vikarti.anatra/safing-portmaster
1
0
Fork 0
mirror of https://github.com/safing/portmaster synced 2025-09-02 02:29:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Implement review suggestions

Browse source
This commit is contained in:
Daniel 2020-10-15 11:19:40 +02:00
parent 62dd4355be
commit dd6ded0308
5 changed files with 44 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
firewall/dns.go
View file

@ -121,9 +121,9 @@ func filterDNSResponse(conn *network.Connection, rrCache *resolver.RRCache) *res
err, err,
) )
} }
} else if rrCache.TTL > time.Now().Add(10*time.Second).Unix() { } else if rrCache.Expires > time.Now().Add(10*time.Second).Unix() {
// Set a low TTL of 10 seconds if TTL is higher than that. // Set a low TTL of 10 seconds if TTL is higher than that.
rrCache.TTL = time.Now().Add(10 * time.Second).Unix() rrCache.Expires = time.Now().Add(10 * time.Second).Unix()
err := rrCache.Save() err := rrCache.Save()
if err != nil { if err != nil {
log.Debugf( log.Debugf(
@ -208,13 +208,11 @@ func mayBlockCNAMEs(conn *network.Connection) bool {
// updateIPsAndCNAMEs saves all the IP->Name mappings to the cache database and // updateIPsAndCNAMEs saves all the IP->Name mappings to the cache database and
// updates the CNAMEs in the Connection's Entity. // updates the CNAMEs in the Connection's Entity.
func updateIPsAndCNAMEs(q *resolver.Query, rrCache *resolver.RRCache, conn *network.Connection) { func updateIPsAndCNAMEs(q *resolver.Query, rrCache *resolver.RRCache, conn *network.Connection) {
// FIXME: ignore localhost // Get profileID for scoping IPInfo.
var profileID string
// Get IPInfo scope.
var scope string
proc := conn.Process() proc := conn.Process()
if proc != nil { if proc != nil {
scope = proc.LocalProfileKey profileID = proc.LocalProfileKey
} }
// Collect IPs and CNAMEs. // Collect IPs and CNAMEs.
@ -244,7 +242,7 @@ func updateIPsAndCNAMEs(q *resolver.Query, rrCache *resolver.RRCache, conn *netw
// Create new record for this IP. // Create new record for this IP.
record := resolver.ResolvedDomain{ record := resolver.ResolvedDomain{
Domain: q.FQDN, Domain: q.FQDN,
Expires: rrCache.TTL, Expires: rrCache.Expires,
} }
// Resolve all CNAMEs in the correct order and add the to the record. // Resolve all CNAMEs in the correct order and add the to the record.
@ -265,15 +263,15 @@ func updateIPsAndCNAMEs(q *resolver.Query, rrCache *resolver.RRCache, conn *netw
// Check if there is an existing record for this DNS response. // Check if there is an existing record for this DNS response.
// Else create a new one. // Else create a new one.
ipString := ip.String() ipString := ip.String()
info, err := resolver.GetIPInfo(scope, ipString) info, err := resolver.GetIPInfo(profileID, ipString)
if err != nil { if err != nil {
if err != database.ErrNotFound { if err != database.ErrNotFound {
log.Errorf("nameserver: failed to search for IP info record: %s", err) log.Errorf("nameserver: failed to search for IP info record: %s", err)
} }
info = &resolver.IPInfo{ info = &resolver.IPInfo{
IP: ipString, IP: ipString,
Scope: scope, ProfileID: profileID,
} }
} }

