pull/41/head
xSmurf 8 years ago
parent c5b8dcb660
commit 02155c44ed

@ -173,5 +173,5 @@ func (rl *ruleList) remove(rr *ruleRow) {
func (rr *ruleRow) delete() {
rr.rl.remove(rr)
rr.rl.dbus.deleteRule(rr.rule.Id)
rr.rl.dbus.deleteRule(rr.rule.ID)
}

@ -21,7 +21,7 @@ type FirewallConfigs struct {
PromptExpanded bool
PromptExpert bool
DefaultAction string
DefaultActionId FilterScope `toml:"-"`
DefaultActionID FilterScope `toml:"-"`
}
var FirewallConfig FirewallConfigs
@ -52,7 +52,7 @@ func readConfig() {
PromptExpanded: false,
PromptExpert: false,
DefaultAction: "SESSION",
DefaultActionId: 1,
DefaultActionID: 1,
}
if len(buf) > 0 {
@ -62,12 +62,12 @@ func readConfig() {
}
}
FirewallConfig.LoggingLevel, _ = logging.LogLevel(FirewallConfig.LogLevel)
FirewallConfig.DefaultActionId = GetFilterScopeValue(FirewallConfig.DefaultAction)
FirewallConfig.DefaultActionID = GetFilterScopeValue(FirewallConfig.DefaultAction)
}
func writeConfig() {
FirewallConfig.LogLevel = FirewallConfig.LoggingLevel.String()
FirewallConfig.DefaultAction = GetFilterScopeString(FirewallConfig.DefaultActionId)
FirewallConfig.DefaultAction = GetFilterScopeString(FirewallConfig.DefaultActionID)
if _, err := os.Stat(path.Dir(configDefaultPath)); err != nil && os.IsNotExist(err) {
if err := os.MkdirAll(path.Dir(configDefaultPath), 0755); err != nil {

@ -102,7 +102,7 @@ var FilterResultValue = map[string]FilterResult{
}
type DbusRule struct {
Id uint32
ID uint32
App string
Path string
Verb uint16

@ -9,7 +9,7 @@ import (
"github.com/op/go-logging"
)
const introspectXml = `
const introspectXML = `
<node>
<interface name="com.subgraph.Firewall">
<method name="SetEnabled">
@ -72,7 +72,7 @@ func newDbusServer() (*dbusServer, error) {
if err := conn.Export(ds, objectPath, interfaceName); err != nil {
return nil, err
}
if err := conn.Export(introspect.Introspectable(introspectXml), objectPath, "org.freedesktop.DBus.Introspectable"); err != nil {
if err := conn.Export(introspect.Introspectable(introspectXML), objectPath, "org.freedesktop.DBus.Introspectable"); err != nil {
return nil, err
}
@ -94,7 +94,7 @@ func (ds *dbusServer) IsEnabled() (bool, *dbus.Error) {
func createDbusRule(r *Rule) DbusRule {
return DbusRule{
Id: uint32(r.id),
ID: uint32(r.id),
App: path.Base(r.policy.path),
Path: r.policy.path,
Verb: uint16(r.rtype),
@ -117,7 +117,7 @@ func (ds *dbusServer) ListRules() ([]DbusRule, *dbus.Error) {
func (ds *dbusServer) DeleteRule(id uint32) *dbus.Error {
ds.fw.lock.Lock()
r := ds.fw.rulesById[uint(id)]
r := ds.fw.rulesByID[uint(id)]
ds.fw.lock.Unlock()
if r.mode == RULE_MODE_SYSTEM {
log.Warningf("Cannot delete system rule: %s", r.String())
@ -135,7 +135,7 @@ func (ds *dbusServer) DeleteRule(id uint32) *dbus.Error {
func (ds *dbusServer) UpdateRule(rule DbusRule) *dbus.Error {
log.Debugf("UpdateRule %v", rule)
ds.fw.lock.Lock()
r := ds.fw.rulesById[uint(rule.Id)]
r := ds.fw.rulesByID[uint(rule.ID)]
ds.fw.lock.Unlock()
if r != nil {
if r.mode == RULE_MODE_SYSTEM {
@ -170,7 +170,7 @@ func (ds *dbusServer) GetConfig() (map[string]dbus.Variant, *dbus.Error) {
conf["log_redact"] = dbus.MakeVariant(FirewallConfig.LogRedact)
conf["prompt_expanded"] = dbus.MakeVariant(FirewallConfig.PromptExpanded)
conf["prompt_expert"] = dbus.MakeVariant(FirewallConfig.PromptExpert)
conf["default_action"] = dbus.MakeVariant(uint16(FirewallConfig.DefaultActionId))
conf["default_action"] = dbus.MakeVariant(uint16(FirewallConfig.DefaultActionID))
return conf, nil
}
@ -192,7 +192,7 @@ func (ds *dbusServer) SetConfig(key string, val dbus.Variant) *dbus.Error {
FirewallConfig.PromptExpert = flag
case "default_action":
l := val.Value().(uint16)
FirewallConfig.DefaultActionId = FilterScope(l)
FirewallConfig.DefaultActionID = FilterScope(l)
}
writeConfig()
return nil

