From 95041d217cc82dd882189afe348adfdf58611d43 Mon Sep 17 00:00:00 2001 From: Daniel Date: Fri, 24 Apr 2020 10:17:15 +0200 Subject: [PATCH] Fix module dependencies, split filter into interception and filter modules --- core/core.go | 14 +++++- firewall/filter.go | 47 ++++++++++++++++++++ firewall/{firewall.go => interception.go} | 53 ++++++++--------------- firewall/ports.go | 2 +- intel/filterlists/module.go | 7 ++- nameserver/nameserver.go | 2 +- network/module.go | 2 +- profile/module.go | 2 +- 8 files changed, 89 insertions(+), 40 deletions(-) create mode 100644 firewall/filter.go rename firewall/{firewall.go => interception.go} (88%) diff --git a/core/core.go b/core/core.go index 039758e0..f7a6d13a 100644 --- a/core/core.go +++ b/core/core.go @@ -20,7 +20,19 @@ var ( func init() { modules.Register("base", nil, registerDatabases, nil, "database", "config", "rng") - module = modules.Register("core", nil, start, nil, "base", "subsystems", "status", "updates", "api", "notifications", "ui") + // For prettier subsystem graph, printed with --print-subsystem-graph + /* + subsystems.Register( + "base", + "Base", + "THE GROUND.", + baseModule, + "", + nil, + ) + */ + + module = modules.Register("core", prep, start, nil, "base", "subsystems", "status", "updates", "api", "notifications", "ui", "netenv", "network", "interception") subsystems.Register( "core", "Core", diff --git a/firewall/filter.go b/firewall/filter.go new file mode 100644 index 00000000..6302401c --- /dev/null +++ b/firewall/filter.go @@ -0,0 +1,47 @@ +package firewall + +import ( + "github.com/safing/portbase/config" + "github.com/safing/portbase/modules/subsystems" + + "github.com/safing/portbase/modules" + + // module dependencies + _ "github.com/safing/portmaster/core" + _ "github.com/safing/portmaster/profile" +) + +var ( + filterModule *modules.Module + filterEnabled config.BoolOption +) + +func init() { + filterModule = modules.Register("filter", filterPrep, nil, nil, "core", "intel") + subsystems.Register( + "filter", + "Privacy Filter", + "DNS and Network Filter", + filterModule, + "config:filter/", + &config.Option{ + Name: "Enable Privacy Filter", + Key: CfgOptionEnableFilterKey, + Description: "Enable the Privacy Filter Subsystem to filter DNS queries and network requests.", + OptType: config.OptTypeBool, + ExpertiseLevel: config.ExpertiseLevelUser, + ReleaseLevel: config.ReleaseLevelBeta, + DefaultValue: true, + }, + ) +} + +func filterPrep() (err error) { + err = registerConfig() + if err != nil { + return err + } + + filterEnabled = config.GetAsBool(CfgOptionEnableFilterKey, true) + return nil +} diff --git a/firewall/firewall.go b/firewall/interception.go similarity index 88% rename from firewall/firewall.go rename to firewall/interception.go index 923e87f2..f7bf1f1d 100644 --- a/firewall/firewall.go +++ b/firewall/interception.go @@ -7,9 +7,6 @@ import ( "sync/atomic" "time" - "github.com/safing/portbase/config" - "github.com/safing/portbase/modules/subsystems" - "github.com/safing/portbase/log" "github.com/safing/portbase/modules" "github.com/safing/portmaster/firewall/inspection" @@ -23,7 +20,7 @@ import ( ) var ( - module *modules.Module + interceptionModule *modules.Module // localNet net.IPNet // localhost net.IP @@ -45,33 +42,12 @@ var ( ) func init() { - module = modules.Register("filter", prep, start, stop, "core", "network", "nameserver", "intel") - subsystems.Register( - "filter", - "Privacy Filter", - "DNS and Network Filter", - module, - "config:filter/", - &config.Option{ - Name: "Enable Privacy Filter", - Key: CfgOptionEnableFilterKey, - Description: "Enable the Privacy Filter Subsystem to filter DNS queries and network requests.", - OptType: config.OptTypeBool, - ExpertiseLevel: config.ExpertiseLevelUser, - ReleaseLevel: config.ReleaseLevelBeta, - DefaultValue: true, - }, - ) + interceptionModule = modules.Register("interception", interceptionPrep, interceptionStart, interceptionStop, "base") network.SetDefaultFirewallHandler(defaultHandler) } -func prep() (err error) { - err = registerConfig() - if err != nil { - return err - } - +func interceptionPrep() (err error) { err = prepAPIAuth() if err != nil { return err @@ -101,20 +77,20 @@ func prep() (err error) { return nil } -func start() error { +func interceptionStart() error { startAPIAuth() - module.StartWorker("stat logger", func(ctx context.Context) error { + interceptionModule.StartWorker("stat logger", func(ctx context.Context) error { statLogger() return nil }) - module.StartWorker("packet handler", func(ctx context.Context) error { + interceptionModule.StartWorker("packet handler", func(ctx context.Context) error { run() return nil }) - module.StartWorker("ports state cleaner", func(ctx context.Context) error { + interceptionModule.StartWorker("ports state cleaner", func(ctx context.Context) error { portsInUseCleaner() return nil }) @@ -122,7 +98,7 @@ func start() error { return interception.Start() } -func stop() error { +func interceptionStop() error { return interception.Stop() } @@ -248,6 +224,15 @@ func initialHandler(conn *network.Connection, pkt packet.Packet) { return } + // check if filtering is enabled + if !filterEnabled() { + conn.Inspecting = false + conn.SetVerdict(network.VerdictAccept, "privacy filter disabled", nil) + conn.StopFirewallHandler() + issueVerdict(conn, pkt, 0, true) + return + } + log.Tracer(pkt.Ctx()).Trace("filter: starting decision process") DecideOnConnection(conn, pkt) conn.Inspecting = false // TODO: enable inspecting again @@ -350,7 +335,7 @@ func issueVerdict(conn *network.Connection, pkt packet.Packet, verdict network.V func run() { for { select { - case <-module.Stopping(): + case <-interceptionModule.Stopping(): return case pkt := <-interception.Packets: handlePacket(pkt) @@ -361,7 +346,7 @@ func run() { func statLogger() { for { select { - case <-module.Stopping(): + case <-interceptionModule.Stopping(): return case <-time.After(10 * time.Second): log.Tracef( diff --git a/firewall/ports.go b/firewall/ports.go index 50b39d31..c0e3eb65 100644 --- a/firewall/ports.go +++ b/firewall/ports.go @@ -72,7 +72,7 @@ func GetPermittedPort() uint16 { func portsInUseCleaner() { for { select { - case <-module.Stopping(): + case <-interceptionModule.Stopping(): return case <-time.After(cleanerTickDuration): cleanPortsInUse() diff --git a/intel/filterlists/module.go b/intel/filterlists/module.go index 9b74c5c4..38d9deaa 100644 --- a/intel/filterlists/module.go +++ b/intel/filterlists/module.go @@ -33,7 +33,7 @@ var ( func init() { ignoreNetEnvEvents.Set() - module = modules.Register("filterlists", prep, start, nil, "core", "netenv") + module = modules.Register("filterlists", prep, start, stop, "core") } func prep() error { @@ -98,3 +98,8 @@ func start() error { return nil } + +func stop() error { + filterListsLoaded = make(chan struct{}) + return nil +} diff --git a/nameserver/nameserver.go b/nameserver/nameserver.go index 03d71701..82f3077e 100644 --- a/nameserver/nameserver.go +++ b/nameserver/nameserver.go @@ -32,7 +32,7 @@ var ( ) func init() { - module = modules.Register("nameserver", prep, start, stop, "core", "resolver", "network", "netenv") + module = modules.Register("nameserver", prep, start, stop, "core", "resolver") subsystems.Register( "dns", "Secure DNS", diff --git a/network/module.go b/network/module.go index 8b2c8309..70f2fd24 100644 --- a/network/module.go +++ b/network/module.go @@ -16,7 +16,7 @@ var ( ) func init() { - module = modules.Register("network", nil, start, nil, "core", "processes") + module = modules.Register("network", nil, start, nil, "base", "processes") } // SetDefaultFirewallHandler sets the default firewall handler. diff --git a/profile/module.go b/profile/module.go index 8d962a8a..1cc83688 100644 --- a/profile/module.go +++ b/profile/module.go @@ -14,7 +14,7 @@ var ( ) func init() { - module = modules.Register("profiles", prep, start, nil, "core") + module = modules.Register("profiles", prep, start, nil, "base") } func prep() error {