22
resolver/ipinfo.go
View file

@ -10,7 +10,8 @@ import (
) )
const ( const (
IPInfoScopeGlobal = "global" // IPInfoProfileScopeGlobal is the profile scope used for unscoped IPInfo entries.
IPInfoProfileScopeGlobal = "global"
) )
var ( var (
@ -80,9 +81,8 @@ type IPInfo struct {
// IP holds the actual IP address. // IP holds the actual IP address.
IP string IP string
// Scope holds a scope for this IPInfo. // ProfileID is used to scope this entry to a process group.
// Usually this would be the Profile ID of the associated process. ProfileID string
Scope string
// ResolvedDomain is a slice of domains that // ResolvedDomain is a slice of domains that
// have been requested by various applications // have been requested by various applications
@ -120,13 +120,13 @@ func (info *IPInfo) MostRecentDomain() *ResolvedDomain {
return &mostRecent return &mostRecent
} }
func makeIPInfoKey(scope, ip string) string { func makeIPInfoKey(profileID, ip string) string {
return fmt.Sprintf("cache:intel/ipInfo/%s/%s", scope, ip) return fmt.Sprintf("cache:intel/ipInfo/%s/%s", profileID, ip)
} }
// GetIPInfo gets an IPInfo record from the database. // GetIPInfo gets an IPInfo record from the database.
func GetIPInfo(scope, ip string) (*IPInfo, error) { func GetIPInfo(profileID, ip string) (*IPInfo, error) {
r, err := ipInfoDatabase.Get(makeIPInfoKey(scope, ip)) r, err := ipInfoDatabase.Get(makeIPInfoKey(profileID, ip))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -158,10 +158,10 @@ func (info *IPInfo) Save() error {
// Set database key if not yet set already. // Set database key if not yet set already.
if !info.KeyIsSet() { if !info.KeyIsSet() {
// Default to global scope if scope is unset. // Default to global scope if scope is unset.
if info.Scope == "" { if info.ProfileID == "" {
info.Scope = IPInfoScopeGlobal info.ProfileID = IPInfoProfileScopeGlobal
} }
info.SetKey(makeIPInfoKey(info.Scope, info.IP)) info.SetKey(makeIPInfoKey(info.ProfileID, info.IP))
} }
// Calculate and set cache expiry. // Calculate and set cache expiry.

5
resolver/namerecord.go
View file

@ -46,8 +46,7 @@ type NameRecord struct {
Answer []string Answer []string
Ns []string Ns []string
Extra []string Extra []string
// TODO: Name change in progress. Rename "TTL" field to "Expires" in Q1 2021. Expires int64
TTL int64 `json:"Expires"`
Server string Server string
ServerScope int8 ServerScope int8
@ -100,7 +99,7 @@ func (rec *NameRecord) Save() error {
rec.SetKey(makeNameRecordKey(rec.Domain, rec.Question)) rec.SetKey(makeNameRecordKey(rec.Domain, rec.Question))
rec.UpdateMeta() rec.UpdateMeta()
rec.Meta().SetAbsoluteExpiry(rec.TTL + databaseOvertime) rec.Meta().SetAbsoluteExpiry(rec.Expires + databaseOvertime)
return recordDatabase.PutNew(rec) return recordDatabase.PutNew(rec)
} }

14
resolver/resolve.go
View file

@ -220,19 +220,19 @@ func checkCache(ctx context.Context, q *Query) *RRCache {
log.Tracer(ctx).Tracef( log.Tracer(ctx).Tracef(
"resolver: cache for %s will expire in %s, refreshing async now", "resolver: cache for %s will expire in %s, refreshing async now",
q.ID(), q.ID(),
time.Until(time.Unix(rrCache.TTL, 0)).Round(time.Second), time.Until(time.Unix(rrCache.Expires, 0)).Round(time.Second),
) )
// resolve async // resolve async
module.StartWorker("resolve async", func(ctx context.Context) error { module.StartWorker("resolve async", func(asyncCtx context.Context) error {
ctx, tracer := log.AddTracer(ctx) tracingCtx, tracer := log.AddTracer(asyncCtx)
defer tracer.Submit() defer tracer.Submit()
tracer.Debugf("resolver: resolving %s async", q.ID()) tracer.Tracef("resolver: resolving %s async", q.ID())
_, err := resolveAndCache(ctx, q, nil) _, err := resolveAndCache(tracingCtx, q, nil)
if err != nil { if err != nil {
tracer.Warningf("resolver: async query for %s failed: %s", q.ID(), err) tracer.Warningf("resolver: async query for %s failed: %s", q.ID(), err)
} else { } else {
tracer.Debugf("resolver: async query for %s succeeded", q.ID()) tracer.Infof("resolver: async query for %s succeeded", q.ID())
} }
return nil return nil
}) })
@ -242,7 +242,7 @@ func checkCache(ctx context.Context, q *Query) *RRCache {
log.Tracer(ctx).Tracef( log.Tracer(ctx).Tracef(
"resolver: using cached RR (expires in %s)", "resolver: using cached RR (expires in %s)",
time.Until(time.Unix(rrCache.TTL, 0)).Round(time.Second), time.Until(time.Unix(rrCache.Expires, 0)).Round(time.Second),
) )
return rrCache return rrCache
} }

