Added methods for filtering which don't require a packet argument

socks-filter
Bruce Leidl 9 years ago
parent 68218b4e83
commit 3fa78390fc

@ -70,17 +70,17 @@ func (r *Rule) AddrString(redact bool) string {
type RuleList []*Rule
func (r *Rule) match(pkt *nfqueue.Packet, name string) bool {
if r.port != matchAny && r.port != pkt.DstPort {
func (r *Rule) match(dst net.IP, dstPort uint16, hostname string) bool {
if r.port != matchAny && r.port != dstPort {
return false
}
if r.addr == matchAny {
return true
}
if r.hostname != "" {
return r.hostname == name
return r.hostname == hostname
}
return r.addr == binary.BigEndian.Uint32(pkt.Dst)
return r.addr == binary.BigEndian.Uint32(dst)
}
type FilterResult int
@ -91,18 +91,22 @@ const (
FILTER_PROMPT
)
func (rl *RuleList) filter(p *nfqueue.Packet, pinfo *procsnitch.Info, hostname string) FilterResult {
func (rl *RuleList) filterPacket(p *nfqueue.Packet, pinfo *procsnitch.Info, hostname string) FilterResult {
return rl.filter(p.Dst, p.DstPort, hostname, pinfo)
}
func (rl *RuleList) filter(dst net.IP, dstPort uint16, hostname string, pinfo *procsnitch.Info) FilterResult {
if rl == nil {
return FILTER_PROMPT
}
result := FILTER_PROMPT
for _, r := range *rl {
if r.match(p, hostname) {
dst := p.Dst.String()
if r.match(dst, dstPort, hostname) {
dstStr := dst.String()
if logRedact {
dst = "[redacted]"
dstStr = "[redacted]"
}
log.Info("%s (%s -> %s:%d)", r.getString(logRedact), pinfo.ExePath, dst, p.DstPort)
log.Info("%s (%s -> %s:%d)", r.getString(logRedact), pinfo.ExePath, dstStr, dstPort)
if r.rtype == RULE_DENY {
return FILTER_DENY
} else if r.rtype == RULE_ALLOW {

Loading…
Cancel
Save