From c6de741ed82c03620e79ec3e111839c142d0b209 Mon Sep 17 00:00:00 2001 From: Daniel Date: Mon, 30 Jan 2023 13:57:58 +0100 Subject: [PATCH] Disable prompting when re-evaluating connections --- firewall/master.go | 6 +++++- firewall/prompt.go | 11 +++++------ network/connection.go | 2 +- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/firewall/master.go b/firewall/master.go index 349f7577..ae86f2b8 100644 --- a/firewall/master.go +++ b/firewall/master.go @@ -116,7 +116,11 @@ func decideOnConnection(ctx context.Context, conn *network.Connection, pkt packe case profile.DefaultActionPermit: conn.Accept("allowed by default action", profile.CfgOptionDefaultActionKey) case profile.DefaultActionAsk: - prompt(ctx, conn, pkt) + // Only prompt if there has not been a decision already. + // This prevents prompts from being created when re-evaluating connections. + if conn.Verdict.Firewall == network.VerdictUndecided { + prompt(ctx, conn) + } default: conn.Deny("blocked by default action", profile.CfgOptionDefaultActionKey) } diff --git a/firewall/prompt.go b/firewall/prompt.go index 18ef160b..3ed25403 100644 --- a/firewall/prompt.go +++ b/firewall/prompt.go @@ -10,7 +10,6 @@ import ( "github.com/safing/portbase/notifications" "github.com/safing/portmaster/intel" "github.com/safing/portmaster/network" - "github.com/safing/portmaster/network/packet" "github.com/safing/portmaster/profile" "github.com/safing/portmaster/profile/endpoints" ) @@ -47,9 +46,9 @@ type promptProfile struct { LinkedPath string } -func prompt(ctx context.Context, conn *network.Connection, pkt packet.Packet) { +func prompt(ctx context.Context, conn *network.Connection) { // Create notification. - n := createPrompt(ctx, conn, pkt) + n := createPrompt(ctx, conn) if n == nil { // createPrompt returns nil when no further action should be taken. return @@ -81,11 +80,11 @@ func prompt(ctx context.Context, conn *network.Connection, pkt packet.Packet) { } } -// promptIDPrefix is an identifier for privacy filter prompts. This is also use +// promptIDPrefix is an identifier for privacy filter prompts. This is also used // in the UI, so don't change! const promptIDPrefix = "filter:prompt" -func createPrompt(ctx context.Context, conn *network.Connection, pkt packet.Packet) (n *notifications.Notification) { +func createPrompt(ctx context.Context, conn *network.Connection) (n *notifications.Notification) { expires := time.Now().Add(time.Duration(askTimeout()) * time.Second).Unix() // Get local profile. @@ -110,7 +109,7 @@ func createPrompt(ctx context.Context, conn *network.Connection, pkt packet.Pack promptIDPrefix, localProfile.ID, conn.Inbound, - pkt.Info().RemoteIP(), + conn.Entity.IP, ) default: // connection to domain nID = fmt.Sprintf( diff --git a/network/connection.go b/network/connection.go index 3d5ba694..a1af8c06 100644 --- a/network/connection.go +++ b/network/connection.go @@ -119,7 +119,7 @@ type Connection struct { //nolint:maligned // TODO: fix alignment // This is different from the Firewall verdict in order to guarantee proper // transition between verdicts that need the connection to be re-established. Active Verdict - // Firewall holsd the last (most recent) decision by the firewall. + // Firewall holds the last (most recent) decision by the firewall. Firewall Verdict } // Reason holds information justifying the verdict, as well as additional