pull/41/head
xSmurf 8 years ago
parent c5b8dcb660
commit 02155c44ed

@ -173,5 +173,5 @@ func (rl *ruleList) remove(rr *ruleRow) {
func (rr *ruleRow) delete() { func (rr *ruleRow) delete() {
rr.rl.remove(rr) rr.rl.remove(rr)
rr.rl.dbus.deleteRule(rr.rule.Id) rr.rl.dbus.deleteRule(rr.rule.ID)
} }

@ -21,7 +21,7 @@ type FirewallConfigs struct {
PromptExpanded bool PromptExpanded bool
PromptExpert bool PromptExpert bool
DefaultAction string DefaultAction string
DefaultActionId FilterScope `toml:"-"` DefaultActionID FilterScope `toml:"-"`
} }
var FirewallConfig FirewallConfigs var FirewallConfig FirewallConfigs
@ -52,7 +52,7 @@ func readConfig() {
PromptExpanded: false, PromptExpanded: false,
PromptExpert: false, PromptExpert: false,
DefaultAction: "SESSION", DefaultAction: "SESSION",
DefaultActionId: 1, DefaultActionID: 1,
} }
if len(buf) > 0 { if len(buf) > 0 {
@ -62,12 +62,12 @@ func readConfig() {
} }
} }
FirewallConfig.LoggingLevel, _ = logging.LogLevel(FirewallConfig.LogLevel) FirewallConfig.LoggingLevel, _ = logging.LogLevel(FirewallConfig.LogLevel)
FirewallConfig.DefaultActionId = GetFilterScopeValue(FirewallConfig.DefaultAction) FirewallConfig.DefaultActionID = GetFilterScopeValue(FirewallConfig.DefaultAction)
} }
func writeConfig() { func writeConfig() {
FirewallConfig.LogLevel = FirewallConfig.LoggingLevel.String() FirewallConfig.LogLevel = FirewallConfig.LoggingLevel.String()
FirewallConfig.DefaultAction = GetFilterScopeString(FirewallConfig.DefaultActionId) FirewallConfig.DefaultAction = GetFilterScopeString(FirewallConfig.DefaultActionID)
if _, err := os.Stat(path.Dir(configDefaultPath)); err != nil && os.IsNotExist(err) { if _, err := os.Stat(path.Dir(configDefaultPath)); err != nil && os.IsNotExist(err) {
if err := os.MkdirAll(path.Dir(configDefaultPath), 0755); err != nil { if err := os.MkdirAll(path.Dir(configDefaultPath), 0755); err != nil {

@ -102,7 +102,7 @@ var FilterResultValue = map[string]FilterResult{
} }
type DbusRule struct { type DbusRule struct {
Id uint32 ID uint32
App string App string
Path string Path string
Verb uint16 Verb uint16

@ -9,7 +9,7 @@ import (
"github.com/op/go-logging" "github.com/op/go-logging"
) )
const introspectXml = ` const introspectXML = `
<node> <node>
<interface name="com.subgraph.Firewall"> <interface name="com.subgraph.Firewall">
<method name="SetEnabled"> <method name="SetEnabled">
@ -72,7 +72,7 @@ func newDbusServer() (*dbusServer, error) {
if err := conn.Export(ds, objectPath, interfaceName); err != nil { if err := conn.Export(ds, objectPath, interfaceName); err != nil {
return nil, err return nil, err
} }
if err := conn.Export(introspect.Introspectable(introspectXml), objectPath, "org.freedesktop.DBus.Introspectable"); err != nil { if err := conn.Export(introspect.Introspectable(introspectXML), objectPath, "org.freedesktop.DBus.Introspectable"); err != nil {
return nil, err return nil, err
} }
@ -94,7 +94,7 @@ func (ds *dbusServer) IsEnabled() (bool, *dbus.Error) {
func createDbusRule(r *Rule) DbusRule { func createDbusRule(r *Rule) DbusRule {
return DbusRule{ return DbusRule{
Id: uint32(r.id), ID: uint32(r.id),
App: path.Base(r.policy.path), App: path.Base(r.policy.path),
Path: r.policy.path, Path: r.policy.path,
Verb: uint16(r.rtype), Verb: uint16(r.rtype),
@ -117,7 +117,7 @@ func (ds *dbusServer) ListRules() ([]DbusRule, *dbus.Error) {
func (ds *dbusServer) DeleteRule(id uint32) *dbus.Error { func (ds *dbusServer) DeleteRule(id uint32) *dbus.Error {
ds.fw.lock.Lock() ds.fw.lock.Lock()
r := ds.fw.rulesById[uint(id)] r := ds.fw.rulesByID[uint(id)]
ds.fw.lock.Unlock() ds.fw.lock.Unlock()
if r.mode == RULE_MODE_SYSTEM { if r.mode == RULE_MODE_SYSTEM {
log.Warningf("Cannot delete system rule: %s", r.String()) log.Warningf("Cannot delete system rule: %s", r.String())
@ -135,7 +135,7 @@ func (ds *dbusServer) DeleteRule(id uint32) *dbus.Error {
func (ds *dbusServer) UpdateRule(rule DbusRule) *dbus.Error { func (ds *dbusServer) UpdateRule(rule DbusRule) *dbus.Error {
log.Debugf("UpdateRule %v", rule) log.Debugf("UpdateRule %v", rule)
ds.fw.lock.Lock() ds.fw.lock.Lock()
r := ds.fw.rulesById[uint(rule.Id)] r := ds.fw.rulesByID[uint(rule.ID)]
ds.fw.lock.Unlock() ds.fw.lock.Unlock()
if r != nil { if r != nil {
if r.mode == RULE_MODE_SYSTEM { if r.mode == RULE_MODE_SYSTEM {
@ -170,7 +170,7 @@ func (ds *dbusServer) GetConfig() (map[string]dbus.Variant, *dbus.Error) {
conf["log_redact"] = dbus.MakeVariant(FirewallConfig.LogRedact) conf["log_redact"] = dbus.MakeVariant(FirewallConfig.LogRedact)
conf["prompt_expanded"] = dbus.MakeVariant(FirewallConfig.PromptExpanded) conf["prompt_expanded"] = dbus.MakeVariant(FirewallConfig.PromptExpanded)
conf["prompt_expert"] = dbus.MakeVariant(FirewallConfig.PromptExpert) conf["prompt_expert"] = dbus.MakeVariant(FirewallConfig.PromptExpert)
conf["default_action"] = dbus.MakeVariant(uint16(FirewallConfig.DefaultActionId)) conf["default_action"] = dbus.MakeVariant(uint16(FirewallConfig.DefaultActionID))
return conf, nil return conf, nil
} }
@ -192,7 +192,7 @@ func (ds *dbusServer) SetConfig(key string, val dbus.Variant) *dbus.Error {
FirewallConfig.PromptExpert = flag FirewallConfig.PromptExpert = flag
case "default_action": case "default_action":
l := val.Value().(uint16) l := val.Value().(uint16)
FirewallConfig.DefaultActionId = FilterScope(l) FirewallConfig.DefaultActionID = FilterScope(l)
} }
writeConfig() writeConfig()
return nil return nil

@ -14,7 +14,7 @@ type dnsCache struct {
done chan struct{} done chan struct{}
} }
func newDnsCache() *dnsCache { func newDNSCache() *dnsCache {
return &dnsCache{ return &dnsCache{
ipMap: make(map[string]string), ipMap: make(map[string]string),
done: make(chan struct{}), done: make(chan struct{}),

@ -86,13 +86,13 @@ type dnsStruct interface {
// The wire format for the DNS packet header. // The wire format for the DNS packet header.
type dnsHeader struct { type dnsHeader struct {
Id uint16 ID uint16
Bits uint16 Bits uint16
Qdcount, Ancount, Nscount, Arcount uint16 Qdcount, Ancount, Nscount, Arcount uint16
} }
func (h *dnsHeader) Walk(f func(v interface{}, name, tag string) bool) bool { func (h *dnsHeader) Walk(f func(v interface{}, name, tag string) bool) bool {
return f(&h.Id, "Id", "") && return f(&h.ID, "Id", "") &&
f(&h.Bits, "Bits", "") && f(&h.Bits, "Bits", "") &&
f(&h.Qdcount, "Qdcount", "") && f(&h.Qdcount, "Qdcount", "") &&
f(&h.Ancount, "Ancount", "") && f(&h.Ancount, "Ancount", "") &&
@ -129,7 +129,7 @@ type dnsRR_Header struct {
Name string `net:"domain-name"` Name string `net:"domain-name"`
Rrtype uint16 Rrtype uint16
Class uint16 Class uint16
Ttl uint32 TTL uint32
Rdlength uint16 // length of data after header Rdlength uint16 // length of data after header
} }
@ -141,7 +141,7 @@ func (h *dnsRR_Header) Walk(f func(v interface{}, name, tag string) bool) bool {
return f(&h.Name, "Name", "domain") && return f(&h.Name, "Name", "domain") &&
f(&h.Rrtype, "Rrtype", "") && f(&h.Rrtype, "Rrtype", "") &&
f(&h.Class, "Class", "") && f(&h.Class, "Class", "") &&
f(&h.Ttl, "Ttl", "") && f(&h.TTL, "Ttl", "") &&
f(&h.Rdlength, "Rdlength", "") f(&h.Rdlength, "Rdlength", "")
} }
@ -167,8 +167,8 @@ func (rr *dnsRR_CNAME) Walk(f func(v interface{}, name, tag string) bool) bool {
type dnsRR_HINFO struct { type dnsRR_HINFO struct {
Hdr dnsRR_Header Hdr dnsRR_Header
Cpu string CPU string
Os string OS string
} }
func (rr *dnsRR_HINFO) Header() *dnsRR_Header { func (rr *dnsRR_HINFO) Header() *dnsRR_Header {
@ -176,7 +176,7 @@ func (rr *dnsRR_HINFO) Header() *dnsRR_Header {
} }
func (rr *dnsRR_HINFO) Walk(f func(v interface{}, name, tag string) bool) bool { func (rr *dnsRR_HINFO) Walk(f func(v interface{}, name, tag string) bool) bool {
return rr.Hdr.Walk(f) && f(&rr.Cpu, "Cpu", "") && f(&rr.Os, "Os", "") return rr.Hdr.Walk(f) && f(&rr.CPU, "Cpu", "") && f(&rr.OS, "Os", "")
} }
type dnsRR_MB struct { type dnsRR_MB struct {
@ -311,7 +311,7 @@ func (rr *dnsRR_TXT) Walk(f func(v interface{}, name, tag string) bool) bool {
if !rr.Hdr.Walk(f) { if !rr.Hdr.Walk(f) {
return false return false
} }
var n uint16 = 0 var n uint16
for n < rr.Hdr.Rdlength { for n < rr.Hdr.Rdlength {
var txt string var txt string
if !f(&txt, "Txt", "") { if !f(&txt, "Txt", "") {
@ -763,8 +763,8 @@ type dnsMsgHdr struct {
opcode int opcode int
authoritative bool authoritative bool
truncated bool truncated bool
recursion_desired bool recursionDesired bool
recursion_available bool recursionAvailable bool
rcode int rcode int
} }
@ -774,8 +774,8 @@ func (h *dnsMsgHdr) Walk(f func(v interface{}, name, tag string) bool) bool {
f(&h.opcode, "opcode", "") && f(&h.opcode, "opcode", "") &&
f(&h.authoritative, "authoritative", "") && f(&h.authoritative, "authoritative", "") &&
f(&h.truncated, "truncated", "") && f(&h.truncated, "truncated", "") &&
f(&h.recursion_desired, "recursion_desired", "") && f(&h.recursionDesired, "recursion_desired", "") &&
f(&h.recursion_available, "recursion_available", "") && f(&h.recursionAvailable, "recursion_available", "") &&
f(&h.rcode, "rcode", "") f(&h.rcode, "rcode", "")
} }
@ -791,12 +791,12 @@ func (dns *dnsMsg) Pack() (msg []byte, ok bool) {
var dh dnsHeader var dh dnsHeader
// Convert convenient dnsMsg into wire-like dnsHeader. // Convert convenient dnsMsg into wire-like dnsHeader.
dh.Id = dns.id dh.ID = dns.id
dh.Bits = uint16(dns.opcode)<<11 | uint16(dns.rcode) dh.Bits = uint16(dns.opcode)<<11 | uint16(dns.rcode)
if dns.recursion_available { if dns.recursionAvailable {
dh.Bits |= _RA dh.Bits |= _RA
} }
if dns.recursion_desired { if dns.recursionDesired {
dh.Bits |= _RD dh.Bits |= _RD
} }
if dns.truncated { if dns.truncated {
@ -854,13 +854,13 @@ func (dns *dnsMsg) Unpack(msg []byte) bool {
if off, ok = unpackStruct(&dh, msg, off); !ok { if off, ok = unpackStruct(&dh, msg, off); !ok {
return false return false
} }
dns.id = dh.Id dns.id = dh.ID
dns.response = (dh.Bits & _QR) != 0 dns.response = (dh.Bits & _QR) != 0
dns.opcode = int(dh.Bits>>11) & 0xF dns.opcode = int(dh.Bits>>11) & 0xF
dns.authoritative = (dh.Bits & _AA) != 0 dns.authoritative = (dh.Bits & _AA) != 0
dns.truncated = (dh.Bits & _TC) != 0 dns.truncated = (dh.Bits & _TC) != 0
dns.recursion_desired = (dh.Bits & _RD) != 0 dns.recursionDesired = (dh.Bits & _RD) != 0
dns.recursion_available = (dh.Bits & _RA) != 0 dns.recursionAvailable = (dh.Bits & _RA) != 0
dns.rcode = int(dh.Bits & 0xF) dns.rcode = int(dh.Bits & 0xF)
// Arrays. // Arrays.

@ -249,9 +249,9 @@ func printPacket(pkt *nfqueue.Packet, hostname string, pinfo *procsnitch.Info) s
} }
if pinfo == nil { if pinfo == nil {
return fmt.Sprintf("(%s %s:%d -> %s:%d)", proto, pkt.Src, pkt.SrcPort, name, pkt.DstPort) return fmt.Sprintf("(%s %s:%d -> %s:%d)", proto, pkt.Src, pkt.SrcPort, name, pkt.DstPort)
} else {
return fmt.Sprintf("%s %s %s:%d -> %s:%d", pinfo.ExePath, proto, pkt.Src, pkt.SrcPort, name, pkt.DstPort)
} }
return fmt.Sprintf("%s %s %s:%d -> %s:%d", pinfo.ExePath, proto, pkt.Src, pkt.SrcPort, name, pkt.DstPort)
} }
func (fw *Firewall) filterPacket(pkt *nfqueue.Packet) { func (fw *Firewall) filterPacket(pkt *nfqueue.Packet) {

@ -79,7 +79,7 @@ func (p *prompter) processConnection(pc pendingConnection) {
int32(pc.procInfo().Pid), int32(pc.procInfo().Pid),
FirewallConfig.PromptExpanded, FirewallConfig.PromptExpanded,
FirewallConfig.PromptExpert, FirewallConfig.PromptExpert,
int32(FirewallConfig.DefaultActionId)) int32(FirewallConfig.DefaultActionID))
err := call.Store(&scope, &rule) err := call.Store(&scope, &rule)
if err != nil { if err != nil {
log.Warningf("Error sending dbus RequestPrompt message: %v", err) log.Warningf("Error sending dbus RequestPrompt message: %v", err)

@ -27,8 +27,8 @@ type Firewall struct {
policies []*Policy policies []*Policy
ruleLock sync.Mutex ruleLock sync.Mutex
rulesById map[uint]*Rule rulesByID map[uint]*Rule
nextRuleId uint nextRuleID uint
reloadRulesChan chan bool reloadRulesChan chan bool
stopChan chan bool stopChan chan bool
@ -49,30 +49,30 @@ func (fw *Firewall) isEnabled() bool {
func (fw *Firewall) clearRules() { func (fw *Firewall) clearRules() {
fw.ruleLock.Lock() fw.ruleLock.Lock()
defer fw.ruleLock.Unlock() defer fw.ruleLock.Unlock()
fw.rulesById = nil fw.rulesByID = nil
fw.nextRuleId = 0 fw.nextRuleID = 0
} }
func (fw *Firewall) addRule(r *Rule) { func (fw *Firewall) addRule(r *Rule) {
fw.ruleLock.Lock() fw.ruleLock.Lock()
defer fw.ruleLock.Unlock() defer fw.ruleLock.Unlock()
r.id = fw.nextRuleId r.id = fw.nextRuleID
fw.nextRuleId += 1 fw.nextRuleID++
if fw.rulesById == nil { if fw.rulesByID == nil {
fw.rulesById = make(map[uint]*Rule) fw.rulesByID = make(map[uint]*Rule)
} }
fw.rulesById[r.id] = r fw.rulesByID[r.id] = r
} }
func (fw *Firewall) getRuleById(id uint) *Rule { func (fw *Firewall) getRuleByID(id uint) *Rule {
fw.ruleLock.Lock() fw.ruleLock.Lock()
defer fw.ruleLock.Unlock() defer fw.ruleLock.Unlock()
if fw.rulesById == nil { if fw.rulesByID == nil {
return nil return nil
} }
return fw.rulesById[id] return fw.rulesByID[id]
} }
func (fw *Firewall) stop() { func (fw *Firewall) stop() {
@ -130,7 +130,7 @@ func Main() {
fw := &Firewall{ fw := &Firewall{
dbus: ds, dbus: ds,
dns: newDnsCache(), dns: newDNSCache(),
enabled: true, enabled: true,
logBackend: logBackend, logBackend: logBackend,
policyMap: make(map[string]*Policy), policyMap: make(map[string]*Policy),

Loading…
Cancel
Save