mirror of
https://github.com/safing/portmaster
synced 2025-09-02 02:29:12 +00:00
Improve updating allowed features on connection
This commit is contained in:
Daniel
parent
daa33c1a88
commit
a5a5a15112
1 changed files with 49 additions and 20 deletions
|
|
@ -175,8 +175,12 @@ type Connection struct { //nolint:maligned // TODO: fix alignment
|
|||
StopTunnel() error
|
||||
}
|
||||
|
||||
RecvBytes uint64
|
||||
SentBytes uint64
|
||||
// HistoryEnabled is set to true when the connection should be persisted
|
||||
// in the history database.
|
||||
HistoryEnabled bool
|
||||
// BanwidthEnabled is set to true if connection bandwidth data should be persisted
|
||||
// in netquery.
|
||||
BandwidthEnabled bool
|
||||
|
||||
// BytesReceived holds the observed received bytes of the connection.
|
||||
BytesReceived uint64
|
||||
|
|
@ -225,13 +229,6 @@ type Connection struct { //nolint:maligned // TODO: fix alignment
|
|||
// addedToMetrics signifies if the connection has already been counted in
|
||||
// the metrics.
|
||||
addedToMetrics bool
|
||||
|
||||
// HistoryEnabled is set to true when the connection should be persisted
|
||||
// in the history database.
|
||||
HistoryEnabled bool
|
||||
// BanwidthEnabled is set to true if connection bandwidth data should be persisted
|
||||
// in netquery.
|
||||
BandwidthEnabled bool
|
||||
}
|
||||
|
||||
// Reason holds information justifying a verdict, as well as additional
|
||||
|
|
@ -340,6 +337,10 @@ func NewConnectionFromDNSRequest(ctx context.Context, fqdn string, cnames []stri
|
|||
// Inherit internal status of profile.
|
||||
if localProfile := proc.Profile().LocalProfile(); localProfile != nil {
|
||||
dnsConn.Internal = localProfile.Internal
|
||||
|
||||
if err := dnsConn.updateFeatures(); err != nil {
|
||||
log.Tracer(ctx).Warningf("network: failed to check for enabled features: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
// DNS Requests are saved by the nameserver depending on the result of the
|
||||
|
|
@ -378,6 +379,10 @@ func NewConnectionFromExternalDNSRequest(ctx context.Context, fqdn string, cname
|
|||
// Inherit internal status of profile.
|
||||
if localProfile := remoteHost.Profile().LocalProfile(); localProfile != nil {
|
||||
dnsConn.Internal = localProfile.Internal
|
||||
|
||||
if err := dnsConn.updateFeatures(); err != nil {
|
||||
log.Tracer(ctx).Warningf("network: failed to check for enabled features: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
// DNS Requests are saved by the nameserver depending on the result of the
|
||||
|
|
@ -388,6 +393,8 @@ func NewConnectionFromExternalDNSRequest(ctx context.Context, fqdn string, cname
|
|||
return dnsConn, nil
|
||||
}
|
||||
|
||||
var tooOldTimestamp = time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC).Unix()
|
||||
|
||||
// NewIncompleteConnection creates a new incomplete connection with only minimal information.
|
||||
func NewIncompleteConnection(pkt packet.Packet) *Connection {
|
||||
info := pkt.Info()
|
||||
|
|
@ -404,6 +411,12 @@ func NewIncompleteConnection(pkt packet.Packet) *Connection {
|
|||
dataComplete: abool.NewBool(false),
|
||||
}
|
||||
|
||||
// Bullshit check Started timestamp.
|
||||
if conn.Started < tooOldTimestamp {
|
||||
// Fix timestamp, use current time as fallback.
|
||||
conn.Started = time.Now().Unix()
|
||||
}
|
||||
|
||||
// Save connection to internal state in order to mitigate creation of
|
||||
// duplicates. Do not propagate yet, as data is not yet complete.
|
||||
conn.UpdateMeta()
|
||||
|
|
@ -435,17 +448,8 @@ func (conn *Connection) GatherConnectionInfo(pkt packet.Packet) (err error) {
|
|||
if localProfile := conn.process.Profile().LocalProfile(); localProfile != nil {
|
||||
conn.Internal = localProfile.Internal
|
||||
|
||||
// check if we should persist the connection in the history database.
|
||||
// Also make sure the current SPN User/subscription allows use of the history.
|
||||
user, err := access.GetUser()
|
||||
if err == nil {
|
||||
if user.MayUse(account.FeatureHistory) {
|
||||
conn.HistoryEnabled = localProfile.HistoryEnabled()
|
||||
}
|
||||
|
||||
if user.MayUse(account.FeatureBWVis) {
|
||||
conn.BandwidthEnabled = true
|
||||
}
|
||||
if err := conn.updateFeatures(); err != nil {
|
||||
log.Tracer(pkt.Ctx()).Warningf("network: failed to check for enabled features: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -561,6 +565,31 @@ func (conn *Connection) SetLocalIP(ip net.IP) {
|
|||
conn.LocalIPScope = netutils.GetIPScope(ip)
|
||||
}
|
||||
|
||||
// updateFeatures checks which connection related features may be used and sets
|
||||
// the flags accordingly.
|
||||
func (conn *Connection) updateFeatures() error {
|
||||
// Get user.
|
||||
user, err := access.GetUser()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Check if history may be used and if it is enabled for this application.
|
||||
if user.MayUse(account.FeatureHistory) {
|
||||
lProfile := conn.Process().Profile()
|
||||
if lProfile != nil {
|
||||
conn.HistoryEnabled = lProfile.HistoryEnabled()
|
||||
}
|
||||
}
|
||||
|
||||
// Check if bandwidth visibility may be used.
|
||||
if user.MayUse(account.FeatureBWVis) {
|
||||
conn.BandwidthEnabled = true
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// AcceptWithContext accepts the connection.
|
||||
func (conn *Connection) AcceptWithContext(reason, reasonOptionKey string, ctx interface{}) {
|
||||
if !conn.SetVerdict(VerdictAccept, reason, reasonOptionKey, ctx) {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue