vikarti.anatra/safing-portmaster
1
0
Fork 0
mirror of https://github.com/safing/portmaster synced 2025-09-02 10:39:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add support for upcoming UNBREAK filter list

Browse source
This commit is contained in:
Daniel 2022-06-01 13:28:10 +02:00
parent 515f4686f7
commit 787f9e7dec
2 changed files with 27 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
firewall/filter.go
View file

@ -2,9 +2,11 @@ package firewall
import (
"github.com/safing/portbase/config"
"github.com/safing/portbase/log"
"github.com/safing/portbase/modules"
"github.com/safing/portbase/modules/subsystems"
_ "github.com/safing/portmaster/core"
"github.com/safing/portmaster/intel/filterlists"
"github.com/safing/spn/captain"
)
@ -12,10 +14,13 @@ var (
filterModule *modules.Module
filterEnabled config.BoolOption
tunnelEnabled config.BoolOption
unbreakFilterListIDs = []string{"UNBREAK"}
resolvedUnbreakFilterListIDs []string
)
func init() {
filterModule = modules.Register("filter", filterPrep, nil, nil, "core", "intel")
filterModule = modules.Register("filter", filterPrep, filterStart, nil, "core", "intel")
subsystems.Register(
"filter",
"Privacy Filter",
@ -47,3 +52,14 @@ func filterPrep() (err error) {
tunnelEnabled = config.Concurrent.GetAsBool(captain.CfgOptionEnableSPNKey, false)
return nil
}
func filterStart() error {
// TODO: Re-resolve IDs when filterlist index changes.
resolvedIDs, err := filterlists.ResolveListIDs(unbreakFilterListIDs)
if err != nil {
log.Warningf("filter: failed to resolve unbreak filter list IDs: %s", err)
} else {
resolvedUnbreakFilterListIDs = resolvedIDs
}
return nil
}

10
firewall/master.go
View file

@ -432,6 +432,16 @@ func checkFilterLists(ctx context.Context, conn *network.Connection, p *profile.
result, reason := p.MatchFilterLists(ctx, conn.Entity)
switch result {
case endpoints.Denied:
// If the connection matches a filter list, check if the "unbreak" list matches too and abort blocking.
for _, blockedListID := range conn.Entity.BlockedByLists {
for _, unbreakListID := range resolvedUnbreakFilterListIDs {
if blockedListID == unbreakListID {
log.Tracer(ctx).Debugf("filter: unbreak filter %s matched, ignoring other filter list matches", unbreakListID)
return false
}
}
}
// Otherwise, continue with blocking.
conn.DenyWithContext(reason.String(), profile.CfgOptionFilterListsKey, reason.Context())
return true
case endpoints.NoMatch: