From 0f48d32ac295e2bc1a3f58fbd6e23cad2496da7a Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 12 Oct 2021 16:18:05 +0200 Subject: [PATCH] Fix routing for Portmaster connections --- firewall/interception.go | 32 +++++++++++++++----------------- go.sum | 2 ++ 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/firewall/interception.go b/firewall/interception.go index 165af81a..3b2b3421 100644 --- a/firewall/interception.go +++ b/firewall/interception.go @@ -322,39 +322,32 @@ func fastTrackedPermit(pkt packet.Packet) (handled bool) { func initialHandler(conn *network.Connection, pkt packet.Packet) { log.Tracer(pkt.Ctx()).Trace("filter: handing over to connection-based handler") - // Check for pre-authenticated port. - if !conn.Inbound && localPortIsPreAuthenticated(conn.Entity.Protocol, conn.LocalPort) { + switch { + case !conn.Inbound && localPortIsPreAuthenticated(conn.Entity.Protocol, conn.LocalPort): // Approve connection. conn.Accept("connection by Portmaster", noReasonOptionKey) conn.Internal = true - // Finalize connection. - conn.StopFirewallHandler() - issueVerdict(conn, pkt, 0, true) - return - } - // Redirect rogue dns requests to the Portmaster. - if pkt.IsOutbound() && + + case pkt.IsOutbound() && pkt.Info().DstPort == 53 && conn.Process().Pid != ownPID && nameserverIPMatcherReady.IsSet() && - !nameserverIPMatcher(pkt.Info().Dst) { + !nameserverIPMatcher(pkt.Info().Dst): + // Reroute rogue dns queries back to Portmaster. conn.Verdict = network.VerdictRerouteToNameserver conn.Reason.Msg = "redirecting rogue dns query" conn.Internal = true + // End directly, as no other processing is necessary. conn.StopFirewallHandler() issueVerdict(conn, pkt, 0, true) return - } - // TODO: enable inspecting again - conn.Inspecting = false - - // Filter, if enabled. - if filterEnabled() { + case filterEnabled(): log.Tracer(pkt.Ctx()).Trace("filter: starting decision process") DecideOnConnection(pkt.Ctx(), conn, pkt) - } else { + + default: conn.Accept("privacy filter disabled", noReasonOptionKey) } @@ -366,6 +359,8 @@ func initialHandler(conn *network.Connection, pkt packet.Packet) { // Exclude requests of the SPN itself. if !captain.IsExcepted(conn.Entity.IP) { + conn.Tunneled = true + // Check if client is ready. if captain.ClientReady() { // Queue request in sluice. @@ -385,6 +380,9 @@ func initialHandler(conn *network.Connection, pkt packet.Packet) { } } + // TODO: enable inspecting again + conn.Inspecting = false + switch { case conn.Inspecting: log.Tracer(pkt.Ctx()).Trace("filter: start inspecting") diff --git a/go.sum b/go.sum index 60684256..21328ea0 100644 --- a/go.sum +++ b/go.sum @@ -480,6 +480,7 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tannerryan/ring v1.1.2 h1:iXayOjqHQOLzuy9GwSKuG3nhWfzQkldMlQivcgIr7gQ= @@ -1000,6 +1001,7 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=