Work on portmaster restructuring

.gitignore

@@ -1,2 +1,4 @@
 dnsonly
+main
 
+*.exe

dnsonly.go

@@ -9,6 +9,7 @@ import (
 	"github.com/Safing/portbase/info"
 	"github.com/Safing/portbase/log"
 	"github.com/Safing/portbase/modules"
+
 	// include packages here
 
 	_ "github.com/Safing/portbase/database/dbmodule"

firewall/firewall.go

@@ -1,14 +1,12 @@
-// Copyright Safing ICS Technologies GmbH. Use of this source code is governed by the AGPL license that can be found in the LICENSE file.
-
 package firewall
 
 import (
+	"fmt"
 	"net"
 	"os"
 	"sync/atomic"
 	"time"
 
-	"github.com/Safing/portbase/config"
 	"github.com/Safing/portbase/log"
 	"github.com/Safing/portbase/modules"
 	"github.com/Safing/portmaster/firewall/inspection"
@@ -20,7 +18,6 @@ import (
 )
 
 var (
-	firewallModule *modules.Module
 	// localNet        net.IPNet
 	localhost       net.IP
 	dnsServer       net.IPNet
@@ -154,11 +151,22 @@ func initialHandler(pkt packet.Packet, link *network.Link) {
 	// get Connection
 	connection, err := network.GetConnectionByFirstPacket(pkt)
 	if err != nil {
+		link.Lock()
 		if err != process.ErrConnectionNotFound {
 			log.Warningf("firewall: could not find process of packet (dropping link %s): %s", pkt.String(), err)
+			link.AddReason(fmt.Sprintf("could not find process or it does not exist (unsolicited packet): %s", err))
+		} else {
+			log.Warningf("firewall: internal error finding process of packet (dropping link %s): %s", pkt.String(), err)
+			link.AddReason(fmt.Sprintf("internal error finding process: %s", err))
 		}
-		link.UpdateVerdict(network.DROP)
+		link.Unlock()
-		verdict(pkt, network.DROP)
+
+		if pkt.IsInbound() {
+			network.UnknownIncomingConnection.AddLink(link)
+		} else {
+			network.UnknownDirectConnection.AddLink(link)
+		}
+		verdict(pkt, link.Verdict)
 		return
 	}
 

firewall/inspection/tls/const.go

@@ -1,5 +1,3 @@
-// Copyright Safing ICS Technologies GmbH. Use of this source code is governed by the AGPL license that can be found in the LICENSE file.
-
 package tls
 
 var (

firewall/inspection/tls/tls.go

@@ -1,5 +1,3 @@
-// Copyright Safing ICS Technologies GmbH. Use of this source code is governed by the AGPL license that can be found in the LICENSE file.
-
 package tls
 
 import (
@@ -12,14 +10,13 @@ import (
 	"github.com/google/gopacket/layers"
 	"github.com/google/gopacket/tcpassembly"
 
-	"github.com/Safing/safing-core/configuration"
+	"github.com/Safing/portbase/log"
-	"github.com/Safing/safing-core/crypto/verify"
+	"github.com/Safing/portmaster/firewall/inspection"
-	"github.com/Safing/safing-core/firewall/inspection"
+	"github.com/Safing/portmaster/firewall/inspection/tls/tlslib"
-	"github.com/Safing/safing-core/firewall/inspection/tls/tlslib"
+	"github.com/Safing/portmaster/firewall/inspection/tls/verify"
-	"github.com/Safing/safing-core/log"
+	"github.com/Safing/portmaster/network"
-	"github.com/Safing/safing-core/network"
+	"github.com/Safing/portmaster/network/netutils"
-	"github.com/Safing/safing-core/network/netutils"
+	"github.com/Safing/portmaster/network/packet"
-	"github.com/Safing/safing-core/network/packet"
 )
 
 // TODO:
@@ -31,8 +28,6 @@ var (
 	tlsInspectorIndex int
 	assemblerManager  *netutils.SimpleStreamAssemblerManager
 	assembler         *tcpassembly.Assembler
-
-	config = configuration.Get()
 )
 
 const (

firewall/inspection/tls/tls_test.go

@@ -6,7 +6,7 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/Safing/safing-core/firewall/inspection/tls/tlslib"
+	"github.com/Safing/portmaster/firewall/inspection/tls/tlslib"
 )
 
 var clientHelloSample = []byte{

firewall/inspection/tls/verify/cert.go

@@ -1,5 +1,3 @@
-// Copyright Safing ICS Technologies GmbH. Use of this source code is governed by the AGPL license that can be found in the LICENSE file.
-
 package verify
 
 import (
@@ -14,15 +12,15 @@ import (
 	"strings"
 
 	"github.com/cloudflare/cfssl/crypto/pkcs7"
-	datastore "github.com/ipfs/go-datastore"
 
-	"github.com/Safing/safing-core/crypto/hash"
+	"github.com/Safing/portbase/crypto/hash"
-	"github.com/Safing/safing-core/database"
+	"github.com/Safing/portbase/database"
+	"github.com/Safing/portbase/database/record"
 )
 
 // Cert saves a certificate.
 type Cert struct {
-	database.Base
+	record.Record
 
 	cert *x509.Certificate
 	Raw  []byte
@@ -120,7 +118,7 @@ func (m *Cert) CreateRevokedCert(caID string, serialNumber *big.Int) error {
 }
 
 // CreateInNamespace saves Cert with the provided name in the provided namespace.
-func (m *Cert) CreateInNamespace(namespace *datastore.Key, name string) error {
+func (m *Cert) CreateInNamespace(namespace string, name string) error {
 	return m.CreateObject(namespace, name, m)
 }
 
@@ -140,7 +138,7 @@ func GetCertWithSPKI(spki []byte) (*Cert, error) {
 }
 
 // GetCertFromNamespace gets Cert with the provided name from the provided namespace.
-func GetCertFromNamespace(namespace *datastore.Key, name string) (*Cert, error) {
+func GetCertFromNamespace(namespace string, name string) (*Cert, error) {
 	object, err := database.GetAndEnsureModel(namespace, name, certModel)
 	if err != nil {
 		return nil, err

firewall/inspection/tls/verify/cert_test.go

@@ -1,5 +1,3 @@
-// Copyright Safing ICS Technologies GmbH. Use of this source code is governed by the AGPL license that can be found in the LICENSE file.
-
 package verify
 
 import (

firewall/inspection/tls/verify/crl.go

@@ -1,5 +1,3 @@
-// Copyright Safing ICS Technologies GmbH. Use of this source code is governed by the AGPL license that can be found in the LICENSE file.
-
 package verify
 
 import (
@@ -14,16 +12,15 @@ import (
 	"sync"
 	"time"
 
