mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

structs fields reorganized

Browse source 
Structs' fields reorganized based on fieldalignment tool feedback.
This commit is contained in:
Gustavo Iñiguez Goia 2024-01-13 22:15:23 +01:00
parent 60c6ac4aa8
commit fdba19c0c3
Failed to generate hash of commit
19 changed files with 162 additions and 161 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
daemon/conman/connection.go
View file

@ -22,16 +22,15 @@ import (
// Connection represents an outgoing connection.
type Connection struct {
Protocol string
SrcIP net.IP
SrcPort uint
DstIP net.IP
DstPort uint
DstHost string
Entry *netstat.Entry
Process *procmon.Process
Pkt *netfilter.Packet
Pkt *netfilter.Packet
Protocol string
DstHost string
SrcIP net.IP
DstIP net.IP
SrcPort uint
DstPort uint
}
var showUnknownCons = false

10
daemon/dns/systemd/monitor.go
View file

@ -48,9 +48,9 @@ const (
// QuestionMonitorResponse represents a DNS query
// "question": [{"class": 1, "type": 28,"name": "images.site.com"}],
type QuestionMonitorResponse struct {
Name string `json:"name"`
Class int `json:"class"`
Type int `json:"type"`
Name string `json:"name"`
}
// KeyType holds question that generated the answer
@ -67,9 +67,9 @@ type QuestionMonitorResponse struct {
"ifindex": 3
}]*/
type KeyType struct {
Name string `json:"name"`
Class int `json:"class"`
Type int `json:"type"`
Name string `json:"name"`
}
// RRType represents a DNS answer
@ -100,13 +100,13 @@ type MonitorResponse struct {
// ResolvedMonitor represents a systemd-resolved monitor
type ResolvedMonitor struct {
mu *sync.RWMutex
Ctx context.Context
Cancel context.CancelFunc
// connection with the systemd-resolved unix socket:
// /run/systemd/resolve/io.systemd.Resolve.Monitor
Conn *varlink.Connection
connected bool
Conn *varlink.Connection
// channel where all the DNS respones will be sent
ChanResponse chan *MonitorResponse
@ -117,7 +117,7 @@ type ResolvedMonitor struct {
// callback that is emited when systemd-resolved resolves a domain name.
receiverCb resolvedCallback
mu *sync.RWMutex
connected bool
}
// NewResolvedMonitor returns a new ResolvedMonitor object.

38
daemon/firewall/config/config.go
View file

@ -5,7 +5,6 @@
// The firewall rules defined by the user are reloaded in these cases:
// - When the file system-fw.json changes.
// - When the firewall rules are not present when listing them.
//
package config
import (
@ -59,21 +58,18 @@ type Expressions struct {
// FwRule holds the fields of a rule
type FwRule struct {
*sync.RWMutex
// we need to keep old fields in the struct. Otherwise when receiving a conf from the GUI, the legacy rules would be deleted.
Chain string // TODO: deprecated, remove
Table string // TODO: deprecated, remove
Parameters string // TODO: deprecated: remove
Chain string // TODO: deprecated, remove
Table string // TODO: deprecated, remove
Parameters string // TODO: deprecated, remove
UUID string
Description string
Expressions []*Expressions
Target string
TargetParameters string
Position uint64 `json:",string"`
Enabled bool
*sync.RWMutex
Expressions []*Expressions
Position uint64 `json:",string"`
Enabled bool
}
// FwChain holds the information that defines a firewall chain.
@ -102,33 +98,31 @@ type rulesList struct {
}
type chainsList struct {
Chains []*FwChain
Rule *FwRule // TODO: deprecated, remove
Chains []*FwChain
}
// SystemConfig holds the list of rules to be added to the system
type SystemConfig struct {
sync.RWMutex
SystemRules []*chainsList
Version uint32
Enabled bool
sync.RWMutex
Version uint32
Enabled bool
}
// Config holds the functionality to re/load the firewall configuration from disk.
// This is the configuration to manage the system firewall (iptables, nftables).
type Config struct {
sync.Mutex
file string
watcher *fsnotify.Watcher
monitorExitChan chan bool
SysConfig SystemConfig
// preloadCallback is called before reloading the configuration,
// in order to delete old fw rules.
// preload will be called after daemon startup, whilst reload when a modification is performed.
preloadCallback func()
// reloadCallback is called after the configuration is written.
reloadCallback func()
// preload will be called after daemon startup, whilst reload when a modification is performed.
file string
SysConfig SystemConfig
sync.Mutex
}
// NewSystemFwConfig initializes config fields

16
daemon/firewall/iptables/iptables.go
View file

@ -41,9 +41,9 @@ const (
// SystemRule blabla
type SystemRule struct {
Rule *config.FwRule
Table string
Chain string
Rule *config.FwRule
}
// SystemChains keeps track of the fw rules that have been added to the system.
@ -54,17 +54,13 @@ type SystemChains struct {
// Iptables struct holds the fields of the iptables fw
type Iptables struct {
config.Config
common.Common
bin string
bin6 string
regexRulesQuery *regexp.Regexp
regexSystemRulesQuery *regexp.Regexp
chains SystemChains
bin string
bin6 string
chains SystemChains
common.Common
config.Config
sync.Mutex
}

8
daemon/firewall/nftables/nftables.go
View file

@ -41,12 +41,12 @@ var (
// Nft holds the fields of our nftables firewall
type Nft struct {
sync.Mutex
config.Config
common.Common
Conn *nftables.Conn
chains iptables.SystemChains
common.Common
config.Config
sync.Mutex
}
// NewNft creates a new nftables object

2
daemon/log/formats/json.go
View file

@ -19,9 +19,9 @@ const (
// JSONEventFormat object to be sent to the remote service.
// TODO: Expand as needed: ebpf events, etc.
type JSONEventFormat struct {
Event interface{} `json:"Event"`
Rule string `json:"Rule"`
Action string `json:"Action"`
Event interface{} `json:"Event"`
Type uint8 `json:"Type"`
}

8
daemon/netfilter/packet.go
View file

@ -16,20 +16,20 @@ type Verdict C.uint
// VerdictContainer struct
type VerdictContainer struct {
Verdict Verdict
Mark uint32
Verdict Verdict
Packet []byte
}
// Packet holds the data of a network packet
type Packet struct {
Packet gopacket.Packet
Mark uint32
verdictChannel chan VerdictContainer
UID uint32
NetworkProtocol uint8
IfaceInIdx int
IfaceOutIdx int
Mark uint32
UID uint32
NetworkProtocol uint8
}
// SetVerdict emits a veredict on a packet

2
daemon/netfilter/queue.go
View file

@ -57,8 +57,8 @@ type VerdictContainerC C.verdictContainer
type Queue struct {
h *C.struct_nfq_handle
qh *C.struct_nfq_q_handle
fd C.int
packets chan Packet
fd C.int
idx uint32
}

4
daemon/netstat/entry.go
View file

@ -11,11 +11,11 @@ import (
type Entry struct {
Proto string
SrcIP net.IP
SrcPort uint
DstIP net.IP
DstPort uint
UserId int
INode int
SrcPort uint
DstPort uint
}
// NewEntry creates a new entry with values from /proc/net/

16
daemon/procmon/cache.go
View file

@ -12,35 +12,35 @@ import (
// InodeItem represents an item of the InodesCache.
type InodeItem struct {
sync.RWMutex
Pid int
FdPath string
LastSeen int64
Pid int
sync.RWMutex
}
// ProcItem represents an item of the pidsCache
type ProcItem struct {
sync.RWMutex
Pid int
FdPath string
Descriptors []string
LastSeen int64
Pid int
sync.RWMutex
}
// CacheProcs holds the cache of processes that have established connections.
type CacheProcs struct {
sync.RWMutex
items []*ProcItem
sync.RWMutex
}
// CacheInodes holds the cache of Inodes.
// The key is formed as follow:
// inode+srcip+srcport+dstip+dstport
type CacheInodes struct {
sync.RWMutex
items map[string]*InodeItem
sync.RWMutex
}
var (

2
daemon/procmon/ebpf/cache.go
View file

@ -78,8 +78,8 @@ func (e *eventsStore) DeleteOldItems() {
//-----------------------------------------------------------------------------
type ebpfCacheItem struct {
Proc procmon.Process
Key []byte
Proc procmon.Process
LastSeen int64
}

34
daemon/procmon/ebpf/ebpf.go
View file

@ -16,15 +16,15 @@ import (
"github.com/vishvananda/netlink"
)
//contains pointers to ebpf maps for a given protocol (tcp/udp/v6)
// contains pointers to ebpf maps for a given protocol (tcp/udp/v6)
type ebpfMapsForProto struct {
bpfmap *elf.Map
}
//Not in use, ~4usec faster lookup compared to m.LookupElement()
//mimics union bpf_attr's anonymous struct used by BPF_MAP_*_ELEM commands
//from <linux_headers>/include/uapi/linux/bpf.h
// mimics union bpf_attr's anonymous struct used by BPF_MAP_*_ELEM commands
// from <linux_headers>/include/uapi/linux/bpf.h
type bpf_lookup_elem_t struct {
map_fd uint64 //even though in bpf.h its type is __u32, we must make it 8 bytes long
//because "key" is of type __aligned_u64, i.e. "key" must be aligned on an 8-byte boundary
@ -47,8 +47,8 @@ const (
// Error returns the error type and a message with the explanation
type Error struct {
What int // 1 global error, 2 events error, 3 ...
Msg error
What int
}
var (
@ -76,7 +76,7 @@ var (
hostByteOrder binary.ByteOrder
)
//Start installs ebpf kprobes
// Start installs ebpf kprobes
func Start(modPath string) *Error {
modulesPath = modPath
@ -84,8 +84,8 @@ func Start(modPath string) *Error {
if err := mountDebugFS(); err != nil {
log.Error("ebpf.Start -> mount debugfs error. Report on github please: %s", err)
return &Error{
NotAvailable,
fmt.Errorf("ebpf.Start: mount debugfs error. Report on github please: %s", err),
NotAvailable,
}
}
@ -94,7 +94,10 @@ func Start(modPath string) *Error {
if err != nil {
log.Error("%s", err)
dispatchErrorEvent(fmt.Sprint("[eBPF]: ", err.Error()))
return &Error{NotAvailable, fmt.Errorf("[eBPF] Error loading opensnitch.o: %s", err.Error())}
return &Error{
fmt.Errorf("[eBPF] Error loading opensnitch.o: %s", err.Error()),
NotAvailable,
}
}
m.EnableOptionCompatProbe()
@ -104,10 +107,16 @@ func Start(modPath string) *Error {
if err := m.EnableKprobes(0); err != nil {
m.Close()
if err := m.Load(nil); err != nil {
return &Error{NotAvailable, fmt.Errorf("eBPF failed to load /etc/opensnitchd/opensnitch.o (2): %v", err)}
return &Error{
fmt.Errorf("eBPF failed to load /etc/opensnitchd/opensnitch.o (2): %v", err),
NotAvailable,
}
}
if err := m.EnableKprobes(0); err != nil {
return &Error{NotAvailable, fmt.Errorf("eBPF error when enabling kprobes: %v", err)}
return &Error{
fmt.Errorf("eBPF error when enabling kprobes: %v", err),
NotAvailable,
}
}
}
determineHostByteOrder()
@ -124,7 +133,10 @@ func Start(modPath string) *Error {
}
for prot, mfp := range ebpfMaps {
if mfp.bpfmap == nil {
return &Error{NotAvailable, fmt.Errorf("eBPF module opensnitch.o malformed, bpfmap[%s] nil", prot)}
return &Error{
fmt.Errorf("eBPF module opensnitch.o malformed, bpfmap[%s] nil", prot),
NotAvailable,
}
}
}
@ -202,7 +214,7 @@ func Stop() {
}
}
//make bpf() syscall with bpf_lookup prepared by the caller
// make bpf() syscall with bpf_lookup prepared by the caller
func makeBpfSyscall(bpf_lookup *bpf_lookup_elem_t) uintptr {
BPF_MAP_LOOKUP_ELEM := 1 //cmd number
syscall_BPF := 321 //syscall number

37
daemon/procmon/process.go
View file

@ -39,10 +39,10 @@ type procNetStats struct {
}
type procDescriptors struct {
ModTime time.Time
Name string
SymLink string
Size int64
ModTime time.Time
}
type procStatm struct {
@ -57,12 +57,19 @@ type procStatm struct {
// Process holds the details of a process.
type Process struct {
ID int
PPID int
UID int
Comm string
Env map[string]string
IOStats *procIOstats
NetStats *procNetStats
Statm *procStatm
Maps string
// Path is the absolute path to the binary
Path string
Path string
Comm string
CWD string
Status string
Stat string
Stack string
Descriptors []*procDescriptors
// Args is the command that the user typed. It MAY contain the absolute path
// of the binary:
// $ curl https://...
@ -71,17 +78,11 @@ type Process struct {
// $ /usr/bin/curl https://...
// -> Path: /usr/bin/curl
// -> Args: /usr/bin/curl https://....
Args []string
Env map[string]string
CWD string
Descriptors []*procDescriptors
IOStats *procIOstats
NetStats *procNetStats
Status string
Stat string
Statm *procStatm
Stack string
Maps string
Args []string
ID int
PPID int
UID int
}
// NewProcess returns a new Process structure.
@ -97,7 +98,7 @@ func NewProcess(pid int, comm string) *Process {
}
}
//Serialize transforms a Process object to gRPC protocol object
// Serialize transforms a Process object to gRPC protocol object
func (p *Process) Serialize() *protocol.Process {
ioStats := p.IOStats
netStats := p.NetStats

8
daemon/rule/loader.go
View file

@ -22,11 +22,11 @@ import (
// Loader is the object that holds the rules loaded from disk, as well as the
// rules watcher.
type Loader struct {
rules map[string]*Rule
watcher *fsnotify.Watcher
path string
rulesKeys []string
sync.RWMutex
path string
rules map[string]*Rule
rulesKeys []string
watcher *fsnotify.Watcher
liveReload bool
liveReloadRunning bool
}

20
daemon/rule/operator.go
View file

@ -63,20 +63,22 @@ type opCallback func(value interface{}) bool
// Operator represents what we want to filter of a connection, and how.
type Operator struct {
Type Type `json:"type"`
cb opCallback
re *regexp.Regexp
netMask *net.IPNet
lists map[string]interface{}
exitMonitorChan chan (bool)
Operand Operand `json:"operand"`
Sensitive Sensitive `json:"sensitive"`
Data string `json:"data"`
Type Type `json:"type"`
List []Operator `json:"list"`
Sensitive Sensitive `json:"sensitive"`
listsMonitorRunning bool
isCompiled bool
sync.RWMutex
cb opCallback
re *regexp.Regexp
netMask *net.IPNet
isCompiled bool
lists map[string]interface{}
listsMonitorRunning bool
exitMonitorChan chan (bool)
}
// NewOperator returns a new operator object

6
daemon/rule/rule.go
View file

@ -37,12 +37,12 @@ type Rule struct {
Updated time.Time `json:"updated"`
Name string `json:"name"`
Description string `json:"description"`
Enabled bool `json:"enabled"`
Precedence bool `json:"precedence"`
Nolog bool `json:"nolog"`
Action Action `json:"action"`
Duration Duration `json:"duration"`
Operator Operator `json:"operator"`
Enabled bool `json:"enabled"`
Precedence bool `json:"precedence"`
Nolog bool `json:"nolog"`
}
// Create creates a new rule object with the specified parameters.

34
daemon/statistics/stats.go
View file

@ -29,32 +29,30 @@ type conEvent struct {
// Statistics holds the connections and statistics the daemon intercepts.
// The connections are stored in the Events slice.
type Statistics struct {
sync.RWMutex
logger *loggers.LoggerManager
rules *rule.Loader
Started time.Time
ByExecutable map[string]uint64
ByPort map[string]uint64
ByProto map[string]uint64
ByAddress map[string]uint64
ByHost map[string]uint64
jobs chan conEvent
ByUID map[string]uint64
Events []*Event
Dropped int
// max number of events to keep in the buffer
maxEvents int
// max number of entries for each By* map
maxStats int
DNSResponses int
Connections int
Ignored int
Accepted int
Dropped int
RuleHits int
RuleMisses int
Events []*Event
ByProto map[string]uint64
ByAddress map[string]uint64
ByHost map[string]uint64
ByPort map[string]uint64
ByUID map[string]uint64
ByExecutable map[string]uint64
rules *rule.Loader
jobs chan conEvent
// max number of events to keep in the buffer
maxEvents int
// max number of entries for each By* map
maxStats int
logger *loggers.LoggerManager
sync.RWMutex
}
// New returns a new Statistics object and initializes the go routines to update the stats.

