From d0e5a97a5332665c64599c39d0165b98df9d9df5 Mon Sep 17 00:00:00 2001
From: dma <dma@subgraph.com>
Date: Sat, 9 Sep 2017 04:15:17 +0000
Subject: [PATCH] Fixing process identification for UDP packets (still WIP)

---
 .../subgraph/go-procsnitch/socket.go          | 50 ++++++++++++++++++-
 1 file changed, 49 insertions(+), 1 deletion(-)

diff --git a/vendor/github.com/subgraph/go-procsnitch/socket.go b/vendor/github.com/subgraph/go-procsnitch/socket.go
index 448eba2..f137ed0 100644
--- a/vendor/github.com/subgraph/go-procsnitch/socket.go
+++ b/vendor/github.com/subgraph/go-procsnitch/socket.go
@@ -111,12 +111,60 @@ func findUDPSocketAll(srcAddr net.IP, srcPort uint16, dstAddr net.IP, dstPort ui
 	if custdata == nil {
 		if strictness == MATCH_STRICT {
 			return findSocket(proto, func(ss socketStatus) bool {
+				fmt.Println("Match strict")
 				return ss.remote.ip.Equal(dstAddr) && ss.local.port == srcPort && ss.local.ip.Equal(srcAddr)
+				//return ss.local.port == srcPort && ss.local.ip.Equal(srcAddr)
 			})
 		} else if strictness == MATCH_LOOSE {
 			return findSocket(proto, func(ss socketStatus) bool {
+				/* 
+				fmt.Println("Match loose")
+				fmt.Printf("sock dst = %v pkt dst = %v\n", ss.remote.ip, dstAddr)
+				fmt.Printf("sock port = %d pkt port = %d\n", ss.local.port, srcPort)
+				fmt.Printf("local ip: %v\n source ip: %v\n", ss.local.ip, srcAddr)
+				*/
+
+				if (ss.local.port == srcPort && (ss.local.ip.Equal(net.IPv4(0,0,0,0)) && ss.remote.ip.Equal(net.IPv4(0,0,0,0)))) {
+					fmt.Printf("Matching for UDP socket bound to *:%d\n",ss.local.port)
+					return true
+				} else if (ss.remote.ip.Equal(dstAddr) && ss.local.port == srcPort && ss.local.ip.Equal(srcAddr)) {
+					return true
+				}
+
+				// Finally, loop through all interfaces if src port matches 
+
+				if ss.local.port == srcPort {
+					ifs, err := net.Interfaces()
+					if err != nil {
+						log.Warningf("Error on net.Interfaces(): %v", err)
+						return false
+					}
+					for _, i := range ifs {
+						addrs, err := i.Addrs()
+						if err != nil {
+							log.Warningf("Error on Interface.Addrs(): %v", err)
+							return false
+						}
+						for _, addr := range addrs {
+							var ifip net.IP
+							switch x := addr.(type) {
+								case *net.IPNet:
+									ifip = x.IP
+								case *net.IPAddr:
+									ifip = x.IP
+							}
+							if ss.local.ip.Equal(ifip) {
+								fmt.Printf("Matched on UDP socket bound to %v:%d\n",ifip,srcPort)
+								return true
+							}
+						}
+					}
+				}
+				return false
+				//return (ss.remote.ip.Equal(dstAddr) || ss.remote.ip.Equal(net.IPv4(0,0,0,0))) && ss.local.port == srcPort && (ss.local.ip.Equal(srcAddr) || ss.local.ip.Equal(net.IPv4(0,0,0,0)))
+				/*
 				return (ss.remote.ip.Equal(dstAddr) || addrMatchesAny(ss.remote.ip)) && ss.local.port == srcPort && ss.local.ip.Equal(srcAddr) ||
-					(ss.local.ip.Equal(dstAddr) || addrMatchesAny(ss.local.ip)) && ss.remote.port == srcPort && ss.remote.ip.Equal(srcAddr)
+					(ss.local.ip.Equal(dstAddr) || addrMatchesAny(ss.local.ip)) && ss.remote.port == srcPort && ss.remote.ip.Equal(srcAddr) */
 			})
 		}
 		return findSocket(proto, func(ss socketStatus) bool {