Simplify profile reloading

Also, increase prompt decision timeout.
2025-09-02 10:39:22 +00:00 · 2021-01-25 17:04:59 +01:00 · 2021-01-25 17:04:59 +01:00 · 9cf214fdff
commit 9cf214fdff
parent cad957bae0
12 changed files with 48 additions and 125 deletions
--- a/firewall/api.go
+++ b/firewall/api.go
@ -97,7 +97,7 @@ func apiAuthenticator(r *http.Request, s *http.Server) (token *api.AuthToken, er
 	log.Tracer(r.Context()).Tracef("filter: authenticating API request from %s", r.RemoteAddr)
-	// It is very important that this works, retry extensively (every 250ms for 5s)
+	// It is important that this works, retry 5 times: every 500ms for 2.5s.
 	var retry bool
 	for tries := 0; tries < 5; tries++ {
 		retry, err = authenticateAPIRequest(
--- a/firewall/config.go
+++ b/firewall/config.go
@ -6,7 +6,7 @@ import (
 	"github.com/safing/portmaster/core"
 )
-// Configuration Keys
+// Configuration Keys.
 var (
 	CfgOptionEnableFilterKey = "filter/enable"
--- a/firewall/prompt.go
+++ b/firewall/prompt.go
@ -32,6 +32,8 @@ const (
 var (
 	promptNotificationCreation sync.Mutex
 	decisionTimeout int64 = 10 // in seconds
 )
 type promptData struct {
@ -45,10 +47,16 @@ type promptProfile struct {
 	LinkedPath string
 }
-func prompt(ctx context.Context, conn *network.Connection, pkt packet.Packet) { //nolint:gocognit // TODO
+func prompt(ctx context.Context, conn *network.Connection, pkt packet.Packet) {
 	// Create notification.
 	n := createPrompt(ctx, conn, pkt)
 	// Get decision timeout and make sure it does not exceed the ask timeout.
 	timeout := decisionTimeout
 	if timeout > askTimeout() {
 		timeout = askTimeout()
 	}
 	// wait for response/timeout
 	select {
 	case promptResponse := <-n.Response():
@ -59,7 +67,7 @@ func prompt(ctx context.Context, conn *network.Connection, pkt packet.Packet) {
 			conn.Deny("blocked via prompt", profile.CfgOptionEndpointsKey)
 		}
-	case <-time.After(1 * time.Second):
+	case <-time.After(time.Duration(timeout) * time.Second):
 		log.Tracer(ctx).Debugf("filter: continuing prompting async")
 		conn.Deny("prompting in progress, please respond to prompt", profile.CfgOptionDefaultActionKey)
--- a/process/config.go
+++ b/process/config.go
@ -4,10 +4,11 @@ import (
 	"github.com/safing/portbase/config"
 )
-// Configuration Keys
+// Configuration Keys.
 var (
 	CfgOptionEnableProcessDetectionKey = "core/enableProcessDetection"
-	enableProcessDetection             config.BoolOption
+
 	enableProcessDetection config.BoolOption
 )
 func registerConfiguration() error {
--- a/process/find.go
+++ b/process/find.go
@ -45,21 +45,21 @@ func GetProcessByConnection(ctx context.Context, pktInfo *packet.Info) (process
 	return process, connInbound, nil
 }
-func GetNetworkHost(ctx context.Context, remoteIP net.IP) (process *Process, err error) {
+func GetNetworkHost(ctx context.Context, remoteIP net.IP) (process *Process, err error) { //nolint:interfacer
 	now := time.Now().Unix()
 	networkHost := &Process{
 		Name:      fmt.Sprintf("Network Host %s", remoteIP),
 		UserName:  "Unknown",
-		UserID:    -255,
+		UserID:    NetworkHostProcessID,
-		Pid:       -255,
+		Pid:       NetworkHostProcessID,
-		ParentPid: -255,
+		ParentPid: NetworkHostProcessID,
 		Path:      fmt.Sprintf("net:%s", remoteIP),
 		FirstSeen: now,
 		LastSeen:  now,
 	}
 	// Get the (linked) local profile.
