From 6ef14d54adac01b55c2ce88e823124203ad65f81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcelina=20Ho=C5=82ub?= Date: Sun, 26 Mar 2023 11:14:16 +0200 Subject: [PATCH 1/8] style(daemon): wrap IPv6 and IPv4 errors in a new FirewallError type --- daemon/firewall/common/common.go | 16 +++++++++ daemon/firewall/config/config.go | 51 +++++++++++++++++----------- daemon/firewall/iptables/iptables.go | 8 ++--- daemon/firewall/iptables/rules.go | 13 +++---- daemon/firewall/iptables/system.go | 8 ++--- daemon/firewall/nftables/nftables.go | 4 +-- daemon/firewall/nftables/rules.go | 21 ++++++------ daemon/firewall/nftables/system.go | 3 +- daemon/firewall/rules.go | 4 +-- 9 files changed, 79 insertions(+), 49 deletions(-) diff --git a/daemon/firewall/common/common.go b/daemon/firewall/common/common.go index cdd284f5f9..cab3225bef 100644 --- a/daemon/firewall/common/common.go +++ b/daemon/firewall/common/common.go @@ -1,6 +1,7 @@ package common import ( + "fmt" "sync" "time" @@ -38,8 +39,23 @@ type ( FwEnabled bool sync.RWMutex } + // FirewallError is a type that holds both IPv4 and IPv6 errors. + FirewallError struct { + Err4 error + Err6 error + } ) +// Error formats the errors for both IPv4 and IPv6 errors. +func (e *FirewallError) Error() string { + return fmt.Sprintf("IPv4 error: %v, IPv6 error: %v", e.Err4, e.Err6) +} + +// HasError simplifies error handling of the FirewallError type. +func (e *FirewallError) HasError() bool { + return e.Err4 != nil || e.Err6 != nil +} + func (s *stopChecker) exit() <-chan bool { s.RLock() defer s.RUnlock() diff --git a/daemon/firewall/config/config.go b/daemon/firewall/config/config.go index 92dfe283f3..ad706fac89 100644 --- a/daemon/firewall/config/config.go +++ b/daemon/firewall/config/config.go @@ -5,7 +5,6 @@ // The firewall rules defined by the user are reloaded in these cases: // - When the file system-fw.json changes. // - When the firewall rules are not present when listing them. -// package config import ( @@ -20,30 +19,33 @@ import ( // ExprValues holds the statements' options: // "Name": "ct", // "Values": [ -// { -// "Key": "state", -// "Value": "established" -// }, -// { -// "Key": "state", -// "Value": "related" -// }] +// +// { +// "Key": "state", +// "Value": "established" +// }, +// +// { +// "Key": "state", +// "Value": "related" +// }] type ExprValues struct { Key string Value string } // ExprStatement holds the definition of matches to use against connections. -//{ -// "Op": "!=", -// "Name": "tcp", -// "Values": [ -// { -// "Key": "dport", -// "Value": "443" -// } -// ] -//} +// +// { +// "Op": "!=", +// "Name": "tcp", +// "Values": [ +// { +// "Key": "dport", +// "Value": "443" +// } +// ] +// } type ExprStatement struct { Op string // ==, !=, ... Only one per expression set. Name string // tcp, udp, ct, daddr, log, ... @@ -163,7 +165,11 @@ func (c *Config) LoadDiskConfiguration(reload bool) { c.loadConfiguration(raw) // we need to monitor the configuration file for changes, regardless if it's // malformed or not. - c.watcher.Remove(c.file) + err = c.watcher.Remove(c.file) + if err != nil { + log.Error("Failed to stop filesystem watcher: %v", err) + return + } if err := c.watcher.Add(c.file); err != nil { log.Error("Could not watch firewall configuration: %s", err) return @@ -223,6 +229,11 @@ func (c *Config) StopConfigWatcher() { if c.watcher != nil { c.watcher.Remove(c.file) + err := c.watcher.Remove(c.file) + if err != nil { + log.Error("Failed to stop filesystem watcher: %v", err) + return + } c.watcher.Close() } } diff --git a/daemon/firewall/iptables/iptables.go b/daemon/firewall/iptables/iptables.go index 3a7cd067dc..732e6c55be 100644 --- a/daemon/firewall/iptables/iptables.go +++ b/daemon/firewall/iptables/iptables.go @@ -140,10 +140,10 @@ func IsAvailable() error { // EnableInterception adds fw rules to intercept connections. func (ipt *Iptables) EnableInterception() { - if err4, err6 := ipt.QueueConnections(common.EnableRule, true); err4 != nil || err6 != nil { - log.Fatal("Error while running conntrack firewall rule: %s %s", err4, err6) - } else if err4, err6 = ipt.QueueDNSResponses(common.EnableRule, true); err4 != nil || err6 != nil { - log.Error("Error while running DNS firewall rule: %s %s", err4, err6) + if err := ipt.QueueConnections(common.EnableRule, true); err != nil { + log.Fatal("Error while running conntrack firewall rule: %s %s", err) + } else if err = ipt.QueueDNSResponses(common.EnableRule, true); err != nil { + log.Error("Error while running DNS firewall rule: %s %s", err) } // start monitoring firewall rules to intercept network traffic ipt.NewRulesChecker(ipt.AreRulesLoaded, ipt.reloadRulesCallback) diff --git a/daemon/firewall/iptables/rules.go b/daemon/firewall/iptables/rules.go