Beispiel #1
0
func (p *Policy) processPacket(pkt *nfqueue.Packet, proc *ProcInfo) {
	p.lock.Lock()
	defer p.lock.Unlock()
	name := p.fw.dns.Lookup(pkt.Dst)
	log.Info("Lookup(%s): %s", pkt.Dst.String(), name)
	result := p.rules.filter(pkt, proc, name)
	switch result {
	case FILTER_DENY:
		pkt.Mark = 1
		pkt.Accept()
	case FILTER_ALLOW:
		pkt.Accept()
	case FILTER_PROMPT:
		p.processPromptResult(&pendingPkt{policy: p, hostname: name, pkt: pkt, proc: proc})
	default:
		log.Warning("Unexpected filter result: %d", result)
	}
}
Beispiel #2
0
func (fw *Firewall) filterPacket(pkt *nfqueue.Packet) {
	if pkt.Protocol == nfqueue.UDP && pkt.SrcPort == 53 {
		pkt.Accept()
		fw.dns.processDNS(pkt)
		return
	}
	proc := findProcessForPacket(pkt)
	if proc == nil {
		log.Warning("No proc found for %s", printPacket(pkt, fw.dns.Lookup(pkt.Dst)))
		pkt.Accept()
		return
	}
	log.Debug("filterPacket [%s] %s", proc.exePath, printPacket(pkt, fw.dns.Lookup(pkt.Dst)))
	if basicAllowPacket(pkt) {
		pkt.Accept()
		return
	}
	fw.lock.Lock()
	policy := fw.policyForPath(proc.exePath)
	fw.lock.Unlock()
	policy.processPacket(pkt, proc)
}