mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

preserve nfmark when NF_ACCEPT'ing packets

Browse source 
Mullvad VPN uses an nfmark on packets when establishing a connection with their VPN servers.
If we don't preserve the nfmark, the connection will never be established.
This commit is contained in:
themighty1 2021-01-25 11:33:24 +03:00
parent ee76b9c6b9
commit ff6ede0557
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
daemon/main.go
View file

@ -172,7 +172,7 @@ func doCleanup(queue *netfilter.Queue) {
func onPacket(packet netfilter.Packet) {
// DNS response, just parse, track and accept.
if dns.TrackAnswers(packet.Packet) == true {
packet.SetVerdict(netfilter.NF_ACCEPT)
packet.SetVerdictAndMark(netfilter.NF_ACCEPT, packet.Mark)
stats.OnDNSResponse()
return
}
@ -197,7 +197,7 @@ func onPacket(packet netfilter.Packet) {
func applyDefaultAction(packet *netfilter.Packet) {
if uiClient.DefaultAction() == rule.Allow {
packet.SetVerdict(netfilter.NF_ACCEPT)
packet.SetVerdictAndMark(netfilter.NF_ACCEPT, packet.Mark)
} else {
if uiClient.DefaultDuration() == rule.Always {
packet.SetVerdictAndMark(netfilter.NF_DROP, firewall.DropMark)
@ -264,7 +264,7 @@ func acceptOrDeny(packet *netfilter.Packet, con *conman.Connection) *rule.Rule {
} else if r.Action == rule.Allow {
if packet != nil {
packet.SetVerdict(netfilter.NF_ACCEPT)
packet.SetVerdictAndMark(netfilter.NF_ACCEPT, packet.Mark)
}
ruleName := log.Green(r.Name)