@ -14,7 +14,7 @@ type dnsCache struct {
done chan struct{}
}
func newDnsCache() *dnsCache {
func newDNSCache() *dnsCache {
return &dnsCache{
ipMap: make(map[string]string),
done: make(chan struct{}),

@ -86,13 +86,13 @@ type dnsStruct interface {
// The wire format for the DNS packet header.
type dnsHeader struct {
Id uint16
ID uint16
Bits uint16
Qdcount, Ancount, Nscount, Arcount uint16
}
func (h *dnsHeader) Walk(f func(v interface{}, name, tag string) bool) bool {
return f(&h.Id, "Id", "") &&
return f(&h.ID, "Id", "") &&
f(&h.Bits, "Bits", "") &&
f(&h.Qdcount, "Qdcount", "") &&
f(&h.Ancount, "Ancount", "") &&
@ -129,7 +129,7 @@ type dnsRR_Header struct {
Name string `net:"domain-name"`
Rrtype uint16
Class uint16
Ttl uint32
TTL uint32
Rdlength uint16 // length of data after header
}
@ -141,7 +141,7 @@ func (h *dnsRR_Header) Walk(f func(v interface{}, name, tag string) bool) bool {
return f(&h.Name, "Name", "domain") &&
f(&h.Rrtype, "Rrtype", "") &&
f(&h.Class, "Class", "") &&
f(&h.Ttl, "Ttl", "") &&
f(&h.TTL, "Ttl", "") &&
f(&h.Rdlength, "Rdlength", "")
}
@ -167,8 +167,8 @@ func (rr *dnsRR_CNAME) Walk(f func(v interface{}, name, tag string) bool) bool {
type dnsRR_HINFO struct {
Hdr dnsRR_Header
Cpu string
Os string
CPU string
OS string
}
func (rr *dnsRR_HINFO) Header() *dnsRR_Header {
@ -176,7 +176,7 @@ func (rr *dnsRR_HINFO) Header() *dnsRR_Header {
}
func (rr *dnsRR_HINFO) Walk(f func(v interface{}, name, tag string) bool) bool {
return rr.Hdr.Walk(f) && f(&rr.Cpu, "Cpu", "") && f(&rr.Os, "Os", "")
return rr.Hdr.Walk(f) && f(&rr.CPU, "Cpu", "") && f(&rr.OS, "Os", "")
}
type dnsRR_MB struct {
@ -311,7 +311,7 @@ func (rr *dnsRR_TXT) Walk(f func(v interface{}, name, tag string) bool) bool {
if !rr.Hdr.Walk(f) {
return false
}
var n uint16 = 0
var n uint16
for n < rr.Hdr.Rdlength {
var txt string
if !f(&txt, "Txt", "") {
@ -763,8 +763,8 @@ type dnsMsgHdr struct {
opcode int
authoritative bool
truncated bool
recursion_desired bool
recursion_available bool
recursionDesired bool
recursionAvailable bool
rcode int
}
@ -774,8 +774,8 @@ func (h *dnsMsgHdr) Walk(f func(v interface{}, name, tag string) bool) bool {
f(&h.opcode, "opcode", "") &&
f(&h.authoritative, "authoritative", "") &&
f(&h.truncated, "truncated", "") &&
f(&h.recursion_desired, "recursion_desired", "") &&
f(&h.recursion_available, "recursion_available", "") &&
f(&h.recursionDesired, "recursion_desired", "") &&
f(&h.recursionAvailable, "recursion_available", "") &&
f(&h.rcode, "rcode", "")
}
@ -791,12 +791,12 @@ func (dns *dnsMsg) Pack() (msg []byte, ok bool) {
var dh dnsHeader
// Convert convenient dnsMsg into wire-like dnsHeader.
dh.Id = dns.id
dh.ID = dns.id
dh.Bits = uint16(dns.opcode)<<11 | uint16(dns.rcode)
if dns.recursion_available {
if dns.recursionAvailable {
dh.Bits |= _RA
}
if dns.recursion_desired {
if dns.recursionDesired {
dh.Bits |= _RD
}
if dns.truncated {
@ -854,13 +854,13 @@ func (dns *dnsMsg) Unpack(msg []byte) bool {
if off, ok = unpackStruct(&dh, msg, off); !ok {
return false
}
dns.id = dh.Id
dns.id = dh.ID
dns.response = (dh.Bits & _QR) != 0
dns.opcode = int(dh.Bits>>11) & 0xF
dns.authoritative = (dh.Bits & _AA) != 0
dns.truncated = (dh.Bits & _TC) != 0
dns.recursion_desired = (dh.Bits & _RD) != 0
dns.recursion_available = (dh.Bits & _RA) != 0
dns.recursionDesired = (dh.Bits & _RD) != 0
dns.recursionAvailable = (dh.Bits & _RA) != 0
dns.rcode = int(dh.Bits & 0xF)
// Arrays.

