mirror of
https://github.com/evilsocket/opensnitch.git
synced 2025-03-04 08:34:40 +01:00
delete loaded lists when needed
There're some situations where we need to delete loaded lists: - When an enabled rule of type Lists is disabled (after changed on disk, or when configured from the GUI). - When an enabled rule of type List with an Operator of type Lists is disabled.
This commit is contained in:
Gustavo Iñiguez Goia
parent
c9ba858fc5
commit
4532c2513e
3 changed files with 36 additions and 21 deletions
|
|
@ -89,16 +89,30 @@ func (l *Loader) Load(path string) error {
|
|||
log.Error("Error parsing rule from %s: %s", fileName, err)
|
||||
continue
|
||||
}
|
||||
diskRules[r.Name] = r.Name
|
||||
|
||||
r.Operator.Compile()
|
||||
if r.Operator.Type == List {
|
||||
for i := 0; i < len(r.Operator.List); i++ {
|
||||
if err := r.Operator.List[i].Compile(); err != nil {
|
||||
log.Warning("Operator.Compile() error: %s: ", err)
|
||||
if r.Enabled {
|
||||
r.Operator.Compile()
|
||||
if r.Operator.Type == List {
|
||||
for i := 0; i < len(r.Operator.List); i++ {
|
||||
if err := r.Operator.List[i].Compile(); err != nil {
|
||||
log.Warning("Operator.Compile() error: %s: ", err)
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// if we're reloading the list of rules (due to changes on disk),
|
||||
// we need to clear up any possible loaded lists.
|
||||
if r.Operator.Type == Lists {
|
||||
r.Operator.ClearLists()
|
||||
} else if r.Operator.Type == List {
|
||||
for i := 0; i < len(r.Operator.List); i++ {
|
||||
if r.Operator.List[i].Type == Lists {
|
||||
r.Operator.ClearLists()
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
diskRules[r.Name] = r.Name
|
||||
|
||||
log.Debug("Loaded rule from %s: %s", fileName, r.String())
|
||||
l.rules[r.Name] = &r
|
||||
|
|
@ -207,16 +221,19 @@ func (l *Loader) replaceUserRule(rule *Rule) (err error) {
|
|||
}
|
||||
}
|
||||
}
|
||||
// TODO: allow to delete rules from disk if the user changes the name of the rule.
|
||||
|
||||
l.Lock()
|
||||
l.rules[rule.Name] = rule
|
||||
l.sortRules()
|
||||
l.Unlock()
|
||||
|
||||
rule.Operator.isCompiled = false
|
||||
if err := rule.Operator.Compile(); err != nil {
|
||||
log.Warning("Operator.Compile() error: %s: ", err, rule.Operator.Data)
|
||||
if rule.Enabled == false && rule.Operator.Type == Lists {
|
||||
rule.Operator.ClearLists()
|
||||
} else {
|
||||
rule.Operator.isCompiled = false
|
||||
if err := rule.Operator.Compile(); err != nil {
|
||||
log.Warning("Operator.Compile() error: %s: ", err, rule.Operator.Data)
|
||||
}
|
||||
}
|
||||
|
||||
if rule.Operator.Type == List {
|
||||
|
|
@ -225,10 +242,14 @@ func (l *Loader) replaceUserRule(rule *Rule) (err error) {
|
|||
return fmt.Errorf("Error loading rule of type list: %s", err)
|
||||
}
|
||||
|
||||
// force re-Compile() changed rule
|
||||
for i := 0; i < len(rule.Operator.List); i++ {
|
||||
if rule.Enabled == false && rule.Operator.List[i].Type == Lists {
|
||||
rule.Operator.ClearLists()
|
||||
continue
|
||||
}
|
||||
// force re-Compile() changed rule
|
||||
rule.Operator.List[i].isCompiled = false
|
||||
if err := rule.Operator.Compile(); err != nil {
|
||||
if err := rule.Operator.List[i].Compile(); err != nil {
|
||||
log.Warning("Operator.Compile() error: %s: ", err)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -76,10 +76,6 @@ func NewOperator(t Type, s Sensitive, o Operand, data string, list []Operator) (
|
|||
Data: data,
|
||||
List: list,
|
||||
}
|
||||
if err := op.Compile(); err != nil {
|
||||
log.Error("NewOperator() failed to compile: %s", err)
|
||||
return nil, err
|
||||
}
|
||||
return &op, nil
|
||||
}
|
||||
|
||||
|
|
@ -174,9 +170,6 @@ func (o *Operator) domainsListCmp(v interface{}) bool {
|
|||
func (o *Operator) listMatch(con interface{}) bool {
|
||||
res := true
|
||||
for i := 0; i < len(o.List); i++ {
|
||||
if err := o.List[i].Compile(); err != nil {
|
||||
return false
|
||||
}
|
||||
res = res && o.List[i].Match(con.(*conman.Connection))
|
||||
}
|
||||
return res
|
||||
|
|
|
|||
|
|
@ -9,7 +9,8 @@ import (
|
|||
"strings"
|
||||
)
|
||||
|
||||
func (o *Operator) clearLists() {
|
||||
// ClearLists deletes all the entries of a list
|
||||
func (o *Operator) ClearLists() {
|
||||
log.Debug("clearing domains lists: %d - %s", len(o.lists), o.Data)
|
||||
for k := range o.lists {
|
||||
delete(o.lists, k)
|
||||
|
|
@ -21,7 +22,7 @@ func (o *Operator) clearLists() {
|
|||
func (o *Operator) loadLists() error {
|
||||
log.Info("loading domains lists: %s, %s, %s", o.Type, o.Operand, o.Data)
|
||||
|
||||
o.clearLists()
|
||||
o.ClearLists()
|
||||
var dups uint64
|
||||
|
||||
// this list is particular to this operator/rule
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue