github/portmaster
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Add support for verdict and decision reason context

Browse Source
This commit is contained in:
Patrick Pacher
2020-04-20 17:19:48 +02:00
parent eeb358425d
commit 8c5526a69b
17 changed files with 246 additions and 148 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
firewall/inspection/inspection.go
View File

@@ -85,11 +85,11 @@ func RunInspectors(conn *network.Connection, pkt packet.Packet) (network.Verdict
verdict = network.VerdictDrop
continueInspection = true
case BLOCK_CONN:
conn.SetVerdict(network.VerdictBlock)
conn.SetVerdict(network.VerdictBlock, "", nil)
verdict = conn.Verdict
activeInspectors[key] = true
case DROP_CONN:
conn.SetVerdict(network.VerdictDrop)
conn.SetVerdict(network.VerdictDrop, "", nil)
verdict = conn.Verdict
activeInspectors[key] = true
case STOP_INSPECTING:

12
firewall/master.go
View File

@@ -143,9 +143,6 @@ func DecideOnConnection(conn *network.Connection, pkt packet.Packet) { //nolint:
}
}
var result endpoints.EPResult
var reason string
if p.PreventBypassing() {
// check for bypass protection
result, reason := PreventBypassing(conn)
@@ -160,6 +157,9 @@ func DecideOnConnection(conn *network.Connection, pkt packet.Packet) { //nolint:
}
}
var result endpoints.EPResult
var reason endpoints.Reason
// check endpoints list
if conn.Inbound {
result, reason = p.MatchServiceEndpoint(conn.Entity)
@@ -168,10 +168,10 @@ func DecideOnConnection(conn *network.Connection, pkt packet.Packet) { //nolint:
}
switch result {
case endpoints.Denied:
conn.Deny("endpoint is blacklisted: " + reason) // Block Outbound / Drop Inbound
conn.DenyWithContext(reason.String(), reason.Context())
return
case endpoints.Permitted:
conn.Accept("endpoint is whitelisted: " + reason)
conn.AcceptWithContext(reason.String(), reason.Context())
return
}
// continuing with result == NoMatch
@@ -180,7 +180,7 @@ func DecideOnConnection(conn *network.Connection, pkt packet.Packet) { //nolint:
result, reason = p.MatchFilterLists(conn.Entity)
switch result {
case endpoints.Denied:
conn.Deny("endpoint in filterlists: " + reason)
conn.DenyWithContext(reason.String(), reason.Context())
return
case endpoints.NoMatch:
// nothing to do