Added methods for filtering which don't require a packet argument

9 years ago · 3fa78390fc
parent 68218b4e83
commit 3fa78390fc
1 changed files with 13 additions and 9 deletions
--- a/rules.go
+++ b/rules.go
@ -70,17 +70,17 @@ func (r *Rule) AddrString(redact bool) string {
 type RuleList []*Rule
-func (r *Rule) match(pkt *nfqueue.Packet, name string) bool {
+func (r *Rule) match(dst net.IP, dstPort uint16, hostname string) bool {
-	if r.port != matchAny && r.port != pkt.DstPort {
+	if r.port != matchAny && r.port != dstPort {
 		return false
 	}
 	if r.addr == matchAny {
 		return true
 	}
 	if r.hostname != "" {
-		return r.hostname == name
+		return r.hostname == hostname
 	}
-	return r.addr == binary.BigEndian.Uint32(pkt.Dst)
+	return r.addr == binary.BigEndian.Uint32(dst)
 }
 type FilterResult int
@ -91,18 +91,22 @@ const (
 	FILTER_PROMPT
 )
-func (rl *RuleList) filter(p *nfqueue.Packet, pinfo *procsnitch.Info, hostname string) FilterResult {
+func (rl *RuleList) filterPacket(p *nfqueue.Packet, pinfo *procsnitch.Info, hostname string) FilterResult {
 	return rl.filter(p.Dst, p.DstPort, hostname, pinfo)
 }
 func (rl *RuleList) filter(dst net.IP, dstPort uint16, hostname string, pinfo *procsnitch.Info) FilterResult {
 	if rl == nil {
 		return FILTER_PROMPT
 	}
 	result := FILTER_PROMPT
 	for _, r := range *rl {
-		if r.match(p, hostname) {
+		if r.match(dst, dstPort, hostname) {
-			dst := p.Dst.String()
+			dstStr := dst.String()
 			if logRedact {
-				dst = "[redacted]"
+				dstStr = "[redacted]"
 			}
-			log.Info("%s (%s -> %s:%d)", r.getString(logRedact), pinfo.ExePath, dst, p.DstPort)
+			log.Info("%s (%s -> %s:%d)", r.getString(logRedact), pinfo.ExePath, dstStr, dstPort)
 			if r.rtype == RULE_DENY {
 				return FILTER_DENY
 			} else if r.rtype == RULE_ALLOW {