index 6eed8422ca..79538d3f52 100644 --- a/daemon/firewall/iptables/rules.go +++ b/daemon/firewall/iptables/rules.go @@ -4,12 +4,13 @@ import ( "fmt" "github.com/evilsocket/opensnitch/daemon/core" + "github.com/evilsocket/opensnitch/daemon/firewall/common" "github.com/evilsocket/opensnitch/daemon/log" "github.com/vishvananda/netlink" ) // RunRule inserts or deletes a firewall rule. -func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []string) (err4, err6 error) { +func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []string) *common.FirewallError { if enable == false { action = "-D" } @@ -36,13 +37,13 @@ func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []s } } - return + return &common.FirewallError{Err4: err4, Err6: err6} } // QueueDNSResponses redirects DNS responses to us, in order to keep a cache // of resolved domains. // INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass -func (ipt *Iptables) QueueDNSResponses(enable bool, logError bool) (err4, err6 error) { +func (ipt *Iptables) QueueDNSResponses(enable bool, logError bool) *common.FirewallError { return ipt.RunRule(INSERT, enable, logError, []string{ "INPUT", "--protocol", "udp", @@ -56,8 +57,8 @@ func (ipt *Iptables) QueueDNSResponses(enable bool, logError bool) (err4, err6 e // QueueConnections inserts the firewall rule which redirects connections to us. // Connections are queued until the user denies/accept them, or reaches a timeout. // OUTPUT -t mangle -m conntrack --ctstate NEW,RELATED -j NFQUEUE --queue-num 0 --queue-bypass -func (ipt *Iptables) QueueConnections(enable bool, logError bool) (error, error) { - err4, err6 := ipt.RunRule(ADD, enable, logError, []string{ +func (ipt *Iptables) QueueConnections(enable bool, logError bool) *common.FirewallError { + err := ipt.RunRule(ADD, enable, logError, []string{ "OUTPUT", "-t", "mangle", "-m", "conntrack", @@ -73,5 +74,5 @@ func (ipt *Iptables) QueueConnections(enable bool, logError bool) (error, error) log.Error("error in ConntrackTableFlush %s", err) } } - return err4, err6 + return err } diff --git a/daemon/firewall/iptables/system.go b/daemon/firewall/iptables/system.go index 9626787ab4..0bf3817677 100644 --- a/daemon/firewall/iptables/system.go +++ b/daemon/firewall/iptables/system.go @@ -28,7 +28,7 @@ func (ipt *Iptables) CreateSystemRule(rule *config.FwRule, table, chain, hook st ipt.RunRule(NEWCHAIN, common.EnableRule, logErrors, []string{chainName, "-t", table}) // Insert the rule at the top of the chain - if err4, err6 := ipt.RunRule(INSERT, common.EnableRule, logErrors, []string{hook, "-t", table, "-j", chainName}); err4 == nil && err6 == nil { + if err := ipt.RunRule(INSERT, common.EnableRule, logErrors, []string{hook, "-t", table, "-j", chainName}); err == nil { ipt.chains.Rules[table+"-"+chainName] = &SystemRule{ Table: table, Chain: chain, @@ -102,7 +102,7 @@ func (ipt *Iptables) DeleteSystemRules(force, backupExistingChains, logErrors bo } // DeleteSystemRule deletes a new rule. -func (ipt *Iptables) DeleteSystemRule(action Action, rule *config.FwRule, table, chain string, enable bool) (err4, err6 error) { +func (ipt *Iptables) DeleteSystemRule(action Action, rule *config.FwRule, table, chain string, enable bool) *common.FirewallError { chainName := SystemRulePrefix + "-" + chain if table == "" { table = "filter" @@ -120,9 +120,9 @@ func (ipt *Iptables) DeleteSystemRule(action Action, rule *config.FwRule, table, } // AddSystemRule inserts a new rule. -func (ipt *Iptables) AddSystemRule(action Action, rule *config.FwRule, table, chain string, enable bool) (err4, err6 error) { +func (ipt *Iptables) AddSystemRule(action Action, rule *config.FwRule, table, chain string, enable bool) *common.FirewallError { if rule == nil { - return nil, nil + return nil } ipt.RLock() defer ipt.RUnlock() diff --git a/daemon/firewall/nftables/nftables.go b/daemon/firewall/nftables/nftables.go index 5d05ea87a7..ed5a5803f2 100644 --- a/daemon/firewall/nftables/nftables.go +++ b/daemon/firewall/nftables/nftables.go @@ -118,10 +118,10 @@ func (n *Nft) EnableInterception() { return } - if err, _ := n.QueueDNSResponses(true, true); err != nil { + if err := n.QueueDNSResponses(true, true); err != nil { log.Error("Error while running DNS nftables rule: %s", err) } - if err, _ := n.QueueConnections(true, true); err != nil { + if err := n.QueueConnections(true, true); err != nil { log.Error("Error while running conntrack nftables rule: %s", err) } // start monitoring firewall rules to intercept network traffic. diff --git a/daemon/firewall/nftables/rules.go b/daemon/firewall/nftables/rules.go index a3a7c3e57a..85dd811761 100644 --- a/daemon/firewall/nftables/rules.go +++ b/daemon/firewall/nftables/rules.go @@ -3,6 +3,7 @@ package nftables import ( "fmt" + "github.com/evilsocket/opensnitch/daemon/firewall/common" "github.com/evilsocket/opensnitch/daemon/firewall/nftables/exprs" "github.com/evilsocket/opensnitch/daemon/log" "github.com/google/nftables" @@ -16,9 +17,9 @@ import ( // of resolved domains. // This rule must be added in top of the system rules, otherwise it may get bypassed. // nft insert rule ip filter input udp sport 53 queue num 0 bypass -func (n *Nft) QueueDNSResponses(enable bool, logError bool) (error, error) { +func (n *Nft) QueueDNSResponses(enable, logError bool) *common.FirewallError { if n.conn == nil { - return nil, nil + return nil } families := []string{exprs.NFT_FAMILY_INET} for _, fam := range families { @@ -67,10 +68,10 @@ func (n *Nft) QueueDNSResponses(enable bool, logError bool) (error, error) { } // apply changes if !n.Commit() { - return fmt.Errorf("Error adding DNS interception rules"), nil + return &common.FirewallError{Err4: fmt.Errorf("Error adding DNS interception rules"), Err6: nil} } - return nil, nil + return nil } // QueueConnections inserts the firewall rule which redirects connections to us. @@ -78,17 +79,17 @@ func (n *Nft) QueueDNSResponses(enable bool, logError bool) (error, error) { // This rule must be added at the end of all the other rules, that way we can add // rules above this one to exclude a service/app from being intercepted. // nft insert rule ip mangle OUTPUT ct state new queue num 0 bypass -func (n *Nft) QueueConnections(enable bool, logError bool) (error, error) { +func (n *Nft) QueueConnections(enable, logError bool) *common.FirewallError { if n.conn == nil { - return nil, fmt.Errorf("nftables QueueConnections: netlink connection not active") + return &common.FirewallError{Err4: fmt.Errorf("nftables QueueConnections: netlink connection not active"), Err6: nil} } table := getTable(exprs.NFT_CHAIN_MANGLE, exprs.NFT_FAMILY_INET) if table == nil { - return nil, fmt.Errorf("QueueConnections() Error getting table mangle-inet") + return &common.FirewallError{Err4: fmt.Errorf("QueueConnections() Error getting table mangle-inet"), Err6: nil} } chain := getChain(exprs.NFT_HOOK_OUTPUT, table) if chain == nil { - return nil, fmt.Errorf("QueueConnections() Error getting outputChain: output-%s", table.Name) + return &common.FirewallError{Err4: fmt.Errorf("QueueConnections() Error getting outputChain: output-%s", table.Name), Err6: nil} } n.conn.AddRule(&nftables.Rule{ @@ -115,7 +116,7 @@ func (n *Nft) QueueConnections(enable bool, logError bool) (error, error) { }) // apply changes if !n.Commit() { - return fmt.Errorf("Error adding interception rule "), nil + return &common.FirewallError{Err4: fmt.Errorf("Error adding interception rule "), Err6: nil} } if enable { @@ -126,7 +127,7 @@ func (n *Nft) QueueConnections(enable bool, logError bool) (error, error) { } } - return nil, nil + return nil } func (n *Nft) insertRule(chain, table, family string, position uint64, exprs *[]expr.Any) error { diff --git a/daemon/firewall/nftables/system.go b/daemon/firewall/nftables/system.go index 128030d06e..5ef02892fb 100644 --- a/daemon/firewall/nftables/system.go +++ b/daemon/firewall/nftables/system.go @@ -3,6 +3,7 @@ package nftables import ( "strings" + "github.com/evilsocket/opensnitch/daemon/firewall/common" "github.com/evilsocket/opensnitch/daemon/firewall/config" "github.com/evilsocket/opensnitch/daemon/firewall/iptables" "github.com/evilsocket/opensnitch/daemon/firewall/nftables/exprs" @@ -134,5 +135,5 @@ func (n *Nft) AddSystemRule(rule *config.FwRule, chain *config.FwChain) (err4, e } } - return nil, nil + return nil } diff --git a/daemon/firewall/rules.go b/daemon/firewall/rules.go index 5e45bd9054..d097284e6a 100644 --- a/daemon/firewall/rules.go +++ b/daemon/firewall/rules.go @@ -22,8 +22,8 @@ type Firewall interface { EnableInterception() DisableInterception(bool) - QueueDNSResponses(bool, bool) (error, error) - QueueConnections(bool, bool) (error, error) + QueueDNSResponses(bool, bool) *common.FirewallError + QueueConnections(bool, bool) *common.FirewallError CleanRules(bool) AddSystemRules(bool, bool) From f3ecc6f5537c9f7a0ad979b5262a1542636ef5b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcelina=20Ho=C5=82ub?