vikarti.anatra/safing-portmaster
1
0
Fork 0
mirror of https://github.com/safing/portmaster synced 2025-09-02 02:29:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix module dependencies, split filter into interception and filter modules

Browse source
This commit is contained in:
Daniel 2020-04-24 10:17:15 +02:00
parent 5c7739e28a
commit 95041d217c
8 changed files with 89 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
core/core.go
View file

@ -20,7 +20,19 @@ var (
func init() { func init() {
modules.Register("base", nil, registerDatabases, nil, "database", "config", "rng") modules.Register("base", nil, registerDatabases, nil, "database", "config", "rng")
module = modules.Register("core", nil, start, nil, "base", "subsystems", "status", "updates", "api", "notifications", "ui") // For prettier subsystem graph, printed with --print-subsystem-graph
/*
subsystems.Register(
"base",
"Base",
"THE GROUND.",
baseModule,
"",
nil,
)
*/
module = modules.Register("core", prep, start, nil, "base", "subsystems", "status", "updates", "api", "notifications", "ui", "netenv", "network", "interception")
subsystems.Register( subsystems.Register(
"core", "core",
"Core", "Core",

47
firewall/filter.go Normal file
View file

@ -0,0 +1,47 @@
package firewall
import (
"github.com/safing/portbase/config"
"github.com/safing/portbase/modules/subsystems"
"github.com/safing/portbase/modules"
// module dependencies
_ "github.com/safing/portmaster/core"
_ "github.com/safing/portmaster/profile"
)
var (
filterModule *modules.Module
filterEnabled config.BoolOption
)
func init() {
filterModule = modules.Register("filter", filterPrep, nil, nil, "core", "intel")
subsystems.Register(
"filter",
"Privacy Filter",
"DNS and Network Filter",
filterModule,
"config:filter/",
&config.Option{
Name: "Enable Privacy Filter",
Key: CfgOptionEnableFilterKey,
Description: "Enable the Privacy Filter Subsystem to filter DNS queries and network requests.",
OptType: config.OptTypeBool,
ExpertiseLevel: config.ExpertiseLevelUser,
ReleaseLevel: config.ReleaseLevelBeta,
DefaultValue: true,
},
)
}
func filterPrep() (err error) {
err = registerConfig()
if err != nil {
return err
}
filterEnabled = config.GetAsBool(CfgOptionEnableFilterKey, true)
return nil
}

53
firewall/firewall.go → firewall/interception.go
View file

@ -7,9 +7,6 @@ import (
"sync/atomic" "sync/atomic"
"time" "time"
"github.com/safing/portbase/config"
"github.com/safing/portbase/modules/subsystems"
"github.com/safing/portbase/log" "github.com/safing/portbase/log"
"github.com/safing/portbase/modules" "github.com/safing/portbase/modules"
"github.com/safing/portmaster/firewall/inspection" "github.com/safing/portmaster/firewall/inspection"
@ -23,7 +20,7 @@ import (
) )
var ( var (
module *modules.Module interceptionModule *modules.Module
// localNet net.IPNet // localNet net.IPNet
// localhost net.IP // localhost net.IP
@ -45,33 +42,12 @@ var (
) )
func init() { func init() {
module = modules.Register("filter", prep, start, stop, "core", "network", "nameserver", "intel") interceptionModule = modules.Register("interception", interceptionPrep, interceptionStart, interceptionStop, "base")
subsystems.Register(
"filter",
"Privacy Filter",
"DNS and Network Filter",
module,
"config:filter/",
&config.Option{
Name: "Enable Privacy Filter",
Key: CfgOptionEnableFilterKey,
Description: "Enable the Privacy Filter Subsystem to filter DNS queries and network requests.",
OptType: config.OptTypeBool,
ExpertiseLevel: config.ExpertiseLevelUser,
ReleaseLevel: config.ReleaseLevelBeta,
DefaultValue: true,
},
)
network.SetDefaultFirewallHandler(defaultHandler) network.SetDefaultFirewallHandler(defaultHandler)
} }
func prep() (err error) { func interceptionPrep() (err error) {
err = registerConfig()
if err != nil {
return err
}
err = prepAPIAuth() err = prepAPIAuth()
if err != nil { if err != nil {
return err return err
@ -101,20 +77,20 @@ func prep() (err error) {
return nil return nil
} }
func start() error { func interceptionStart() error {
startAPIAuth() startAPIAuth()
module.StartWorker("stat logger", func(ctx context.Context) error { interceptionModule.StartWorker("stat logger", func(ctx context.Context) error {
statLogger() statLogger()
return nil return nil
}) })
module.StartWorker("packet handler", func(ctx context.Context) error { interceptionModule.StartWorker("packet handler", func(ctx context.Context) error {
run() run()
return nil return nil
}) })
module.StartWorker("ports state cleaner", func(ctx context.Context) error { interceptionModule.StartWorker("ports state cleaner", func(ctx context.Context) error {
portsInUseCleaner() portsInUseCleaner()
return nil return nil
}) })
@ -122,7 +98,7 @@ func start() error {
return interception.Start() return interception.Start()
} }
func stop() error { func interceptionStop() error {
return interception.Stop() return interception.Stop()
} }
@ -248,6 +224,15 @@ func initialHandler(conn *network.Connection, pkt packet.Packet) {
return return
} }
// check if filtering is enabled
if !filterEnabled() {
conn.Inspecting = false
conn.SetVerdict(network.VerdictAccept, "privacy filter disabled", nil)
conn.StopFirewallHandler()
issueVerdict(conn, pkt, 0, true)
return
}
log.Tracer(pkt.Ctx()).Trace("filter: starting decision process") log.Tracer(pkt.Ctx()).Trace("filter: starting decision process")
DecideOnConnection(conn, pkt) DecideOnConnection(conn, pkt)
conn.Inspecting = false // TODO: enable inspecting again conn.Inspecting = false // TODO: enable inspecting again
@ -350,7 +335,7 @@ func issueVerdict(conn *network.Connection, pkt packet.Packet, verdict network.V
func run() { func run() {
for { for {
select { select {
case <-module.Stopping(): case <-interceptionModule.Stopping():
return return
case pkt := <-interception.Packets: case pkt := <-interception.Packets:
handlePacket(pkt) handlePacket(pkt)
@ -361,7 +346,7 @@ func run() {
func statLogger() { func statLogger() {
for { for {
select { select {
case <-module.Stopping(): case <-interceptionModule.Stopping():
return return
case <-time.After(10 * time.Second): case <-time.After(10 * time.Second):
log.Tracef( log.Tracef(

2
firewall/ports.go
View file

@ -72,7 +72,7 @@ func GetPermittedPort() uint16 {
func portsInUseCleaner() { func portsInUseCleaner() {
for { for {
select { select {
case <-module.Stopping(): case <-interceptionModule.Stopping():
return return
case <-time.After(cleanerTickDuration): case <-time.After(cleanerTickDuration):
cleanPortsInUse() cleanPortsInUse()

7
intel/filterlists/module.go
View file

@ -33,7 +33,7 @@ var (
func init() { func init() {
ignoreNetEnvEvents.Set() ignoreNetEnvEvents.Set()
module = modules.Register("filterlists", prep, start, nil, "core", "netenv") module = modules.Register("filterlists", prep, start, stop, "core")
} }
func prep() error { func prep() error {
@ -98,3 +98,8 @@ func start() error {
return nil return nil
} }
func stop() error {
filterListsLoaded = make(chan struct{})
return nil
}

2
nameserver/nameserver.go
View file

@ -32,7 +32,7 @@ var (
) )
func init() { func init() {
module = modules.Register("nameserver", prep, start, stop, "core", "resolver", "network", "netenv") module = modules.Register("nameserver", prep, start, stop, "core", "resolver")
subsystems.Register( subsystems.Register(
"dns", "dns",
"Secure DNS", "Secure DNS",

2
network/module.go
View file

@ -16,7 +16,7 @@ var (
) )
func init() { func init() {
module = modules.Register("network", nil, start, nil, "core", "processes") module = modules.Register("network", nil, start, nil, "base", "processes")
} }
// SetDefaultFirewallHandler sets the default firewall handler. // SetDefaultFirewallHandler sets the default firewall handler.

2
profile/module.go
View file

@ -14,7 +14,7 @@ var (
) )
func init() { func init() {
module = modules.Register("profiles", prep, start, nil, "core") module = modules.Register("profiles", prep, start, nil, "base")
} }
func prep() error { func prep() error {