Fixed bug with prompt rule / saved rule mismatch on SOCKS connects

shw_dev
dma 7 years ago
parent 58b7a4f6a9
commit dafec55bc7

@ -212,6 +212,7 @@ func (fw *Firewall) policyForPathAndSandbox(path string, sandbox string) *Policy
p.icon = entry.icon
}
fw.policyMap[policykey] = p
log.Infof("Creating new policy for path and sandbox: %s\n",policykey)
fw.policies = append(fw.policies, p)
}
return fw.policyMap[policykey]
@ -322,7 +323,6 @@ func (p *Policy) processNewRule(r *Rule, scope FilterScope) bool {
if scope != APPLY_ONCE {
p.rules = append(p.rules, r)
}
log.Noticef("processNewRule: ",r)
p.filterPending(r)
if len(p.pendingQueue) == 0 {
p.promptInProgress = false

@ -2,6 +2,7 @@ package sgfw
import (
"fmt"
"net"
"os/user"
"strconv"
"strings"
@ -43,6 +44,7 @@ func (p *prompter) prompt(policy *Policy) {
return
}
p.policyMap[policy.sandbox + "|" + policy.path] = policy
fmt.Println("Saving policy key:"+policy.sandbox + "|" + policy.path)
p.policyQueue = append(p.policyQueue, policy)
p.cond.Signal()
}
@ -191,7 +193,7 @@ func (p *prompter) processConnection(pc pendingConnection) {
tempRule := fmt.Sprintf("%s|%s",toks[0],toks[1])
if pc.src() != nil {
if (pc.src() != nil && !pc.src().Equal(net.ParseIP("127.0.0.1")) && sandbox != "") {
//if !strings.HasSuffix(rule, "SYSTEM") && !strings.HasSuffix(rule, "||") {
//rule += "||"
@ -226,7 +228,7 @@ func (p *prompter) processConnection(pc pendingConnection) {
r.mode = RULE_MODE_PERMANENT
policy.fw.saveRules()
}
log.Warningf("Creating rule: %v", rule)
log.Warningf("Prompt returning rule: %v", rule)
dbusp.alertRule("sgfw prompt added new rule")
}

@ -228,7 +228,7 @@ func (rl *RuleList) filter(pkt *nfqueue.NFQPacket, src, dst net.IP, dstPort uint
*/
} else if r.rtype == RULE_ACTION_ALLOW_TLSONLY {
result = FILTER_ALLOW_TLSONLY
return result
return result
}
} else {
log.Notice("+ MATCH FAILED")

Loading…
Cancel
Save