Add support for network service

2021-01-19 15:43:22 +01:00
parent 3f8c99517f
commit 12f3c0ea8d
14 changed files with 320 additions and 65 deletions
--- a/firewall/master.go
+++ b/firewall/master.go
@@ -3,7 +3,6 @@ package firewall
 import (
 	"context"
 	"fmt"
-	"os"
 	"path/filepath"
 	"strings"

@@ -118,8 +117,9 @@ func runDeciders(ctx context.Context, conn *network.Connection, pkt packet.Packe
 // checkPortmasterConnection allows all connection that originate from
 // portmaster itself.
 func checkPortmasterConnection(ctx context.Context, conn *network.Connection, pkt packet.Packet) bool {
-	// grant self
-	if conn.Process().Pid == os.Getpid() {
+	// Grant own outgoing connections.
+	if conn.Process().Pid == ownPID &&
+		(pkt == nil || pkt.IsOutbound()) {
 		log.Tracer(ctx).Infof("filter: granting own connection %s", conn)
 		conn.Accept("connection by Portmaster", noReasonOptionKey)
 		conn.Internal = true