= Date: Sun, 26 Mar 2023 11:44:57 +0200 Subject: [PATCH 2/8] style: don't export mutexes in structs --- daemon/firewall/common/common.go | 32 +++++++-------- daemon/firewall/config/config.go | 59 +++++++++++++--------------- daemon/firewall/iptables/iptables.go | 5 +-- daemon/firewall/iptables/monitor.go | 4 +- daemon/firewall/iptables/rules.go | 4 +- daemon/firewall/iptables/system.go | 12 +++--- daemon/firewall/nftables/nftables.go | 2 +- daemon/firewall/nftables/system.go | 16 ++++---- 8 files changed, 64 insertions(+), 70 deletions(-) diff --git a/daemon/firewall/common/common.go b/daemon/firewall/common/common.go index cab3225bef..5d26308239 100644 --- a/daemon/firewall/common/common.go +++ b/daemon/firewall/common/common.go @@ -24,8 +24,8 @@ type ( callbackBool func() bool stopChecker struct { - ch chan bool - sync.RWMutex + ch chan bool + rwm sync.RWMutex } // Common holds common fields and functionality of both firewalls, @@ -57,8 +57,8 @@ func (e *FirewallError) HasError() bool { } func (s *stopChecker) exit() <-chan bool { - s.RLock() - defer s.RUnlock() + s.rwm.RLock() + defer s.rwm.RUnlock() return s.ch } @@ -76,8 +76,8 @@ func (s *stopChecker) stop() { // SetQueueNum sets the queue number used by the firewall. // It's the queue where all intercepted connections will be sent. func (c *Common) SetQueueNum(qNum *int) { - c.Lock() - defer c.Unlock() + c.mu.Lock() + defer c.mu.Unlock() if qNum != nil { c.QueueNum = uint16(*qNum) @@ -87,24 +87,24 @@ func (c *Common) SetQueueNum(qNum *int) { // IsRunning returns if the firewall is running or not. func (c *Common) IsRunning() bool { - c.RLock() - defer c.RUnlock() + c.rwm.RLock() + defer c.rwm.RUnlock() return c != nil && c.Running } // IsFirewallEnabled returns if the firewall is running or not. func (c *Common) IsFirewallEnabled() bool { - c.RLock() - defer c.RUnlock() + c.rwm.RLock() + defer c.rwm.RUnlock() return c != nil && c.FwEnabled } // IsIntercepting returns if the firewall is running or not. func (c *Common) IsIntercepting() bool { - c.RLock() - defer c.RUnlock() + c.rwm.RLock() + defer c.rwm.RUnlock() return c != nil && c.Intercepting } @@ -113,8 +113,8 @@ func (c *Common) IsIntercepting() bool { // We expect to have 2 rules loaded: one to intercept DNS responses and another one // to intercept network traffic. func (c *Common) NewRulesChecker(areRulesLoaded callbackBool, reloadRules callback) { - c.Lock() - defer c.Unlock() + c.mu.Lock() + defer c.mu.Unlock() if c.stopCheckerChan != nil { c.stopCheckerChan.stop() c.stopCheckerChan = nil @@ -146,8 +146,8 @@ Exit: // StopCheckingRules stops checking if firewall rules are loaded. func (c *Common) StopCheckingRules() { - c.RLock() - defer c.RUnlock() + c.rwm.RLock() + defer c.rwm.RUnlock() if c.RulesChecker != nil { c.RulesChecker.Stop() diff --git a/daemon/firewall/config/config.go b/daemon/firewall/config/config.go index ad706fac89..1211d31f29 100644 --- a/daemon/firewall/config/config.go +++ b/daemon/firewall/config/config.go @@ -60,20 +60,19 @@ type Expressions struct { // FwRule holds the fields of a rule type FwRule struct { // we need to keep old fields in the struct. Otherwise when receiving a conf from the GUI, the legacy rules would be deleted. - Chain string // TODO: deprecated, remove - Table string // TODO: deprecated, remove - Parameters string // TODO: deprecated: remove + rwm *sync.RWMutex + Chain string `json:"chain,omitempty"` // TODO: deprecated, remove + Table string `json:"table,omitempty"` // TODO: deprecated, remove + Parameters string `json:"parameters,omitempty"` // TODO: deprecated: remove - UUID string - Description string - Expressions []*Expressions - Target string - TargetParameters string + UUID string `json:"uuid"` + Description string `json:"description"` + Expressions []*Expressions `json:"expressions"` + Target string `json:"target"` + TargetParameters string `json:"target_parameters"` - Position uint64 `json:",string"` - Enabled bool - - *sync.RWMutex + Position uint64 `json:"position,string"` + Enabled bool `json:"enabled"` } // FwChain holds the information that defines a firewall chain. @@ -97,10 +96,6 @@ func (fc *FwChain) IsInvalid() bool { return fc.Name == "" || fc.Family == "" || fc.Table == "" } -type rulesList struct { - Rule *FwRule -} - type chainsList struct { Chains []*FwChain Rule *FwRule // TODO: deprecated, remove @@ -108,16 +103,16 @@ type chainsList struct { // SystemConfig holds the list of rules to be added to the system type SystemConfig struct { - sync.RWMutex - SystemRules []*chainsList - Version uint32 - Enabled bool + rwm sync.RWMutex + SystemRules []*chainsList `json:"chains_list"` + Version uint32 `json:"versions"` + Enabled bool `json:"enabled"` } // Config holds the functionality to re/load the firewall configuration from disk. // This is the configuration to manage the system firewall (iptables, nftables). type Config struct { - sync.Mutex + mu sync.Mutex file string watcher *fsnotify.Watcher monitorExitChan chan bool @@ -140,8 +135,8 @@ func (c *Config) NewSystemFwConfig(preLoadCb, reLoadCb func()) (*Config, error) return nil, err } - c.Lock() - defer c.Unlock() + c.mu.Lock() + defer c.mu.Unlock() c.file = "/etc/opensnitchd/system-fw.json" c.monitorExitChan = make(chan