From 1402052b95d0362e796869ec86da41767279927a Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 29 Sep 2020 11:24:24 +0200 Subject: [PATCH] Improve Permanent Verdicts description. Also, add a minor trace counting fix. --- firewall/config.go | 4 ++-- firewall/interception.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/firewall/config.go b/firewall/config.go index 19d1b9c4..661e1f59 100644 --- a/firewall/config.go +++ b/firewall/config.go @@ -29,10 +29,10 @@ func registerConfig() error { err := config.Register(&config.Option{ Name: "Permanent Verdicts", Key: CfgOptionPermanentVerdictsKey, - Description: "With permanent verdicts, control of a connection is fully handed back to the OS after the initial decision. This brings a great performance increase, but makes it impossible to change the decision of a link later on.", + Description: "With permanent verdicts, control of a connection is fully handed back to the OS after the initial decision in order to drastically increase performance.", Order: CfgOptionPermanentVerdictsOrder, OptType: config.OptTypeBool, - ExpertiseLevel: config.ExpertiseLevelExpert, + ExpertiseLevel: config.ExpertiseLevelDeveloper, ReleaseLevel: config.ReleaseLevelExperimental, DefaultValue: true, }) diff --git a/firewall/interception.go b/firewall/interception.go index 87675f73..a75eca91 100644 --- a/firewall/interception.go +++ b/firewall/interception.go @@ -288,7 +288,7 @@ func issueVerdict(conn *network.Connection, pkt packet.Packet, verdict network.V err = pkt.RerouteToTunnel() case network.VerdictFailed: atomic.AddUint64(packetsFailed, 1) - fallthrough + err = pkt.Drop() default: atomic.AddUint64(packetsDropped, 1) err = pkt.Drop()