diff --git a/firewall/interception.go b/firewall/interception.go index 1e985d0b..5dff4530 100644 --- a/firewall/interception.go +++ b/firewall/interception.go @@ -72,7 +72,7 @@ func interceptionPrep() error { configChangeEvent, "reset connection verdicts", func(ctx context.Context, _ interface{}) error { - resetPersistentVerdicts() + resetAllConnectionVerdicts() return nil }, ) @@ -86,7 +86,7 @@ func interceptionPrep() error { profileConfigChangeEvent, "reset connection verdicts", func(ctx context.Context, _ interface{}) error { - resetPersistentVerdicts() + resetAllConnectionVerdicts() return nil }, ) @@ -101,7 +101,7 @@ func interceptionPrep() error { onSPNConnectEvent, "reset connection verdicts", func(ctx context.Context, _ interface{}) error { - resetPersistentVerdicts() + resetAllConnectionVerdicts() return nil }, ) @@ -116,7 +116,7 @@ func interceptionPrep() error { return prepAPIAuth() } -func resetPersistentVerdicts() { +func resetAllConnectionVerdicts() { // Resetting will force all the connection to be evaluated by the firewall again // this will set new verdicts if configuration was update or spn has been disabled or enabled. log.Info("interception: reevaluating all connection trough the firewall") diff --git a/firewall/interception/nfq/conntrack.go b/firewall/interception/nfq/conntrack.go index e3b9be02..83d18ae6 100644 --- a/firewall/interception/nfq/conntrack.go +++ b/firewall/interception/nfq/conntrack.go @@ -6,6 +6,7 @@ import ( "encoding/binary" ct "github.com/florianl/go-conntrack" + "github.com/safing/portbase/log" "github.com/safing/portmaster/netenv" ) @@ -36,7 +37,9 @@ func deleteMarkedConnections(nfct *ct.Nfct, f ct.Family) { filter.MarkMask = []byte{0xFF, 0xFF, 0xFF, 0xFF} filter.Mark = []byte{0x00, 0x00, 0x00, 0x00} // 4 zeros starting value - // get all connections from the specified family (ipv4 or ipv6) + numberOfErrors := 0 + var deleteError error = nil + // Get all connections from the specified family (ipv4 or ipv6) for _, mark := range permanentFlags { binary.BigEndian.PutUint32(filter.Mark, mark) // Little endian is in reverse not sure why. BigEndian makes it in correct order. currentConnections, err := nfct.Query(ct.Conntrack, f, filter) @@ -45,16 +48,15 @@ func deleteMarkedConnections(nfct *ct.Nfct, f ct.Family) { continue } - numberOfErrors := 0 for _, connection := range currentConnections { - err = nfct.Delete(ct.Conntrack, ct.IPv4, connection) + deleteError = nfct.Delete(ct.Conntrack, ct.IPv4, connection) if err != nil { numberOfErrors++ } } + } - if numberOfErrors > 0 { - log.Warningf("nfq: failed to delete %d conntrack entries last error is: %s", numberOfErrors, err) - } + if numberOfErrors > 0 { + log.Warningf("nfq: failed to delete %d conntrack entries last error is: %s", numberOfErrors, deleteError) } } diff --git a/firewall/interception/windowskext/kext.go b/firewall/interception/windowskext/kext.go index 7e96614c..d438538e 100644 --- a/firewall/interception/windowskext/kext.go +++ b/firewall/interception/windowskext/kext.go @@ -95,7 +95,7 @@ func Init(dllPath, driverPath string) error { new.clearCache, err = new.dll.FindProc("PortmasterClearCache") if err != nil { // the loaded dll is an old version - log.Errorf("could not find proc PortmasterClearCache (v0.x.x+) in dll: %s", err) + log.Errorf("could not find proc PortmasterClearCache (v1.0.12+) in dll: %s", err) } // initialize dll/kext diff --git a/network/connection.go b/network/connection.go index 68fdfa18..dbad5664 100644 --- a/network/connection.go +++ b/network/connection.go @@ -448,7 +448,7 @@ func GetConnection(id string) (*Connection, bool) { // GetAllConnections Gets all connection. func GetAllConnections() []*Connection { - return append(conns.list(), dnsConns.list()...) + return conns.list() } // SetLocalIP sets the local IP address together with its network scope. The