mirror of
https://github.com/safing/portmaster
synced 2025-09-02 02:29:12 +00:00
Fix nfq-exp flag and nfq logging messages
This commit is contained in:
Daniel
parent
eab2ab3413
commit
210059f1f2
3 changed files with 12 additions and 14 deletions
|
|
@ -79,18 +79,18 @@ func New(qid uint16, v6 bool) (*Queue, error) { //nolint:gocognit
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := pmpacket.Parse(pkt.Payload, pkt.Info()); err != nil {
|
if err := pmpacket.Parse(pkt.Payload, pkt.Info()); err != nil {
|
||||||
log.Warningf("nfqexp: failed to parse payload: %s", err)
|
log.Warningf("nfqueue: failed to parse payload: %s", err)
|
||||||
_ = pkt.Drop()
|
_ = pkt.Drop()
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
select {
|
select {
|
||||||
case q.packets <- pkt:
|
case q.packets <- pkt:
|
||||||
log.Tracef("nfqexp: queued packet %s (%s -> %s) after %s", pkt.ID(), pkt.Info().Src, pkt.Info().Dst, time.Since(pkt.received))
|
log.Tracef("nfqueue: queued packet %s (%s -> %s) after %s", pkt.ID(), pkt.Info().Src, pkt.Info().Dst, time.Since(pkt.received))
|
||||||
case <-ctx.Done():
|
case <-ctx.Done():
|
||||||
return 0
|
return 0
|
||||||
case <-time.After(time.Second):
|
case <-time.After(time.Second):
|
||||||
log.Warningf("nfqexp: failed to queue packet (%s since it was handed over by the kernel)", time.Since(pkt.received))
|
log.Warningf("nfqueue: failed to queue packet (%s since it was handed over by the kernel)", time.Since(pkt.received))
|
||||||
}
|
}
|
||||||
|
|
||||||
go func() {
|
go func() {
|
||||||
|
|
@ -98,9 +98,9 @@ func New(qid uint16, v6 bool) (*Queue, error) { //nolint:gocognit
|
||||||
case <-pkt.verdictSet:
|
case <-pkt.verdictSet:
|
||||||
|
|
||||||
case <-time.After(20 * time.Second):
|
case <-time.After(20 * time.Second):
|
||||||
log.Warningf("nfqexp: no verdict set for packet %s (%s -> %s) after %s, dropping", pkt.ID(), pkt.Info().Src, pkt.Info().Dst, time.Since(pkt.received))
|
log.Warningf("nfqueue: no verdict set for packet %s (%s -> %s) after %s, dropping", pkt.ID(), pkt.Info().Src, pkt.Info().Dst, time.Since(pkt.received))
|
||||||
if err := pkt.Drop(); err != nil {
|
if err := pkt.Drop(); err != nil {
|
||||||
log.Warningf("nfqexp: failed to apply default-drop to unveridcted packet %s (%s -> %s)", pkt.ID(), pkt.Info().Src, pkt.Info().Dst)
|
log.Warningf("nfqueue: failed to apply default-drop to unveridcted packet %s (%s -> %s)", pkt.ID(), pkt.Info().Src, pkt.Info().Dst)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
|
@ -118,7 +118,7 @@ func New(qid uint16, v6 bool) (*Queue, error) { //nolint:gocognit
|
||||||
if opError.Timeout() || opError.Temporary() {
|
if opError.Timeout() || opError.Temporary() {
|
||||||
c := atomic.LoadUint64(&q.pendingVerdicts)
|
c := atomic.LoadUint64(&q.pendingVerdicts)
|
||||||
if c > 0 {
|
if c > 0 {
|
||||||
log.Tracef("nfqexp: waiting for %d pending verdicts", c)
|
log.Tracef("nfqueue: waiting for %d pending verdicts", c)
|
||||||
|
|
||||||
for atomic.LoadUint64(&q.pendingVerdicts) > 0 { // must NOT use c here
|
for atomic.LoadUint64(&q.pendingVerdicts) > 0 { // must NOT use c here
|
||||||
<-q.verdictCompleted
|
<-q.verdictCompleted
|
||||||
|
|
@ -128,7 +128,7 @@ func New(qid uint16, v6 bool) (*Queue, error) { //nolint:gocognit
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
log.Errorf("nfqexp: encountered error while receiving packets: %s\n", e.Error())
|
log.Errorf("nfqueue: encountered error while receiving packets: %s\n", e.Error())
|
||||||
|
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
|
|
@ -146,7 +146,7 @@ func (q *Queue) Destroy() {
|
||||||
q.cancelSocketCallback()
|
q.cancelSocketCallback()
|
||||||
|
|
||||||
if err := q.nf.Close(); err != nil {
|
if err := q.nf.Close(); err != nil {
|
||||||
log.Errorf("nfqexp: failed to close queue %d: %s", q.id, err)
|
log.Errorf("nfqueue: failed to close queue %d: %s", q.id, err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -108,12 +108,12 @@ func (pkt *packet) setMark(mark int) error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Errorf("nfqexp: failed to set verdict %s for %s (%s -> %s): %s", markToString(mark), pkt.ID(), pkt.Info().Src, pkt.Info().Dst, err)
|
log.Errorf("nfqueue: failed to set verdict %s for %s (%s -> %s): %s", markToString(mark), pkt.ID(), pkt.Info().Src, pkt.Info().Dst, err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
log.Tracef("nfqexp: marking packet %s (%s -> %s) on queue %d with %s after %s", pkt.ID(), pkt.Info().Src, pkt.Info().Dst, pkt.queue.id, markToString(mark), time.Since(pkt.received))
|
log.Tracef("nfqueue: marking packet %s (%s -> %s) on queue %d with %s after %s", pkt.ID(), pkt.Info().Src, pkt.Info().Dst, pkt.queue.id, markToString(mark), time.Since(pkt.received))
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -14,8 +14,6 @@ import (
|
||||||
"github.com/safing/portmaster/network/packet"
|
"github.com/safing/portmaster/network/packet"
|
||||||
)
|
)
|
||||||
|
|
||||||
// iptables -A OUTPUT -p icmp -j", "NFQUEUE", "--queue-num", "1", "--queue-bypass
|
|
||||||
|
|
||||||
var (
|
var (
|
||||||
v4chains []string
|
v4chains []string
|
||||||
v4rules []string
|
v4rules []string
|
||||||
|
|
@ -36,10 +34,10 @@ var (
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
flag.BoolVar(&experimentalNfqueueBackend, "experimental-nfqueue", true, "(deprecated flag; always used)")
|
flag.BoolVar(&experimentalNfqueueBackend, "experimental-nfqueue", false, "(deprecated flag; always used)")
|
||||||
}
|
}
|
||||||
|
|
||||||
// nfQueue encapsulates nfQueue providers
|
// nfQueue encapsulates nfQueue providers.
|
||||||
type nfQueue interface {
|
type nfQueue interface {
|
||||||
PacketChannel() <-chan packet.Packet
|
PacketChannel() <-chan packet.Packet
|
||||||
Destroy()
|
Destroy()
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue