|
|
|
|
@ -70,17 +70,17 @@ func (r *Rule) AddrString(redact bool) string {
|
|
|
|
|
|
|
|
|
|
type RuleList []*Rule
|
|
|
|
|
|
|
|
|
|
func (r *Rule) match(pkt *nfqueue.Packet, name string) bool {
|
|
|
|
|
if r.port != matchAny && r.port != pkt.DstPort {
|
|
|
|
|
func (r *Rule) match(dst net.IP, dstPort uint16, hostname string) bool {
|
|
|
|
|
if r.port != matchAny && r.port != dstPort {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
if r.addr == matchAny {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
if r.hostname != "" {
|
|
|
|
|
return r.hostname == name
|
|
|
|
|
return r.hostname == hostname
|
|
|
|
|
}
|
|
|
|
|
return r.addr == binary.BigEndian.Uint32(pkt.Dst)
|
|
|
|
|
return r.addr == binary.BigEndian.Uint32(dst)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type FilterResult int
|
|
|
|
|
@ -91,18 +91,22 @@ const (
|
|
|
|
|
FILTER_PROMPT
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func (rl *RuleList) filter(p *nfqueue.Packet, pinfo *procsnitch.Info, hostname string) FilterResult {
|
|
|
|
|
func (rl *RuleList) filterPacket(p *nfqueue.Packet, pinfo *procsnitch.Info, hostname string) FilterResult {
|
|
|
|
|
return rl.filter(p.Dst, p.DstPort, hostname, pinfo)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (rl *RuleList) filter(dst net.IP, dstPort uint16, hostname string, pinfo *procsnitch.Info) FilterResult {
|
|
|
|
|
if rl == nil {
|
|
|
|
|
return FILTER_PROMPT
|
|
|
|
|
}
|
|
|
|
|
result := FILTER_PROMPT
|
|
|
|
|
for _, r := range *rl {
|
|
|
|
|
if r.match(p, hostname) {
|
|
|
|
|
dst := p.Dst.String()
|
|
|
|
|
if r.match(dst, dstPort, hostname) {
|
|
|
|
|
dstStr := dst.String()
|
|
|
|
|
if logRedact {
|
|
|
|
|
dst = "[redacted]"
|
|
|
|
|
dstStr = "[redacted]"
|
|
|
|
|
}
|
|
|
|
|
log.Info("%s (%s -> %s:%d)", r.getString(logRedact), pinfo.ExePath, dst, p.DstPort)
|
|
|
|
|
log.Info("%s (%s -> %s:%d)", r.getString(logRedact), pinfo.ExePath, dstStr, dstPort)
|
|
|
|
|
if r.rtype == RULE_DENY {
|
|
|
|
|
return FILTER_DENY
|
|
|
|
|
} else if r.rtype == RULE_ALLOW {
|
|
|
|
|
|
Bruce Leidl
8 years ago