-	datastore "github.com/ipfs/go-datastore"
+	"github.com/Safing/portbase/crypto/hash"
-
+	"github.com/Safing/portbase/database"
-	"github.com/Safing/safing-core/crypto/hash"
+	"github.com/Safing/portbase/database/record"
-	"github.com/Safing/safing-core/database"
+	"github.com/Safing/portbase/log"
-	"github.com/Safing/safing-core/log"
 )
 
 // CARevocationInfo saves Information on revokation of Certificates of a Certificate Authority.
 type CARevocationInfo struct {
-	database.Base
+	record.Record
 
 	CRLDistributionPoints []string
 	OCSPServers           []string
@@ -39,23 +36,17 @@ type CARevocationInfo struct {
 }
 
 var (
-	caRevocationInfoModel *CARevocationInfo // only use this as parameter for database.EnsureModel-like functions
-
 	dupCrlReqMap  = make(map[string]*sync.Mutex)
 	dupCrlReqLock sync.Mutex
 )
 
-func init() {
-	database.RegisterModel(caRevocationInfoModel, func() database.Model { return new(CARevocationInfo) })
-}
-
 // Create saves CARevocationInfo with the provided name in the default namespace.
 func (m *CARevocationInfo) Create(name string) error {
 	return m.CreateObject(&database.CARevocationInfoCache, name, m)
 }
 
 // CreateInNamespace saves CARevocationInfo with the provided name in the provided namespace.
-func (m *CARevocationInfo) CreateInNamespace(namespace *datastore.Key, name string) error {
+func (m *CARevocationInfo) CreateInNamespace(namespace string, name string) error {
 	return m.CreateObject(namespace, name, m)
 }
 
@@ -78,7 +69,7 @@ func GetCARevocationInfo(name string) (*CARevocationInfo, error) {
 }
 
 // GetCARevocationInfoFromNamespace fetches CARevocationInfo with the provided name from the provided namespace.
-func GetCARevocationInfoFromNamespace(namespace *datastore.Key, name string) (*CARevocationInfo, error) {
+func GetCARevocationInfoFromNamespace(namespace string, name string) (*CARevocationInfo, error) {
 	object, err := database.GetAndEnsureModel(namespace, name, caRevocationInfoModel)
 	if err != nil {
 		return nil, err

firewall/inspection/tls/verify/ocsp.go

@@ -1,5 +1,3 @@
-// Copyright Safing ICS Technologies GmbH. Use of this source code is governed by the AGPL license that can be found in the LICENSE file.
-
 package verify
 
 import (
@@ -16,8 +14,8 @@ import (
 
 	"golang.org/x/crypto/ocsp"
 
-	"github.com/Safing/safing-core/crypto/hash"
+	"github.com/Safing/portbase/crypto/hash"
-	"github.com/Safing/safing-core/log"
+	"github.com/Safing/portbase/log"
 )
 
 var (

firewall/inspection/tls/verify/verify.go

@@ -1,5 +1,3 @@
-// Copyright Safing ICS Technologies GmbH. Use of this source code is governed by the AGPL license that can be found in the LICENSE file.
-
 package verify
 
 import (
@@ -8,9 +6,8 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/Safing/safing-core/configuration"
+	"github.com/Safing/portbase/crypto/hash"
-	"github.com/Safing/safing-core/crypto/hash"
+	"github.com/Safing/portbase/database"
-	"github.com/Safing/safing-core/database"
 )
 
 // useful references:
@@ -24,10 +21,6 @@ import (
 // RE: https://www.grc.com/revocation/crlsets.htm
 // RE: RE: https://www.imperialviolet.org/2014/04/29/revocationagain.html
 
-var (
-	config = configuration.Get()
-)
-
 // FullCheckBytes does a full certificate check, certificates are provided as raw bytes.
 // It parses the raw certificates and calls FullCheck.
 func FullCheckBytes(name string, certBytes [][]byte) (bool, error) {

firewall/interception/interception_windows.go

@@ -1,12 +1,10 @@
-// Copyright Safing ICS Technologies GmbH. Use of this source code is governed by the AGPL license that can be found in the LICENSE file.
-
 package interception
 
 import (
-	"github.com/Safing/safing-core/firewall/interception/windivert"
+	"github.com/Safing/portbase/log"
-	"github.com/Safing/safing-core/log"
+	"github.com/Safing/portbase/modules"
-	"github.com/Safing/safing-core/modules"
+	"github.com/Safing/portmaster/firewall/interception/windivert"
-	"github.com/Safing/safing-core/network/packet"
+	"github.com/Safing/portmaster/network/packet"
 )
 
 var Packets chan packet.Packet

firewall/master.go

@@ -1,25 +1,21 @@
-// Copyright Safing ICS Technologies GmbH. Use of this source code is governed by the AGPL license that can be found in the LICENSE file.
+package firewall
-
-package portmaster
 
 import (
 	"net"
 	"os"
 	"strings"
 
-	"github.com/Safing/safing-core/intel"
+	"github.com/Safing/portbase/log"
-	"github.com/Safing/safing-core/log"
+	"github.com/Safing/portmaster/intel"
-	"github.com/Safing/safing-core/network"
+	"github.com/Safing/portmaster/network"
-	"github.com/Safing/safing-core/network/netutils"
+	"github.com/Safing/portmaster/network/netutils"
-	"github.com/Safing/safing-core/network/packet"
+	"github.com/Safing/portmaster/network/packet"
-	"github.com/Safing/safing-core/port17/mode"
+	"github.com/Safing/portmaster/port17/mode"
-	"github.com/Safing/safing-core/profiles"
+	"github.com/Safing/portmaster/profiles"
 
 	"github.com/agext/levenshtein"
 )
 