bool, 1) @@ -153,8 +148,8 @@ func (c *Config) NewSystemFwConfig(preLoadCb, reLoadCb func()) (*Config, error) // LoadDiskConfiguration reads and loads the firewall configuration from disk func (c *Config) LoadDiskConfiguration(reload bool) { - c.Lock() - defer c.Unlock() + c.mu.Lock() + defer c.mu.Unlock() raw, err := ioutil.ReadFile(c.file) if err != nil { @@ -186,8 +181,8 @@ func (c *Config) LoadDiskConfiguration(reload bool) { // loadConfigutation reads the system firewall rules from disk. // Then the rules are added based on the configuration defined. func (c *Config) loadConfiguration(rawConfig []byte) { - c.SysConfig.Lock() - defer c.SysConfig.Unlock() + c.SysConfig.rwm.Lock() + defer c.SysConfig.rwm.Unlock() // delete old system rules, that may be different from the new ones c.preloadCallback() @@ -219,8 +214,8 @@ func (c *Config) SaveConfiguration(rawConfig string) error { // StopConfigWatcher stops the configuration watcher and stops the subroutine. func (c *Config) StopConfigWatcher() { - c.Lock() - defer c.Unlock() + c.mu.Lock() + defer c.mu.Unlock() if c.monitorExitChan != nil { c.monitorExitChan <- true @@ -228,12 +223,12 @@ func (c *Config) StopConfigWatcher() { } if c.watcher != nil { - c.watcher.Remove(c.file) err := c.watcher.Remove(c.file) if err != nil { log.Error("Failed to stop filesystem watcher: %v", err) return } + c.watcher.Close() } } @@ -251,7 +246,7 @@ func (c *Config) monitorConfigWorker() { } Exit: log.Debug("stop monitoring firewall config file") - c.Lock() + c.mu.Lock() c.monitorExitChan = nil - c.Unlock() + c.mu.Unlock() } diff --git a/daemon/firewall/iptables/iptables.go b/daemon/firewall/iptables/iptables.go index 732e6c55be..1bb8421fb9 100644 --- a/daemon/firewall/iptables/iptables.go +++ b/daemon/firewall/iptables/iptables.go @@ -49,7 +49,7 @@ type SystemRule struct { // SystemChains keeps track of the fw rules that have been added to the system. type SystemChains struct { Rules map[string]*SystemRule - sync.RWMutex + rwm sync.RWMutex } // Iptables struct holds the fields of the iptables fw @@ -64,8 +64,7 @@ type Iptables struct { regexSystemRulesQuery *regexp.Regexp chains SystemChains - - sync.Mutex + mu sync.Mutex } // Fw initializes a new Iptables object diff --git a/daemon/firewall/iptables/monitor.go b/daemon/firewall/iptables/monitor.go index fbcec2f577..bbec98e834 100644 --- a/daemon/firewall/iptables/monitor.go +++ b/daemon/firewall/iptables/monitor.go @@ -23,7 +23,7 @@ func (ipt *Iptables) AreRulesLoaded() bool { } systemRulesLoaded := true - ipt.chains.RLock() + ipt.chains.rwm.RLock() if len(ipt.chains.Rules) > 0 { for _, rule := range ipt.chains.Rules { if chainOut4, err4 := core.Exec("iptables", []string{"-n", "-L", rule.Chain, "-t", rule.Table}); err4 == nil { @@ -42,7 +42,7 @@ func (ipt *Iptables) AreRulesLoaded() bool { } } } - ipt.chains.RUnlock() + ipt.chains.rwm.RUnlock() result := ipt.regexRulesQuery.FindString(outMangle) != "" && systemRulesLoaded diff --git a/daemon/firewall/iptables/rules.go b/daemon/firewall/iptables/rules.go index 79538d3f52..b20307ecc8 100644 --- a/daemon/firewall/iptables/rules.go +++ b/daemon/firewall/iptables/rules.go @@ -17,8 +17,8 @@ func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []s rule = append([]string{string(action)}, rule...) - ipt.Lock() - defer ipt.Unlock() + ipt.mu.Lock() + defer ipt.mu.Unlock() if _, err4 = core.Exec(ipt.bin, rule); err4 != nil { if logError { diff --git a/daemon/firewall/iptables/system.go b/daemon/firewall/iptables/system.go index 0bf3817677..2e7f5c0360 100644 --- a/daemon/firewall/iptables/system.go +++ b/daemon/firewall/iptables/system.go @@ -9,8 +9,8 @@ import ( // CreateSystemRule creates the custom firewall chains and adds them to the system. func (ipt *Iptables) CreateSystemRule(rule *config.FwRule, table, chain, hook string, logErrors bool) bool { - ipt.chains.Lock() - defer ipt.chains.Unlock() + ipt.chains.mu.Lock() + defer ipt.chains.mu.Unlock() if rule == nil { return false } @@ -67,8 +67,8 @@ func (ipt *Iptables) AddSystemRules(reload, backupExistingChains bool) { // If force is false and the rule has not been previously added, // it won't try to delete the rules. Otherwise it'll try to delete them. func (ipt *Iptables) DeleteSystemRules(force, backupExistingChains, logErrors bool) { - ipt.chains.Lock() - defer ipt.chains.Unlock() + ipt.chains.mu.Lock() + defer ipt.chains.mu.Unlock() for _, fwCfg := range ipt.SysConfig.SystemRules { if fwCfg.Rule == nil { @@ -124,8 +124,8 @@ func (ipt *Iptables) AddSystemRule(action Action, rule *config.FwRule, table, ch if rule == nil { return nil } - ipt.RLock() - defer ipt.RUnlock() + ipt.rwm.RLock() + defer ipt.rwm.RUnlock() chainName := SystemRulePrefix + "-" + chain if table == "" { diff --git a/daemon/firewall/nftables/nftables.go b/daemon/firewall/nftables/nftables.go index ed5a5803f2..9a4ba7c898 100644 --- a/daemon/firewall/nftables/nftables.go +++ b/daemon/firewall/nftables/nftables.go @@ -41,7 +41,7 @@ var ( // Nft holds the fields of our nftables firewall type Nft struct { - sync.Mutex + mu sync.Mutex config.Config common.Common diff --git a/daemon/firewall/nftables/system.go b/daemon/firewall/nftables/system.go index 5ef02892fb..a67af2c92d 100644 --- a/daemon/firewall/nftables/system.go +++ b/daemon/firewall/nftables/system.go @@ -66,9 +66,9 @@ func (n *Nft) CreateSystemRule(chain *config.FwChain, logErrors bool) bool { } // AddSystemRules creates the system firewall from configuration. -func (n *Nft) AddSystemRules(reload, backupExistingChains bool) { - n.SysConfig.RLock() - defer n.SysConfig.RUnlock() +func (n *Nft) AddSystemRules(reload, backupExistingChains bool) { + n.SysConfig.rwm.RLock() + defer n.SysConfig.rwm.RUnlock() if n.SysConfig.Enabled == false { log.Important("[nftables] AddSystemRules() fw disabled") @@ -101,8 +101,8 @@ func (n *Nft) AddSystemRules(reload, backupExistingChains bool) { // If force is false and the rule has not been previously added, // it won't try to delete the tables and chains. Otherwise it'll try to delete them. func (n *Nft) DeleteSystemRules(force, restoreExistingChains, logErrors bool) { - n.Lock() - defer n.Unlock() + n.mu.Lock() + defer n.mu.Unlock() if err := n.delRulesByKey(systemRuleKey); err != nil { log.Warning("error deleting interception rules: %s", err) @@ -117,9 +117,9 @@ func (n *Nft) DeleteSystemRules(force, restoreExistingChains, logErrors bool) { } // AddSystemRule inserts a new rule. -func (n *Nft) AddSystemRule(rule *config.FwRule, chain *config.FwChain) (err4, err6 error) { - n.Lock() - defer n.Unlock() +func (n *Nft) AddSystemRule(rule *config.FwRule, chain *config.FwChain) *common.FirewallError { + n.mu.Lock() + defer n.mu.Unlock() exprList := []expr.Any{} for _, expression := range rule.Expressions { From 9f060ee5450238b6dbe31a6bbc5b5fb3986c003a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcelina=20Ho=C5=82ub?= Date: Sun, 26 Mar 2023 12:50:12 +0200 Subject: [PATCH 3/8] fix(daemon): add a getter and setter to access Sysconfig's RWMutex --- daemon/firewall/common/common.go | 18 +++++++++--------- daemon/firewall/config/config.go | 14 ++++++++++++++ daemon/firewall/iptables/rules.go | 1 + daemon/firewall/iptables/system.go | 12 ++++++------ daemon/firewall/nftables/monitor.go | 4 ++-- daemon/firewall/nftables/system.go | 3 +-- 6 files changed, 33 insertions(+), 19 deletions(-) diff --git a/daemon/firewall/common/common.go b/daemon/firewall/common/common.go index 5d26308239..e8cd02b234 100644 --- a/daemon/firewall/common/common.go +++ b/daemon/firewall/common/common.go @@ -37,7 +37,7 @@ type ( Running bool Intercepting bool FwEnabled bool - sync.RWMutex + rwm sync.RWMutex } // FirewallError is a type that holds both IPv4 and IPv6 errors. FirewallError struct { @@ -63,8 +63,8 @@ func (s *stopChecker) exit() <-chan bool { } func (s *stopChecker) stop() { - s.Lock() - defer s.Unlock() + s.rwm.Lock() + defer s.rwm.Unlock() if s.ch != nil { s.ch <- true @@ -76,8 +76,8 @@ func (s *stopChecker) stop() { // SetQueueNum sets the queue number used by the firewall. // It's the queue where all intercepted connections will be sent. func (c *Common) SetQueueNum(qNum *int) { - c.mu.Lock() - defer c.mu.Unlock() + c.rwm.Lock() + defer c.rwm.Unlock() if qNum != nil { c.QueueNum = uint16(*qNum) @@ -113,8 +113,8 @@ func (c *Common) IsIntercepting() bool { // We expect to have 2 rules loaded: one to intercept DNS responses and another one // to intercept network traffic. func (c *Common) NewRulesChecker(areRulesLoaded callbackBool, reloadRules callback) { - c.mu.Lock() - defer c.mu.Unlock() + c.rwm.Lock() + defer c.rwm.Unlock() if c.stopCheckerChan != nil { c.stopCheckerChan.stop() c.stopCheckerChan = nil @@ -129,10 +129,11 @@ func (c *Common) NewRulesChecker(areRulesLoaded callbackBool, reloadRules callba // StartCheckingRules monitors if our rules are loaded. // If the rules to intercept traffic are not loaded, we'll try to insert them again. func (c *Common) startCheckingRules(areRulesLoaded callbackBool, reloadRules callback) { +outerLoop: for { select { case <-c.stopCheckerChan.exit(): - goto Exit + break outerLoop case <-c.RulesChecker.C: if areRulesLoaded() == false { reloadRules() @@ -140,7 +141,6 @@ func (c *Common) startCheckingRules(areRulesLoaded callbackBool, reloadRules cal } } -Exit: log.Info("exit checking firewall rules") } diff --git a/daemon/firewall/config/config.go b/daemon/firewall/config/config.go index 1211d31f29..b0610c55e8 100644 --- a/daemon/firewall/config/config.go +++ b/daemon/firewall/config/config.go @@ -126,6 +126,20 @@ type Config struct { // preload will be called after daemon startup, whilst reload when a modification is performed. } +// GetSystemRules and SetSystemRules are used to internally lock/unlock the SystemConfig's mutex +func (sc *SystemConfig) GetSystemRules() []*chainsList { + sc.rwm.RLock() + defer sc.rwm.RUnlock() + return sc.SystemRules +} + +// GetSystemRules and SetSystemRules are used to internally lock/unlock the SystemConfig's mutex +func (sc *SystemConfig) SetSystemRules(rules []*chainsList) { + sc.rwm.Lock() + defer sc.rwm.Unlock() + sc.SystemRules = rules +} + // NewSystemFwConfig initializes config fields func (c *Config) NewSystemFwConfig(preLoadCb, reLoadCb func()) (*Config, error) { var err error diff --git a/daemon/firewall/iptables/rules.go b/daemon/firewall/iptables/rules.go index b20307ecc8..2fe2b66d50 100644 --- a/daemon/firewall/iptables/rules.go +++ b/daemon/firewall/iptables/rules.go @@ -17,6 +17,7 @@ func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []s rule = append([]string{string(action)}, rule...) + var err4, err6 error ipt.mu.Lock() defer ipt.mu.Unlock() diff --git a/daemon/firewall/iptables/system.go b/daemon/firewall/iptables/system.go index 2e7f5c0360..df6d79c118 100644 --- a/daemon/firewall/iptables/system.go +++ b/daemon/firewall/iptables/system.go @@ -9,8 +9,8 @@ import ( // CreateSystemRule creates the custom firewall chains and adds them to the system. func (ipt *Iptables) CreateSystemRule(rule *config.FwRule, table, chain, hook string, logErrors bool) bool { - ipt.chains.mu.Lock() - defer ipt.chains.mu.Unlock() + ipt.chains.rwm.Lock() + defer ipt.chains.rwm.Unlock() if rule == nil { return false } @@ -67,8 +67,8 @@ func (ipt *Iptables) AddSystemRules(reload, backupExistingChains bool) { // If force is false and the rule has not been previously added, // it won't try to delete the rules. Otherwise it'll try to delete them. func (ipt *Iptables) DeleteSystemRules(force, backupExistingChains, logErrors bool) { - ipt.chains.mu.Lock() - defer ipt.chains.mu.Unlock() + ipt.chains.rwm.Lock() + defer ipt.chains.rwm.Unlock() for _, fwCfg := range ipt.SysConfig.SystemRules { if fwCfg.Rule == nil { @@ -124,8 +124,8 @@ func (ipt *Iptables) AddSystemRule(action Action, rule *config.FwRule, table, ch if rule == nil { return nil } - ipt.rwm.RLock() - defer ipt.rwm.RUnlock() + ipt.chains.rwm.RLock() + defer ipt.chains.rwm.RUnlock() chainName := SystemRulePrefix + "-" + chain if table == "" { diff --git a/daemon/firewall/nftables/monitor.go b/daemon/firewall/nftables/monitor.go index 883ea339db..df14615812 100644 --- a/daemon/firewall/nftables/monitor.go +++ b/daemon/firewall/nftables/monitor.go @@ -10,8 +10,8 @@ import ( // AreRulesLoaded checks if the firewall rules for intercept traffic are loaded. func (n *Nft) AreRulesLoaded() bool { - n.Lock() - defer n.Unlock() + n.mu.Lock() + defer n.mu.Unlock() nRules := 0 chains, err := n.conn.ListChains() diff --git a/daemon/firewall/nftables/system.go b/daemon/firewall/nftables/system.go index a67af2c92d..4ac3c0a497 100644 --- a/daemon/firewall/nftables/system.go +++ b/daemon/firewall/nftables/system.go @@ -67,8 +67,7 @@ func (n *Nft) CreateSystemRule(chain *config.FwChain, logErrors bool) bool { // AddSystemRules creates the system firewall from configuration. func (n *Nft) AddSystemRules(reload, backupExistingChains bool) { - n.SysConfig.rwm.RLock() - defer n.SysConfig.rwm.RUnlock() + n.SysConfig.GetSystemRules() if n.SysConfig.Enabled == false { log.Important("[nftables] AddSystemRules() fw disabled") From 09f5e82d97e9da4cd7465684c6ed7f78651f9d7e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcelina=20Ho=C5=82ub?= Date: Sun, 2 Apr 2023 00:18:20 +0200 Subject: [PATCH 4/8] Revert "style(daemon): wrap IPv6 and IPv4 errors in a new FirewallError type" This reverts commit 6ef14d54adac01b55c2ce88e823124203ad65f81. --- daemon/firewall/common/common.go | 16 -- daemon/firewall/config/config.go | 13 +- daemon/firewall/iptables/iptables.go | 8 +- daemon/firewall/iptables/rules.go | 13 +- daemon/firewall/iptables/system.go | 8 +- daemon/firewall/nftables/nftables.go | 4 +- daemon/firewall/nftables/rules.go | 21 ++- daemon/firewall/nftables/system.go | 3 +- daemon/firewall/rules.go | 4 +- daemon/go.sum | 241 +++++++++++++++++++++++++++ 10 files changed, 272 insertions(+), 59 deletions(-) create mode 100644 daemon/go.sum diff --git a/daemon/firewall/common/common.go b/daemon/firewall/common/common.go index e8cd02b234..30135708c0 100644 --- a/daemon/firewall/common/common.go +++ b/daemon/firewall/common/common.go @@ -1,7 +1,6 @@ package common import ( - "fmt" "sync" "time" @@ -39,23 +38,8 @@ type ( FwEnabled bool rwm