Fix module dependencies, split filter into interception and filter modules

2025-09-01 10:09:11 +00:00 · 2020-04-24 10:17:15 +02:00 · 2020-04-24 10:17:15 +02:00 · 95041d217c
commit 95041d217c
parent 5c7739e28a
8 changed files with 89 additions and 40 deletions
--- a/core/core.go
+++ b/core/core.go
@ -20,7 +20,19 @@ var (
 func init() {
 	modules.Register("base", nil, registerDatabases, nil, "database", "config", "rng")

-	module = modules.Register("core", nil, start, nil, "base", "subsystems", "status", "updates", "api", "notifications", "ui")
+	// For prettier subsystem graph, printed with --print-subsystem-graph
+	/*
+		subsystems.Register(
+			"base",
+			"Base",
+			"THE GROUND.",
+			baseModule,
+			"",
+			nil,
+		)
+	*/
+
+	module = modules.Register("core", prep, start, nil, "base", "subsystems", "status", "updates", "api", "notifications", "ui", "netenv", "network", "interception")
 	subsystems.Register(
 		"core",
 		"Core",
--- a/firewall/filter.go
+++ b/firewall/filter.go
@ -0,0 +1,47 @@
+package firewall
+
+import (
+	"github.com/safing/portbase/config"
+	"github.com/safing/portbase/modules/subsystems"
+
+	"github.com/safing/portbase/modules"
+
+	// module dependencies
+	_ "github.com/safing/portmaster/core"
+	_ "github.com/safing/portmaster/profile"
+)
+
+var (
+	filterModule  *modules.Module
+	filterEnabled config.BoolOption
+)
+
+func init() {
+	filterModule = modules.Register("filter", filterPrep, nil, nil, "core", "intel")
+	subsystems.Register(
+		"filter",
+		"Privacy Filter",
+		"DNS and Network Filter",
+		filterModule,
+		"config:filter/",
+		&config.Option{
+			Name:           "Enable Privacy Filter",
+			Key:            CfgOptionEnableFilterKey,
+			Description:    "Enable the Privacy Filter Subsystem to filter DNS queries and network requests.",
+			OptType:        config.OptTypeBool,
+			ExpertiseLevel: config.ExpertiseLevelUser,
+			ReleaseLevel:   config.ReleaseLevelBeta,
+			DefaultValue:   true,
+		},
+	)
+}
+
+func filterPrep() (err error) {
+	err = registerConfig()
+	if err != nil {
+		return err
+	}
+
+	filterEnabled = config.GetAsBool(CfgOptionEnableFilterKey, true)
+	return nil
+}
--- a/firewall/interception.go
+++ b/firewall/interception.go
@ -7,9 +7,6 @@ import (
 	"sync/atomic"
 	"time"

-	"github.com/safing/portbase/config"
-	"github.com/safing/portbase/modules/subsystems"
-
 	"github.com/safing/portbase/log"
 	"github.com/safing/portbase/modules"
 	"github.com/safing/portmaster/firewall/inspection"
@ -23,7 +20,7 @@ import (
 )

 var (
-	module *modules.Module
+	interceptionModule *modules.Module

 	// localNet        net.IPNet
 	// localhost net.IP
@ -45,33 +42,12 @@ var (
 )

 func init() {
-	module = modules.Register("filter", prep, start, stop, "core", "network", "nameserver", "intel")
-	subsystems.Register(
-		"filter",
-		"Privacy Filter",
-		"DNS and Network Filter",
-		module,
-		"config:filter/",
-		&config.Option{
-			Name:           "Enable Privacy Filter",
-			Key:            CfgOptionEnableFilterKey,
-			Description:    "Enable the Privacy Filter Subsystem to filter DNS queries and network requests.",
-			OptType:        config.OptTypeBool,
-			ExpertiseLevel: config.ExpertiseLevelUser,
-			ReleaseLevel:   config.ReleaseLevelBeta,
-			DefaultValue:   true,
-		},
-	)
+	interceptionModule = modules.Register("interception", interceptionPrep, interceptionStart, interceptionStop, "base")

 	network.SetDefaultFirewallHandler(defaultHandler)
 }

-func prep() (err error) {
-	err = registerConfig()
-	if err != nil {
-		return err
-	}
-
+func interceptionPrep() (err error) {
 	err = prepAPIAuth()
 	if err != nil {
 		return err
@ -101,20 +77,20 @@ func prep() (err error) {
 	return nil
 }

