From 0efcfe9e65d12762293ff45a6158a520fadc50b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Peter=20St=C3=B6ckli?= <peter.stockli@alphabot.com>
Date: Mon, 13 May 2019 11:14:58 +0200
Subject: [PATCH] also detect applications that use the AF_INET6 socket for
 IPv4 connections

---
 daemon/netstat/find.go | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/daemon/netstat/find.go b/daemon/netstat/find.go
index ea78a7a4..bca150fa 100644
--- a/daemon/netstat/find.go
+++ b/daemon/netstat/find.go
@@ -2,11 +2,27 @@ package netstat
 
 import (
 	"net"
-
+	"strings"
+	
 	"github.com/evilsocket/opensnitch/daemon/log"
 )
 
 func FindEntry(proto string, srcIP net.IP, srcPort uint, dstIP net.IP, dstPort uint) *Entry {
+	if entry := findEntryForProtocol(proto, srcIP, srcPort, dstIP, dstPort); entry != nil {
+		return entry
+	}
+
+	ipv6Suffix := "6"
+	if strings.HasSuffix(proto, ipv6Suffix) == false {
+		otherProto := proto + ipv6Suffix
+		log.Debug("Searching for %s netstat entry instead of %s", otherProto, proto)
+		return findEntryForProtocol(otherProto, srcIP, srcPort, dstIP, dstPort)
+	}
+	
+	return nil;
+}
+
+func findEntryForProtocol(proto string, srcIP net.IP, srcPort uint, dstIP net.IP, dstPort uint) *Entry {
 	entries, err := Parse(proto)
 	if err != nil {
 		log.Warning("Error while searching for %s netstat entry: %s", proto, err)