matth
/
fw-daemon
mirror of https://github.com/subgraph/fw-daemon
1
1
Fork 0
Code Releases Activity

Fix rule evaluation of outgoing connections emerging from sandbox proxy ports

Browse Source
shw_dev
dma 7 years ago
parent d0e5a97a53
commit ae8f6d96ba
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File

3
sgfw/rules.go
Unescape View File

@ -167,10 +167,13 @@ log.Notice("r.saddr: ", r.saddr, "src: ", src , "sandboxed ", sandboxed, "optstr
if r.saddr == nil && src != nil && sandboxed { if r.saddr == nil && src != nil && sandboxed {
log.Notice("! Skipping comparison against incompatible rule types: rule src = ", r.saddr, " / packet src = ", src) log.Notice("! Skipping comparison against incompatible rule types: rule src = ", r.saddr, " / packet src = ", src)
continue continue
} else if r.saddr == nil && src == nil && sandboxed {
continue
} else if r.saddr != nil && !r.saddr.Equal(src) && r.proto != "icmp" { } else if r.saddr != nil && !r.saddr.Equal(src) && r.proto != "icmp" {
log.Notice("! Skipping comparison of mismatching source ips") log.Notice("! Skipping comparison of mismatching source ips")
continue continue
} }
log.Notice("r.saddr = ", r.saddr, "src = ", src, "\n")
if r.pid >= 0 && r.pid != pinfo.Pid { if r.pid >= 0 && r.pid != pinfo.Pid {
//log.Notice("! Skipping comparison of mismatching PIDs") //log.Notice("! Skipping comparison of mismatching PIDs")
continue continue

Write Preview
Loading…
Cancel
Save