-	networkHostProfile, err := profile.GetNetworkHostProfile(remoteIP.String())
+	networkHostProfile, err := profile.GetProfile(profile.SourceNetwork, remoteIP.String(), "")
 	if err != nil {
 		return nil, err
 	}
--- a/process/process.go
+++ b/process/process.go
@ -25,7 +25,7 @@ const (
 var getProcessSingleInflight singleflight.Group
-// A Process represents a process running on the operating system
+// A Process represents a process running on the operating system.
 type Process struct {
 	record.Base
 	sync.Mutex
--- a/process/special.go
+++ b/process/special.go
@ -9,9 +9,14 @@ import (
 	"golang.org/x/sync/singleflight"
 )
-// UnidentifiedProcessID is the PID used for anything that could not be
+const (
-// attributed to a PID for any reason.
+	// UnidentifiedProcessID is the PID used for anything that could not be
-const UnidentifiedProcessID = -1
+	// attributed to a PID for any reason.
 	UnidentifiedProcessID = -1
 	// NetworkHostProcessID is the PID used for requests served to the network.
 	NetworkHostProcessID = -255
 )
 var (
 	// unidentifiedProcess is used when a process cannot be found.
--- a/profile/active.go
+++ b/profile/active.go
@ -58,6 +58,13 @@ func addActiveProfile(profile *Profile) {
 	activeProfilesLock.Lock()
 	defer activeProfilesLock.Unlock()
 	// Mark any previous profile as outdated.
 	previous, ok := activeProfiles[profile.ScopedID()]
 	if ok {
 		previous.outdated.Set()
 	}
 	// Mark new profile active and add to active profiles.
 	profile.MarkStillActive()
 	activeProfiles[profile.ScopedID()] = profile
 }
--- a/profile/config.go
+++ b/profile/config.go
@ -8,7 +8,7 @@ import (
 	"github.com/safing/portmaster/status"
 )
-// Configuration Keys
+// Configuration Keys.
 var (
 	cfgStringOptions      = make(map[string]config.StringOption)
 	cfgStringArrayOptions = make(map[string]config.StringArrayOption)
--- a/profile/database.go
+++ b/profile/database.go
@ -47,7 +47,6 @@ func startProfileUpdateChecker() error {
 	}
 	module.StartServiceWorker("update active profiles", 0, func(ctx context.Context) (err error) {
 	feedSelect:
 		for {
 			select {
 			case r := <-profilesSub.Feed:
@ -56,14 +55,6 @@ func startProfileUpdateChecker() error {
 					return errors.New("subscription canceled")
 				}
 				// check if internal save
 				if !r.IsWrapped() {
 					profile, ok := r.(*Profile)
 					if ok && profile.internalSave {
 						continue feedSelect
 					}
 				}
 				// mark as outdated
 				markActiveProfileAsOutdated(strings.TrimPrefix(r.Key(), profilesDBPath))
 			case <-ctx.Done():
--- a/profile/get.go
+++ b/profile/get.go
@ -28,7 +28,7 @@ const (
 var getProfileSingleInflight singleflight.Group
-// GetProfile fetches a profile. This function ensure that the profile loaded
+// GetProfile fetches a profile. This function ensures that the loaded profile
 // is shared among all callers. You must always supply both the scopedID and
 // linkedPath parameters whenever available.
 func GetProfile(source profileSource, id, linkedPath string) ( //nolint:gocognit
@ -105,12 +105,8 @@ func GetProfile(source profileSource, id, linkedPath string) ( //nolint:gocognit
 		// Process profiles coming directly from the database.
 		// As we don't use any caching, these will be new objects.
-		// Mark the profile as being saved internally in order to not trigger an
+		// Add a layeredProfile to local and network profiles.
-		// update after saving it to the database.
+		if profile.Source == SourceLocal || profile.Source == SourceNetwork {
 		profile.internalSave = true
 		// Add a layeredProfile to local profiles.
 		if profile.Source == SourceLocal {
 			// If we are refetching, assign the layered profile from the previous version.
 			if previousVersion != nil {
 				profile.layeredProfile = previousVersion.layeredProfile
@ -138,76 +134,6 @@ func GetProfile(source profileSource, id, linkedPath string) ( //nolint:gocognit
 	return p.(*Profile), nil
 }
 func GetNetworkHostProfile(remoteIP string) ( //nolint:gocognit
 	profile *Profile,
 	err error,
 ) {
 	scopedID := makeScopedID(SourceNetwork, remoteIP)
 	p, err, _ := getProfileSingleInflight.Do(scopedID, func() (interface{}, error) {
 		var previousVersion *Profile
 		// Get profile via the scoped ID.
