diff --git a/profile/domains.go b/profile/domains.go deleted file mode 100644 index d636b053..00000000 --- a/profile/domains.go +++ /dev/null @@ -1,42 +0,0 @@ -package profile - -import "strings" - -// Domains is a list of permitted or denied domains. -type Domains map[string]*DomainDecision - -// DomainDecision holds a decision about a domain. -type DomainDecision struct { - Permit bool - Created int64 - IncludeSubdomains bool -} - -// IsSet returns whether the Domains object is "set". -func (d Domains) IsSet() bool { - if d != nil { - return true - } - return false -} - -// Check checks if the given domain is governed in the list of domains and returns whether it is permitted. -func (d Domains) Check(domain string) (permit, ok bool) { - // check for exact domain - dd, ok := d[domain] - if ok { - return dd.Permit, true - } - - // check if domain is a subdomain of any of the domains - for key, dd := range d { - if dd.IncludeSubdomains && strings.HasSuffix(domain, key) { - preDottedKey := "." + key - if strings.HasSuffix(domain, preDottedKey) { - return dd.Permit, true - } - } - } - - return false, false -} diff --git a/profile/endpoints.go b/profile/endpoints.go new file mode 100644 index 00000000..0eee1a23 --- /dev/null +++ b/profile/endpoints.go @@ -0,0 +1,87 @@ +package profile + +import ( + "fmt" + "strconv" +) + +// Endpoints is a list of permitted or denied endpoints. +type Endpoints []*EndpointPermission + +// EndpointPermission holds a decision about an endpoint. +type EndpointPermission struct { + DomainOrIP string + IncludeSubdomains bool + Protocol uint8 + PortStart uint16 + PortEnd uint16 + Permit bool + Created int64 +} + +// IsSet returns whether the Endpoints object is "set". +func (e Endpoints) IsSet() bool { + if len(e) > 0 { + return true + } + return false +} + +// Check checks if the given domain is governed in the list of domains and returns whether it is permitted. +func (e Endpoints) Check(domainOrIP string, protocol uint8, port uint16) (permit, ok bool) { + // check for exact domain + ed, ok := d[domain] + if ok { + return ed.Permit, true + } + + for _, entry := range e { + if entry.Matches(domainOrIP, protocol, port) { + return entry.Permit, true + } + } + + return false, false +} + +// Matches checks whether a port object matches the given port. +func (ep EndpointPermission) Matches(domainOrIP string, protocol uint8, port uint16) bool { + if domainOrIP != ep.DomainOrIP { + return false + } + + if ep.Protocol > 0 && protocol != ep.Protocol { + return false + } + + if ep.PortStart > 0 && (port < ep.PortStart || port > ep.PortEnd) { + return false + } + + return true +} + +func (ep EndpointPermission) String() string { + s := ep.DomainOrIP + + if ep.Protocol > 0 || ep.Start { + s += " " + } + + if ep.Protocol > 0 { + s += strconv.Itoa(int(ep.Protocol)) + if ep.Start > 0 { + s += "/" + } + } + + if ep.Start > 0 { + if p.Start == p.End { + s += strconv.Itoa(int(ep.Start)) + } else { + s += fmt.Sprintf("%d-%d", ep.Start, ep.End) + } + } + + return s +} diff --git a/profile/ports_test.go b/profile/endpoints_test.go similarity index 100% rename from profile/ports_test.go rename to profile/endpoints_test.go diff --git a/profile/ports.go b/profile/ports.go deleted file mode 100644 index 8215e292..00000000 --- a/profile/ports.go +++ /dev/null @@ -1,88 +0,0 @@ -package profile - -import ( - "fmt" - "strconv" - "strings" - - "github.com/Safing/portmaster/network/reference" -) - -// Ports is a list of permitted or denied ports -type Ports map[int16][]*Port - -// Check returns whether listening/connecting to a certain port is allowed, if set. -func (p Ports) Check(signedProtocol int16, port uint16) (permit, ok bool) { - if p == nil { - return false, false - } - - portDefinitions, ok := p[signedProtocol] - if ok { - for _, portD := range portDefinitions { - if portD.Matches(port) { - return portD.Permit, true - } - } - } - return false, false -} - -func formatSignedProtocol(sP int16) string { - if sP < 0 { - return fmt.Sprintf("<%s", reference.GetProtocolName(uint8(-1*sP))) - } - return reference.GetProtocolName(uint8(sP)) -} - -func (p Ports) String() string { - var s []string - - for signedProtocol, ports := range p { - var portStrings []string - for _, port := range ports { - portStrings = append(portStrings, port.String()) - } - - s = append(s, fmt.Sprintf("%s:[%s]", formatSignedProtocol(signedProtocol), strings.Join(portStrings, ", "))) - } - - if len(s) == 0 { - return "None" - } - return strings.Join(s, ", ") -} - -// Port represents a port range and a verdict. -type Port struct { - Permit bool - Created int64 - Start uint16 - End uint16 -} - -// Matches checks whether a port object matches the given port. -func (p Port) Matches(port uint16) bool { - if port >= p.Start && port <= p.End { - return true - } - return false -} - -func (p Port) String() string { - var s string - - if p.Permit { - s += "permit:" - } else { - s += "deny:" - } - - if p.Start == p.End { - s += strconv.Itoa(int(p.Start)) - } else { - s += fmt.Sprintf("%d-%d", p.Start, p.End) - } - - return s -} diff --git a/profile/profile.go b/profile/profile.go index 1515a84a..cf052fe1 100644 --- a/profile/profile.go +++ b/profile/profile.go @@ -29,9 +29,9 @@ type Profile struct { Icon string // User Profile Only - LinkedPath string `json:",omitempty"` - StampProfileID string `json:",omitempty"` - StampProfileAssigned int64 `json:",omitempty"` + LinkedPath string + StampProfileID string + StampProfileAssigned int64 // Fingerprints Fingerprints []*Fingerprint