shw-merge
xSmurf 7 years ago
parent 8054062418
commit c01894f35c

@ -319,7 +319,7 @@ func createListStore(general bool) *gtk.ListStore {
func addRequest(listStore *gtk.ListStore, path, proto string, pid int, ipaddr, hostname string, port, uid, gid int, origin string, is_socks bool, optstring string, sandbox string) *decisionWaiter { func addRequest(listStore *gtk.ListStore, path, proto string, pid int, ipaddr, hostname string, port, uid, gid int, origin string, is_socks bool, optstring string, sandbox string) *decisionWaiter {
if listStore == nil { if listStore == nil {
listStore = globalLS listStore = globalLS
waitTimes := []int{ 1, 2, 5, 10 } waitTimes := []int{1, 2, 5, 10}
if listStore == nil { if listStore == nil {
log.Print("SGFW prompter was not ready to receive firewall request... waiting") log.Print("SGFW prompter was not ready to receive firewall request... waiting")
@ -344,10 +344,10 @@ func addRequest(listStore *gtk.ListStore, path, proto string, pid int, ipaddr, h
iter := listStore.Append() iter := listStore.Append()
if (is_socks) { if is_socks {
if ((optstring != "") && (strings.Index(optstring, "SOCKS") == -1)) { if (optstring != "") && (strings.Index(optstring, "SOCKS") == -1) {
optstring = "SOCKS5 / " + optstring optstring = "SOCKS5 / " + optstring
} else if (optstring == "") { } else if optstring == "" {
optstring = "SOCKS5" optstring = "SOCKS5"
} }
} }
@ -868,7 +868,7 @@ func main() {
box.PackStart(bb, false, false, 5) box.PackStart(bb, false, false, 5)
box.PackStart(editbox, false, false, 5) box.PackStart(editbox, false, false, 5)
scrollbox.Add(tv) scrollbox.Add(tv)
// box.PackStart(tv, false, true, 5) // box.PackStart(tv, false, true, 5)
box.PackStart(scrollbox, false, true, 5) box.PackStart(scrollbox, false, true, 5)
tv.AppendColumn(createColumn("#", 0)) tv.AppendColumn(createColumn("#", 0))
@ -1005,13 +1005,13 @@ func main() {
}) })
scrollbox.SetSizeRequest(600, 400) scrollbox.SetSizeRequest(600, 400)
// Notebook.AppendPage(scrollbox, nbLabel) // Notebook.AppendPage(scrollbox, nbLabel)
Notebook.AppendPage(box, nbLabel) Notebook.AppendPage(box, nbLabel)
// setup_settings() // setup_settings()
mainWin.Add(Notebook) mainWin.Add(Notebook)
if userPrefs.Winheight > 0 && userPrefs.Winwidth > 0 { if userPrefs.Winheight > 0 && userPrefs.Winwidth > 0 {
// fmt.Printf("height was %d, width was %d\n", userPrefs.Winheight, userPrefs.Winwidth) // fmt.Printf("height was %d, width was %d\n", userPrefs.Winheight, userPrefs.Winwidth)
mainWin.Resize(int(userPrefs.Winwidth), int(userPrefs.Winheight)) mainWin.Resize(int(userPrefs.Winwidth), int(userPrefs.Winheight))
} else { } else {
mainWin.SetDefaultSize(850, 450) mainWin.SetDefaultSize(850, 450)

@ -5,8 +5,8 @@ import (
"fmt" "fmt"
"os" "os"
"path/filepath" "path/filepath"
"regexp"
"reflect" "reflect"
"regexp"
"github.com/gotk3/gotk3/glib" "github.com/gotk3/gotk3/glib"
"github.com/gotk3/gotk3/gtk" "github.com/gotk3/gotk3/gtk"
@ -39,9 +39,9 @@ func builderForDefinition(uiName string) *gtk.Builder {
maj := gtk.GetMajorVersion() maj := gtk.GetMajorVersion()
min := gtk.GetMinorVersion() min := gtk.GetMinorVersion()
if ((maj == 3) && (min < 20)) { if (maj == 3) && (min < 20) {
fmt.Fprintf(os.Stderr, fmt.Fprintf(os.Stderr,
"Attempting runtime work-around for older versions of libgtk-3...\n"); "Attempting runtime work-around for older versions of libgtk-3...\n")
dep_re := regexp.MustCompile(`<\s?property\s+name\s?=\s?"icon_size"\s?>.+<\s?/property\s?>`) dep_re := regexp.MustCompile(`<\s?property\s+name\s?=\s?"icon_size"\s?>.+<\s?/property\s?>`)
template = dep_re.ReplaceAllString(template, ``) template = dep_re.ReplaceAllString(template, ``)

