Improve logging, support pre-authorized ports
This commit is contained in:
Daniel
@@ -3,6 +3,7 @@
|
||||
package network
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
@@ -235,9 +236,9 @@ var (
|
||||
)
|
||||
|
||||
// GetCommunicationByDNSRequest returns the matching communication from the internal storage.
|
||||
func GetCommunicationByDNSRequest(ip net.IP, port uint16, fqdn string) (*Communication, error) {
|
||||
func GetCommunicationByDNSRequest(ctx context.Context, ip net.IP, port uint16, fqdn string) (*Communication, error) {
|
||||
// get Process
|
||||
proc, err := process.GetProcessByEndpoints(ip, port, dnsAddress, dnsPort, packet.UDP)
|
||||
proc, err := process.GetProcessByEndpoints(ctx, ip, port, dnsAddress, dnsPort, packet.UDP)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -279,9 +279,12 @@ func GetLink(id string) (*Link, bool) {
|
||||
func GetOrCreateLinkByPacket(pkt packet.Packet) (*Link, bool) {
|
||||
link, ok := GetLink(pkt.GetLinkID())
|
||||
if ok {
|
||||
log.Tracer(pkt.Ctx()).Tracef("network: assigned to link %s", link.ID)
|
||||
return link, false
|
||||
}
|
||||
return CreateLinkFromPacket(pkt), true
|
||||
link = CreateLinkFromPacket(pkt)
|
||||
log.Tracer(pkt.Ctx()).Tracef("network: created new link %s", link.ID)
|
||||
return link, true
|
||||
}
|
||||
|
||||
// CreateLinkFromPacket creates a new Link based on Packet.
|
||||
|
||||
@@ -3,17 +3,29 @@
|
||||
package packet
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net"
|
||||
)
|
||||
|
||||
// Base is a base structure for satisfying the Packet interface.
|
||||
type Base struct {
|
||||
ctx context.Context
|
||||
info Info
|
||||
linkID string
|
||||
Payload []byte
|
||||
}
|
||||
|
||||
// SetCtx sets the packet context.
|
||||
func (pkt *Base) SetCtx(ctx context.Context) {
|
||||
pkt.ctx = ctx
|
||||
}
|
||||
|
||||
// Ctx returns the packet context.
|
||||
func (pkt *Base) Ctx() context.Context {
|
||||
return pkt.ctx
|
||||
}
|
||||
|
||||
// Info returns the packet Info.
|
||||
func (pkt *Base) Info() *Info {
|
||||
return &pkt.info
|
||||
@@ -195,6 +207,8 @@ type Packet interface {
|
||||
RerouteToTunnel() error
|
||||
|
||||
// INFO
|
||||
SetCtx(context.Context)
|
||||
Ctx() context.Context
|
||||
Info() *Info
|
||||
SetPacketInfo(Info)
|
||||
IsInbound() bool
|
||||
|
||||
76
network/self.go
Normal file
76
network/self.go
Normal file
@@ -0,0 +1,76 @@
|
||||
package network
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"time"
|
||||
|
||||
"github.com/Safing/portmaster/network/netutils"
|
||||
"github.com/Safing/portmaster/network/packet"
|
||||
"github.com/Safing/portmaster/process"
|
||||
)
|
||||
|
||||
// GetOwnComm returns the communication for the given packet, that originates from
|
||||
func GetOwnComm(pkt packet.Packet) (*Communication, error) {
|
||||
var domain string
|
||||
|
||||
// Incoming
|
||||
if pkt.IsInbound() {
|
||||
switch netutils.ClassifyIP(pkt.Info().RemoteIP()) {
|
||||
case netutils.HostLocal:
|
||||
domain = IncomingHost
|
||||
case netutils.LinkLocal, netutils.SiteLocal, netutils.LocalMulticast:
|
||||
domain = IncomingLAN
|
||||
case netutils.Global, netutils.GlobalMulticast:
|
||||
domain = IncomingInternet
|
||||
case netutils.Invalid:
|
||||
domain = IncomingInvalid
|
||||
}
|
||||
|
||||
communication, ok := GetCommunication(os.Getpid(), domain)
|
||||
if !ok {
|
||||
proc, err := process.GetOrFindProcess(pkt.Ctx(), os.Getpid())
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("could not get own process")
|
||||
}
|
||||
communication = &Communication{
|
||||
Domain: domain,
|
||||
Direction: Inbound,
|
||||
process: proc,
|
||||
Inspect: true,
|
||||
FirstLinkEstablished: time.Now().Unix(),
|
||||
}
|
||||
}
|
||||
communication.process.AddCommunication()
|
||||
return communication, nil
|
||||
}
|
||||
|
||||
// PeerToPeer
|
||||
switch netutils.ClassifyIP(pkt.Info().RemoteIP()) {
|
||||
case netutils.HostLocal:
|
||||
domain = PeerHost
|
||||
case netutils.LinkLocal, netutils.SiteLocal, netutils.LocalMulticast:
|
||||
domain = PeerLAN
|
||||
case netutils.Global, netutils.GlobalMulticast:
|
||||
domain = PeerInternet
|
||||
case netutils.Invalid:
|
||||
domain = PeerInvalid
|
||||
}
|
||||
|
||||
communication, ok := GetCommunication(os.Getpid(), domain)
|
||||
if !ok {
|
||||
proc, err := process.GetOrFindProcess(pkt.Ctx(), os.Getpid())
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("could not get own process")
|
||||
}
|
||||
communication = &Communication{
|
||||
Domain: domain,
|
||||
Direction: Outbound,
|
||||
process: proc,
|
||||
Inspect: true,
|
||||
FirstLinkEstablished: time.Now().Unix(),
|
||||
}
|
||||
}
|
||||
communication.process.AddCommunication()
|
||||
return communication, nil
|
||||
}
|
||||
@@ -17,6 +17,27 @@ const (
|
||||
VerdictRerouteToTunnel Verdict = 6
|
||||
)
|
||||
|
||||
func (v Verdict) String() string {
|
||||
switch v {
|
||||
case VerdictUndecided:
|
||||
return "<Undecided>"
|
||||
case VerdictUndeterminable:
|
||||
return "<Undeterminable>"
|
||||
case VerdictAccept:
|
||||
return "Accept"
|
||||
case VerdictBlock:
|
||||
return "Block"
|
||||
case VerdictDrop:
|
||||
return "Drop"
|
||||
case VerdictRerouteToNameserver:
|
||||
return "RerouteToNameserver"
|
||||
case VerdictRerouteToTunnel:
|
||||
return "RerouteToTunnel"
|
||||
default:
|
||||
return "<INVALID VERDICT>"
|
||||
}
|
||||
}
|
||||
|
||||
// Packer Directions
|
||||
const (
|
||||
Inbound = true
|
||||
|
||||
Reference in New Issue
Block a user