartTrace to return.
 func (l *ETWSession) StopTrace() error {
 	return l.i.StopTrace(l.state)
 }
--- a/service/firewall/interception/dnsmonitor/eventlistener_linux.go
+++ b/service/firewall/interception/dnsmonitor/eventlistener_linux.go
@@ -141,5 +141,5 @@ func (l *Listener) processAnswer(domain string, queryResult *QueryResult) {
 		}
 	}

-	saveDomain(domain, ips, cnames)
+	saveDomain(domain, ips, cnames, resolver.IPInfoProfileScopeGlobal)
 }
--- a/service/firewall/interception/dnsmonitor/eventlistener_windows.go
+++ b/service/firewall/interception/dnsmonitor/eventlistener_windows.go
@@ -4,6 +4,7 @@
 package dnsmonitor

 import (
+	"context"
 	"fmt"
 	"net"
 	"strconv"
@@ -11,6 +12,7 @@ import (

 	"github.com/miekg/dns"
 	"github.com/safing/portmaster/service/mgr"
+	"github.com/safing/portmaster/service/process"
 	"github.com/safing/portmaster/service/resolver"
 )

@@ -79,7 +81,7 @@ func (l *Listener) stop() error {
 	return nil
 }

-func (l *Listener) processEvent(domain string, result string) {
+func (l *Listener) processEvent(domain string, pid uint32, result string) {
 	if processIfSelfCheckDomain(dns.Fqdn(domain)) {
 		// Not need to process result.
 		return
@@ -90,6 +92,15 @@ func (l *Listener) processEvent(domain string, result string) {
 		return
 	}

+	profileScope := resolver.IPInfoProfileScopeGlobal
+	// Get the profile ID if the process can be found
+	if proc, err := process.GetOrFindProcess(context.Background(), int(pid)); err == nil {
+		if profile := proc.Profile(); profile != nil {
+			if localProfile := profile.LocalProfile(); localProfile != nil {
+				profileScope = localProfile.ID
+			}
+		}
+	}
 	cnames := make(map[string]string)
 	ips := []net.IP{}

@@ -115,5 +126,5 @@ func (l *Listener) processEvent(domain string, result string) {
 			}
 		}
 	}
-	saveDomain(domain, ips, cnames)
+	saveDomain(domain, ips, cnames, profileScope)
 }
--- a/service/firewall/interception/dnsmonitor/module.go
+++ b/service/firewall/interception/dnsmonitor/module.go
@@ -61,7 +61,7 @@ func (dl *DNSMonitor) Flush() error {
 	return dl.listener.flush()
 }

-func saveDomain(domain string, ips []net.IP, cnames map[string]string) {
+func saveDomain(domain string, ips []net.IP, cnames map[string]string, profileScope string) {
 	fqdn := dns.Fqdn(domain)
 	// Create new record for this IP.
 	record := resolver.ResolvedDomain{
@@ -75,7 +75,7 @@ func saveDomain(domain string, ips []net.IP, cnames map[string]string) {
 	record.AddCNAMEs(cnames)

 	// Add to cache
-	saveIPsInCache(ips, resolver.IPInfoProfileScopeGlobal, record)
+	saveIPsInCache(ips, profileScope, record)
 }

 func New(instance instance) (*DNSMonitor, error) {