Merge pull request #262 from safing/feature/fast-network-table-lookup

Add fast network table lookup
2025-09-02 02:29:12 +00:00 · 2021-02-23 16:11:12 +01:00 · 2021-02-23 16:11:12 +01:00 · ef6afea5c0
commit ef6afea5c0
parent 6c0df1155e df7afe985e
4 changed files with 32 additions and 17 deletions
--- a/firewall/master.go
+++ b/firewall/master.go
@ -145,7 +145,7 @@ func checkSelfCommunication(ctx context.Context, conn *network.Connection, pkt p
 				SrcPort:  pktInfo.SrcPort,
 				Dst:      pktInfo.Dst,
 				DstPort:  pktInfo.DstPort,
-			})
+			}, true)
 			if err != nil {
 				log.Tracer(ctx).Warningf("filter: failed to find local peer process PID: %s", err)
 			} else {
--- a/nameserver/takeover.go
+++ b/nameserver/takeover.go
@ -78,7 +78,7 @@ func takeover(resolverIP net.IP, resolverPort uint16) (int, error) {
 		SrcPort:  0,   // do not record direction
 		Dst:      resolverIP,
 		DstPort:  resolverPort,
-	})
+	}, true)
 	if err != nil {
 		// there may be nothing listening on :53
 		return 0, nil
--- a/network/state/lookup.go
+++ b/network/state/lookup.go
@ -23,7 +23,7 @@ import (
 //       - switch direction to outbound if outbound packet is seen?
 // - IP: Unidentified Process
-// Errors
+// Errors.
 var (
 	ErrConnectionNotFound = errors.New("could not find connection in system state tables")
 	ErrPIDNotFound        = errors.New("could not find pid for socket inode")
@ -32,10 +32,11 @@ var (
 var (
 	baseWaitTime      = 3 * time.Millisecond
 	lookupRetries     = 7 * 2 // Every retry takes two full passes.
 	fastLookupRetries = 2 * 2
 )
 // Lookup looks for the given connection in the system state tables and returns the PID of the associated process and whether the connection is inbound.
-func Lookup(pktInfo *packet.Info) (pid int, inbound bool, err error) {
+func Lookup(pktInfo *packet.Info, fast bool) (pid int, inbound bool, err error) {
 	// auto-detect version
 	if pktInfo.Version == 0 {
 		if ip := pktInfo.LocalIP().To4(); ip != nil {
@ -47,31 +48,31 @@ func Lookup(pktInfo *packet.Info) (pid int, inbound bool, err error) {
 	switch {
 	case pktInfo.Version == packet.IPv4 && pktInfo.Protocol == packet.TCP:
-		return tcp4Table.lookup(pktInfo)
+		return tcp4Table.lookup(pktInfo, fast)
 	case pktInfo.Version == packet.IPv6 && pktInfo.Protocol == packet.TCP:
-		return tcp6Table.lookup(pktInfo)
+		return tcp6Table.lookup(pktInfo, fast)
 	case pktInfo.Version == packet.IPv4 && pktInfo.Protocol == packet.UDP:
-		return udp4Table.lookup(pktInfo)
+		return udp4Table.lookup(pktInfo, fast)
 	case pktInfo.Version == packet.IPv6 && pktInfo.Protocol == packet.UDP:
-		return udp6Table.lookup(pktInfo)
+		return udp6Table.lookup(pktInfo, fast)
 	default:
 		return socket.UnidentifiedProcessID, false, errors.New("unsupported protocol for finding process")
 	}
 }
-func (table *tcpTable) lookup(pktInfo *packet.Info) (
+func (table *tcpTable) lookup(pktInfo *packet.Info, fast bool) (
 	pid int,
 	inbound bool,
 	err error,
 ) {
-	// Search pattern: search, wait, search, refresh, search, wait, search, refresh, ...
+	// Search pattern: search, refresh, search, wait, search, refresh, search, wait, ...
 	// Search for the socket until found.
-	for i := 0; i <= lookupRetries; i++ {
+	for i := 1; i <= lookupRetries; i++ {
 		// Check main table for socket.
 		socketInfo, inbound := table.findSocket(pktInfo)
 		if socketInfo == nil && table.dualStack != nil {
@ -85,6 +86,11 @@ func (table *tcpTable) lookup(pktInfo *packet.Info) (
 			return checkPID(socketInfo, inbound)
 		}
 		// Search less if we want to be fast.
 		if fast && i < fastLookupRetries {
 			break
 		}
 		// every time, except for the last iteration
 		if i < lookupRetries {
 			// Take turns in waiting and refreshing in order to satisfy the search pattern.
@ -134,12 +140,12 @@ func (table *tcpTable) findSocket(pktInfo *packet.Info) (
 	return nil, false
 }
-func (table *udpTable) lookup(pktInfo *packet.Info) (
+func (table *udpTable) lookup(pktInfo *packet.Info, fast bool) (
 	pid int,
 	inbound bool,
 	err error,
 ) {
-	// Search pattern: search, wait, search, refresh, search, wait, search, refresh, ...
+	// Search pattern: search, refresh, search, wait, search, refresh, search, wait, ...
 	// TODO: Currently broadcast/multicast scopes are not checked, so we might
 	// attribute an incoming broadcast/multicast packet to the wrong process if
@ -148,7 +154,7 @@ func (table *udpTable) lookup(pktInfo *packet.Info) (
 	isInboundMulticast := pktInfo.Inbound && netutils.ClassifyIP(pktInfo.LocalIP()) == netutils.LocalMulticast
 	// Search for the socket until found.
-	for i := 0; i <= lookupRetries; i++ {
+	for i := 1; i <= lookupRetries; i++ {
 		// Check main table for socket.
 		socketInfo := table.findSocket(pktInfo, isInboundMulticast)
 		if socketInfo == nil && table.dualStack != nil {
@ -173,6 +179,11 @@ func (table *udpTable) lookup(pktInfo *packet.Info) (
 			return checkPID(socketInfo, connInbound)
 		}
 		// Search less if we want to be fast.
 		if fast && i < fastLookupRetries {
 			break
 		}
 		// every time, except for the last iteration
 		if i < lookupRetries {
 			// Take turns in waiting and refreshing in order to satisfy the search pattern.
--- a/process/find.go
+++ b/process/find.go
@ -19,9 +19,13 @@ func GetProcessByConnection(ctx context.Context, pktInfo *packet.Info) (process
 		return GetUnidentifiedProcess(ctx), pktInfo.Inbound, nil
 	}
 	// Use fast search for inbound packets, as the listening socket should
 	// already be there for a while now.
 	fastSearch := pktInfo.Inbound
 	log.Tracer(ctx).Tracef("process: getting pid from system network state")
 	var pid int
-	pid, connInbound, err = state.Lookup(pktInfo)
+	pid, connInbound, err = state.Lookup(pktInfo, fastSearch)
 	if err != nil {
 		log.Tracer(ctx).Debugf("process: failed to find PID of connection: %s", err)
 		return nil, pktInfo.Inbound, err