diff --git a/firewall/interception.go b/firewall/interception.go index c87a8c57..91f3ba26 100644 --- a/firewall/interception.go +++ b/firewall/interception.go @@ -79,20 +79,9 @@ func interceptionPrep() (err error) { func interceptionStart() error { startAPIAuth() - interceptionModule.StartWorker("stat logger", func(ctx context.Context) error { - statLogger() - return nil - }) - - interceptionModule.StartWorker("packet handler", func(ctx context.Context) error { - run() - return nil - }) - - interceptionModule.StartWorker("ports state cleaner", func(ctx context.Context) error { - portsInUseCleaner() - return nil - }) + interceptionModule.StartWorker("stat logger", statLogger) + interceptionModule.StartWorker("packet handler", packetHandler) + interceptionModule.StartWorker("ports state cleaner", portsInUseCleaner) return interception.Start() } @@ -328,22 +317,22 @@ func issueVerdict(conn *network.Connection, pkt packet.Packet, verdict network.V // return // } -func run() { +func packetHandler(ctx context.Context) error { for { select { - case <-interceptionModule.Stopping(): - return + case <-ctx.Done(): + return nil case pkt := <-interception.Packets: handlePacket(pkt) } } } -func statLogger() { +func statLogger(ctx context.Context) error { for { select { - case <-interceptionModule.Stopping(): - return + case <-ctx.Done(): + return nil case <-time.After(10 * time.Second): log.Tracef( "filter: packets accepted %d, blocked %d, dropped %d, failed %d", diff --git a/firewall/ports.go b/firewall/ports.go index c0e3eb65..d8a61660 100644 --- a/firewall/ports.go +++ b/firewall/ports.go @@ -1,6 +1,7 @@ package firewall import ( + "context" "sync" "time" @@ -69,11 +70,11 @@ func GetPermittedPort() uint16 { return 0 } -func portsInUseCleaner() { +func portsInUseCleaner(ctx context.Context) error { for { select { - case <-interceptionModule.Stopping(): - return + case <-ctx.Done(): + return nil case <-time.After(cleanerTickDuration): cleanPortsInUse() } diff --git a/network/packet/parse.go b/network/packet/parse.go index 05212977..1ceb8613 100644 --- a/network/packet/parse.go +++ b/network/packet/parse.go @@ -6,7 +6,6 @@ import ( "github.com/google/gopacket" "github.com/google/gopacket/layers" - "github.com/safing/portbase/log" ) var layerType2IPProtocol map[gopacket.LayerType]IPProtocol @@ -33,6 +32,10 @@ func parseIPv6(packet gopacket.Packet, info *Info) error { info.Version = IPv6 info.Src = ipv6.SrcIP info.Dst = ipv6.DstIP + // we set Protocol to NextHeader as a fallback. If TCP or + // UDP layers are detected (somewhere in the list of options) + // the Protocol field is adjusted correctly. + info.Protocol = IPProtocol(ipv6.NextHeader) } return nil } @@ -96,21 +99,6 @@ func checkError(packet gopacket.Packet, _ *Info) error { return nil } -func tryFindIPv6TransportProtocol(packet gopacket.Packet, info *Info) { - if transport := packet.TransportLayer(); transport != nil { - proto, ok := layerType2IPProtocol[transport.LayerType()] - - if ok { - info.Protocol = proto - log.Tracef("packet: unsupported IPv6 protocol %02x (%d)", proto) - } else { - log.Warningf("packet: unsupported or unknown gopacket layer type: %d", transport.LayerType()) - } - return - } - log.Tracef("packet: failed to get IPv6 transport protocol number") -} - // Parse parses an IP packet and saves the information in the given packet object. func Parse(packetData []byte, pktInfo *Info) error { if len(packetData) == 0 { @@ -129,9 +117,6 @@ func Parse(packetData []byte, pktInfo *Info) error { return fmt.Errorf("unknown IP version or network protocol: %02x", ipVersion) } - // 255 is reserved by IANA so we use it as a "failed-to-detect" marker. - pktInfo.Protocol = 255 - packet := gopacket.NewPacket(packetData, networkLayerType, gopacket.DecodeOptions{ Lazy: true, NoCopy: true, @@ -155,12 +140,6 @@ func Parse(packetData []byte, pktInfo *Info) error { } } - // 255 is reserved by IANA and used as a "failed-to-detect" - // marker for IPv6 (parseIPv4 always sets the protocl field) - if pktInfo.Protocol == 255 { - tryFindIPv6TransportProtocol(packet, pktInfo) - } - return nil }