From 4b2db03957e9b8eb5b52b2cadc91d2c83b839100 Mon Sep 17 00:00:00 2001 From: Daniel Date: Mon, 29 Mar 2021 17:36:13 +0200 Subject: [PATCH] Unify allow/block naming in messages --- firewall/master.go | 8 ++++---- firewall/prompt.go | 4 ++-- profile/config.go | 14 +++++++------- profile/endpoints/reason.go | 2 +- resolver/resolve.go | 2 +- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/firewall/master.go b/firewall/master.go index efe515d9..1c089c45 100644 --- a/firewall/master.go +++ b/firewall/master.go @@ -92,7 +92,7 @@ func DecideOnConnection(ctx context.Context, conn *network.Connection, pkt packe // Run all deciders and return if they came to a conclusion. done, _ := runDeciders(ctx, dnsFromSystemResolverDeciders, conn, pkt) if !done { - conn.Accept("permitting system resolver dns request", noReasonOptionKey) + conn.Accept("allowing system resolver dns request", noReasonOptionKey) } return } @@ -106,11 +106,11 @@ func DecideOnConnection(ctx context.Context, conn *network.Connection, pkt packe // Deciders did not conclude, use default action. switch defaultAction { case profile.DefaultActionPermit: - conn.Accept("default permit", profile.CfgOptionDefaultActionKey) + conn.Accept("allowed by default action", profile.CfgOptionDefaultActionKey) case profile.DefaultActionAsk: prompt(ctx, conn, pkt) default: - conn.Deny("default block", profile.CfgOptionDefaultActionKey) + conn.Deny("blocked by default action", profile.CfgOptionDefaultActionKey) } } @@ -489,7 +489,7 @@ matchLoop: } if related { - reason = fmt.Sprintf("auto permitted: domain is related to process: %s is related to %s", domainElement, processElement) + reason = fmt.Sprintf("auto allowed: domain is related to process: %s is related to %s", domainElement, processElement) } return related, reason } diff --git a/firewall/prompt.go b/firewall/prompt.go index b1767355..57a85fa5 100644 --- a/firewall/prompt.go +++ b/firewall/prompt.go @@ -66,7 +66,7 @@ func prompt(ctx context.Context, conn *network.Connection, pkt packet.Packet) { case promptResponse := <-n.Response(): switch promptResponse { case allowDomainAll, allowDomainDistinct, allowIP, allowServingIP: - conn.Accept("permitted via prompt", profile.CfgOptionEndpointsKey) + conn.Accept("allowed via prompt", profile.CfgOptionEndpointsKey) default: // deny conn.Deny("blocked via prompt", profile.CfgOptionEndpointsKey) } @@ -152,7 +152,7 @@ func createPrompt(ctx context.Context, conn *network.Connection, pkt packet.Pack if action != "" { switch action { case allowDomainAll, allowDomainDistinct, allowIP, allowServingIP: - conn.Accept("permitted via prompt", profile.CfgOptionEndpointsKey) + conn.Accept("allowed via prompt", profile.CfgOptionEndpointsKey) default: // deny conn.Deny("blocked via prompt", profile.CfgOptionEndpointsKey) } diff --git a/profile/config.go b/profile/config.go index 9b36062a..0f494d26 100644 --- a/profile/config.go +++ b/profile/config.go @@ -105,13 +105,13 @@ var ( func registerConfiguration() error { // Default Filter Action - // permit - blocklist mode: everything is permitted unless blocked + // permit - blocklist mode: everything is allowed unless blocked // ask - ask mode: if not verdict is found, the user is consulted - // block - allowlist mode: everything is blocked unless permitted + // block - allowlist mode: everything is blocked unless explicitly allowed err := config.Register(&config.Option{ Name: "Default Action", Key: CfgOptionDefaultActionKey, - Description: `The default action when nothing else permits or blocks an outgoing connection. Incoming connections are always blocked by default.`, + Description: `The default action when nothing else allows or blocks an outgoing connection. Incoming connections are always blocked by default.`, OptType: config.OptTypeString, DefaultValue: "permit", Annotations: config.Annotations{ @@ -121,9 +121,9 @@ func registerConfiguration() error { }, PossibleValues: []config.PossibleValue{ { - Name: "Permit", + Name: "Allow", Value: "permit", - Description: "Permit all connections", + Description: "Allow all connections", }, { Name: "Block", @@ -146,9 +146,9 @@ func registerConfiguration() error { // Disable Auto Permit err = config.Register(&config.Option{ // TODO: Check how to best handle negation here. - Name: "Disable Auto Permit", + Name: "Disable Auto Allow", Key: CfgOptionDisableAutoPermitKey, - Description: `Auto Permit searches for a relation between an app and the destination of a connection - if there is a correlation, the connection will be permitted.`, + Description: `Auto Allow searches for a relation between an app and the destination of a connection - if there is a correlation, the connection will be allowed.`, OptType: config.OptTypeInt, ReleaseLevel: config.ReleaseLevelBeta, DefaultValue: status.SecurityLevelsAll, diff --git a/profile/endpoints/reason.go b/profile/endpoints/reason.go index 906cec53..3d1bae71 100644 --- a/profile/endpoints/reason.go +++ b/profile/endpoints/reason.go @@ -23,7 +23,7 @@ type reason struct { func (r *reason) String() string { prefix := "denied by rule: " if r.Permitted { - prefix = "permitted by rule: " + prefix = "allowed by rule: " } return prefix + r.description + " " + r.Value diff --git a/resolver/resolve.go b/resolver/resolve.go index 31ceeb74..dc0ca4ce 100644 --- a/resolver/resolve.go +++ b/resolver/resolve.go @@ -320,7 +320,7 @@ func resolveAndCache(ctx context.Context, q *Query, oldCache *RRCache) (rrCache // we are offline and this is not an online check query return oldCache, ErrOffline } - log.Tracer(ctx).Debugf("resolver: permitting online status test domain %s to resolve even though offline", q.FQDN) + log.Tracer(ctx).Debugf("resolver: allowing online status test domain %s to resolve even though offline", q.FQDN) } // start resolving