Refactoring
This commit is contained in:
Vladimir Stoilov
@@ -52,7 +52,7 @@ const (
|
||||
|
||||
func init() {
|
||||
// TODO: Move interception module to own package (dir).
|
||||
interceptionModule = modules.Register("interception", interceptionPrep, interceptionStart, interceptionStop, "base", "updates", "network", "notifications", "profiles")
|
||||
interceptionModule = modules.Register("interception", interceptionPrep, interceptionStart, interceptionStop, "base", "updates", "network", "notifications", "profiles", "captain")
|
||||
|
||||
network.SetDefaultFirewallHandler(defaultHandler)
|
||||
}
|
||||
@@ -88,7 +88,7 @@ func interceptionPrep() error {
|
||||
}
|
||||
|
||||
// Reset connections when spn is connected
|
||||
// disconnecting is triggered on config change event because disconnection happens instantly
|
||||
// connect and disconnecting is triggered on config change event but connecting takеs more time
|
||||
err = interceptionModule.RegisterEventHook(
|
||||
"captain",
|
||||
onSPNConnectEvent,
|
||||
@@ -117,6 +117,8 @@ func resetAllConnections() {
|
||||
if err != nil {
|
||||
log.Errorf("failed to reset all connections: %q", err)
|
||||
}
|
||||
|
||||
// reset all connection firewall handlers. This will tell the master to rerun the firewall checks
|
||||
for _, id := range network.GetAllIDs() {
|
||||
conn, err := getConnectionByID(id)
|
||||
if err != nil {
|
||||
@@ -573,6 +575,7 @@ func issueVerdict(conn *network.Connection, pkt packet.Packet, verdict network.V
|
||||
}
|
||||
|
||||
func updateVerdictBasedOnPreviousState(conn *network.Connection, pkt packet.Packet) {
|
||||
// previously accepted or tunneled connections may need to be blocked
|
||||
if conn.Verdict.Current == network.VerdictAccept {
|
||||
if conn.Verdict.Previous == network.VerdictRerouteToTunnel && !conn.Tunneled {
|
||||
conn.SetVerdictDirectly(network.VerdictBlock)
|
||||
|
||||
@@ -76,7 +76,6 @@ func DecideOnConnection(ctx context.Context, conn *network.Connection, pkt packe
|
||||
|
||||
// Reset verdict for connection.
|
||||
log.Tracer(ctx).Infof("filter: re-evaluating verdict on %s", conn)
|
||||
// conn.SetVerdictDirectly(network.VerdictUndecided)
|
||||
|
||||
// Reset entity if it exists.
|
||||
if conn.Entity != nil {
|
||||
|
||||
@@ -101,7 +101,7 @@ func checkTunneling(ctx context.Context, conn *network.Connection, pkt packet.Pa
|
||||
// Check if ready.
|
||||
if !captain.ClientReady() {
|
||||
// Block connection as SPN is not ready yet.
|
||||
//log.Tracer(pkt.Ctx()).Trace("SPN not ready for tunneling")
|
||||
log.Tracer(pkt.Ctx()).Trace("SPN not ready for tunneling")
|
||||
conn.Failed("SPN not ready for tunneling", "")
|
||||
return
|
||||
}
|
||||
@@ -152,11 +152,11 @@ func checkTunneling(ctx context.Context, conn *network.Connection, pkt packet.Pa
|
||||
// Queue request in sluice.
|
||||
err = sluice.AwaitRequest(conn, crew.HandleSluiceRequest)
|
||||
if err != nil {
|
||||
//log.Tracer(pkt.Ctx()).Warningf("failed to request tunneling: %s", err)
|
||||
log.Tracer(pkt.Ctx()).Warningf("failed to request tunneling: %s", err)
|
||||
conn.Failed("failed to request tunneling", "")
|
||||
} else {
|
||||
//log.Tracer(pkt.Ctx()).Trace("filter: tunneling requested")
|
||||
//conn.SetVerdictDirectly(network.VerdictRerouteToTunnel)
|
||||
log.Tracer(pkt.Ctx()).Trace("filter: tunneling requested")
|
||||
// set the flag so the verdict can be updated
|
||||
conn.Tunneled = true
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user