Fixed bug with prompt rule / saved rule mismatch on SOCKS connects

shw_dev
dma 7 years ago
parent 58b7a4f6a9
commit dafec55bc7

@ -212,6 +212,7 @@ func (fw *Firewall) policyForPathAndSandbox(path string, sandbox string) *Policy
p.icon = entry.icon p.icon = entry.icon
} }
fw.policyMap[policykey] = p fw.policyMap[policykey] = p
log.Infof("Creating new policy for path and sandbox: %s\n",policykey)
fw.policies = append(fw.policies, p) fw.policies = append(fw.policies, p)
} }
return fw.policyMap[policykey] return fw.policyMap[policykey]
@ -322,7 +323,6 @@ func (p *Policy) processNewRule(r *Rule, scope FilterScope) bool {
if scope != APPLY_ONCE { if scope != APPLY_ONCE {
p.rules = append(p.rules, r) p.rules = append(p.rules, r)
} }
log.Noticef("processNewRule: ",r)
p.filterPending(r) p.filterPending(r)
if len(p.pendingQueue) == 0 { if len(p.pendingQueue) == 0 {
p.promptInProgress = false p.promptInProgress = false

@ -2,6 +2,7 @@ package sgfw
import ( import (
"fmt" "fmt"
"net"
"os/user" "os/user"
"strconv" "strconv"
"strings" "strings"
@ -43,6 +44,7 @@ func (p *prompter) prompt(policy *Policy) {
return return
} }
p.policyMap[policy.sandbox + "|" + policy.path] = policy p.policyMap[policy.sandbox + "|" + policy.path] = policy
fmt.Println("Saving policy key:"+policy.sandbox + "|" + policy.path)
p.policyQueue = append(p.policyQueue, policy) p.policyQueue = append(p.policyQueue, policy)
p.cond.Signal() p.cond.Signal()
} }
@ -191,7 +193,7 @@ func (p *prompter) processConnection(pc pendingConnection) {
tempRule := fmt.Sprintf("%s|%s",toks[0],toks[1]) tempRule := fmt.Sprintf("%s|%s",toks[0],toks[1])
if pc.src() != nil { if (pc.src() != nil && !pc.src().Equal(net.ParseIP("127.0.0.1")) && sandbox != "") {
//if !strings.HasSuffix(rule, "SYSTEM") && !strings.HasSuffix(rule, "||") { //if !strings.HasSuffix(rule, "SYSTEM") && !strings.HasSuffix(rule, "||") {
//rule += "||" //rule += "||"
@ -226,7 +228,7 @@ func (p *prompter) processConnection(pc pendingConnection) {
r.mode = RULE_MODE_PERMANENT r.mode = RULE_MODE_PERMANENT
policy.fw.saveRules() policy.fw.saveRules()
} }
log.Warningf("Creating rule: %v", rule) log.Warningf("Prompt returning rule: %v", rule)
dbusp.alertRule("sgfw prompt added new rule") dbusp.alertRule("sgfw prompt added new rule")
} }

@ -228,7 +228,7 @@ func (rl *RuleList) filter(pkt *nfqueue.NFQPacket, src, dst net.IP, dstPort uint
*/ */
} else if r.rtype == RULE_ACTION_ALLOW_TLSONLY { } else if r.rtype == RULE_ACTION_ALLOW_TLSONLY {
result = FILTER_ALLOW_TLSONLY result = FILTER_ALLOW_TLSONLY
return result return result
} }
} else { } else {
log.Notice("+ MATCH FAILED") log.Notice("+ MATCH FAILED")

Loading…
Cancel
Save