mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

misc: small fix or general refactoring i did not bother commenting

Browse source
This commit is contained in:
evilsocket 2018-04-03 14:51:58 +02:00
parent 275abb40bb
commit 540335056b
Failed to generate hash of commit
7 changed files with 73 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1,3 +1,2 @@
osgui osgui
osd osd
ui

8
Makefile
View file

@ -1,4 +1,4 @@
all: protocol osd osui all: protocol osd osgui
protocol: protocol:
@cd ui.proto && make @cd ui.proto && make
@ -6,11 +6,11 @@ protocol:
osd: osd:
@cd daemon && make && mv daemon ../osd @cd daemon && make && mv daemon ../osd
osui: osgui:
@cd ui.gtk && make && mv ui.gtk ../ui @cd ui.gtk && make && mv ui.gtk ../osgui
clean: clean:
@cd daemon && make clean @cd daemon && make clean
@cd ui.proto && make clean @cd ui.proto && make clean
@cd ui.gtk && make clean @cd ui.gtk && make clean
@rm -rf osd ui @rm -rf osd osgui

25
daemon/main.go
View file

@ -25,7 +25,7 @@ var (
workers = 16 workers = 16
debug = false debug = false
uiSocketPath = "osui.sock" uiSocketPath = "opensnitch-ui.sock"
uiClient = (*ui.Client)(nil) uiClient = (*ui.Client)(nil)
err = (error)(nil) err = (error)(nil)
@ -101,11 +101,30 @@ func onPacket(packet netfilter.NFPacket) {
} }
// search a match in preloaded rules // search a match in preloaded rules
connected := false
r := rules.FindFirstMatch(con) r := rules.FindFirstMatch(con)
if r == nil { if r == nil {
// no rule matched, send a request to the // no rule matched, send a request to the
// UI client if connected and running // UI client if connected and running
r = uiClient.Ask(con) r, connected = uiClient.Ask(con)
if connected {
// check if and how the rule needs to be saved
if r.Duration == rule.Restart {
// add to the rules but do not save to disk
if err := rules.Add(r, false); err != nil {
log.Error("Error while adding rule: %s", err)
} else {
log.Important("Added new until reboot: %s", r)
}
} else if r.Duration == rule.Always {
// add to the loaded rules and persist on disk
if err := rules.Add(r, true); err != nil {
log.Error("Error while saving rule: %s", err)
} else {
log.Important("Saved new rule: %s", r)
}
}
}
} }
if r.Action == rule.Allow { if r.Action == rule.Allow {
@ -115,7 +134,7 @@ func onPacket(packet netfilter.NFPacket) {
ruleName = log.Dim(r.Name) ruleName = log.Dim(r.Name)
} }
log.Info("%s %s -> %s:%d (%s)", log.Bold(log.Green("✔")), log.Bold(con.Process.Path), log.Bold(con.To()), con.DstPort, ruleName) log.Debug("%s %s -> %s:%d (%s)", log.Bold(log.Green("✔")), log.Bold(con.Process.Path), log.Bold(con.To()), con.DstPort, ruleName)
return return
} }

38
daemon/rule/loader.go
View file

@ -16,13 +16,13 @@ import (
type Loader struct { type Loader struct {
sync.RWMutex sync.RWMutex
path string path string
rules []*Rule rules map[string]*Rule
} }
func NewLoader() *Loader { func NewLoader() *Loader {
return &Loader{ return &Loader{
path: "", path: "",
rules: make([]*Rule, 0), rules: make(map[string]*Rule),
} }
} }
@ -47,7 +47,7 @@ func (l *Loader) Load(path string) error {
defer l.Unlock() defer l.Unlock()
l.path = path l.path = path
l.rules = make([]*Rule, 0) l.rules = make(map[string]*Rule)
for _, fileName := range matches { for _, fileName := range matches {
raw, err := ioutil.ReadFile(fileName) raw, err := ioutil.ReadFile(fileName)
@ -63,7 +63,7 @@ func (l *Loader) Load(path string) error {
} }
log.Debug("Loaded rule from %s: %s", fileName, r.String()) log.Debug("Loaded rule from %s: %s", fileName, r.String())
l.rules = append(l.rules, &r) l.rules[r.Name] = &r
} }
return nil return nil
@ -73,6 +73,36 @@ func (l *Loader) Reload() error {
return l.Load(l.path) return l.Load(l.path)
} }
func (l *Loader) isUniqueName(name string) bool {
_, found := l.rules[name]
return !found
}
func (l *Loader) setUniqueName(rule *Rule) {
idx := 1
rule.Name = fmt.Sprintf("user.rule-%d", idx)
for l.isUniqueName(rule.Name) == false {
idx++
rule.Name = fmt.Sprintf("user.rule-%d", idx)
}
}
func (l *Loader) addUserRule(rule *Rule) {
l.Lock()
l.setUniqueName(rule)
l.rules[rule.Name] = rule
l.Unlock()
}
func (l *Loader) Add(rule *Rule, saveToDisk bool) error {
l.addUserRule(rule)
if saveToDisk {
fileName := filepath.Join(l.path, fmt.Sprintf("%s.json", rule.Name))
return l.Save(rule, fileName)
}
return nil
}
func (l *Loader) Save(rule *Rule, path string) error { func (l *Loader) Save(rule *Rule, path string) error {
rule.Updated = time.Now() rule.Updated = time.Now()
raw, err := json.Marshal(rule) raw, err := json.Marshal(rule)