-// use https://github.com/agext/levenshtein
-
 // Call order:
 //
 // 1. DecideOnConnectionBeforeIntel (if connecting to domain)

firewall/module.go

@@ -0,0 +1,19 @@
+package firewall
+
+import (
+	"github.com/Safing/portbase/modules"
+
+	_ "github.com/Safing/portmaster/network"
+)
+
+func init() {
+	modules.Register("firewall", nil, start, stop, "network")
+}
+
+func start() error {
+	return registerAsDatabase()
+}
+
+func stop() error {
+
+}

firewall/tunnel.go

@@ -1,4 +1,4 @@
-package portmaster
+package firewall
 
 import (
 	"errors"

main.go

@@ -0,0 +1,60 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"os/signal"
+	"syscall"
+
+	"github.com/Safing/portbase/info"
+	"github.com/Safing/portbase/log"
+	"github.com/Safing/portbase/modules"
+
+	// include packages here
+
+	_ "github.com/Safing/portbase/database/dbmodule"
+	_ "github.com/Safing/portbase/database/storage/badger"
+	_ "github.com/Safing/portmaster/intel"
+	_ "github.com/Safing/portmaster/nameserver/only"
+	_ "github.com/Safing/portmaster/nameserver/only"
+)
+
+func main() {
+
+	// Set Info
+	info.Set("Portmaster", "0.0.1")
+
+	// Start
+	err := modules.Start()
+	if err != nil {
+		if err == modules.ErrCleanExit {
+			os.Exit(0)
+		} else {
+			err = modules.Shutdown()
+			if err != nil {
+				log.Shutdown()
+			}
+			os.Exit(1)
+		}
+	}
+
+	// Shutdown
+	// catch interrupt for clean shutdown
+	signalCh := make(chan os.Signal)
+	signal.Notify(
+		signalCh,
+		os.Interrupt,
+		syscall.SIGHUP,
+		syscall.SIGINT,
+		syscall.SIGTERM,
+		syscall.SIGQUIT,
+	)
+	select {
+	case <-signalCh:
+		fmt.Println(" <INTERRUPT>")
+		log.Warning("main: program was interrupted, shutting down.")
+		modules.Shutdown()
+	case <-modules.ShuttingDown():
+	}
+
+}

network/clean.go

@@ -5,7 +5,7 @@ package network
 import (
 	"time"
 
-	"github.com/Safing/safing-core/process"
+	"github.com/Safing/portmaster/process"
 )
 
 func init() {

network/connection.go

@@ -5,19 +5,20 @@ package network
 import (
 	"fmt"
 	"net"
+	"sync"
 	"time"
 
-	"github.com/Safing/portbase/database"
+	"github.com/Safing/portbase/database/record"
 	"github.com/Safing/portmaster/intel"
 	"github.com/Safing/portmaster/network/packet"
 	"github.com/Safing/portmaster/process"
-
-	datastore "github.com/ipfs/go-datastore"
 )
 
 // Connection describes a connection between a process and a domain
 type Connection struct {
-	database.Base
+	record.Base
+	sync.Mutex
+
 	Domain               string
 	Direction            bool
 	Intel                *intel.Intel
@@ -26,76 +27,62 @@ type Connection struct {
 	Reason               string
 	Inspect              bool
 	FirstLinkEstablished int64
+	LastLinkEstablished  int64
 }
 
-var connectionModel *Connection // only use this as parameter for database.EnsureModel-like functions
+// Process returns the process that owns the connection.
-
-func init() {
-	database.RegisterModel(connectionModel, func() database.Model { return new(Connection) })
-}
-
 func (m *Connection) Process() *process.Process {
 	return m.process
 }
 
-// Create creates a new database entry in the database in the default namespace for this object
+// CantSay sets the connection verdict to "can't say", the connection will be further analysed.
-func (m *Connection) Create(name string) error {
-	return m.CreateObject(&database.OrphanedConnection, name, m)
-}
-
-// CreateInProcessNamespace creates a new database entry in the namespace of the connection's process
-func (m *Connection) CreateInProcessNamespace() error {
-	if m.process != nil {
-		return m.CreateObject(m.process.GetKey(), m.Domain, m)
-	}
-	return m.CreateObject(&database.OrphanedConnection, m.Domain, m)
-}
-
-// Save saves the object to the database (It must have been either already created or loaded from the database)
-func (m *Connection) Save() error {
-	return m.SaveObject(m)
-}
-
 func (m *Connection) CantSay() {
 	if m.Verdict != CANTSAY {
 		m.Verdict = CANTSAY
-		m.SaveObject(m)
+		m.Save()
 	}
 	return
 }
 
+// Drop sets the connection verdict to drop.
 func (m *Connection) Drop() {
 	if m.Verdict != DROP {
 		m.Verdict = DROP
-		m.SaveObject(m)
+		m.Save()
 	}
 	return
 }
 
+// Block sets the connection verdict to block.
 func (m *Connection) Block() {
 	if m.Verdict != BLOCK {
 		m.Verdict = BLOCK
-		m.SaveObject(m)
+		m.Save()
 	}
 	return
 }
 
+// Accept sets the connection verdict to accept.
 func (m *Connection) Accept() {
 	if m.Verdict != ACCEPT {
 		m.Verdict = ACCEPT
-		m.SaveObject(m)
+		m.Save()
 	}
 	return
 }
 
 // AddReason adds a human readable string as to why a certain verdict was set in regard to this connection
 func (m *Connection) AddReason(newReason string) {
+	m.Lock()
+	defer m.Unlock()
+
 	if m.Reason != "" {
 		m.Reason += " | "
 	}
 	m.Reason += newReason
 }
 
+// GetConnectionByFirstPacket returns the matching connection from the internal storage.
 func GetConnectionByFirstPacket(pkt packet.Packet) (*Connection, error) {
 	// get Process
 	proc, direction, err := process.GetProcessByPacket(pkt)
@@ -154,6 +141,7 @@ var (
 	dnsPort    uint16 = 53
 )
 
+// GetConnectionByDNSRequest returns the matching connection from the internal storage.
 func GetConnectionByDNSRequest(ip net.IP, port uint16, fqdn string) (*Connection, error) {
 	// get Process
 	proc, err := process.GetProcessByEndpoints(ip, port, dnsAddress, dnsPort, packet.UDP)
@@ -173,38 +161,22 @@ func GetConnectionByDNSRequest(ip net.IP, port uint16, fqdn string) (*Connection
 	return connection, nil
 }
 
-// GetConnection fetches a Connection from the database from the default namespace for this object
+// AddLink applies the connection to the link.
-func GetConnection(name string) (*Connection, error) {
+func (conn *Connection) AddLink(link *Link) {
-	return GetConnectionFromNamespace(&database.OrphanedConnection, name)
+	link.Lock()
-}
+	defer link.Unlock()
+	link.connection = conn
+	link.Verdict = conn.Verdict
+	link.Inspect = conn.Inspect
+	link.Save()
 
-// GetConnectionFromProcessNamespace fetches a Connection from the namespace of its process
+	conn.Lock()
-func GetConnectionFromProcessNamespace(process *process.Process, domain string) (*Connection, error) {
+	defer conn.Unlock()
-	return GetConnectionFromNamespace(process.GetKey(), domain)
+	conn.LastLinkEstablished = time.Now().Unix()
-}
+	if conn.FirstLinkEstablished == 0 {
-
+		conn.FirstLinkEstablished = conn.FirstLinkEstablished
-// GetConnectionFromNamespace fetches a Connection form the database, but from a custom namespace
-func GetConnectionFromNamespace(namespace *datastore.Key, name string) (*Connection, error) {
-	object, err := database.GetAndEnsureModel(namespace, name, connectionModel)
-	if err != nil {
-		return nil, err
 	}
-	model, ok := object.(*Connection)
+	conn.Save()
-	if !ok {
-		return nil, database.NewMismatchError(object, connectionModel)
-	}
-	return model, nil
-}
-
-func (m *Connection) AddLink(link *Link, pkt packet.Packet) {
-	link.connection = m
-	link.Verdict = m.Verdict
-	link.Inspect = m.Inspect
-	if m.FirstLinkEstablished == 0 {
-		m.FirstLinkEstablished = time.Now().Unix()
-		m.Save()
-	}
-	link.CreateInConnectionNamespace(pkt.GetConnectionID())
 }
 
 // FORMATTING

network/database.go

@@ -0,0 +1,116 @@
+package network
+
+import (
+	"strconv"
+	"strings"
+	"sync"
+
+	"github.com/Safing/portbase/database"
+	"github.com/Safing/portbase/database/iterator"
+	"github.com/Safing/portbase/database/query"
+	"github.com/Safing/portbase/database/record"
+	"github.com/Safing/portbase/database/storage"
+	"github.com/Safing/portmaster/process"
+)
+
+var (
+	links       map[string]*Link
+	connections map[string]*Connection
+	dataLock    sync.RWMutex
+
+	dbController *database.Controller
+)
+
+// StorageInterface provices a storage.Interface to the configuration manager.
+type StorageInterface struct {
+	storage.InjectBase
+}
+
+// Get returns a database record.
+func (s *StorageInterface) Get(key string) (record.Record, error) {
+
+	dataLock.RLock()
+	defer dataLock.RUnlock()
+
+	splitted := strings.Split(key, "/")
+	switch splitted[0] {
+	case "tree":
+		switch len(splitted) {
+		case 2:
+			pid, err := strconv.Atoi(splitted[1])
+			if err != nil {
+				return process.GetProcessByPID(pid)
+			}
+		case 3:
+			conn, ok := connections[splitted[2]]
+			if ok {
+				return conn, nil
+			}
+		case 4:
+			link, ok := links[splitted[3]]
+			if ok {
+				return link, nil
+			}
+		}
+	}
+
+	return nil, storage.ErrNotFound
+}
+
+// Query returns a an iterator for the supplied query.
+func (s *StorageInterface) Query(q *query.Query, local, internal bool) (*iterator.Iterator, error) {
+	it := iterator.New()
+	go s.processQuery(q, it)
+	// TODO: check local and internal
+
+	return it, nil
+}
+
+func (s *StorageInterface) processQuery(q *query.Query, it *iterator.Iterator) {
+	// processes
+	for _, proc := range process.All() {
+		if strings.HasPrefix(proc.Meta().DatabaseKey, q.DatabaseKeyPrefix()) {
+			it.Next <- proc
+		}
+	}
+
+	dataLock.RLock()
+	defer dataLock.RUnlock()
+
+	// connections
+	for _, conn := range connections {
+		if strings.HasPrefix(conn.Meta().DatabaseKey, q.DatabaseKeyPrefix()) {
+			it.Next <- conn
+		}
+	}
+
+	// links
+	for _, link := range links {
+		if strings.HasPrefix(opt.Meta().DatabaseKey, q.DatabaseKeyPrefix()) {
+			it.Next <- link
+		}
+	}
+
+	it.Finish(nil)
+}
+
+func registerAsDatabase() error {
+	_, err := database.Register(&database.Database{
+		Name:        "network",
+		Description: "Network and Firewall Data",
+		StorageType: "injected",
+		PrimaryAPI:  "",
+	})
+	if err != nil {
+		return err
+	}
+
+	controller, err := database.InjectDatabase("network", &ConfigStorageInterface{})
+	if err != nil {
+		return err
+	}
+
+	dbController = controller
+	process.SetDBController(dbController)
+	return nil
+}

network/environment/environment_darwin.go

@@ -0,0 +1,27 @@
+package environment
+
+import "net"
+
+func Nameservers() []Nameserver {
+	return nil
+}
+
+func Gateways() []*net.IP {
+	return nil
+}
+
+// TODO: implement using
+// ifconfig
+// scutil --nwi
+// scutil --proxy
+// networksetup -listallnetworkservices
+// networksetup -listnetworkserviceorder
+// networksetup -getdnsservers "Wi-Fi"
+// networksetup -getsearchdomains <networkservice>
+// networksetup -getftpproxy <networkservice>
+// networksetup -getwebproxy <networkservice>
+// networksetup -getsecurewebproxy <networkservice>
+// networksetup -getstreamingproxy <networkservice>
+// networksetup -getgopherproxy <networkservice>
+// networksetup -getsocksfirewallproxy <networkservice>
+// route -n get default

network/environment/environment_test.go

@@ -1,4 +1,4 @@
-// Copyright Safing ICS Technologies GmbH. Use of this source code is governed by the AGPL license that can be found in the LICENSE file.
+// +build linux
 
 package environment
 

network/link.go

@@ -3,17 +3,17 @@
 package network
 
 import (
+	"errors"
 	"fmt"
 	"sync"
 	"time"
 
-	datastore "github.com/ipfs/go-datastore"
+	"github.com/Safing/portbase/database/record"
-
-	"github.com/Safing/portbase/database"
 	"github.com/Safing/portbase/log"
 	"github.com/Safing/portmaster/network/packet"
 )
 
