matth
/
fw-daemon
mirror of https://github.com/subgraph/fw-daemon
1
1
Fork 0
Code Releases Activity

Proper locking to fix OzInitPids-related crash conditions.

Browse Source
shw_dev
Stephen Watt 7 years ago
parent 62713d74f0
commit 35e7b07e43
3 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File

2
TODO
Unescape View File

@ -5,8 +5,6 @@ fw-daemon:
fw-prompt: fw-prompt:
apply once rules still do not work because they the DBus invocation requires the guid to be passed
more nesting for similar prompts (by application, pid, target host, etc) more nesting for similar prompts (by application, pid, target host, etc)

9
sgfw/ipc.go
Unescape View File

@ -8,6 +8,7 @@ import (
"os" "os"
"strconv" "strconv"
"strings" "strings"
"sync"
"github.com/subgraph/oz/ipc" "github.com/subgraph/oz/ipc"
) )
@ -21,9 +22,14 @@ type OzInitProc struct {
} }
var OzInitPids []OzInitProc = []OzInitProc{} var OzInitPids []OzInitProc = []OzInitProc{}
var OzInitPidsLock = sync.Mutex{}
func addInitPid(pid int, name string, sboxid int) { func addInitPid(pid int, name string, sboxid int) {
fmt.Println("::::::::::: init pid added: ", pid, " -> ", name) fmt.Println("::::::::::: init pid added: ", pid, " -> ", name)
OzInitPidsLock.Lock()
defer OzInitPidsLock.Unlock()
for i := 0; i < len(OzInitPids); i++ { for i := 0; i < len(OzInitPids); i++ {
if OzInitPids[i].Pid == pid { if OzInitPids[i].Pid == pid {
return return
@ -36,6 +42,9 @@ func addInitPid(pid int, name string, sboxid int) {
func removeInitPid(pid int) { func removeInitPid(pid int) {
fmt.Println("::::::::::: removing PID: ", pid) fmt.Println("::::::::::: removing PID: ", pid)
OzInitPidsLock.Lock()
defer OzInitPidsLock.Unlock()
for i := 0; i < len(OzInitPids); i++ { for i := 0; i < len(OzInitPids); i++ {
if OzInitPids[i].Pid == pid { if OzInitPids[i].Pid == pid {
OzInitPids = append(OzInitPids[:i], OzInitPids[i+1:]...) OzInitPids = append(OzInitPids[:i], OzInitPids[i+1:]...)

9
sgfw/policy.go
Unescape View File

@ -656,6 +656,7 @@ func readFileDirect(filename string) ([]byte, error) {
func getAllProcNetDataLocal() ([]string, error) { func getAllProcNetDataLocal() ([]string, error) {
data := "" data := ""
OzInitPidsLock.Lock()
for i := 0; i < len(OzInitPids); i++ { for i := 0; i < len(OzInitPids); i++ {
fname := fmt.Sprintf("/proc/%d/net/tcp", OzInitPids[i]) fname := fmt.Sprintf("/proc/%d/net/tcp", OzInitPids[i])
@ -670,6 +671,8 @@ func getAllProcNetDataLocal() ([]string, error) {
} }
OzInitPidsLock.Unlock()
lines := strings.Split(data, "\n") lines := strings.Split(data, "\n")
rlines := make([]string, 0) rlines := make([]string, 0)
ctr := 1 ctr := 1
@ -715,6 +718,7 @@ func LookupSandboxProc(srcip net.IP, srcp uint16, dstip net.IP, dstp uint16, pro
var res *procsnitch.Info = nil var res *procsnitch.Info = nil
var optstr string var optstr string
removePids := make([]int, 0) removePids := make([]int, 0)
OzInitPidsLock.Lock()
for i := 0; i < len(OzInitPids); i++ { for i := 0; i < len(OzInitPids); i++ {
data := "" data := ""
@ -769,6 +773,8 @@ func LookupSandboxProc(srcip net.IP, srcp uint16, dstip net.IP, dstp uint16, pro
} }
OzInitPidsLock.Unlock()
for _, p := range removePids { for _, p := range removePids {
removeInitPid(p) removeInitPid(p)
} }
@ -820,6 +826,7 @@ func findProcessForPacket(pkt *nfqueue.NFQPacket, reverse bool, strictness int)
if res == nil { if res == nil {
removePids := make([]int, 0) removePids := make([]int, 0)
OzInitPidsLock.Lock()
for i := 0; i < len(OzInitPids); i++ { for i := 0; i < len(OzInitPids); i++ {
data := "" data := ""
@ -868,6 +875,8 @@ func findProcessForPacket(pkt *nfqueue.NFQPacket, reverse bool, strictness int)
} }
OzInitPidsLock.Unlock()
for _, p := range removePids { for _, p := range removePids {
removeInitPid(p) removeInitPid(p)
} }

Write Preview
Loading…
Cancel
Save