34
daemon/ui/client.go
View file

@ -37,25 +37,23 @@ var (
// Client holds the connection information of a client.
type Client struct {
sync.RWMutex
clientCtx context.Context
clientCancel context.CancelFunc
stats *statistics.Statistics
rules *rule.Loader
socketPath string
unixSockPrefix string
isUnixSocket bool
con *grpc.ClientConn
client protocol.UIClient
configWatcher *fsnotify.Watcher
rules *rule.Loader
stats *statistics.Statistics
con *grpc.ClientConn
configWatcher *fsnotify.Watcher
client protocol.UIClient
clientCtx context.Context
clientCancel context.CancelFunc
streamNotifications protocol.UI_NotificationsClient
isConnected chan bool
alertsChan chan protocol.Alert
streamNotifications protocol.UI_NotificationsClient
socketPath string
unixSockPrefix string
//isAsking is set to true if the client is awaiting a decision from the GUI
isAsking bool
isAsking bool
isUnixSocket bool
sync.RWMutex
}
// NewClient creates and configures a new client.
@ -157,14 +155,14 @@ func (c *Client) Connected() bool {
return true
}
//GetIsAsking returns the isAsking flag
// GetIsAsking returns the isAsking flag
func (c *Client) GetIsAsking() bool {
c.RLock()
defer c.RUnlock()
return c.isAsking
}
//SetIsAsking sets the isAsking flag
// SetIsAsking sets the isAsking flag
func (c *Client) SetIsAsking(flag bool) {
c.Lock()
defer c.Unlock()

29
daemon/ui/config/config.go
View file

@ -20,10 +20,10 @@ type (
ServerKey string `json:"ServerKey"`
ClientCert string `json:"ClientCert"`
ClientKey string `json:"ClientKey"`
// https://pkg.go.dev/crypto/tls#Config
SkipVerify bool `json:"SkipVerify"`
// https://pkg.go.dev/crypto/tls#ClientAuthType
ClientAuthType string `json:"ClientAuthType"`
// https://pkg.go.dev/crypto/tls#Config
SkipVerify bool `json:"SkipVerify"`
// https://pkg.go.dev/crypto/tls#Conn.VerifyHostname
// VerifyHostname bool
@ -39,10 +39,10 @@ type (
}
serverConfig struct {
Address string `json:"Address"`
Authentication serverAuth `json:"Authentication"`
LogFile string `json:"LogFile"`
Loggers []loggers.LoggerConfig `json:"Loggers"`
Address string `json:"Address"`
LogFile string `json:"LogFile"`
Authentication serverAuth `json:"Authentication"`
}
rulesOptions struct {
@ -56,19 +56,20 @@ type (
// Config holds the values loaded from configFile
type Config struct {
sync.RWMutex
Server serverConfig `json:"Server"`
Stats statistics.StatsConfig `json:"Stats"`
Rules rulesOptions `json:"Rules"`
Ebpf ebpfOptions `json:"Ebpf"`
LogLevel *int32 `json:"LogLevel"`
DefaultAction string `json:"DefaultAction"`
DefaultDuration string `json:"DefaultDuration"`
ProcMonitorMethod string `json:"ProcMonitorMethod"`
Firewall string `json:"Firewall"`
LogLevel *int32 `json:"LogLevel"`
InterceptUnknown bool `json:"InterceptUnknown"`
LogUTC bool `json:"LogUTC"`
LogMicro bool `json:"LogMicro"`
Ebpf ebpfOptions `json:"Ebpf"`
Rules rulesOptions `json:"Rules"`
Server serverConfig `json:"Server"`
Stats statistics.StatsConfig `json:"Stats"`
sync.RWMutex
InterceptUnknown bool `json:"InterceptUnknown"`
LogUTC bool `json:"LogUTC"`
LogMicro bool `json:"LogMicro"`
}
// Parse determines if the given configuration is ok.