mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 00:24:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

misc: small fix or general refactoring i did not bother commenting

Browse source
This commit is contained in:
evilsocket 2018-04-03 14:51:58 +02:00
parent 275abb40bb
commit 540335056b
Failed to generate hash of commit
7 changed files with 73 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1,3 +1,2 @@
osgui
osd
ui

8
Makefile
View file

@ -1,4 +1,4 @@
all: protocol osd osui
all: protocol osd osgui
protocol:
@cd ui.proto && make
@ -6,11 +6,11 @@ protocol:
osd:
@cd daemon && make && mv daemon ../osd
osui:
@cd ui.gtk && make && mv ui.gtk ../ui
osgui:
@cd ui.gtk && make && mv ui.gtk ../osgui
clean:
@cd daemon && make clean
@cd ui.proto && make clean
@cd ui.gtk && make clean
@rm -rf osd ui
@rm -rf osd osgui

25
daemon/main.go
View file

@ -25,7 +25,7 @@ var (
workers = 16
debug = false
uiSocketPath = "osui.sock"
uiSocketPath = "opensnitch-ui.sock"
uiClient = (*ui.Client)(nil)
err = (error)(nil)
@ -101,11 +101,30 @@ func onPacket(packet netfilter.NFPacket) {
}
// search a match in preloaded rules
connected := false
r := rules.FindFirstMatch(con)
if r == nil {
// no rule matched, send a request to the
// UI client if connected and running
r = uiClient.Ask(con)
r, connected = uiClient.Ask(con)
if connected {
// check if and how the rule needs to be saved
if r.Duration == rule.Restart {
// add to the rules but do not save to disk
if err := rules.Add(r, false); err != nil {
log.Error("Error while adding rule: %s", err)
} else {
log.Important("Added new until reboot: %s", r)
}
} else if r.Duration == rule.Always {
// add to the loaded rules and persist on disk
if err := rules.Add(r, true); err != nil {
log.Error("Error while saving rule: %s", err)
} else {
log.Important("Saved new rule: %s", r)
}
}
}
}
if r.Action == rule.Allow {
@ -115,7 +134,7 @@ func onPacket(packet netfilter.NFPacket) {
ruleName = log.Dim(r.Name)
}
log.Info("%s %s -> %s:%d (%s)", log.Bold(log.Green("✔")), log.Bold(con.Process.Path), log.Bold(con.To()), con.DstPort, ruleName)
log.Debug("%s %s -> %s:%d (%s)", log.Bold(log.Green("✔")), log.Bold(con.Process.Path), log.Bold(con.To()), con.DstPort, ruleName)
return
}

38
daemon/rule/loader.go
View file

@ -16,13 +16,13 @@ import (
type Loader struct {
sync.RWMutex
path string
rules []*Rule
rules map[string]*Rule
}
func NewLoader() *Loader {
return &Loader{
path: "",
rules: make([]*Rule, 0),
rules: make(map[string]*Rule),
}
}
@ -47,7 +47,7 @@ func (l *Loader) Load(path string) error {
defer l.Unlock()
l.path = path
l.rules = make([]*Rule, 0)
l.rules = make(map[string]*Rule)
for _, fileName := range matches {
raw, err := ioutil.ReadFile(fileName)
@ -63,7 +63,7 @@ func (l *Loader) Load(path string) error {
}
log.Debug("Loaded rule from %s: %s", fileName, r.String())
l.rules = append(l.rules, &r)
l.rules[r.Name] = &r
}
return nil
@ -73,6 +73,36 @@ func (l *Loader) Reload() error {
return l.Load(l.path)
}
func (l *Loader) isUniqueName(name string) bool {
_, found := l.rules[name]
return !found
}
func (l *Loader) setUniqueName(rule *Rule) {
idx := 1
rule.Name = fmt.Sprintf("user.rule-%d", idx)
for l.isUniqueName(rule.Name) == false {
idx++
rule.Name = fmt.Sprintf("user.rule-%d", idx)
}
}
func (l *Loader) addUserRule(rule *Rule) {
l.Lock()
l.setUniqueName(rule)
l.rules[rule.Name] = rule
l.Unlock()
}
func (l *Loader) Add(rule *Rule, saveToDisk bool) error {
l.addUserRule(rule)
if saveToDisk {
fileName := filepath.Join(l.path, fmt.Sprintf("%s.json", rule.Name))
return l.Save(rule, fileName)
}
return nil
}
func (l *Loader) Save(rule *Rule, path string) error {
rule.Updated = time.Now()
raw, err := json.Marshal(rule)

8
daemon/ui/client.go
View file

@ -107,7 +107,7 @@ func (c *Client) ping(ts time.Time) (err error) {
return nil
}
func (c *Client) Ask(con *conman.Connection) *rule.Rule {
func (c *Client) Ask(con *conman.Connection) (*rule.Rule, bool) {
c.Lock()
defer c.Unlock()
@ -115,7 +115,7 @@ func (c *Client) Ask(con *conman.Connection) *rule.Rule {
if c.con != nil {
log.Debug("Client state: %v", c.con.GetState())
}
return clientDisconnectedRule
return clientDisconnectedRule, false
}
ctx, cancel := context.WithTimeout(context.Background(), time.Second*30)
@ -123,8 +123,8 @@ func (c *Client) Ask(con *conman.Connection) *rule.Rule {
reply, err := c.client.AskRule(ctx, con.ToRequest())
if err != nil {
log.Warning("Error while asking for rule: %s", err)
return clientErrorRule
return clientErrorRule, false
}
return rule.FromReply(reply)
return rule.FromReply(reply), true
}

1
rules/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
user.rule*.json

12
ui.gtk/main.go
View file

@ -18,17 +18,18 @@ import (
)
var (
socketPath = "osui.sock"
socketPath = "opensnitch-ui.sock"
listener = (net.Listener)(nil)
server = (*grpc.Server)(nil)
err = (error)(nil)
sigChan = (chan os.Signal)(nil)
isClosing = (bool)(false)
)
type service struct{}
func (s *service) Ping(ctx context.Context, ping *protocol.PingRequest) (*protocol.PingReply, error) {
log.Info("Got ping 0x%x", ping.Id)
log.Debug("Got ping 0x%x", ping.Id)
return &protocol.PingReply{Id: ping.Id}, nil
}
@ -37,7 +38,7 @@ func (s *service) AskRule(ctx context.Context, req *protocol.RuleRequest) (*prot
return &protocol.RuleReply{
Name: "user.choice",
Action: "allow",
Duration: "once",
Duration: "always",
What: "process.path",
With: req.ProcessPath,
}, nil
@ -52,6 +53,7 @@ func setupSignals() {
syscall.SIGQUIT)
go func() {
sig := <-sigChan
isClosing = true
log.Raw("\n")
log.Important("Got signal: %v", sig)
@ -88,6 +90,8 @@ func main() {
reflection.Register(server)
if err := server.Serve(listener); err != nil {
log.Fatal("Failed to start: %s", err)
if isClosing == false {
log.Fatal("Failed to start: %s", err)
}
}
}