From e72ed023db1a8516d82d75fad704a9397406c643 Mon Sep 17 00:00:00 2001 From: Daniel Date: Fri, 10 May 2019 11:57:18 +0200 Subject: [PATCH] Improve logging, support pre-authorized ports --- network/communication.go | 5 +-- network/link.go | 5 ++- network/packet/packet.go | 14 ++++++++ network/self.go | 76 ++++++++++++++++++++++++++++++++++++++++ network/status.go | 21 +++++++++++ 5 files changed, 118 insertions(+), 3 deletions(-) create mode 100644 network/self.go diff --git a/network/communication.go b/network/communication.go index 053022ec..fc96680a 100644 --- a/network/communication.go +++ b/network/communication.go @@ -3,6 +3,7 @@ package network import ( + "context" "errors" "fmt" "net" @@ -235,9 +236,9 @@ var ( ) // GetCommunicationByDNSRequest returns the matching communication from the internal storage. -func GetCommunicationByDNSRequest(ip net.IP, port uint16, fqdn string) (*Communication, error) { +func GetCommunicationByDNSRequest(ctx context.Context, ip net.IP, port uint16, fqdn string) (*Communication, error) { // get Process - proc, err := process.GetProcessByEndpoints(ip, port, dnsAddress, dnsPort, packet.UDP) + proc, err := process.GetProcessByEndpoints(ctx, ip, port, dnsAddress, dnsPort, packet.UDP) if err != nil { return nil, err } diff --git a/network/link.go b/network/link.go index ef377e37..26e4b519 100644 --- a/network/link.go +++ b/network/link.go @@ -279,9 +279,12 @@ func GetLink(id string) (*Link, bool) { func GetOrCreateLinkByPacket(pkt packet.Packet) (*Link, bool) { link, ok := GetLink(pkt.GetLinkID()) if ok { + log.Tracer(pkt.Ctx()).Tracef("network: assigned to link %s", link.ID) return link, false } - return CreateLinkFromPacket(pkt), true + link = CreateLinkFromPacket(pkt) + log.Tracer(pkt.Ctx()).Tracef("network: created new link %s", link.ID) + return link, true } // CreateLinkFromPacket creates a new Link based on Packet. diff --git a/network/packet/packet.go b/network/packet/packet.go index 6db8ed20..f150476e 100644 --- a/network/packet/packet.go +++ b/network/packet/packet.go @@ -3,17 +3,29 @@ package packet import ( + "context" "fmt" "net" ) // Base is a base structure for satisfying the Packet interface. type Base struct { + ctx context.Context info Info linkID string Payload []byte } +// SetCtx sets the packet context. +func (pkt *Base) SetCtx(ctx context.Context) { + pkt.ctx = ctx +} + +// Ctx returns the packet context. +func (pkt *Base) Ctx() context.Context { + return pkt.ctx +} + // Info returns the packet Info. func (pkt *Base) Info() *Info { return &pkt.info @@ -195,6 +207,8 @@ type Packet interface { RerouteToTunnel() error // INFO + SetCtx(context.Context) + Ctx() context.Context Info() *Info SetPacketInfo(Info) IsInbound() bool diff --git a/network/self.go b/network/self.go new file mode 100644 index 00000000..13aa9fac --- /dev/null +++ b/network/self.go @@ -0,0 +1,76 @@ +package network + +import ( + "fmt" + "os" + "time" + + "github.com/Safing/portmaster/network/netutils" + "github.com/Safing/portmaster/network/packet" + "github.com/Safing/portmaster/process" +) + +// GetOwnComm returns the communication for the given packet, that originates from +func GetOwnComm(pkt packet.Packet) (*Communication, error) { + var domain string + + // Incoming + if pkt.IsInbound() { + switch netutils.ClassifyIP(pkt.Info().RemoteIP()) { + case netutils.HostLocal: + domain = IncomingHost + case netutils.LinkLocal, netutils.SiteLocal, netutils.LocalMulticast: + domain = IncomingLAN + case netutils.Global, netutils.GlobalMulticast: + domain = IncomingInternet + case netutils.Invalid: + domain = IncomingInvalid + } + + communication, ok := GetCommunication(os.Getpid(), domain) + if !ok { + proc, err := process.GetOrFindProcess(pkt.Ctx(), os.Getpid()) + if err != nil { + return nil, fmt.Errorf("could not get own process") + } + communication = &Communication{ + Domain: domain, + Direction: Inbound, + process: proc, + Inspect: true, + FirstLinkEstablished: time.Now().Unix(), + } + } + communication.process.AddCommunication() + return communication, nil + } + + // PeerToPeer + switch netutils.ClassifyIP(pkt.Info().RemoteIP()) { + case netutils.HostLocal: + domain = PeerHost + case netutils.LinkLocal, netutils.SiteLocal, netutils.LocalMulticast: + domain = PeerLAN + case netutils.Global, netutils.GlobalMulticast: + domain = PeerInternet + case netutils.Invalid: + domain = PeerInvalid + } + + communication, ok := GetCommunication(os.Getpid(), domain) + if !ok { + proc, err := process.GetOrFindProcess(pkt.Ctx(), os.Getpid()) + if err != nil { + return nil, fmt.Errorf("could not get own process") + } + communication = &Communication{ + Domain: domain, + Direction: Outbound, + process: proc, + Inspect: true, + FirstLinkEstablished: time.Now().Unix(), + } + } + communication.process.AddCommunication() + return communication, nil +} diff --git a/network/status.go b/network/status.go index 6b2dae35..6e2ab7b8 100644 --- a/network/status.go +++ b/network/status.go @@ -17,6 +17,27 @@ const ( VerdictRerouteToTunnel Verdict = 6 ) +func (v Verdict) String() string { + switch v { + case VerdictUndecided: + return "" + case VerdictUndeterminable: + return "" + case VerdictAccept: + return "Accept" + case VerdictBlock: + return "Block" + case VerdictDrop: + return "Drop" + case VerdictRerouteToNameserver: + return "RerouteToNameserver" + case VerdictRerouteToTunnel: + return "RerouteToTunnel" + default: + return "" + } +} + // Packer Directions const ( Inbound = true