Support for handling network traffic that can't be uncovered with procsnitch.

shw_dev
shw 8 years ago
parent e3cc00a51f
commit 08266cca76

@ -51,11 +51,26 @@ type pendingPkt struct {
pinfo *procsnitch.Info pinfo *procsnitch.Info
} }
func getEmptyPInfo() *procsnitch.Info {
pinfo := procsnitch.Info{}
pinfo.UID, pinfo.Pid, pinfo.ParentPid = 0, 0, 0
pinfo.ExePath = "[unknown-exe]"
pinfo.CmdLine = "[unknown-cmdline]"
pinfo.FirstArg = "[unknown-arg]"
pinfo.ParentCmdLine = "[unknown-pcmdline]"
pinfo.ParentExePath = "[unknown-pexe]"
return &pinfo
}
func (pp *pendingPkt) policy() *Policy { func (pp *pendingPkt) policy() *Policy {
return pp.pol return pp.pol
} }
func (pp *pendingPkt) procInfo() *procsnitch.Info { func (pp *pendingPkt) procInfo() *procsnitch.Info {
if pp.pinfo == nil {
return getEmptyPInfo()
}
return pp.pinfo return pp.pinfo
} }
@ -342,14 +357,16 @@ func (fw *Firewall) filterPacket(pkt *nfqueue.NFQPacket) {
} }
ppath := "*"
pinfo := findProcessForPacket(pkt) pinfo := findProcessForPacket(pkt)
if pinfo == nil { if pinfo == nil {
pinfo = getEmptyPInfo()
log.Warningf("No proc found for %s", printPacket(pkt, fw.dns.Lookup(dstip), nil)) log.Warningf("No proc found for %s", printPacket(pkt, fw.dns.Lookup(dstip), nil))
pkt.Accept() // pkt.Accept()
return // return
} } else {
ppath := pinfo.ExePath ppath = pinfo.ExePath
cf := strings.Fields(pinfo.CmdLine) cf := strings.Fields(pinfo.CmdLine)
if len(cf) > 1 && strings.HasPrefix(cf[1], "/") { if len(cf) > 1 && strings.HasPrefix(cf[1], "/") {
for _, intp := range _interpreters { for _, intp := range _interpreters {
@ -359,6 +376,7 @@ func (fw *Firewall) filterPacket(pkt *nfqueue.NFQPacket) {
} }
} }
} }
}
log.Debugf("filterPacket [%s] %s", ppath, printPacket(pkt, fw.dns.Lookup(dstip), nil)) log.Debugf("filterPacket [%s] %s", ppath, printPacket(pkt, fw.dns.Lookup(dstip), nil))
if basicAllowPacket(pkt) { if basicAllowPacket(pkt) {
pkt.Accept() pkt.Accept()

Loading…
Cancel
Save