|
|
@ -371,7 +371,7 @@ func (p *Policy) filterPending(rule *Rule) {
|
|
|
|
for _, pc := range p.pendingQueue {
|
|
|
|
for _, pc := range p.pendingQueue {
|
|
|
|
if rule.match(pc.src(), pc.dst(), pc.dstPort(), pc.hostname(), pc.proto(), pc.procInfo().UID, pc.procInfo().GID, uidToUser(pc.procInfo().UID), gidToGroup(pc.procInfo().GID)) {
|
|
|
|
if rule.match(pc.src(), pc.dst(), pc.dstPort(), pc.hostname(), pc.proto(), pc.procInfo().UID, pc.procInfo().GID, uidToUser(pc.procInfo().UID), gidToGroup(pc.procInfo().GID)) {
|
|
|
|
log.Infof("Adding rule for: %s", rule.getString(FirewallConfig.LogRedact))
|
|
|
|
log.Infof("Adding rule for: %s", rule.getString(FirewallConfig.LogRedact))
|
|
|
|
// log.Noticef("%s > %s", rule.getString(FirewallConfig.LogRedact), pc.print())
|
|
|
|
// log.Noticef("%s > %s", rule.getString(FirewallConfig.LogRedact), pc.print())
|
|
|
|
if rule.rtype == RULE_ACTION_ALLOW {
|
|
|
|
if rule.rtype == RULE_ACTION_ALLOW {
|
|
|
|
pc.accept()
|
|
|
|
pc.accept()
|
|
|
|
} else if rule.rtype == RULE_ACTION_ALLOW_TLSONLY {
|
|
|
|
} else if rule.rtype == RULE_ACTION_ALLOW_TLSONLY {
|
|
|
@ -542,19 +542,19 @@ func readFileDirect(filename string) ([]byte, error) {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
data = data[0:i]
|
|
|
|
data = data[0:i]
|
|
|
|
/*
|
|
|
|
/*
|
|
|
|
val, err := syscall.Read(fd, data)
|
|
|
|
val, err := syscall.Read(fd, data)
|
|
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
syscall.Close(fd)
|
|
|
|
syscall.Close(fd)
|
|
|
|
/*
|
|
|
|
/*
|
|
|
|
if val < 65535 {
|
|
|
|
if val < 65535 {
|
|
|
|
data = data[0:val]
|
|
|
|
data = data[0:val]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
return data, nil
|
|
|
|
return data, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|