@ -71,7 +71,7 @@ func MonitorThread(cbfunc procCB, param interface{}) {
pmutex.Unlock() pmutex.Unlock()
for pkey, pval := range pidMap { for pkey, pval := range pidMap {
// fmt.Printf("PID %v -> %v\n", pkey, pval) // fmt.Printf("PID %v -> %v\n", pkey, pval)
res := checkProcess(&pval, false) res := checkProcess(&pval, false)
if !res { if !res {
@ -96,7 +96,7 @@ func checkProcess(proc *WatchProcess, init bool) bool {
ppath := fmt.Sprintf("/proc/%d/stat", proc.Pid) ppath := fmt.Sprintf("/proc/%d/stat", proc.Pid)
f, err := os.Open(ppath) f, err := os.Open(ppath)
if err != nil { if err != nil {
// fmt.Printf("Error opening path %s: %s\n", ppath, err) // fmt.Printf("Error opening path %s: %s\n", ppath, err)
return false return false
} }
defer f.Close() defer f.Close()
@ -129,7 +129,7 @@ func checkProcess(proc *WatchProcess, init bool) bool {
} }
bstr := string(buf[:]) bstr := string(buf[:])
// fmt.Println("sstr = ", bstr) // fmt.Println("sstr = ", bstr)
fields := strings.Split(bstr, " ") fields := strings.Split(bstr, " ")

@ -29,7 +29,7 @@ var FirewallConfig FirewallConfigs
func _readConfig(file string) []byte { func _readConfig(file string) []byte {
envFile := os.Getenv("SGFW_CONF") envFile := os.Getenv("SGFW_CONF")
if envFile != "" { if envFile != "" {
file = envFile file = envFile
} }

@ -166,7 +166,7 @@ func (dc *dnsCache) Lookup(ip net.IP, pid int) string {
entry, ok := dc.ipMap[pid][ip.String()] entry, ok := dc.ipMap[pid][ip.String()]
if ok { if ok {
if now.Before(entry.exp) { if now.Before(entry.exp) {
// log.Noticef("XXX: LOOKUP on %v / %v = %v, ttl = %v / %v\n", pid, ip.String(), entry.name, entry.ttl, entry.exp) // log.Noticef("XXX: LOOKUP on %v / %v = %v, ttl = %v / %v\n", pid, ip.String(), entry.name, entry.ttl, entry.exp)
return entry.name return entry.name
} else { } else {
log.Warningf("Skipping expired per-pid (%d) DNS cache entry: %s -> %s / exp. %v (%ds)\n", log.Warningf("Skipping expired per-pid (%d) DNS cache entry: %s -> %s / exp. %v (%ds)\n",
@ -180,7 +180,7 @@ func (dc *dnsCache) Lookup(ip net.IP, pid int) string {
if ok { if ok {
if now.Before(entry.exp) { if now.Before(entry.exp) {
str = entry.name str = entry.name
// log.Noticef("XXX: LOOKUP on %v / 0 RETURNING %v, ttl = %v / %v\n", ip.String(), str, entry.ttl, entry.exp) // log.Noticef("XXX: LOOKUP on %v / 0 RETURNING %v, ttl = %v / %v\n", ip.String(), str, entry.ttl, entry.exp)
} else { } else {
log.Warningf("Skipping expired global DNS cache entry: %s -> %s / exp. %v (%ds)\n", log.Warningf("Skipping expired global DNS cache entry: %s -> %s / exp. %v (%ds)\n",
ip.String(), entry.name, entry.exp, entry.ttl) ip.String(), entry.name, entry.exp, entry.ttl)

