github/portmaster
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Prepare intel entity data earlier in the decision process

Browse Source
This commit is contained in:
Patrick Pacher
2021-08-18 16:38:54 +02:00
parent f428f338b5
commit 88eb252ecb
5 changed files with 8 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
firewall/bypassing.go
View File

@@ -23,10 +23,6 @@ func PreventBypassing(ctx context.Context, conn *network.Connection) (endpoints.
nsutil.NxDomain()
}
if !conn.Entity.LoadLists(ctx) {
return endpoints.Undeterminable, "", nil
}
if conn.Entity.MatchLists(resolverFilterLists) {
return endpoints.Denied,
"blocked rogue connection to DNS resolver",

5
firewall/master.go
View File

@@ -94,6 +94,11 @@ func DecideOnConnection(ctx context.Context, conn *network.Connection, pkt packe
}
}
// prepare the entity and resolve all filterlist matches
conn.Entity.ResolveSubDomainLists(ctx, layeredProfile.FilterSubDomains())
conn.Entity.EnableCNAMECheck(ctx, layeredProfile.FilterCNAMEs())
conn.Entity.LoadLists(ctx)
// DNS request from the system resolver require a special decision process,
// because the original requesting process is not known. Here, we only check
// global-only and the most important per-app aspects. The resulting