minor refactoring

firewall/interception.go

@@ -151,7 +151,7 @@ func resetAllConnectionVerdicts() {
 			if conn.Verdict.Firewall != previousVerdict {
 				err := interception.UpdateVerdictOfConnection(conn)
 				if err != nil {
-					log.Debugf("filter: failed to delete connection verdict: %s", err)
+					log.Debugf("filter: failed to update connection verdict: %s", err)
 				}
 				conn.Save()
 				tracer.Infof("filter: verdict of connection %s changed from %s to %s", conn, previousVerdict.Verb(), conn.VerdictVerb())

firewall/interception/nfq/conntrack.go

@@ -25,8 +25,8 @@ func InitNFCT() error {
 	return nil
 }
 
-// DeinitNFCT deinitializes the network filter conntrack library.
-func DeinitNFCT() {
+// TeardownNFCT deinitializes the network filter conntrack library.
+func TeardownNFCT() {
 	_ = nfct.Close()
 }
 

firewall/interception/nfqueue_linux.go

@@ -172,7 +172,7 @@ func DeactivateNfqueueFirewall() error {
 	}
 
 	_ = nfq.DeleteAllMarkedConnection()
-	nfq.DeinitNFCT()
+	nfq.TeardownNFCT()
 
 	return result.ErrorOrNil()
 }

firewall/interception/windowskext/handler.go

@@ -29,7 +29,7 @@ const (
 	VerdictRequestFlagSocketAuth = 2
 )
 
-// Do not change the order of the members! The structure to communicate with the kernel extension.
+// Do not change the order of the members! The structure is used to communicate with the kernel extension.
 // VerdictRequest is the request structure from the Kext.
 type VerdictRequest struct {
 	id         uint32 // ID from RegisterPacket
@@ -48,7 +48,7 @@ type VerdictRequest struct {
 	packetSize uint32
 }
 
-// Do not change the order of the members! The structure to communicate with the kernel extension.
+// Do not change the order of the members! The structure is used to communicate with the kernel extension.
 type VerdictInfo struct {
 	id      uint32          // ID from RegisterPacket
 	verdict network.Verdict // verdict for the connection
@@ -56,13 +56,13 @@ type VerdictInfo struct {
 
 // Do not change the order of the members! The structure to communicate with the kernel extension.
 type VerdictUpdateInfo struct {
-	localIP    [4]uint32 //Source Address, only srcIP[0] if IPv4
-	remoteIP   [4]uint32 //Destination Address
-	localPort  uint16    //Source Port
-	remotePort uint16    //Destination port
-	ipV6       uint8     //True: IPv6, False: IPv4
-	protocol   uint8     //Protocol (UDP, TCP, ...)
-	verdict    uint8     //New verdict
+	localIP    [4]uint32 // Source Address, only srcIP[0] if IPv4
+	remoteIP   [4]uint32 // Destination Address
+	localPort  uint16    // Source Port
+	remotePort uint16    // Destination port
+	ipV6       uint8     // True: IPv6, False: IPv4
+	protocol   uint8     // Protocol (UDP, TCP, ...)
+	verdict    uint8     // New verdict
 }
 
 type VersionInfo struct {