@ -371,7 +371,7 @@ func (p *Policy) filterPending(rule *Rule) {
for _, pc := range p.pendingQueue { for _, pc := range p.pendingQueue {
if rule.match(pc.src(), pc.dst(), pc.dstPort(), pc.hostname(), pc.proto(), pc.procInfo().UID, pc.procInfo().GID, uidToUser(pc.procInfo().UID), gidToGroup(pc.procInfo().GID)) { if rule.match(pc.src(), pc.dst(), pc.dstPort(), pc.hostname(), pc.proto(), pc.procInfo().UID, pc.procInfo().GID, uidToUser(pc.procInfo().UID), gidToGroup(pc.procInfo().GID)) {
log.Infof("Adding rule for: %s", rule.getString(FirewallConfig.LogRedact)) log.Infof("Adding rule for: %s", rule.getString(FirewallConfig.LogRedact))
// log.Noticef("%s > %s", rule.getString(FirewallConfig.LogRedact), pc.print()) // log.Noticef("%s > %s", rule.getString(FirewallConfig.LogRedact), pc.print())
if rule.rtype == RULE_ACTION_ALLOW { if rule.rtype == RULE_ACTION_ALLOW {
pc.accept() pc.accept()
} else if rule.rtype == RULE_ACTION_ALLOW_TLSONLY { } else if rule.rtype == RULE_ACTION_ALLOW_TLSONLY {
@ -649,7 +649,7 @@ func LookupSandboxProc(srcip net.IP, srcp uint16, dstip net.IP, dstp uint16, pro
rlines = append(rlines, strings.Join(ssplit, ":")) rlines = append(rlines, strings.Join(ssplit, ":"))
} }
// log.Warningf("Looking for %s:%d => %s:%d \n %s\n******\n", srcip, srcp, dstip, dstp, data) // log.Warningf("Looking for %s:%d => %s:%d \n %s\n******\n", srcip, srcp, dstip, dstp, data)
if proto == "tcp" { if proto == "tcp" {
res = procsnitch.LookupTCPSocketProcessAll(srcip, srcp, dstip, dstp, rlines) res = procsnitch.LookupTCPSocketProcessAll(srcip, srcp, dstip, dstp, rlines)

@ -53,11 +53,11 @@ func (p *prompter) prompt(policy *Policy) {
func (p *prompter) promptLoop() { func (p *prompter) promptLoop() {
p.lock.Lock() p.lock.Lock()
for { for {
// fmt.Println("XXX: promptLoop() outer") // fmt.Println("XXX: promptLoop() outer")
for p.processNextPacket() { for p.processNextPacket() {
// fmt.Println("XXX: promptLoop() inner") // fmt.Println("XXX: promptLoop() inner")
} }
// fmt.Println("promptLoop() wait") // fmt.Println("promptLoop() wait")
p.cond.Wait() p.cond.Wait()
} }
} }
@ -79,7 +79,7 @@ func (p *prompter) processNextPacket() bool {
empty := true empty := true
for { for {
pc, empty = p.nextConnection() pc, empty = p.nextConnection()
// fmt.Println("XXX: processNextPacket() loop; empty = ", empty, " / pc = ", pc) // fmt.Println("XXX: processNextPacket() loop; empty = ", empty, " / pc = ", pc)
if pc == nil && empty { if pc == nil && empty {
return false return false
} else if pc == nil { } else if pc == nil {
@ -90,7 +90,7 @@ func (p *prompter) processNextPacket() bool {
} }
p.lock.Unlock() p.lock.Unlock()
defer p.lock.Lock() defer p.lock.Lock()
// fmt.Println("XXX: Waiting for prompt lock go...") // fmt.Println("XXX: Waiting for prompt lock go...")
for { for {
promptLock.Lock() promptLock.Lock()
if outstandingPrompts >= MAX_PROMPTS { if outstandingPrompts >= MAX_PROMPTS {
@ -106,9 +106,9 @@ func (p *prompter) processNextPacket() bool {
break break
} }
// fmt.Println("XXX: Passed prompt lock!") // fmt.Println("XXX: Passed prompt lock!")
outstandingPrompts++ outstandingPrompts++
// fmt.Println("XXX: Incremented outstanding to ", outstandingPrompts) // fmt.Println("XXX: Incremented outstanding to ", outstandingPrompts)
promptLock.Unlock() promptLock.Unlock()
// if !pc.getPrompting() { // if !pc.getPrompting() {
pc.setPrompting(true) pc.setPrompting(true)
@ -120,7 +120,7 @@ func (p *prompter) processNextPacket() bool {
func processReturn(pc pendingConnection) { func processReturn(pc pendingConnection) {
promptLock.Lock() promptLock.Lock()
outstandingPrompts-- outstandingPrompts--
// fmt.Println("XXX: Return decremented outstanding to ", outstandingPrompts) // fmt.Println("XXX: Return decremented outstanding to ", outstandingPrompts)
promptLock.Unlock() promptLock.Unlock()
pc.setPrompting(false) pc.setPrompting(false)
} }