-func start() error {
+func interceptionStart() error {
 	startAPIAuth()

-	module.StartWorker("stat logger", func(ctx context.Context) error {
+	interceptionModule.StartWorker("stat logger", func(ctx context.Context) error {
 		statLogger()
 		return nil
 	})

-	module.StartWorker("packet handler", func(ctx context.Context) error {
+	interceptionModule.StartWorker("packet handler", func(ctx context.Context) error {
 		run()
 		return nil
 	})

-	module.StartWorker("ports state cleaner", func(ctx context.Context) error {
+	interceptionModule.StartWorker("ports state cleaner", func(ctx context.Context) error {
 		portsInUseCleaner()
 		return nil
 	})
@ -122,7 +98,7 @@ func start() error {
 	return interception.Start()
 }

-func stop() error {
+func interceptionStop() error {
 	return interception.Stop()
 }

@ -248,6 +224,15 @@ func initialHandler(conn *network.Connection, pkt packet.Packet) {
 		return
 	}

+	// check if filtering is enabled
+	if !filterEnabled() {
+		conn.Inspecting = false
+		conn.SetVerdict(network.VerdictAccept, "privacy filter disabled", nil)
+		conn.StopFirewallHandler()
+		issueVerdict(conn, pkt, 0, true)
+		return
+	}
+
 	log.Tracer(pkt.Ctx()).Trace("filter: starting decision process")
 	DecideOnConnection(conn, pkt)
 	conn.Inspecting = false // TODO: enable inspecting again
@ -350,7 +335,7 @@ func issueVerdict(conn *network.Connection, pkt packet.Packet, verdict network.V
 func run() {
 	for {
 		select {
-		case <-module.Stopping():
+		case <-interceptionModule.Stopping():
 			return
 		case pkt := <-interception.Packets:
 			handlePacket(pkt)
@ -361,7 +346,7 @@ func run() {
 func statLogger() {
 	for {
 		select {
-		case <-module.Stopping():
+		case <-interceptionModule.Stopping():
 			return
 		case <-time.After(10 * time.Second):
 			log.Tracef(
--- a/firewall/ports.go
+++ b/firewall/ports.go
@ -72,7 +72,7 @@ func GetPermittedPort() uint16 {
 func portsInUseCleaner() {
 	for {
 		select {
-		case <-module.Stopping():
+		case <-interceptionModule.Stopping():
 			return
 		case <-time.After(cleanerTickDuration):
 			cleanPortsInUse()
--- a/intel/filterlists/module.go
+++ b/intel/filterlists/module.go
@ -33,7 +33,7 @@ var (
 func init() {
 	ignoreNetEnvEvents.Set()

-	module = modules.Register("filterlists", prep, start, nil, "core", "netenv")
+	module = modules.Register("filterlists", prep, start, stop, "core")
 }

 func prep() error {
@ -98,3 +98,8 @@ func start() error {

 	return nil
 }
+
+func stop() error {
+	filterListsLoaded = make(chan struct{})
+	return nil
+}
--- a/nameserver/nameserver.go
+++ b/nameserver/nameserver.go
@ -32,7 +32,7 @@ var (
 )

 func init() {
-	module = modules.Register("nameserver", prep, start, stop, "core", "resolver", "network", "netenv")
+	module = modules.Register("nameserver", prep, start, stop, "core", "resolver")
 	subsystems.Register(
 		"dns",
 		"Secure DNS",
--- a/network/module.go
+++ b/network/module.go
@ -16,7 +16,7 @@ var (
 )

 func init() {
-	module = modules.Register("network", nil, start, nil, "core", "processes")
+	module = modules.Register("network", nil, start, nil, "base", "processes")
 }

 // SetDefaultFirewallHandler sets the default firewall handler.
--- a/profile/module.go
+++ b/profile/module.go
@ -14,7 +14,7 @@ var (
 )

 func init() {
-	module = modules.Register("profiles", prep, start, nil, "core")
+	module = modules.Register("profiles", prep, start, nil, "base")
 }

 func prep() error {