From 0a68b81005488714746903e147235aee5ce74066 Mon Sep 17 00:00:00 2001 From: Daniel Date: Wed, 22 Jul 2020 09:35:58 +0200 Subject: [PATCH 1/2] Add flag to disable packet interception --- firewall/interception/interception.go | 38 +++++++++++++++++++ firewall/interception/interception_linux.go | 13 ++----- firewall/interception/interception_windows.go | 13 ++----- 3 files changed, 46 insertions(+), 18 deletions(-) create mode 100644 firewall/interception/interception.go diff --git a/firewall/interception/interception.go b/firewall/interception/interception.go new file mode 100644 index 00000000..b4631ee3 --- /dev/null +++ b/firewall/interception/interception.go @@ -0,0 +1,38 @@ +package interception + +import ( + "flag" + + "github.com/safing/portbase/log" + "github.com/safing/portmaster/network/packet" +) + +var ( + // Packets channel for feeding the firewall. + Packets = make(chan packet.Packet, 1000) + + disableInterception bool +) + +func init() { + flag.BoolVar(&disableInterception, "disable-interception", false, "disable packet interception - this breaks a lot of functionality") +} + +// Start starts the interception. +func Start() error { + if disableInterception { + log.Warning("interception: packet interception is disabled via flag - this breaks a lot of functionality") + return nil + } + + return start() +} + +// Stop starts the interception. +func Stop() error { + if disableInterception { + return nil + } + + return stop() +} diff --git a/firewall/interception/interception_linux.go b/firewall/interception/interception_linux.go index aecbf6e2..5feb00f9 100644 --- a/firewall/interception/interception_linux.go +++ b/firewall/interception/interception_linux.go @@ -1,16 +1,11 @@ package interception -import "github.com/safing/portmaster/network/packet" - -// Packets channel for feeding the firewall. -var Packets = make(chan packet.Packet, 1000) - -// Start starts the interception. -func Start() error { +// start starts the interception. +func start() error { return StartNfqueueInterception() } -// Stop starts the interception. -func Stop() error { +// stop starts the interception. +func stop() error { return StopNfqueueInterception() } diff --git a/firewall/interception/interception_windows.go b/firewall/interception/interception_windows.go index 1a5d4e44..cbefec43 100644 --- a/firewall/interception/interception_windows.go +++ b/firewall/interception/interception_windows.go @@ -7,16 +7,11 @@ import ( "github.com/safing/portbase/notifications" "github.com/safing/portbase/utils/osdetail" "github.com/safing/portmaster/firewall/interception/windowskext" - "github.com/safing/portmaster/network/packet" "github.com/safing/portmaster/updates" ) -// Packets channel for feeding the firewall. -var Packets = make(chan packet.Packet, 1000) - -// Start starts the interception. -func Start() error { - +// start starts the interception. +func start() error { dllFile, err := updates.GetPlatformFile("kext/portmaster-kext.dll") if err != nil { return fmt.Errorf("interception: could not get kext dll: %s", err) @@ -42,8 +37,8 @@ func Start() error { return nil } -// Stop starts the interception. -func Stop() error { +// stop starts the interception. +func stop() error { return windowskext.Stop() } From 17af628f9a0ecbf67e9d973ee1f6b8f36f7d0f12 Mon Sep 17 00:00:00 2001 From: Daniel Date: Wed, 22 Jul 2020 09:36:53 +0200 Subject: [PATCH 2/2] Add no-op default interception interface This enables building for unsupported platforms --- firewall/interception/interception_default.go | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 firewall/interception/interception_default.go diff --git a/firewall/interception/interception_default.go b/firewall/interception/interception_default.go new file mode 100644 index 00000000..ba8c91d6 --- /dev/null +++ b/firewall/interception/interception_default.go @@ -0,0 +1,18 @@ +//+build !windows,!linux + +package interception + +import ( + "github.com/safing/portbase/log" +) + +// start starts the interception. +func start() error { + log.Info("interception: this platform has no support for packet interception - a lot of functionality will be broken") + return nil +} + +// stop starts the interception. +func stop() error { + return nil +}