From 08266cca767ba50860e3eb472e9baaf52e5bb3b4 Mon Sep 17 00:00:00 2001
From: shw <shw@subgraph.com>
Date: Thu, 13 Apr 2017 22:59:13 +0000
Subject: [PATCH] Support for handling network traffic that can't be uncovered
 with procsnitch.

---
 sgfw/policy.go | 38 ++++++++++++++++++++++++++++----------
 1 file changed, 28 insertions(+), 10 deletions(-)

diff --git a/sgfw/policy.go b/sgfw/policy.go
index 8dca17f..e8570e3 100644
--- a/sgfw/policy.go
+++ b/sgfw/policy.go
@@ -51,11 +51,26 @@ type pendingPkt struct {
 	pinfo *procsnitch.Info
 }
 
+func getEmptyPInfo() *procsnitch.Info {
+	pinfo := procsnitch.Info{}
+	pinfo.UID, pinfo.Pid, pinfo.ParentPid = 0, 0, 0
+	pinfo.ExePath = "[unknown-exe]"
+	pinfo.CmdLine = "[unknown-cmdline]"
+	pinfo.FirstArg = "[unknown-arg]"
+	pinfo.ParentCmdLine = "[unknown-pcmdline]"
+	pinfo.ParentExePath = "[unknown-pexe]"
+	return &pinfo
+}
+
 func (pp *pendingPkt) policy() *Policy {
 	return pp.pol
 }
 
 func (pp *pendingPkt) procInfo() *procsnitch.Info {
+	if pp.pinfo == nil {
+		return getEmptyPInfo()
+	}
+
 	return pp.pinfo
 }
 
@@ -342,20 +357,23 @@ func (fw *Firewall) filterPacket(pkt *nfqueue.NFQPacket) {
 	}
 
 
+	ppath := "*"
 
 	pinfo := findProcessForPacket(pkt)
 	if pinfo == nil {
+		pinfo = getEmptyPInfo()
 		log.Warningf("No proc found for %s", printPacket(pkt, fw.dns.Lookup(dstip), nil))
-		pkt.Accept()
-		return
-	}
-	ppath := pinfo.ExePath
-	cf := strings.Fields(pinfo.CmdLine)
-	if len(cf) > 1 && strings.HasPrefix(cf[1], "/") {
-		for _, intp := range _interpreters {
-			if strings.Contains(pinfo.ExePath, intp) {
-				ppath = cf[1]
-				break
+//		pkt.Accept()
+//		return
+	} else {
+		ppath = pinfo.ExePath
+		cf := strings.Fields(pinfo.CmdLine)
+		if len(cf) > 1 && strings.HasPrefix(cf[1], "/") {
+			for _, intp := range _interpreters {
+				if strings.Contains(pinfo.ExePath, intp) {
+					ppath = cf[1]
+					break
+				}
 			}
 		}
 	}