8
daemon/ui/client.go
View file

@ -107,7 +107,7 @@ func (c *Client) ping(ts time.Time) (err error) {
return nil return nil
} }
func (c *Client) Ask(con *conman.Connection) *rule.Rule { func (c *Client) Ask(con *conman.Connection) (*rule.Rule, bool) {
c.Lock() c.Lock()
defer c.Unlock() defer c.Unlock()
@ -115,7 +115,7 @@ func (c *Client) Ask(con *conman.Connection) *rule.Rule {
if c.con != nil { if c.con != nil {
log.Debug("Client state: %v", c.con.GetState()) log.Debug("Client state: %v", c.con.GetState())
} }
return clientDisconnectedRule return clientDisconnectedRule, false
} }
ctx, cancel := context.WithTimeout(context.Background(), time.Second*30) ctx, cancel := context.WithTimeout(context.Background(), time.Second*30)
@ -123,8 +123,8 @@ func (c *Client) Ask(con *conman.Connection) *rule.Rule {
reply, err := c.client.AskRule(ctx, con.ToRequest()) reply, err := c.client.AskRule(ctx, con.ToRequest())
if err != nil { if err != nil {
log.Warning("Error while asking for rule: %s", err) log.Warning("Error while asking for rule: %s", err)
return clientErrorRule return clientErrorRule, false
} }
return rule.FromReply(reply) return rule.FromReply(reply), true
} }

1
rules/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
user.rule*.json

12
ui.gtk/main.go
View file

@ -18,17 +18,18 @@ import (
) )
var ( var (
socketPath = "osui.sock" socketPath = "opensnitch-ui.sock"
listener = (net.Listener)(nil) listener = (net.Listener)(nil)
server = (*grpc.Server)(nil) server = (*grpc.Server)(nil)
err = (error)(nil) err = (error)(nil)
sigChan = (chan os.Signal)(nil) sigChan = (chan os.Signal)(nil)
isClosing = (bool)(false)
) )
type service struct{} type service struct{}
func (s *service) Ping(ctx context.Context, ping *protocol.PingRequest) (*protocol.PingReply, error) { func (s *service) Ping(ctx context.Context, ping *protocol.PingRequest) (*protocol.PingReply, error) {
log.Info("Got ping 0x%x", ping.Id) log.Debug("Got ping 0x%x", ping.Id)
return &protocol.PingReply{Id: ping.Id}, nil return &protocol.PingReply{Id: ping.Id}, nil
} }
@ -37,7 +38,7 @@ func (s *service) AskRule(ctx context.Context, req *protocol.RuleRequest) (*prot
return &protocol.RuleReply{ return &protocol.RuleReply{
Name: "user.choice", Name: "user.choice",
Action: "allow", Action: "allow",
Duration: "once", Duration: "always",
What: "process.path", What: "process.path",
With: req.ProcessPath, With: req.ProcessPath,
}, nil }, nil
@ -52,6 +53,7 @@ func setupSignals() {
syscall.SIGQUIT) syscall.SIGQUIT)
go func() { go func() {
sig := <-sigChan sig := <-sigChan
isClosing = true
log.Raw("\n") log.Raw("\n")
log.Important("Got signal: %v", sig) log.Important("Got signal: %v", sig)
@ -88,6 +90,8 @@ func main() {
reflection.Register(server) reflection.Register(server)
if err := server.Serve(listener); err != nil { if err := server.Serve(listener); err != nil {
log.Fatal("Failed to start: %s", err) if isClosing == false {
log.Fatal("Failed to start: %s", err)
}
} }
} }