github/portmaster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: refactor interception modules into pausable group

Browse Source 
- Add GroupModule to wrap interception, dnsmonitor, and compat modules
- Simplify pause/resume operations by grouping related modules
- Update worker info collection to handle nested module groups
- Remove deprecated flags and improve module lifecycle management
- Add proper atomic state tracking for nfqueue interception

https://github.com/safing/portmaster/issues/2050
This commit is contained in:
Alexandr Stelnykovych
2025-11-06 17:28:38 +02:00
parent 7709a6600c
commit 4d2d91972b
8 changed files with 93 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
service/firewall/interception/nfqueue_linux.go
View File

@@ -1,10 +1,10 @@
package interception
import (
"flag"
"fmt"
"sort"
"strings"
"sync/atomic"
"github.com/coreos/go-iptables/iptables"
"github.com/hashicorp/go-multierror"
@@ -30,15 +30,10 @@ var (
out6Queue nfQueue
in6Queue nfQueue
isRunning atomic.Bool
shutdownSignal = make(chan struct{})
experimentalNfqueueBackend bool
)
func init() {
flag.BoolVar(&experimentalNfqueueBackend, "experimental-nfqueue", false, "(deprecated flag; always used)")
}
// nfQueue encapsulates nfQueue providers.
type nfQueue interface {
PacketChannel() <-chan packet.Packet
@@ -262,12 +257,13 @@ func deactivateIPTables(protocol iptables.Protocol, rules, chains []string) erro
// StartNfqueueInterception starts the nfqueue interception.
func StartNfqueueInterception(packets chan<- packet.Packet) (err error) {
// @deprecated, remove in v1
if experimentalNfqueueBackend {
log.Warningf("[DEPRECATED] --experimental-nfqueue has been deprecated as the backend is now used by default")
log.Warningf("[DEPRECATED] please remove the flag from your configuration!")
if !isRunning.CompareAndSwap(false, true) {
return nil // already running
}
// Reset shutdown signal
shutdownSignal = make(chan struct{})
err = activateNfqueueFirewall()
if err != nil {
return fmt.Errorf("could not initialize nfqueue: %w", err)
@@ -305,6 +301,11 @@ func StartNfqueueInterception(packets chan<- packet.Packet) (err error) {
// StopNfqueueInterception stops the nfqueue interception.
func StopNfqueueInterception() error {
if !isRunning.CompareAndSwap(true, false) {
return nil // not running
}
// Signal shutdown to packet handler
defer close(shutdownSignal)
if out4Queue != nil {