+// FirewallHandler defines the function signature for a firewall handle function
 type FirewallHandler func(pkt packet.Packet, link *Link)
 
 var (
@@ -22,9 +22,13 @@ var (
 	allLinksLock sync.RWMutex
 )
 
-// Link describes an distinct physical connection (e.g. TCP connection) - like an instance - of a Connection
+// Link describes a distinct physical connection (e.g. TCP connection) - like an instance - of a Connection.
 type Link struct {
-	database.Base
+	record.Record
+	sync.Mutex
+
+	ID string
+
 	Verdict          Verdict
 	Reason           string
 	Tunneled         bool
@@ -32,180 +36,167 @@ type Link struct {
 	Inspect          bool
 	Started          int64
 	Ended            int64
-	connection       *Connection
 	RemoteAddress    string
-	ActiveInspectors []bool                `json:"-" bson:"-"`
-	InspectorData    map[uint8]interface{} `json:"-" bson:"-"`
 
 	pktQueue        chan packet.Packet
 	firewallHandler FirewallHandler
-}
+	connection      *Connection
 
-var linkModel *Link // only use this as parameter for database.EnsureModel-like functions
+	activeInspectors []bool
-
+	inspectorData    map[uint8]interface{}
-func init() {
-	database.RegisterModel(linkModel, func() database.Model { return new(Link) })
 }
 
 // Connection returns the Connection the Link is part of
-func (m *Link) Connection() *Connection {
+func (link *Link) Connection() *Connection {
-	return m.connection
+	return link.connection
 }
 
 // FirewallHandlerIsSet returns whether a firewall handler is set or not
-func (m *Link) FirewallHandlerIsSet() bool {
+func (link *Link) FirewallHandlerIsSet() bool {
-	return m.firewallHandler != nil
+	return link.firewallHandler != nil
 }
 
 // SetFirewallHandler sets the firewall handler for this link
-func (m *Link) SetFirewallHandler(handler FirewallHandler) {
+func (link *Link) SetFirewallHandler(handler FirewallHandler) {
-	if m.firewallHandler == nil {
+	if link.firewallHandler == nil {
-		m.firewallHandler = handler
+		link.firewallHandler = handler
-		m.pktQueue = make(chan packet.Packet, 1000)
+		link.pktQueue = make(chan packet.Packet, 1000)
-		go m.packetHandler()
+		go link.packetHandler()
 		return
 	}
-	m.firewallHandler = handler
+	link.firewallHandler = handler
 }
 
 // StopFirewallHandler unsets the firewall handler
-func (m *Link) StopFirewallHandler() {
+func (link *Link) StopFirewallHandler() {
-	m.pktQueue <- nil
+	link.pktQueue <- nil
 }
 
 // HandlePacket queues packet of Link for handling
-func (m *Link) HandlePacket(pkt packet.Packet) {
+func (link *Link) HandlePacket(pkt packet.Packet) {
-	if m.firewallHandler != nil {
+	if link.firewallHandler != nil {
-		m.pktQueue <- pkt
+		link.pktQueue <- pkt
 		return
 	}
-	log.Criticalf("network: link %s does not have a firewallHandler, maybe its a copy, dropping packet", m)
+	log.Criticalf("network: link %s does not have a firewallHandler (maybe it's a copy), dropping packet", link)
 	pkt.Drop()
 }
 
 // UpdateVerdict sets a new verdict for this link, making sure it does not interfere with previous verdicts
-func (m *Link) UpdateVerdict(newVerdict Verdict) {
+func (link *Link) UpdateVerdict(newVerdict Verdict) {
-	if newVerdict > m.Verdict {
+	if newVerdict > link.Verdict {
-		m.Verdict = newVerdict
+		link.Verdict = newVerdict
-		m.Save()
+		link.Save()
 	}
 }
 
 // AddReason adds a human readable string as to why a certain verdict was set in regard to this link
-func (m *Link) AddReason(newReason string) {
+func (link *Link) AddReason(newReason string) {
-	if m.Reason != "" {
+	link.Lock()
-		m.Reason += " | "
+	defer link.Unlock()
+
+	if link.Reason != "" {
+		link.Reason += " | "
 	}
-	m.Reason += newReason
+	link.Reason += newReason
 }
 
 // packetHandler sequentially handles queued packets
-func (m *Link) packetHandler() {
+func (link *Link) packetHandler() {
 	for {
-		pkt := <-m.pktQueue
+		pkt := <-link.pktQueue
 		if pkt == nil {
 			break
 		}
-		m.firewallHandler(pkt, m)
+		link.firewallHandler(pkt, link)
 	}
-	m.firewallHandler = nil
+	link.firewallHandler = nil
 }
 
-// Create creates a new database entry in the database in the default namespace for this object
+// Save saves the link object in the storage and propagates the change.
-func (m *Link) Create(name string) error {
+func (link *Link) Save() error {
-	m.CreateShallow(name)
+	if link.connection == nil {
-	return m.CreateObject(&database.OrphanedLink, name, m)
+		return errors.New("cannot save link without connection")
-}
-
-// Create creates a new database entry in the database in the default namespace for this object
-func (m *Link) CreateShallow(name string) {
-	allLinksLock.Lock()
-	allLinks[name] = m
-	allLinksLock.Unlock()
-}
-
-// CreateWithDefaultKey creates a new database entry in the database in the default namespace for this object using the default key
-func (m *Link) CreateInConnectionNamespace(name string) error {
-	if m.connection != nil {
-		return m.CreateObject(m.connection.GetKey(), name, m)
 	}
-	return m.CreateObject(&database.OrphanedLink, name, m)
+
+	if link.DatabaseKey() == "" {
+
+		link.SetKey(fmt.Sprintf("network:tree/%d/%s/%s", link.connection.Process().Pid, link.connection.Domain, link.ID))
+		link.CreateMeta()
+
+		dataLock.Lock()
+		defer dataLock.Unlock()
+
+		links[link.ID] = link
+	}
+
+	if link.orphaned && link.connection != nil {
+		p.SetKey()
+	}
+
+	dbController.PushUpdate(link)
 }
 
-// Save saves the object to the database (It must have been either already created or loaded from the database)
+// Delete deletes a link from the storage and propagates the change.
-func (m *Link) Save() error {
+func (link *Link) Delete() {
-	return m.SaveObject(m)
+	dataLock.Lock()
+	defer dataLock.Unlock()
+	delete(links, link.ID)
+	link.Lock()
+	defer link.Lock()
+	link.Meta().Delete()
+	dbController.PushUpdate(link)
 }
 
