Implemented peer review comments
This commit is contained in:
Patrick Pacher
@@ -5,6 +5,7 @@ import (
|
||||
"fmt"
|
||||
"sync"
|
||||
|
||||
"github.com/safing/portmaster/intel/filterlist"
|
||||
"github.com/safing/portmaster/profile/endpoints"
|
||||
)
|
||||
|
||||
@@ -14,6 +15,7 @@ var (
|
||||
cfgDefaultAction uint8
|
||||
cfgEndpoints endpoints.Endpoints
|
||||
cfgServiceEndpoints endpoints.Endpoints
|
||||
cfgFilterLists []string
|
||||
)
|
||||
|
||||
func registerConfigUpdater() error {
|
||||
@@ -60,6 +62,12 @@ func updateGlobalConfigProfile(ctx context.Context, data interface{}) error {
|
||||
lastErr = err
|
||||
}
|
||||
|
||||
list = cfgOptionFilterLists()
|
||||
cfgFilterLists, err = filterlist.ResolveListIDs(list)
|
||||
if err != nil {
|
||||
lastErr = err
|
||||
}
|
||||
|
||||
// build global profile for reference
|
||||
profile := &Profile{
|
||||
ID: "config",
|
||||
|
||||
@@ -63,6 +63,7 @@ func registerConfiguration() error {
|
||||
Description: `The default filter action when nothing else permits or blocks a connection.`,
|
||||
OptType: config.OptTypeString,
|
||||
DefaultValue: "permit",
|
||||
ExternalOptType: "string list",
|
||||
ValidationRegex: "^(permit|ask|block)$",
|
||||
})
|
||||
if err != nil {
|
||||
|
||||
@@ -6,7 +6,6 @@ import (
|
||||
|
||||
"github.com/safing/portbase/log"
|
||||
|
||||
"github.com/safing/portmaster/intel/filterlist"
|
||||
"github.com/safing/portmaster/status"
|
||||
|
||||
"github.com/tevino/abool"
|
||||
@@ -228,8 +227,8 @@ func (lp *LayeredProfile) MatchFilterLists(entity *intel.Entity) (result endpoin
|
||||
|
||||
log.Errorf("number of layers: %d", len(lp.layers))
|
||||
for _, layer := range lp.layers {
|
||||
if id := lookupMap.Match(layer.filterListIDs); id != "" {
|
||||
return endpoints.Denied, id
|
||||
if reason := lookupMap.Match(layer.filterListIDs); reason != "" {
|
||||
return endpoints.Denied, reason
|
||||
}
|
||||
|
||||
// only check the first layer that has filter list
|
||||
@@ -239,19 +238,10 @@ func (lp *LayeredProfile) MatchFilterLists(entity *intel.Entity) (result endpoin
|
||||
}
|
||||
}
|
||||
|
||||
// TODO(ppacher): re-resolving global list IDs is a bit overkill,
|
||||
// add some caching here.
|
||||
cfgLock.RLock()
|
||||
defer cfgLock.RUnlock()
|
||||
|
||||
globalIds, err := filterlist.ResolveListIDs(cfgOptionFilterLists())
|
||||
if err != nil {
|
||||
log.Errorf("filter: failed to get global filter list IDs: %s", err)
|
||||
return endpoints.NoMatch, ""
|
||||
}
|
||||
|
||||
if id := lookupMap.Match(globalIds); id != "" {
|
||||
return endpoints.Denied, id
|
||||
if reason := lookupMap.Match(cfgFilterLists); reason != "" {
|
||||
return endpoints.Denied, reason
|
||||
}
|
||||
|
||||
return endpoints.NoMatch, ""
|
||||
|
||||
Reference in New Issue
Block a user