31
resolver/rrcache.go
View file

@ -25,11 +25,10 @@ type RRCache struct {
RCode int RCode int
// Response Content // Response Content
Answer []dns.RR Answer []dns.RR
Ns []dns.RR Ns []dns.RR
Extra []dns.RR Extra []dns.RR
// TODO: Name change in progress. Rename "TTL" field to "Expires" in Q1 2021. Expires int64
TTL int64 `json:"Expires"`
// Source Information // Source Information
Server string Server string
@ -55,12 +54,12 @@ func (rrCache *RRCache) ID() string {
// Expired returns whether the record has expired. // Expired returns whether the record has expired.
func (rrCache *RRCache) Expired() bool { func (rrCache *RRCache) Expired() bool {
return rrCache.TTL <= time.Now().Unix() return rrCache.Expires <= time.Now().Unix()
} }
// ExpiresSoon returns whether the record will expire soon and should already be refreshed. // ExpiresSoon returns whether the record will expire soon and should already be refreshed.
func (rrCache *RRCache) ExpiresSoon() bool { func (rrCache *RRCache) ExpiresSoon() bool {
return rrCache.TTL <= time.Now().Unix()+refreshTTL return rrCache.Expires <= time.Now().Unix()+refreshTTL
} }
// Clean sets all TTLs to 17 and sets cache expiry with specified minimum. // Clean sets all TTLs to 17 and sets cache expiry with specified minimum.
@ -100,7 +99,7 @@ func (rrCache *RRCache) Clean(minExpires uint32) {
} }
// log.Tracef("lowest TTL is %d", lowestTTL) // log.Tracef("lowest TTL is %d", lowestTTL)
rrCache.TTL = time.Now().Unix() + int64(lowestTTL) rrCache.Expires = time.Now().Unix() + int64(lowestTTL)
} }
// ExportAllARecords return of a list of all A and AAAA IP addresses. // ExportAllARecords return of a list of all A and AAAA IP addresses.
@ -132,7 +131,7 @@ func (rrCache *RRCache) ToNameRecord() *NameRecord {
Domain: rrCache.Domain, Domain: rrCache.Domain,
Question: rrCache.Question.String(), Question: rrCache.Question.String(),
RCode: rrCache.RCode, RCode: rrCache.RCode,
TTL: rrCache.TTL, Expires: rrCache.Expires,
Server: rrCache.Server, Server: rrCache.Server,
ServerScope: rrCache.ServerScope, ServerScope: rrCache.ServerScope,
ServerInfo: rrCache.ServerInfo, ServerInfo: rrCache.ServerInfo,
@ -189,7 +188,7 @@ func GetRRCache(domain string, question dns.Type) (*RRCache, error) {
} }
rrCache.RCode = nameRecord.RCode rrCache.RCode = nameRecord.RCode
rrCache.TTL = nameRecord.TTL rrCache.Expires = nameRecord.Expires
for _, entry := range nameRecord.Answer { for _, entry := range nameRecord.Answer {
rrCache.Answer = parseRR(rrCache.Answer, entry) rrCache.Answer = parseRR(rrCache.Answer, entry)
} }
@ -250,10 +249,10 @@ func (rrCache *RRCache) ShallowCopy() *RRCache {
Question: rrCache.Question, Question: rrCache.Question,
RCode: rrCache.RCode, RCode: rrCache.RCode,
Answer: rrCache.Answer, Answer: rrCache.Answer,
Ns: rrCache.Ns, Ns: rrCache.Ns,
Extra: rrCache.Extra, Extra: rrCache.Extra,
TTL: rrCache.TTL, Expires: rrCache.Expires,
Server: rrCache.Server, Server: rrCache.Server,
ServerScope: rrCache.ServerScope, ServerScope: rrCache.ServerScope,
@ -311,9 +310,9 @@ func (rrCache *RRCache) GetExtraRRs(ctx context.Context, query *dns.Msg) (extra
// Add expiry and cache information. // Add expiry and cache information.
if rrCache.Expired() { if rrCache.Expired() {
extra = addExtra(ctx, extra, fmt.Sprintf("record expired since %s", time.Since(time.Unix(rrCache.TTL, 0)).Round(time.Second))) extra = addExtra(ctx, extra, fmt.Sprintf("record expired since %s", time.Since(time.Unix(rrCache.Expires, 0)).Round(time.Second)))
} else { } else {
extra = addExtra(ctx, extra, fmt.Sprintf("record valid for %s", time.Until(time.Unix(rrCache.TTL, 0)).Round(time.Second))) extra = addExtra(ctx, extra, fmt.Sprintf("record valid for %s", time.Until(time.Unix(rrCache.Expires, 0)).Round(time.Second)))
} }
if rrCache.RequestingNew { if rrCache.RequestingNew {
extra = addExtra(ctx, extra, "async request to refresh the cache has been started") extra = addExtra(ctx, extra, "async request to refresh the cache has been started")