diff --git a/firewall/master.go b/firewall/master.go index 35c431df..6e92b7af 100644 --- a/firewall/master.go +++ b/firewall/master.go @@ -145,7 +145,7 @@ func checkSelfCommunication(ctx context.Context, conn *network.Connection, pkt p SrcPort: pktInfo.SrcPort, Dst: pktInfo.Dst, DstPort: pktInfo.DstPort, - }) + }, true) if err != nil { log.Tracer(ctx).Warningf("filter: failed to find local peer process PID: %s", err) } else { diff --git a/nameserver/takeover.go b/nameserver/takeover.go index 636d29a4..c31b75a8 100644 --- a/nameserver/takeover.go +++ b/nameserver/takeover.go @@ -78,7 +78,7 @@ func takeover(resolverIP net.IP, resolverPort uint16) (int, error) { SrcPort: 0, // do not record direction Dst: resolverIP, DstPort: resolverPort, - }) + }, true) if err != nil { // there may be nothing listening on :53 return 0, nil diff --git a/network/state/lookup.go b/network/state/lookup.go index 0d1a5d92..1d2f11ad 100644 --- a/network/state/lookup.go +++ b/network/state/lookup.go @@ -23,19 +23,20 @@ import ( // - switch direction to outbound if outbound packet is seen? // - IP: Unidentified Process -// Errors +// Errors. var ( ErrConnectionNotFound = errors.New("could not find connection in system state tables") ErrPIDNotFound = errors.New("could not find pid for socket inode") ) var ( - baseWaitTime = 3 * time.Millisecond - lookupRetries = 7 * 2 // Every retry takes two full passes. + baseWaitTime = 3 * time.Millisecond + lookupRetries = 7 * 2 // Every retry takes two full passes. + fastLookupRetries = 2 * 2 ) // Lookup looks for the given connection in the system state tables and returns the PID of the associated process and whether the connection is inbound. -func Lookup(pktInfo *packet.Info) (pid int, inbound bool, err error) { +func Lookup(pktInfo *packet.Info, fast bool) (pid int, inbound bool, err error) { // auto-detect version if pktInfo.Version == 0 { if ip := pktInfo.LocalIP().To4(); ip != nil { @@ -47,31 +48,31 @@ func Lookup(pktInfo *packet.Info) (pid int, inbound bool, err error) { switch { case pktInfo.Version == packet.IPv4 && pktInfo.Protocol == packet.TCP: - return tcp4Table.lookup(pktInfo) + return tcp4Table.lookup(pktInfo, fast) case pktInfo.Version == packet.IPv6 && pktInfo.Protocol == packet.TCP: - return tcp6Table.lookup(pktInfo) + return tcp6Table.lookup(pktInfo, fast) case pktInfo.Version == packet.IPv4 && pktInfo.Protocol == packet.UDP: - return udp4Table.lookup(pktInfo) + return udp4Table.lookup(pktInfo, fast) case pktInfo.Version == packet.IPv6 && pktInfo.Protocol == packet.UDP: - return udp6Table.lookup(pktInfo) + return udp6Table.lookup(pktInfo, fast) default: return socket.UnidentifiedProcessID, false, errors.New("unsupported protocol for finding process") } } -func (table *tcpTable) lookup(pktInfo *packet.Info) ( +func (table *tcpTable) lookup(pktInfo *packet.Info, fast bool) ( pid int, inbound bool, err error, ) { - // Search pattern: search, wait, search, refresh, search, wait, search, refresh, ... + // Search pattern: search, refresh, search, wait, search, refresh, search, wait, ... // Search for the socket until found. - for i := 0; i <= lookupRetries; i++ { + for i := 1; i <= lookupRetries; i++ { // Check main table for socket. socketInfo, inbound := table.findSocket(pktInfo) if socketInfo == nil && table.dualStack != nil { @@ -85,6 +86,11 @@ func (table *tcpTable) lookup(pktInfo *packet.Info) ( return checkPID(socketInfo, inbound) } + // Search less if we want to be fast. + if fast && i < fastLookupRetries { + break + } + // every time, except for the last iteration if i < lookupRetries { // Take turns in waiting and refreshing in order to satisfy the search pattern. @@ -134,12 +140,12 @@ func (table *tcpTable) findSocket(pktInfo *packet.Info) ( return nil, false } -func (table *udpTable) lookup(pktInfo *packet.Info) ( +func (table *udpTable) lookup(pktInfo *packet.Info, fast bool) ( pid int, inbound bool, err error, ) { - // Search pattern: search, wait, search, refresh, search, wait, search, refresh, ... + // Search pattern: search, refresh, search, wait, search, refresh, search, wait, ... // TODO: Currently broadcast/multicast scopes are not checked, so we might // attribute an incoming broadcast/multicast packet to the wrong process if @@ -148,7 +154,7 @@ func (table *udpTable) lookup(pktInfo *packet.Info) ( isInboundMulticast := pktInfo.Inbound && netutils.ClassifyIP(pktInfo.LocalIP()) == netutils.LocalMulticast // Search for the socket until found. - for i := 0; i <= lookupRetries; i++ { + for i := 1; i <= lookupRetries; i++ { // Check main table for socket. socketInfo := table.findSocket(pktInfo, isInboundMulticast) if socketInfo == nil && table.dualStack != nil { @@ -173,6 +179,11 @@ func (table *udpTable) lookup(pktInfo *packet.Info) ( return checkPID(socketInfo, connInbound) } + // Search less if we want to be fast. + if fast && i < fastLookupRetries { + break + } + // every time, except for the last iteration if i < lookupRetries { // Take turns in waiting and refreshing in order to satisfy the search pattern. diff --git a/process/find.go b/process/find.go index e4b1ef0f..4d9e54a4 100644 --- a/process/find.go +++ b/process/find.go @@ -19,9 +19,13 @@ func GetProcessByConnection(ctx context.Context, pktInfo *packet.Info) (process return GetUnidentifiedProcess(ctx), pktInfo.Inbound, nil } + // Use fast search for inbound packets, as the listening socket should + // already be there for a while now. + fastSearch := pktInfo.Inbound + log.Tracer(ctx).Tracef("process: getting pid from system network state") var pid int - pid, connInbound, err = state.Lookup(pktInfo) + pid, connInbound, err = state.Lookup(pktInfo, fastSearch) if err != nil { log.Tracer(ctx).Debugf("process: failed to find PID of connection: %s", err) return nil, pktInfo.Inbound, err