dma 7 years ago
parent 71c17675f5
commit 139c4a08b8

@ -5,6 +5,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"net" "net"
"sync"
"os" "os"
"strconv" "strconv"
"strings" "strings"
@ -21,9 +22,13 @@ type OzInitProc struct {
} }
var OzInitPids []OzInitProc = []OzInitProc{} var OzInitPids []OzInitProc = []OzInitProc{}
var OzInitPidsLock = sync.Mutex{}
func addInitPid(pid int, name string, sboxid int) { func addInitPid(pid int, name string, sboxid int) {
fmt.Println("::::::::::: init pid added: ", pid, " -> ", name) fmt.Println("::::::::::: init pid added: ", pid, " -> ", name)
OzInitPidsLock.Lock()
defer OzInitPidsLock.Unlock()
for i := 0; i < len(OzInitPids); i++ { for i := 0; i < len(OzInitPids); i++ {
if OzInitPids[i].Pid == pid { if OzInitPids[i].Pid == pid {
return return
@ -36,6 +41,9 @@ func addInitPid(pid int, name string, sboxid int) {
func removeInitPid(pid int) { func removeInitPid(pid int) {
fmt.Println("::::::::::: removing PID: ", pid) fmt.Println("::::::::::: removing PID: ", pid)
OzInitPidsLock.Lock()
defer OzInitPidsLock.Unlock()
for i := 0; i < len(OzInitPids); i++ { for i := 0; i < len(OzInitPids); i++ {
if OzInitPids[i].Pid == pid { if OzInitPids[i].Pid == pid {
OzInitPids = append(OzInitPids[:i], OzInitPids[i+1:]...) OzInitPids = append(OzInitPids[:i], OzInitPids[i+1:]...)

@ -252,7 +252,6 @@ func (p *Policy) processPacket(pkt *nfqueue.NFQPacket, pinfo *procsnitch.Info, o
dstip := net.IP(dstb) dstip := net.IP(dstb)
srcip := net.IP(pkt.Packet.NetworkLayer().NetworkFlow().Src().Raw()) srcip := net.IP(pkt.Packet.NetworkLayer().NetworkFlow().Src().Raw())
name := p.fw.dns.Lookup(dstip, pinfo.Pid) name := p.fw.dns.Lookup(dstip, pinfo.Pid)
log.Infof("Lookup(%s): %s", dstip.String(), name)
if !FirewallConfig.LogRedact { if !FirewallConfig.LogRedact {
log.Infof("Lookup(%s): %s", dstip.String(), name) log.Infof("Lookup(%s): %s", dstip.String(), name)
@ -380,8 +379,12 @@ func (p *Policy) filterPending(rule *Rule) {
pc.acceptTLSOnly() pc.acceptTLSOnly()
} else { } else {
srcs := pc.src().String() + ":" + strconv.Itoa(int(pc.srcPort())) srcs := pc.src().String() + ":" + strconv.Itoa(int(pc.srcPort()))
log.Warningf("DENIED outgoing connection attempt by %s from %s %s -> %s:%d (user prompt) %v", dests := STR_REDACTED
pc.procInfo().ExePath, pc.proto(), srcs, pc.dst(), pc.dstPort, rule.rtype) if !FirewallConfig.LogRedact {
dests = fmt.Sprintf("%s%d",pc.dst(), pc.dstPort)
}
log.Warningf("DENIED outgoing connection attempt by %s from %s %s -> %s (user prompt) %v",
pc.procInfo().ExePath, pc.proto(), srcs, dests, rule.rtype)
pc.drop() pc.drop()
} }
} else { } else {
@ -573,6 +576,8 @@ func readFileDirect(filename string) ([]byte, error) {
func getAllProcNetDataLocal() ([]string, error) { func getAllProcNetDataLocal() ([]string, error) {
data := "" data := ""
OzInitPidsLock.Lock()
for i := 0; i < len(OzInitPids); i++ { for i := 0; i < len(OzInitPids); i++ {
fname := fmt.Sprintf("/proc/%d/net/tcp", OzInitPids[i]) fname := fmt.Sprintf("/proc/%d/net/tcp", OzInitPids[i])
//fmt.Println("XXX: opening: ", fname) //fmt.Println("XXX: opening: ", fname)
@ -584,6 +589,8 @@ func getAllProcNetDataLocal() ([]string, error) {
data += string(bdata) data += string(bdata)
} }
OzInitPidsLock.Unlock()
} }
lines := strings.Split(data, "\n") lines := strings.Split(data, "\n")
@ -631,6 +638,7 @@ func LookupSandboxProc(srcip net.IP, srcp uint16, dstip net.IP, dstp uint16, pro
var res *procsnitch.Info = nil var res *procsnitch.Info = nil
var optstr string var optstr string
removePids := make([]int, 0) removePids := make([]int, 0)
OzInitPidsLock.Lock()
for i := 0; i < len(OzInitPids); i++ { for i := 0; i < len(OzInitPids); i++ {
data := "" data := ""
@ -685,6 +693,8 @@ func LookupSandboxProc(srcip net.IP, srcp uint16, dstip net.IP, dstp uint16, pro
} }
OzInitPidsLock.Unlock()
for _, p := range removePids { for _, p := range removePids {
removeInitPid(p) removeInitPid(p)
} }

Loading…
Cancel
Save