Loosen match on UDP socket lookup (still WIP)

7 years ago · 14e1f99b03
parent 2e7b7debeb
commit 14e1f99b03
2 changed files with 6 additions and 3 deletions
--- a/sgfw/policy.go
+++ b/sgfw/policy.go
@ -638,7 +638,7 @@ func findProcessForPacket(pkt *nfqueue.NFQPacket, reverse bool, strictness int)
 		return nil, optstr
 	}
-//log.Noticef("XXX proto = %s, from %v : %v -> %v : %v\n", proto, srcip, srcp, dstip, dstp)
+	log.Noticef("XXX proto = %s, from %v : %v -> %v : %v\n", proto, srcip, srcp, dstip, dstp)
 	var res *procsnitch.Info = nil
--- a/vendor/github.com/subgraph/go-procsnitch/socket.go
+++ b/vendor/github.com/subgraph/go-procsnitch/socket.go
@ -111,12 +111,15 @@ func findUDPSocketAll(srcAddr net.IP, srcPort uint16, dstAddr net.IP, dstPort ui
 	if custdata == nil {
 		if strictness == MATCH_STRICT {
 			return findSocket(proto, func(ss socketStatus) bool {
-				return ss.remote.ip.Equal(dstAddr) && ss.local.port == srcPort && ss.local.ip.Equal(srcAddr)
+				//return ss.remote.ip.Equal(dstAddr) && ss.local.port == srcPort && ss.local.ip.Equal(srcAddr)
 				return ss.local.port == srcPort && ss.local.ip.Equal(srcAddr)
 			})
 		} else if strictness == MATCH_LOOSE {
 			return findSocket(proto, func(ss socketStatus) bool {
 				return ss.local.port == srcPort && (ss.local.ip.Equal(srcAddr) || ss.local.ip.Equal(net.IPv4(0,0,0,0)))
 				/*
 				return (ss.remote.ip.Equal(dstAddr) || addrMatchesAny(ss.remote.ip)) && ss.local.port == srcPort && ss.local.ip.Equal(srcAddr) ||
-					(ss.local.ip.Equal(dstAddr) || addrMatchesAny(ss.local.ip)) && ss.remote.port == srcPort && ss.remote.ip.Equal(srcAddr)
+					(ss.local.ip.Equal(dstAddr) || addrMatchesAny(ss.local.ip)) && ss.remote.port == srcPort && ss.remote.ip.Equal(srcAddr) */
 			})
 		}
 		return findSocket(proto, func(ss socketStatus) bool {