vikarti.anatra/safing-portmaster
1
0
Fork 0
mirror of https://github.com/safing/portmaster synced 2025-04-23 20:39:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions2

Fix not applying permanent verdicts to ICMP

Browse source
This commit is contained in:
Daniel 2024-04-16 17:12:54 +02:00
parent 154b0454fc
commit 5550c46c5c
1 changed files with 8 additions and 4 deletions

12
service/firewall/packet_handler.go
View file

@ -559,10 +559,14 @@ func issueVerdict(conn *network.Connection, pkt packet.Packet, verdict network.V
// Enable permanent verdict.
if allowPermanent && !conn.VerdictPermanent {
// Only enable if enabled in config and it is not ICMP.
// ICMP is handled differently based on payload, so we cannot use persistent verdicts.
conn.VerdictPermanent = permanentVerdicts() && !reference.IsICMP(conn.Entity.Protocol)
if conn.VerdictPermanent {
switch {
case !permanentVerdicts():
// Permanent verdicts are disabled by configuration.
case conn.Entity != nil && reference.IsICMP(conn.Entity.Protocol):
case pkt != nil && reference.IsICMP(uint8(pkt.Info().Protocol)):
// ICMP is handled differently based on payload, so we cannot use persistent verdicts.
default:
conn.VerdictPermanent = true
conn.SaveWhenFinished()
}
}