Clean up linter errors

firewall/interception/nfqueue/doc.go

@@ -1,2 +1,2 @@
-// Package nfqueue provides network interception capabilites on linux via iptables nfqueue.
+// Package nfqueue provides network interception capabilities on linux via iptables nfqueue.
 package nfqueue

firewall/interception/nfqueue/nfqueue.go

@@ -27,6 +27,8 @@ func init() {
 	queues = make(map[uint16]*NFQueue)
 }
 
+// NFQueue holds a Linux NFQ Handle and associated information.
+//nolint:maligned // FIXME
 type NFQueue struct {
 	DefaultVerdict uint32
 	Timeout        time.Duration
@@ -41,6 +43,7 @@ type NFQueue struct {
 	Packets chan packet.Packet
 }
 
+// NewNFQueue initializes a new netfilter queue.
 func NewNFQueue(qid uint16) (nfq *NFQueue, err error) {
 	if os.Geteuid() != 0 {
 		return nil, errors.New("must be root to intercept packets")
@@ -61,96 +64,98 @@ func NewNFQueue(qid uint16) (nfq *NFQueue, err error) {
 	return nfq, nil
 }
 
-func (this *NFQueue) init() error {
+func (nfq *NFQueue) init() error {
 	var err error
-	if this.h, err = C.nfq_open(); err != nil || this.h == nil {
+	if nfq.h, err = C.nfq_open(); err != nil || nfq.h == nil {
 		return fmt.Errorf("could not open nfqueue: %s", err)
 	}
 
-	//if this.qh, err = C.nfq_create_queue(this.h, qid, C.get_cb(), unsafe.Pointer(nfq)); err != nil || this.qh == nil {
+	//if nfq.qh, err = C.nfq_create_queue(nfq.h, qid, C.get_cb(), unsafe.Pointer(nfq)); err != nil || nfq.qh == nil {
 
-	this.Packets = make(chan packet.Packet, 1)
+	nfq.Packets = make(chan packet.Packet, 1)
 
-	if C.nfq_unbind_pf(this.h, C.AF_INET) < 0 {
-		this.Destroy()
+	if C.nfq_unbind_pf(nfq.h, C.AF_INET) < 0 {
+		nfq.Destroy()
 		return errors.New("nfq_unbind_pf(AF_INET) failed, are you root?")
 	}
-	if C.nfq_unbind_pf(this.h, C.AF_INET6) < 0 {
-		this.Destroy()
+	if C.nfq_unbind_pf(nfq.h, C.AF_INET6) < 0 {
+		nfq.Destroy()
 		return errors.New("nfq_unbind_pf(AF_INET6) failed")
 	}
 
-	if C.nfq_bind_pf(this.h, C.AF_INET) < 0 {
-		this.Destroy()
+	if C.nfq_bind_pf(nfq.h, C.AF_INET) < 0 {
+		nfq.Destroy()
 		return errors.New("nfq_bind_pf(AF_INET) failed")
 	}
-	if C.nfq_bind_pf(this.h, C.AF_INET6) < 0 {
-		this.Destroy()
+	if C.nfq_bind_pf(nfq.h, C.AF_INET6) < 0 {
+		nfq.Destroy()
 		return errors.New("nfq_bind_pf(AF_INET6) failed")
 	}
 
-	if this.qh, err = C.create_queue(this.h, C.uint16_t(this.qid)); err != nil || this.qh == nil {
-		C.nfq_close(this.h)
+	if nfq.qh, err = C.create_queue(nfq.h, C.uint16_t(nfq.qid)); err != nil || nfq.qh == nil {
+		C.nfq_close(nfq.h)
 		return fmt.Errorf("could not create queue: %s", err)
 	}
 
-	this.fd = int(C.nfq_fd(this.h))
+	nfq.fd = int(C.nfq_fd(nfq.h))
 
-	if C.nfq_set_mode(this.qh, C.NFQNL_COPY_PACKET, 0xffff) < 0 {
-		this.Destroy()
+	if C.nfq_set_mode(nfq.qh, C.NFQNL_COPY_PACKET, 0xffff) < 0 {
+		nfq.Destroy()
 		return errors.New("nfq_set_mode(NFQNL_COPY_PACKET) failed")
 	}
-	if C.nfq_set_queue_maxlen(this.qh, 1024*8) < 0 {
-		this.Destroy()
+	if C.nfq_set_queue_maxlen(nfq.qh, 1024*8) < 0 {
+		nfq.Destroy()
 		return errors.New("nfq_set_queue_maxlen(1024 * 8) failed")
 	}
 
 	return nil
 }
 
-func (this *NFQueue) Destroy() {
-	this.lk.Lock()
-	defer this.lk.Unlock()
+// Destroy closes all the nfqueues.
+func (nfq *NFQueue) Destroy() {
+	nfq.lk.Lock()
+	defer nfq.lk.Unlock()
 
-	if this.fd != 0 && this.Valid() {
-		syscall.Close(this.fd)
+	if nfq.fd != 0 && nfq.Valid() {
+		syscall.Close(nfq.fd)
 	}
-	if this.qh != nil {
-		C.nfq_destroy_queue(this.qh)
-		this.qh = nil
+	if nfq.qh != nil {
+		C.nfq_destroy_queue(nfq.qh)
+		nfq.qh = nil
 	}
-	if this.h != nil {
-		C.nfq_close(this.h)
-		this.h = nil
+	if nfq.h != nil {
+		C.nfq_close(nfq.h)
+		nfq.h = nil
 	}
 
 	// TODO: don't close, we're exiting anyway
-	// if this.Packets != nil {
-	// 	close(this.Packets)
+	// if nfq.Packets != nil {
+	// 	close(nfq.Packets)
 	// }
 }
 
-func (this *NFQueue) Valid() bool {
-	return this.h != nil && this.qh != nil
+// Valid returns whether the NFQueue is still valid.
+func (nfq *NFQueue) Valid() bool {
+	return nfq.h != nil && nfq.qh != nil
 }
 
 //export go_nfq_callback
 func go_nfq_callback(id uint32, hwproto uint16, hook uint8, mark *uint32,
 	version, protocol, tos, ttl uint8, saddr, daddr unsafe.Pointer,
-	sport, dport, checksum uint16, payload_len uint32, payload, data unsafe.Pointer) (v uint32) {
+	sport, dport, checksum uint16, payloadLen uint32, payload, data unsafe.Pointer) (v uint32) {
 
 	qidptr := (*uint16)(data)
-	qid := uint16(*qidptr)
+	qid := *qidptr
 
 	// nfq := (*NFQueue)(nfqptr)
 	ipVersion := packet.IPVersion(version)
 	ipsz := C.int(ipVersion.ByteSize())
-	bs := C.GoBytes(payload, (C.int)(payload_len))
+	bs := C.GoBytes(payload, (C.int)(payloadLen))
 
 	verdict := make(chan uint32, 1)
 	pkt := Packet{
-		QueueId:    qid,
-		Id:         id,
+		QueueID:    qid,
+		ID:         id,
 		HWProtocol: hwproto,
 		Hook:       hook,
 		Mark:       *mark,

firewall/interception/nfqueue/packet.go

@@ -1,15 +1,18 @@
 package nfqueue
 
 import (
-	"fmt"
+	"errors"
 
 	"github.com/safing/portmaster/network/packet"
 )
 
+// NFQ Errors
 var (
-	ErrVerdictSentOrTimedOut error = fmt.Errorf("The verdict was already sent or timed out.")
+	ErrVerdictSentOrTimedOut = errors.New("the verdict was already sent or timed out")
 )
 
+// NFQ Packet Constants
+//nolint:golint,stylecheck // FIXME
 const (
 	NFQ_DROP   uint32 = 0 // discarded the packet
 	NFQ_ACCEPT uint32 = 1 // the packet passes, continue iterations
@@ -19,11 +22,12 @@ const (
 	NFQ_STOP   uint32 = 5 // accept, but don't continue iterations
 )
 
+// Packet represents a packet with a NFQ reference.
 type Packet struct {
 	packet.Base
 
-	QueueId    uint16
-	Id         uint32
+	QueueID    uint16
+	ID         uint32
 	HWProtocol uint16
 	Hook       uint8
 	Mark       uint32
@@ -35,9 +39,10 @@ type Packet struct {
 
 // func (pkt *Packet) String() string {
 //   return fmt.Sprintf("<Packet QId: %d, Id: %d, Type: %s, Src: %s:%d, Dst: %s:%d, Mark: 0x%X, Checksum: 0x%X, TOS: 0x%X, TTL: %d>",
-//     pkt.QueueId, pkt.Id, pkt.Protocol, pkt.Src, pkt.SrcPort, pkt.Dst, pkt.DstPort, pkt.Mark, pkt.Checksum, pkt.Tos, pkt.TTL)
+//     pkt.QueueID, pkt.Id, pkt.Protocol, pkt.Src, pkt.SrcPort, pkt.Dst, pkt.DstPort, pkt.Mark, pkt.Checksum, pkt.Tos, pkt.TTL)
 // }
 
+//nolint:unparam // FIXME
 func (pkt *Packet) setVerdict(v uint32) (err error) {
 	defer func() {
 		if x := recover(); x != nil {
@@ -68,41 +73,49 @@ func (pkt *Packet) setVerdict(v uint32) (err error) {
 // 	return pkt.setVerdict(NFQ_DROP)
 // }
 
+// Accept implements the packet interface.
 func (pkt *Packet) Accept() error {
 	pkt.Mark = 1700
 	return pkt.setVerdict(NFQ_ACCEPT)
 }
 
+// Block implements the packet interface.
 func (pkt *Packet) Block() error {
 	pkt.Mark = 1701
 	return pkt.setVerdict(NFQ_ACCEPT)
 }
 
+// Drop implements the packet interface.
 func (pkt *Packet) Drop() error {
 	pkt.Mark = 1702
 	return pkt.setVerdict(NFQ_ACCEPT)
 }
 
+// PermanentAccept implements the packet interface.
 func (pkt *Packet) PermanentAccept() error {
 	pkt.Mark = 1710
 	return pkt.setVerdict(NFQ_ACCEPT)
 }
 
+// PermanentBlock implements the packet interface.
 func (pkt *Packet) PermanentBlock() error {
 	pkt.Mark = 1711
 	return pkt.setVerdict(NFQ_ACCEPT)
 }
 
+// PermanentDrop implements the packet interface.
 func (pkt *Packet) PermanentDrop() error {
 	pkt.Mark = 1712
 	return pkt.setVerdict(NFQ_ACCEPT)
 }
 
+// RerouteToNameserver implements the packet interface.
 func (pkt *Packet) RerouteToNameserver() error {
 	pkt.Mark = 1799
 	return pkt.setVerdict(NFQ_ACCEPT)
 }
 
+// RerouteToTunnel implements the packet interface.
 func (pkt *Packet) RerouteToTunnel() error {
 	pkt.Mark = 1717
 	return pkt.setVerdict(NFQ_ACCEPT)

firewall/interception/nfqueue_linux.go

@@ -247,28 +247,28 @@ func StartNfqueueInterception() (err error) {
 
 	err = activateNfqueueFirewall()
 	if err != nil {
-		Stop()
+		_ = Stop()
 		return fmt.Errorf("could not initialize nfqueue: %s", err)
 	}
 
 	out4Queue, err = nfqueue.NewNFQueue(17040)
 	if err != nil {
-		Stop()
+		_ = Stop()
 		return fmt.Errorf("interception: failed to create nfqueue(IPv4, in): %s", err)
 	}
 	in4Queue, err = nfqueue.NewNFQueue(17140)
 	if err != nil {
-		Stop()
+		_ = Stop()
 		return fmt.Errorf("interception: failed to create nfqueue(IPv4, in): %s", err)
 	}
 	out6Queue, err = nfqueue.NewNFQueue(17060)
 	if err != nil {
-		Stop()
+		_ = Stop()
 		return fmt.Errorf("interception: failed to create nfqueue(IPv4, in): %s", err)
 	}
 	in6Queue, err = nfqueue.NewNFQueue(17160)
 	if err != nil {
-		Stop()
+		_ = Stop()
 		return fmt.Errorf("interception: failed to create nfqueue(IPv4, in): %s", err)
 	}
 
@@ -321,12 +321,3 @@ func handleInterception() {
 		}
 	}
 }
-
-func stringInSlice(slice []string, value string) bool {
-	for _, entry := range slice {
-		if value == entry {
-			return true
-		}
-	}
-	return false
-}

firewall/interception/windowskext/handler.go

@@ -1,4 +1,5 @@
 // +build windows
+
 package windowskext
 
 import (

firewall/interception/windowskext/kext.go

@@ -1,4 +1,5 @@
 // +build windows
+
 package windowskext
 
 import (

firewall/interception/windowskext/packet.go

@@ -1,4 +1,5 @@
 // +build windows
+
 package windowskext
 
 import (

firewall/interception/windowskext/test/endian/main.go

@@ -1,26 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"unsafe"
-)
-
-const integerSize int = int(unsafe.Sizeof(0))
-
-func isBigEndian() bool {
-	var i int = 0x1
-	bs := (*[integerSize]byte)(unsafe.Pointer(&i))
-	if bs[0] == 0 {
-		return true
-	} else {
-		return false
-	}
-}
-
-func main() {
-	if isBigEndian() {
-		fmt.Println("System is Big Endian (Network Byte Order): uint16 0x1234 is 0x1234 in memory")
-	} else {
-		fmt.Println("System is Little Endian (Host Byte Order): uint16 0x1234 is 0x3412 in memory")
-	}
-}