mirror of
https://github.com/safing/portmaster
synced 2025-09-03 19:19:15 +00:00
80664d1a27
* Move portbase into monorepo * Add new simple module mgr * [WIP] Switch to new simple module mgr * Add StateMgr and more worker variants * [WIP] Switch more modules * [WIP] Switch more modules * [WIP] swtich more modules * [WIP] switch all SPN modules * [WIP] switch all service modules * [WIP] Convert all workers to the new module system * [WIP] add new task system to module manager * [WIP] Add second take for scheduling workers * [WIP] Add FIXME for bugs in new scheduler * [WIP] Add minor improvements to scheduler * [WIP] Add new worker scheduler * [WIP] Fix more bug related to new module system * [WIP] Fix start handing of the new module system * [WIP] Improve startup process * [WIP] Fix minor issues * [WIP] Fix missing subsystem in settings * [WIP] Initialize managers in constructor * [WIP] Move module event initialization to constrictors * [WIP] Fix setting for enabling and disabling the SPN module * [WIP] Move API registeration into module construction * [WIP] Update states mgr for all modules * [WIP] Add CmdLine operation support * Add state helper methods to module group and instance * Add notification and module status handling to status package * Fix starting issues * Remove pilot widget and update security lock to new status data * Remove debug logs * Improve http server shutdown * Add workaround for cleanly shutting down firewall+netquery * Improve logging * Add syncing states with notifications for new module system * Improve starting, stopping, shutdown; resolve FIXMEs/TODOs * [WIP] Fix most unit tests * Review new module system and fix minor issues * Push shutdown and restart events again via API * Set sleep mode via interface * Update example/template module * [WIP] Fix spn/cabin unit test * Remove deprecated UI elements * Make log output more similar for the logging transition phase * Switch spn hub and observer cmds to new module system * Fix log sources * Make worker mgr less error prone * Fix tests and minor issues * Fix observation hub * Improve shutdown and restart handling * Split up big connection.go source file * Move varint and dsd packages to structures repo * Improve expansion test * Fix linter warnings * Fix interception module on windows * Fix linter errors --------- Co-authored-by: Vladimir Stoilov <vladimir@safing.io>
102 lines
2.5 KiB
Go
102 lines
2.5 KiB
Go
package inspection
|
|
|
|
import (
|
|
"sync"
|
|
|
|
"github.com/safing/portmaster/service/network"
|
|
"github.com/safing/portmaster/service/network/packet"
|
|
)
|
|
|
|
//nolint:golint,stylecheck
|
|
const (
|
|
DO_NOTHING uint8 = iota
|
|
BLOCK_PACKET
|
|
DROP_PACKET
|
|
BLOCK_CONN
|
|
DROP_CONN
|
|
STOP_INSPECTING
|
|
)
|
|
|
|
type inspectorFn func(*network.Connection, packet.Packet) uint8
|
|
|
|
var (
|
|
inspectors []inspectorFn
|
|
inspectorNames []string
|
|
inspectVerdicts []network.Verdict
|
|
inspectorsLock sync.Mutex
|
|
)
|
|
|
|
// RegisterInspector registers a traffic inspector.
|
|
func RegisterInspector(name string, inspector inspectorFn, inspectVerdict network.Verdict) (index int) {
|
|
inspectorsLock.Lock()
|
|
defer inspectorsLock.Unlock()
|
|
index = len(inspectors)
|
|
inspectors = append(inspectors, inspector)
|
|
inspectorNames = append(inspectorNames, name)
|
|
inspectVerdicts = append(inspectVerdicts, inspectVerdict)
|
|
return
|
|
}
|
|
|
|
// RunInspectors runs all the applicable inspectors on the given packet.
|
|
func RunInspectors(conn *network.Connection, pkt packet.Packet) (network.Verdict, bool) {
|
|
// inspectorsLock.Lock()
|
|
// defer inspectorsLock.Unlock()
|
|
|
|
activeInspectors := conn.GetActiveInspectors()
|
|
if activeInspectors == nil {
|
|
activeInspectors = make([]bool, len(inspectors))
|
|
conn.SetActiveInspectors(activeInspectors)
|
|
}
|
|
|
|
inspectorData := conn.GetInspectorData()
|
|
if inspectorData == nil {
|
|
inspectorData = make(map[uint8]interface{})
|
|
conn.SetInspectorData(inspectorData)
|
|
}
|
|
|
|
continueInspection := false
|
|
verdict := network.VerdictUndecided
|
|
|
|
for key, skip := range activeInspectors {
|
|
|
|
if skip {
|
|
continue
|
|
}
|
|
|
|
// check if the active verdict is already past the inspection criteria.
|
|
if conn.Verdict > inspectVerdicts[key] {
|
|
activeInspectors[key] = true
|
|
continue
|
|
}
|
|
|
|
action := inspectors[key](conn, pkt) // Actually run inspector
|
|
switch action {
|
|
case DO_NOTHING:
|
|
if verdict < network.VerdictAccept {
|
|
verdict = network.VerdictAccept
|
|
}
|
|
continueInspection = true
|
|
case BLOCK_PACKET:
|
|
if verdict < network.VerdictBlock {
|
|
verdict = network.VerdictBlock
|
|
}
|
|
continueInspection = true
|
|
case DROP_PACKET:
|
|
verdict = network.VerdictDrop
|
|
continueInspection = true
|
|
case BLOCK_CONN:
|
|
conn.SetVerdict(network.VerdictBlock, "", "", nil)
|
|
verdict = conn.Verdict
|
|
activeInspectors[key] = true
|
|
case DROP_CONN:
|
|
conn.SetVerdict(network.VerdictDrop, "", "", nil)
|
|
verdict = conn.Verdict
|
|
activeInspectors[key] = true
|
|
case STOP_INSPECTING:
|
|
activeInspectors[key] = true
|
|
}
|
|
|
|
}
|
|
|
|
return verdict, continueInspection
|
|
}
|