@ -249,9 +249,9 @@ func printPacket(pkt *nfqueue.Packet, hostname string, pinfo *procsnitch.Info) s
}
if pinfo == nil {
return fmt.Sprintf("(%s %s:%d -> %s:%d)", proto, pkt.Src, pkt.SrcPort, name, pkt.DstPort)
} else {
return fmt.Sprintf("%s %s %s:%d -> %s:%d", pinfo.ExePath, proto, pkt.Src, pkt.SrcPort, name, pkt.DstPort)
}
return fmt.Sprintf("%s %s %s:%d -> %s:%d", pinfo.ExePath, proto, pkt.Src, pkt.SrcPort, name, pkt.DstPort)
}
func (fw *Firewall) filterPacket(pkt *nfqueue.Packet) {

@ -79,7 +79,7 @@ func (p *prompter) processConnection(pc pendingConnection) {
int32(pc.procInfo().Pid),
FirewallConfig.PromptExpanded,
FirewallConfig.PromptExpert,
int32(FirewallConfig.DefaultActionId))
int32(FirewallConfig.DefaultActionID))
err := call.Store(&scope, &rule)
if err != nil {
log.Warningf("Error sending dbus RequestPrompt message: %v", err)

@ -27,8 +27,8 @@ type Firewall struct {
policies []*Policy
ruleLock sync.Mutex
rulesById map[uint]*Rule
nextRuleId uint
rulesByID map[uint]*Rule
nextRuleID uint
reloadRulesChan chan bool
stopChan chan bool
@ -49,30 +49,30 @@ func (fw *Firewall) isEnabled() bool {
func (fw *Firewall) clearRules() {
fw.ruleLock.Lock()
defer fw.ruleLock.Unlock()
fw.rulesById = nil
fw.nextRuleId = 0
fw.rulesByID = nil
fw.nextRuleID = 0
}
func (fw *Firewall) addRule(r *Rule) {
fw.ruleLock.Lock()
defer fw.ruleLock.Unlock()
r.id = fw.nextRuleId
fw.nextRuleId += 1
if fw.rulesById == nil {
fw.rulesById = make(map[uint]*Rule)
r.id = fw.nextRuleID
fw.nextRuleID++
if fw.rulesByID == nil {
fw.rulesByID = make(map[uint]*Rule)
}
fw.rulesById[r.id] = r
fw.rulesByID[r.id] = r
}
func (fw *Firewall) getRuleById(id uint) *Rule {
func (fw *Firewall) getRuleByID(id uint) *Rule {
fw.ruleLock.Lock()
defer fw.ruleLock.Unlock()
if fw.rulesById == nil {
if fw.rulesByID == nil {
return nil
}
return fw.rulesById[id]
return fw.rulesByID[id]
}
func (fw *Firewall) stop() {
@ -130,7 +130,7 @@ func Main() {
fw := &Firewall{
dbus: ds,
dns: newDnsCache(),
dns: newDNSCache(),
enabled: true,
logBackend: logBackend,
policyMap: make(map[string]*Policy),

Loading…
Cancel
Save