 		// Check if there already is an active and not outdated profile.
 		profile = getActiveProfile(scopedID)
 		if profile != nil {
 			profile.MarkStillActive()
 			if profile.outdated.IsSet() {
 				previousVersion = profile
 			} else {
 				return profile, nil
 			}
 		}
 		// Get from database.
 		profile, err = getProfile(scopedID)
 		switch {
 		case err == nil:
 			// Continue.
 		case errors.Is(err, database.ErrNotFound):
 			// Create new profile.
 			// If there was no profile in the database, create a new one, and return it.
 			profile = New(SourceNetwork, remoteIP, "")
 		default:
 			return nil, err
 		}
 		// Process profiles coming directly from the database.
 		// As we don't use any caching, these will be new objects.
 		// Mark the profile as being saved internally in order to not trigger an
 		// update after saving it to the database.
 		profile.internalSave = true
 		// Add a layeredProfile to network profiles.
 		// If we are refetching, assign the layered profile from the previous version.
 		if previousVersion != nil {
 			profile.layeredProfile = previousVersion.layeredProfile
 		}
 		// Network profiles must have a layered profile, create a new one if it
 		// does not yet exist.
 		if profile.layeredProfile == nil {
 			profile.layeredProfile = NewLayeredProfile(profile)
 		}
 		// Add the profile to the currently active profiles.
 		addActiveProfile(profile)
 		return profile, nil
 	})
 	if err != nil {
 		return nil, err
 	}
 	if p == nil {
 		return nil, errors.New("profile getter returned nil")
 	}
 	return p.(*Profile), nil
 }
 // getProfile fetches the profile for the given scoped ID.
 func getProfile(scopedID string) (profile *Profile, err error) {
 	// Get profile from the database.
@ -266,13 +192,13 @@ func prepProfile(r record.Record) (*Profile, error) {
 	// prepare config
 	err = profile.prepConfig()
 	if err != nil {
-		log.Warningf("profiles: profile %s has (partly) invalid configuration: %s", profile.ID, err)
+		log.Errorf("profiles: profile %s has (partly) invalid configuration: %s", profile.ID, err)
 	}
 	// parse config
 	err = profile.parseConfig()
 	if err != nil {
-		log.Warningf("profiles: profile %s has (partly) invalid configuration: %s", profile.ID, err)
+		log.Errorf("profiles: profile %s has (partly) invalid configuration: %s", profile.ID, err)
 	}
 	// return parsed profile
--- a/profile/profile.go
+++ b/profile/profile.go
@ -127,8 +127,6 @@ type Profile struct { //nolint:maligned // not worth the effort
 	// Lifecycle Management
 	outdated   *abool.AtomicBool
 	lastActive *int64
 	internalSave bool
 }
 func (profile *Profile) prepConfig() (err error) {
@ -197,12 +195,11 @@ func (profile *Profile) parseConfig() error {
 // New returns a new Profile.
 func New(source profileSource, id string, linkedPath string) *Profile {
 	profile := &Profile{
-		ID:           id,
+		ID:         id,
-		Source:       source,
+		Source:     source,
-		LinkedPath:   linkedPath,
+		LinkedPath: linkedPath,
-		Created:      time.Now().Unix(),
+		Created:    time.Now().Unix(),
-		Config:       make(map[string]interface{}),
+		Config:     make(map[string]interface{}),
 		internalSave: true,
 	}
 	// Generate random ID if none is given.
@ -301,18 +298,6 @@ func (profile *Profile) addEndpointyEntry(cfgKey, newEntry string) {
 		}
 	}()
 	// When finished increase the revision counter of the layered profile.
 	defer func() {
 		if !changed || profile.layeredProfile == nil {
 			return
 		}
 		profile.layeredProfile.Lock()
 		defer profile.layeredProfile.Unlock()
 		profile.layeredProfile.RevisionCounter++
 	}()
 	// Lock the profile for editing.
 	profile.Lock()
 	defer profile.Unlock()
@ -350,7 +335,7 @@ func (profile *Profile) addEndpointyEntry(cfgKey, newEntry string) {
 	profile.dataParsed = false
 	err := profile.parseConfig()
 	if err != nil {
-		log.Warningf("profile: failed to parse %s config after adding endpoint: %s", profile, err)
+		log.Errorf("profile: failed to parse %s config after adding endpoint: %s", profile, err)
 	}
 }