 // GetLink fetches a Link from the database from the default namespace for this object
-func GetLink(name string) (*Link, error) {
+func GetLink(id string) (*Link, bool) {
-	allLinksLock.RLock()
+	dataLock.RLock()
-	link, ok := allLinks[name]
+	defer dataLock.RUnlock()
-	allLinksLock.RUnlock()
-	if !ok {
-		return nil, database.ErrNotFound
-	}
-	return link, nil
-	// return GetLinkFromNamespace(&database.RunningLink, name)
-}
 
-func SaveInCache(link *Link) {
+	link, ok := links[id]
-
+	return link, ok
-}
-
-// GetLinkFromNamespace fetches a Link form the database, but from a custom namespace
-func GetLinkFromNamespace(namespace *datastore.Key, name string) (*Link, error) {
-	object, err := database.GetAndEnsureModel(namespace, name, linkModel)
-	if err != nil {
-		return nil, err
-	}
-	model, ok := object.(*Link)
-	if !ok {
-		return nil, database.NewMismatchError(object, linkModel)
-	}
-	return model, nil
 }
 
 // GetOrCreateLinkByPacket returns the associated Link for a packet and a bool expressing if the Link was newly created
 func GetOrCreateLinkByPacket(pkt packet.Packet) (*Link, bool) {
-	link, err := GetLink(pkt.GetConnectionID())
+	link, ok := GetLink(pkt.GetConnectionID())
-	if err != nil {
+	if ok {
-		return CreateLinkFromPacket(pkt), true
+		return link, false
 	}
-	return link, false
+	return CreateLinkFromPacket(pkt), true
 }
 
-// CreateLinkFromPacket creates a new Link based on Packet. The Link is shallowly saved and SHOULD be saved to the database as soon more information is available
+// CreateLinkFromPacket creates a new Link based on Packet.
 func CreateLinkFromPacket(pkt packet.Packet) *Link {
 	link := &Link{
+		ID:            pkt.GetConnectionID(),
 		Verdict:       UNDECIDED,
 		Started:       time.Now().Unix(),
 		RemoteAddress: pkt.FmtRemoteAddress(),
 	}
-	link.CreateShallow(pkt.GetConnectionID())
 	return link
 }
 
-// FORMATTING
+// String returns a string representation of Link.
-func (m *Link) String() string {
+func (link *Link) String() string {
-	if m.connection == nil {
+	if link.connection == nil {
-		return fmt.Sprintf("? <-> %s", m.RemoteAddress)
+		return fmt.Sprintf("? <-> %s", link.RemoteAddress)
 	}
-	switch m.connection.Domain {
+	switch link.connection.Domain {
 	case "I":
-		if m.connection.process == nil {
+		if link.connection.process == nil {
-			return fmt.Sprintf("? <- %s", m.RemoteAddress)
+			return fmt.Sprintf("? <- %s", link.RemoteAddress)
 		}
-		return fmt.Sprintf("%s <- %s", m.connection.process.String(), m.RemoteAddress)
+		return fmt.Sprintf("%s <- %s", link.connection.process.String(), link.RemoteAddress)
 	case "D":
-		if m.connection.process == nil {
+		if link.connection.process == nil {
-			return fmt.Sprintf("? -> %s", m.RemoteAddress)
+			return fmt.Sprintf("? -> %s", link.RemoteAddress)
 		}
-		return fmt.Sprintf("%s -> %s", m.connection.process.String(), m.RemoteAddress)
+		return fmt.Sprintf("%s -> %s", link.connection.process.String(), link.RemoteAddress)
 	default:
-		if m.connection.process == nil {
+		if link.connection.process == nil {
-			return fmt.Sprintf("? -> %s (%s)", m.connection.Domain, m.RemoteAddress)
+			return fmt.Sprintf("? -> %s (%s)", link.connection.Domain, link.RemoteAddress)
 		}
-		return fmt.Sprintf("%s to %s (%s)", m.connection.process.String(), m.connection.Domain, m.RemoteAddress)
+		return fmt.Sprintf("%s to %s (%s)", link.connection.process.String(), link.connection.Domain, link.RemoteAddress)
 	}
 }

network/module.go

@@ -0,0 +1,13 @@
+package network
+
+import (
+	"github.com/Safing/portbase/modules"
+)
+
+func init() {
+	modules.Register("network", prep, start, nil, "database")
+}
+
+func start() error {
+	return registerAsDatabase()
+}

network/status.go

@@ -2,7 +2,7 @@
 
 package network
 
-// Status describes the status of a connection.
+// Verdict describes the decision made about a connection or link.
 type Verdict uint8
 
 // List of values a Status can have
@@ -15,6 +15,7 @@ const (
 	DROP
 )
 
+// Packer Directions
 const (
 	Inbound  = true
 	Outbound = false

network/unknown.go

@@ -0,0 +1,31 @@
+package network
+
+import "github.com/Safing/portmaster/process"
+
+// Static reasons
+const (
+	ReasonUnknownProcess = "unknown connection owner: process could not be found"
+)
+
+var (
+	UnknownDirectConnection = &Connection{
+		Domain:    "D",
+		Direction: Outbound,
+		Verdict:   DROP,
+		Reason:    ReasonUnknownProcess,
+		process:   process.UnknownProcess,
+	}
+
+	UnknownIncomingConnection = &Connection{
+		Domain:    "I",
+		Direction: Inbound,
+		Verdict:   DROP,
+		Reason:    ReasonUnknownProcess,
+		process:   process.UnknownProcess,
+	}
+)
+
+func init() {
+	UnknownDirectConnection.Save()
+	UnknownIncomingConnection.Save()
+}

