|
|
@ -88,22 +88,21 @@ log.Notice("comparison: ", hostname, " / ", dst, " : ", dstPort, " -> ", xip, "
|
|
|
|
return r.addr == binary.BigEndian.Uint32(dst.To4())
|
|
|
|
return r.addr == binary.BigEndian.Uint32(dst.To4())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func (rl *RuleList) filterPacket(p *nfqueue.NFQPacket, pinfo *procsnitch.Info, srcip net.IP, hostname string) FilterResult {
|
|
|
|
func (rl *RuleList) filterPacket(p *nfqueue.NFQPacket, pinfo *procsnitch.Info, srcip net.IP, hostname, optstr string) FilterResult {
|
|
|
|
_, dstip := getPacketIP4Addrs(p)
|
|
|
|
_, dstip := getPacketIP4Addrs(p)
|
|
|
|
_, dstp := getPacketPorts(p)
|
|
|
|
_, dstp := getPacketPorts(p)
|
|
|
|
return rl.filter(p, srcip, dstip, dstp, hostname, pinfo)
|
|
|
|
return rl.filter(p, srcip, dstip, dstp, hostname, pinfo, optstr)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func (rl *RuleList) filter(pkt *nfqueue.NFQPacket, src, dst net.IP, dstPort uint16, hostname string, pinfo *procsnitch.Info) FilterResult {
|
|
|
|
func (rl *RuleList) filter(pkt *nfqueue.NFQPacket, src, dst net.IP, dstPort uint16, hostname string, pinfo *procsnitch.Info, optstr string) FilterResult {
|
|
|
|
if rl == nil {
|
|
|
|
if rl == nil {
|
|
|
|
return FILTER_PROMPT
|
|
|
|
return FILTER_PROMPT
|
|
|
|
}
|
|
|
|
}
|
|
|
|
result := FILTER_PROMPT
|
|
|
|
result := FILTER_PROMPT
|
|
|
|
// saddr_ip := make(net.IP, 4)
|
|
|
|
sandboxed := strings.HasPrefix(optstr, "Sandbox")
|
|
|
|
// binary.BigEndian.PutUint32(saddr_ip, r.saddr)
|
|
|
|
|
|
|
|
for _, r := range *rl {
|
|
|
|
for _, r := range *rl {
|
|
|
|
log.Notice("------------ trying match of src ", src, " against: ", r, " | ", r.saddr)
|
|
|
|
log.Notice("------------ trying match of src ", src, " against: ", r, " | ", r.saddr, " / optstr = ", optstr)
|
|
|
|
if r.saddr == nil && src != nil {
|
|
|
|
if r.saddr == nil && src != nil && sandboxed {
|
|
|
|
log.Notice("! Skipping comparison against incompatible rule types: rule src = ", r.saddr, " / packet src = ", src)
|
|
|
|
log.Notice("! Skipping comparison against incompatible rule types: rule src = ", r.saddr, " / packet src = ", src)
|
|
|
|
continue
|
|
|
|
continue
|
|
|
|
} else if r.saddr != nil && !r.saddr.Equal(src) {
|
|
|
|
} else if r.saddr != nil && !r.saddr.Equal(src) {
|
|
|
|