diff --git a/firewall/interception.go b/firewall/interception.go index e5be02dc..4999c5b3 100644 --- a/firewall/interception.go +++ b/firewall/interception.go @@ -151,7 +151,7 @@ func resetAllConnectionVerdicts() { if conn.Verdict.Firewall != previousVerdict { err := interception.UpdateVerdictOfConnection(conn) if err != nil { - log.Debugf("filter: failed to delete connection verdict: %s", err) + log.Debugf("filter: failed to update connection verdict: %s", err) } conn.Save() tracer.Infof("filter: verdict of connection %s changed from %s to %s", conn, previousVerdict.Verb(), conn.VerdictVerb()) diff --git a/firewall/interception/nfq/conntrack.go b/firewall/interception/nfq/conntrack.go index d29da0cb..4de81036 100644 --- a/firewall/interception/nfq/conntrack.go +++ b/firewall/interception/nfq/conntrack.go @@ -25,8 +25,8 @@ func InitNFCT() error { return nil } -// DeinitNFCT deinitializes the network filter conntrack library. -func DeinitNFCT() { +// TeardownNFCT deinitializes the network filter conntrack library. +func TeardownNFCT() { _ = nfct.Close() } diff --git a/firewall/interception/nfqueue_linux.go b/firewall/interception/nfqueue_linux.go index 10de02b3..2ba1ab8f 100644 --- a/firewall/interception/nfqueue_linux.go +++ b/firewall/interception/nfqueue_linux.go @@ -172,7 +172,7 @@ func DeactivateNfqueueFirewall() error { } _ = nfq.DeleteAllMarkedConnection() - nfq.DeinitNFCT() + nfq.TeardownNFCT() return result.ErrorOrNil() } diff --git a/firewall/interception/windowskext/handler.go b/firewall/interception/windowskext/handler.go index e30e4498..2932a31a 100644 --- a/firewall/interception/windowskext/handler.go +++ b/firewall/interception/windowskext/handler.go @@ -29,7 +29,7 @@ const ( VerdictRequestFlagSocketAuth = 2 ) -// Do not change the order of the members! The structure to communicate with the kernel extension. +// Do not change the order of the members! The structure is used to communicate with the kernel extension. // VerdictRequest is the request structure from the Kext. type VerdictRequest struct { id uint32 // ID from RegisterPacket @@ -48,7 +48,7 @@ type VerdictRequest struct { packetSize uint32 } -// Do not change the order of the members! The structure to communicate with the kernel extension. +// Do not change the order of the members! The structure is used to communicate with the kernel extension. type VerdictInfo struct { id uint32 // ID from RegisterPacket verdict network.Verdict // verdict for the connection @@ -56,13 +56,13 @@ type VerdictInfo struct { // Do not change the order of the members! The structure to communicate with the kernel extension. type VerdictUpdateInfo struct { - localIP [4]uint32 //Source Address, only srcIP[0] if IPv4 - remoteIP [4]uint32 //Destination Address - localPort uint16 //Source Port - remotePort uint16 //Destination port - ipV6 uint8 //True: IPv6, False: IPv4 - protocol uint8 //Protocol (UDP, TCP, ...) - verdict uint8 //New verdict + localIP [4]uint32 // Source Address, only srcIP[0] if IPv4 + remoteIP [4]uint32 // Destination Address + localPort uint16 // Source Port + remotePort uint16 // Destination port + ipV6 uint8 // True: IPv6, False: IPv4 + protocol uint8 // Protocol (UDP, TCP, ...) + verdict uint8 // New verdict } type VersionInfo struct {