Update all connection feature flags on account update

2023-08-07 16:49:12 +02:00
parent 6c4a77a205
commit 37fbc4b74c
3 changed files with 32 additions and 9 deletions
--- a/firewall/module.go
+++ b/firewall/module.go
@@ -9,6 +9,7 @@ import (
 	"github.com/safing/portbase/modules/subsystems"
 	_ "github.com/safing/portmaster/core"
 	"github.com/safing/portmaster/network"
+	"github.com/safing/spn/access"
 )

 var module *modules.Module
@@ -57,7 +58,7 @@ func prep() error {
 		},
 	)
 	if err != nil {
-		log.Errorf("interception: failed registering event hook: %s", err)
+		log.Errorf("filter: failed to register event hook: %s", err)
 	}

 	// Reset connections every time profile changes
@@ -71,7 +72,7 @@ func prep() error {
 		},
 	)
 	if err != nil {
-		log.Errorf("failed registering event hook: %s", err)
+		log.Errorf("filter: failed to register event hook: %s", err)
 	}

 	// Reset connections when spn is connected
@@ -86,7 +87,22 @@ func prep() error {
 		},
 	)
 	if err != nil {
-		log.Errorf("failed registering event hook: %s", err)
+		log.Errorf("filter: failed to register event hook: %s", err)
+	}
+
+	// Reset connections when account is updated.
+	// This will not change verdicts, but will update the feature flags on connections.
+	err = module.RegisterEventHook(
+		"access",
+		access.AccountUpdateEvent,
+		"update connection feature flags",
+		func(ctx context.Context, _ interface{}) error {
+			resetAllConnectionVerdicts()
+			return nil
+		},
+	)
+	if err != nil {
+		log.Errorf("filter: failed to register event hook: %s", err)
 	}

 	if err := registerConfig(); err != nil {
--- a/firewall/packet_handler.go
+++ b/firewall/packet_handler.go
@@ -23,6 +23,7 @@ import (
 	"github.com/safing/portmaster/network/netutils"
 	"github.com/safing/portmaster/network/packet"
 	"github.com/safing/portmaster/network/reference"
+	"github.com/safing/spn/access"
 )

 var (
@@ -61,6 +62,11 @@ func resetAllConnectionVerdicts() {
 			conn.Lock()
 			defer conn.Unlock()

+			// Update feature flags.
+			if err := conn.UpdateFeatures(); err != nil && !errors.Is(err, access.ErrNotLoggedIn) {
+				tracer.Warningf("network: failed to update connection feature flags: %s", err)
+			}
+
 			// Skip internal connections:
 			// - Pre-authenticated connections from Portmaster
 			// - Redirected DNS requests