github/portmaster
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Improve verdict handling and switch to immediate re-evaluation

Browse Source
This commit is contained in:
Daniel
2022-10-10 11:21:45 +02:00
parent 57904426e3
commit f63df67d23
12 changed files with 242 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
firewall/inspection/inspection.go
View File

@@ -63,8 +63,8 @@ func RunInspectors(conn *network.Connection, pkt packet.Packet) (network.Verdict
continue
}
// check if the current verdict is already past the inspection criteria.
if conn.Verdict.Current > inspectVerdicts[key] {
// check if the active verdict is already past the inspection criteria.
if conn.Verdict.Active > inspectVerdicts[key] {
activeInspectors[key] = true
continue
}
@@ -86,11 +86,11 @@ func RunInspectors(conn *network.Connection, pkt packet.Packet) (network.Verdict
continueInspection = true
case BLOCK_CONN:
conn.SetVerdict(network.VerdictBlock, "", "", nil)
verdict = conn.Verdict.Current
verdict = conn.Verdict.Active
activeInspectors[key] = true
case DROP_CONN:
conn.SetVerdict(network.VerdictDrop, "", "", nil)
verdict = conn.Verdict.Current
verdict = conn.Verdict.Active
activeInspectors[key] = true
case STOP_INSPECTING:
activeInspectors[key] = true