@ -184,7 +184,7 @@ func (rl *RuleList) filter(pkt *nfqueue.NFQPacket, src, dst net.IP, dstPort uint
nfqproto = getNFQProto(pkt) nfqproto = getNFQProto(pkt)
} else { } else {
if r.saddr == nil && src == nil && sandboxed == false && (r.port == dstPort || r.port == matchAny) && (r.addr.Equal(anyAddress) || r.hostname == "" || r.hostname == hostname) { if r.saddr == nil && src == nil && sandboxed == false && (r.port == dstPort || r.port == matchAny) && (r.addr.Equal(anyAddress) || r.hostname == "" || r.hostname == hostname) {
// log.Notice("+ Socks5 MATCH SUCCEEDED") // log.Notice("+ Socks5 MATCH SUCCEEDED")
if r.rtype == RULE_ACTION_DENY { if r.rtype == RULE_ACTION_DENY {
return FILTER_DENY return FILTER_DENY
} else if r.rtype == RULE_ACTION_ALLOW { } else if r.rtype == RULE_ACTION_ALLOW {
@ -203,7 +203,7 @@ func (rl *RuleList) filter(pkt *nfqueue.NFQPacket, src, dst net.IP, dstPort uint
continue continue
} }
if r.match(src, dst, dstPort, hostname, nfqproto, pinfo.UID, pinfo.GID, uidToUser(pinfo.UID), gidToGroup(pinfo.GID)) { if r.match(src, dst, dstPort, hostname, nfqproto, pinfo.UID, pinfo.GID, uidToUser(pinfo.UID), gidToGroup(pinfo.GID)) {
// log.Notice("+ MATCH SUCCEEDED") // log.Notice("+ MATCH SUCCEEDED")
dstStr := dst.String() dstStr := dst.String()
if FirewallConfig.LogRedact { if FirewallConfig.LogRedact {
dstStr = STR_REDACTED dstStr = STR_REDACTED
@ -214,7 +214,7 @@ func (rl *RuleList) filter(pkt *nfqueue.NFQPacket, src, dst net.IP, dstPort uint
srcp, _ := getPacketPorts(pkt) srcp, _ := getPacketPorts(pkt)
srcStr = fmt.Sprintf("%s:%d", srcip, srcp) srcStr = fmt.Sprintf("%s:%d", srcip, srcp)
} }
// log.Noticef("%s > %s %s %s -> %s:%d", // log.Noticef("%s > %s %s %s -> %s:%d",
//r.getString(FirewallConfig.LogRedact), pinfo.ExePath, r.proto, srcStr, dstStr, dstPort) //r.getString(FirewallConfig.LogRedact), pinfo.ExePath, r.proto, srcStr, dstStr, dstPort)
if r.rtype == RULE_ACTION_DENY { if r.rtype == RULE_ACTION_DENY {
//TODO: Optionally redact below log entry //TODO: Optionally redact below log entry

@ -117,7 +117,7 @@ func TLSGuard(conn, conn2 net.Conn, fqdn string) error {
for remaining > 0 { for remaining > 0 {
certLen := int(int(pos[0])<<16 | int(pos[1])<<8 | int(pos[2])) certLen := int(int(pos[0])<<16 | int(pos[1])<<8 | int(pos[2]))
// fmt.Printf("Certs chain len %d, cert 1 len %d:\n", certChainLen, certLen) // fmt.Printf("Certs chain len %d, cert 1 len %d:\n", certChainLen, certLen)
cert := pos[3 : 3+certLen] cert := pos[3 : 3+certLen]
certs, err := x509.ParseCertificates(cert) certs, err := x509.ParseCertificates(cert)
if remaining == certChainLen { if remaining == certChainLen {
@ -149,11 +149,11 @@ func TLSGuard(conn, conn2 net.Conn, fqdn string) error {
sendToClient = true sendToClient = true
} }
// fmt.Printf("Version bytes: %x %x\n", responseBuf[1], responseBuf[2]) // fmt.Printf("Version bytes: %x %x\n", responseBuf[1], responseBuf[2])
// fmt.Printf("Len bytes: %x %x\n", responseBuf[3], responseBuf[4]) // fmt.Printf("Len bytes: %x %x\n", responseBuf[3], responseBuf[4])
// fmt.Printf("Message type: %x\n", responseBuf[5]) // fmt.Printf("Message type: %x\n", responseBuf[5])
// fmt.Printf("Message len: %x %x %x\n", responseBuf[6], responseBuf[7], responseBuf[8]) // fmt.Printf("Message len: %x %x %x\n", responseBuf[6], responseBuf[7], responseBuf[8])
// fmt.Printf("Message body: %v\n", responseBuf[9:]) // fmt.Printf("Message body: %v\n", responseBuf[9:])
conn.Write(responseBuf) conn.Write(responseBuf)
responseBuf = []byte{} responseBuf = []byte{}
} }

@ -55,7 +55,7 @@ func (eth *Ethernet) DecodeFromBytes(data []byte, df gopacket.DecodeFeedback) er
// Strip off bytes at the end, since we have too many bytes // Strip off bytes at the end, since we have too many bytes
eth.Payload = eth.Payload[:len(eth.Payload)-cmp] eth.Payload = eth.Payload[:len(eth.Payload)-cmp]
} }
// fmt.Println(eth) // fmt.Println(eth)
} }
return nil return nil
} }

Loading…
Cancel
Save