process/database.go

@@ -0,0 +1,69 @@
+package process
+
+import (
+	"fmt"
+	"sync"
+
+	"github.com/Safing/portbase/database"
+	"github.com/tevino/abool"
+)
+
+var (
+	processes     = make(map[int]*Process)
+	processesLock sync.RWMutex
+
+	dbController     *database.Controller
+	dbControllerFlag = abool.NewBool(false)
+)
+
+func makeProcessKey(pid int) string {
+	return fmt.Sprintf("network:tree/%d", pid)
+}
+
+// GetProcessFromStorage returns a process from the internal storage.
+func GetProcessFromStorage(pid int) (*Process, bool) {
+	processesLock.RLock()
+	defer processesLock.RUnlock()
+
+	p, ok := processes[pid]
+	return p, ok
+}
+
+// All returns a copy of all process objects.
+func All() []*Process {
+	processesLock.RLock()
+	defer processesLock.RUnlock()
+
+	all := make([]*Process, 0, len(processes))
+	for _, proc := range processes {
+		all = append(all, proc)
+	}
+
+	return all
+}
+
+// Save saves the process to the internal state and pushes an update.
+func (p *Process) Save() {
+	p.Lock()
+	defer p.Unlock()
+
+	if p.DatabaseKey() == "" {
+		p.SetKey(makeProcessKey(p.Pid))
+		p.CreateMeta()
+
+		processesLock.Lock()
+		defer processesLock.Unlock()
+
+		processes[p.Pid] = p
+	}
+
+	if dbControllerFlag.IsSet() {
+		dbController.PushUpdate(p)
+	}
+}
+
+// SetDBController sets the database controller and allows the package to push database updates on a save. It must be set by the package that registers the "network" database.
+func SetDBController(controller *database.Controller) {
+	dbController = controller
+	dbControllerFlag.Set()
+}

process/doc.go

@@ -1,21 +1,7 @@
-// Copyright Safing ICS Technologies GmbH. Use of this source code is governed by the AGPL license that can be found in the LICENSE file.
-
 /*
 
-
+Package process fetches process and socket information from the operating system.
-Profiles
+It can find the process owning a network connection.
-
-Profiles describe the network behaviour
-
-
-Profiles are found in 3 different paths:
-- /Me/Profiles/: Profiles used for this system
-- /Data/Profiles/: Profiles supplied by Safing
-- /Company/Profiles/: Profiles supplied by the company
-
-When a program wants to use the network for the first time, Safing first searches for a Profile in the Company namespace, then in the Data namespace. If neither is found, it searches for a default profile in the same order.
-
-Default profiles are profiles with a path ending with a "/". The default profile with the longest matching path is chosen.
 
 */
 package process

process/find.go

@@ -7,11 +7,13 @@ import (
 	"github.com/Safing/portmaster/network/packet"
 )
 
+// Errors
 var (
 	ErrConnectionNotFound = errors.New("could not find connection")
 	ErrProcessNotFound    = errors.New("could not find process")
 )
 
+// GetPidByPacket returns the pid of the owner of the packet.
 func GetPidByPacket(pkt packet.Packet) (pid int, direction bool, err error) {
 
 	var localIP net.IP
@@ -50,6 +52,7 @@ func GetPidByPacket(pkt packet.Packet) (pid int, direction bool, err error) {
 
 }
 
+// GetProcessByPacket returns the process that owns the given packet.
 func GetProcessByPacket(pkt packet.Packet) (process *Process, direction bool, err error) {
 
 	var pid int
@@ -70,6 +73,7 @@ func GetProcessByPacket(pkt packet.Packet) (process *Process, direction bool, er
 
 }
 
+// GetPidByEndpoints returns the pid of the owner of the described link.
 func GetPidByEndpoints(localIP net.IP, localPort uint16, remoteIP net.IP, remotePort uint16, protocol packet.IPProtocol) (pid int, direction bool, err error) {
 
 	ipVersion := packet.IPv4
@@ -92,6 +96,7 @@ func GetPidByEndpoints(localIP net.IP, localPort uint16, remoteIP net.IP, remote
 
 }
 
+// GetProcessByEndpoints returns the process that owns the described link.
 func GetProcessByEndpoints(localIP net.IP, localPort uint16, remoteIP net.IP, remotePort uint16, protocol packet.IPProtocol) (process *Process, err error) {
 
 	var pid int
@@ -112,37 +117,7 @@ func GetProcessByEndpoints(localIP net.IP, localPort uint16, remoteIP net.IP, re
 
 }
 
+// GetActiveConnectionIDs returns a list of all active connection IDs.
 func GetActiveConnectionIDs() []string {
 	return getActiveConnectionIDs()
 }
-
-// func GetProcessByPid(pid int) *Process {
-// 	process, err := GetOrFindProcess(pid)
-// 	if err != nil {
-// 		log.Warningf("process: failed to get process %d: %s", pid, err)
-// 		return nil
-// 	}
-// 	return process
-// }
-
-// func GetProcessOfConnection(localIP *net.IP, localPort uint16, protocol uint8) (process *Process, status uint8) {
-// 	pid, status := GetPidOfConnection(localIP, localPort, protocol)
-// 	if status == Success {
-// 		process = GetProcessByPid(pid)
-// 		if process == nil {
-// 			return nil, NoProcessInfo
-// 		}
-// 	}
-// 	return
-// }
-
-// func GetProcessByPacket(pkt packet.Packet) (process *Process, direction bool, status uint8) {
-// 	pid, direction, status := GetPidByPacket(pkt)
-// 	if status == Success {
-// 		process = GetProcessByPid(pid)
-// 		if process == nil {
-// 			return nil, direction, NoProcessInfo
-// 		}
-// 	}
-// 	return
-// }

process/getpid_linux.go

@@ -1,6 +1,8 @@
 package process
 
-import "github.com/Safing/portmaster/process/proc"
+import (
+	"github.com/Safing/portmaster/process/proc"
+)
 
 var (
 	getTCP4PacketInfo      = proc.GetTCP4PacketInfo

process/process.go

@@ -3,10 +3,8 @@
 package process
 
 import (
-	"errors"
 	"fmt"
 	"runtime"
-	"strconv"
 	"sync"
 
 	processInfo "github.com/shirou/gopsutil/process"
@@ -36,11 +34,7 @@ type Process struct {
 	// Icon is a path to the icon and is either prefixed "f:" for filepath, "d:" for database cache path or "c:"/"a:" for a the icon key to fetch it from a company / authoritative node and cache it in its own cache.
 }
 
-// GetProcess fetches Process with the provided name from the default namespace.
+// Strings returns a string represenation of process
-func GetProcess(name string) (*Process, error) {
-	return nil, errors.New("NIY")
-}
-
 func (m *Process) String() string {
 	if m == nil {
 		return "?"
@@ -48,9 +42,10 @@ func (m *Process) String() string {
 	return fmt.Sprintf("%s:%s:%d", m.UserName, m.Path, m.Pid)
 }
 
+// GetOrFindProcess returns the process for the given PID.
 func GetOrFindProcess(pid int) (*Process, error) {
-	process, err := GetProcess(strconv.Itoa(pid))
+	process, ok := GetProcessFromStorage(pid)
-	if err == nil {
+	if ok {
 		return process, nil
 	}
 
@@ -59,7 +54,7 @@ func GetOrFindProcess(pid int) (*Process, error) {
 	}
 
 	switch {
-	case (pid == 0 && runtime.GOOS == "linux") || (pid == 4 && runtime.GOOS == "windows"):
+	case new.IsKernel():
 		new.UserName = "Kernel"
 		new.Name = "Operating System"
 	default:
@@ -72,7 +67,8 @@ func GetOrFindProcess(pid int) (*Process, error) {
 		// UID
 		// net yet implemented for windows
 		if runtime.GOOS == "linux" {
-			uids, err := pInfo.Uids()
+			var uids []int32
+			uids, err = pInfo.Uids()
 			if err != nil {
 				log.Warningf("process: failed to get UID: %s", err)
 			} else {
@@ -203,8 +199,8 @@ func GetOrFindProcess(pid int) (*Process, error) {
 
 	}
 
-	// save to DB
+	// save to storage
-	// new.Save()
+	new.Save()
 
 	return new, nil
 }

process/process_linux.go

@@ -1,13 +1,21 @@
 package process
 
+// IsUser returns whether the process is run by a normal user.
 func (m *Process) IsUser() bool {
 	return m.UserID >= 1000
 }
 
+// IsAdmin returns whether the process is run by an admin user.
 func (m *Process) IsAdmin() bool {
 	return m.UserID >= 0
 }
 
+// IsSystem returns whether the process is run by the operating system.
 func (m *Process) IsSystem() bool {
 	return m.UserID == 0
 }
+
+// IsKernel returns whether the process is the Kernel.
+func (m *Process) IsKernel() bool {
+	return m.Pid == 0
+}

process/process_windows.go

@@ -2,15 +2,23 @@ package process
 
 import "strings"
 
+// IsUser returns whether the process is run by a normal user.
 func (m *Process) IsUser() bool {
 	return m.Pid != 4 && // Kernel
 		!strings.HasPrefix(m.UserName, "NT-") // NT-Authority (localized!)
 }
 
+// IsAdmin returns whether the process is run by an admin user.
 func (m *Process) IsAdmin() bool {
 	return strings.HasPrefix(m.UserName, "NT-") // NT-Authority (localized!)
 }
 
+// IsSystem returns whether the process is run by the operating system.
 func (m *Process) IsSystem() bool {
 	return m.Pid == 4
 }
+
+// IsKernel returns whether the process is the Kernel.
+func (m *Process) IsKernel() bool {
+	return m.Pid == 4
+}

process/unknown.go

@@ -0,0 +1,15 @@
+package process
+
+var (
+	UnknownProcess = &Process{
+		UserID:    -1,
+		UserName:  "Unknown",
+		Pid:       -1,
+		ParentPid: -1,
+		Name:      "Unknown Processes",
+	}
+)
+
+func init() {
+	UnknownProcess.Save()
+}

profile/const_darwin.go

@@ -0,0 +1,6 @@
+package profile
+
+// OS Identifier Prefix
+const (
+	IdentifierPrefix = "mac:"
+)

profile/profile.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"sync"
 
-	"github.com/satori/go.uuid"
+	uuid "github.com/satori/go.uuid"
 
 	"github.com/Safing/portbase/database/record"
 	"github.com/Safing/portmaster/status"
@@ -49,10 +49,12 @@ func New() *Profile {
 // Save saves the profile to the database
 func (profile *Profile) Save(namespace string) error {
 	if profile.ID == "" {
-		u, err := uuid.NewV4()
+		// FIXME: this is weird, the docs says that it also returns an error
-		if err != nil {
+		u := uuid.NewV4()
-			return err
+		// u, err := uuid.NewV4()
-		}
+		// if err != nil {
+		// 	return err
+		// }
 		profile.ID = u.String()
 	}
 

status/set.go

@@ -5,41 +5,41 @@ import "sync/atomic"
 // SetCurrentSecurityLevel sets the current security level.
 func SetCurrentSecurityLevel(level uint8) {
 	sysStatusLock.Lock()
-  defer sysStatusLock.Unlock()
+	defer sysStatusLock.Unlock()
-  sysStatus.CurrentSecurityLevel = level
+	sysStatus.CurrentSecurityLevel = level
-  atomicUpdateCurrentSecurityLevel(level)
+	atomicUpdateCurrentSecurityLevel(level)
 }
 
 // SetSelectedSecurityLevel sets the selected security level.
 func SetSelectedSecurityLevel(level uint8) {
 	sysStatusLock.Lock()
-  defer sysStatusLock.Unlock()
+	defer sysStatusLock.Unlock()
-  sysStatus.SelectedSecurityLevel = level
+	sysStatus.SelectedSecurityLevel = level
-  atomicUpdateSelectedSecurityLevel(level)
+	atomicUpdateSelectedSecurityLevel(level)
 }
 
 // SetThreatLevel sets the current threat level.
 func SetThreatLevel(level uint8) {
 	sysStatusLock.Lock()
-  defer sysStatusLock.Unlock()
+	defer sysStatusLock.Unlock()
-  sysStatus.ThreatLevel = level
+	sysStatus.ThreatLevel = level
-  atomicUpdateThreatLevel(level)
+	atomicUpdateThreatLevel(level)
 }
 
 // SetPortmasterStatus sets the current Portmaster status.
 func SetPortmasterStatus(status uint8) {
 	sysStatusLock.Lock()
-  defer sysStatusLock.Unlock()
+	defer sysStatusLock.Unlock()
-  sysStatus.PortmasterStatus = status
+	sysStatus.PortmasterStatus = status
-  atomicUpdatePortmasterStatus(status)
+	atomicUpdatePortmasterStatus(status)
 }
 
 // SetGate17Status sets the current Gate17 status.
 func SetGate17Status(status uint8) {
 	sysStatusLock.Lock()
-  defer sysStatusLock.Unlock()
+	defer sysStatusLock.Unlock()
-  sysStatus.Gate17Status = status
+	sysStatus.Gate17Status = status
-  atomicUpdateGate17Status(status)
+	atomicUpdateGate17Status(status)
 }
 
 // update functions for atomic stuff