sync.RWMutex } - // FirewallError is a type that holds both IPv4 and IPv6 errors. - FirewallError struct { - Err4 error - Err6 error - } ) -// Error formats the errors for both IPv4 and IPv6 errors. -func (e *FirewallError) Error() string { - return fmt.Sprintf("IPv4 error: %v, IPv6 error: %v", e.Err4, e.Err6) -} - -// HasError simplifies error handling of the FirewallError type. -func (e *FirewallError) HasError() bool { - return e.Err4 != nil || e.Err6 != nil -} - func (s *stopChecker) exit() <-chan bool { s.rwm.RLock() defer s.rwm.RUnlock() diff --git a/daemon/firewall/config/config.go b/daemon/firewall/config/config.go index b0610c55e8..98fad8fa28 100644 --- a/daemon/firewall/config/config.go +++ b/daemon/firewall/config/config.go @@ -174,11 +174,7 @@ func (c *Config) LoadDiskConfiguration(reload bool) { c.loadConfiguration(raw) // we need to monitor the configuration file for changes, regardless if it's // malformed or not. - err = c.watcher.Remove(c.file) - if err != nil { - log.Error("Failed to stop filesystem watcher: %v", err) - return - } + c.watcher.Remove(c.file) if err := c.watcher.Add(c.file); err != nil { log.Error("Could not watch firewall configuration: %s", err) return @@ -237,12 +233,7 @@ func (c *Config) StopConfigWatcher() { } if c.watcher != nil { - err := c.watcher.Remove(c.file) - if err != nil { - log.Error("Failed to stop filesystem watcher: %v", err) - return - } - + c.watcher.Remove(c.file) c.watcher.Close() } } diff --git a/daemon/firewall/iptables/iptables.go b/daemon/firewall/iptables/iptables.go index 1bb8421fb9..df48158bac 100644 --- a/daemon/firewall/iptables/iptables.go +++ b/daemon/firewall/iptables/iptables.go @@ -139,10 +139,10 @@ func IsAvailable() error { // EnableInterception adds fw rules to intercept connections. func (ipt *Iptables) EnableInterception() { - if err := ipt.QueueConnections(common.EnableRule, true); err != nil { - log.Fatal("Error while running conntrack firewall rule: %s %s", err) - } else if err = ipt.QueueDNSResponses(common.EnableRule, true); err != nil { - log.Error("Error while running DNS firewall rule: %s %s", err) + if err4, err6 := ipt.QueueConnections(common.EnableRule, true); err4 != nil || err6 != nil { + log.Fatal("Error while running conntrack firewall rule: %s %s", err4, err6) + } else if err4, err6 = ipt.QueueDNSResponses(common.EnableRule, true); err4 != nil || err6 != nil { + log.Error("Error while running DNS firewall rule: %s %s", err4, err6) } // start monitoring firewall rules to intercept network traffic ipt.NewRulesChecker(ipt.AreRulesLoaded, ipt.reloadRulesCallback) diff --git a/daemon/firewall/iptables/rules.go b/daemon/firewall/iptables/rules.go index 2fe2b66d50..2b29da8b7b 100644 --- a/daemon/firewall/iptables/rules.go +++ b/daemon/firewall/iptables/rules.go @@ -4,13 +4,12 @@ import ( "fmt" "github.com/evilsocket/opensnitch/daemon/core" - "github.com/evilsocket/opensnitch/daemon/firewall/common" "github.com/evilsocket/opensnitch/daemon/log" "github.com/vishvananda/netlink" ) // RunRule inserts or deletes a firewall rule. -func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []string) *common.FirewallError { +func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []string) (err4, err6 error) { if enable == false { action = "-D" } @@ -38,13 +37,13 @@ func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []s } } - return &common.FirewallError{Err4: err4, Err6: err6} + return } // QueueDNSResponses redirects DNS responses to us, in order to keep a cache // of resolved domains. // INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass -func (ipt *Iptables) QueueDNSResponses(enable bool, logError bool) *common.FirewallError { +func (ipt *Iptables) QueueDNSResponses(enable bool, logError bool) (err4, err6 error) { return ipt.RunRule(INSERT, enable, logError, []string{ "INPUT", "--protocol", "udp", @@ -58,8 +57,8 @@ func (ipt *Iptables) QueueDNSResponses(enable bool, logError bool) *common.Firew // QueueConnections inserts the firewall rule which redirects connections to us. // Connections are queued until the user denies/accept them, or reaches a timeout. // OUTPUT -t mangle -m conntrack --ctstate NEW,RELATED -j NFQUEUE --queue-num 0 --queue-bypass -func (ipt *Iptables) QueueConnections(enable bool, logError bool) *common.FirewallError { - err := ipt.RunRule(ADD, enable, logError, []string{ +func (ipt *Iptables) QueueConnections(enable bool, logError bool) (error, error) { + err4, err6 := ipt.RunRule(ADD, enable, logError, []string{ "OUTPUT", "-t", "mangle", "-m", "conntrack", @@ -75,5 +74,5 @@ func (ipt *Iptables) QueueConnections(enable bool, logError bool) *common.Firewa log.Error("error in ConntrackTableFlush %s", err) } } - return err + return err4, err6 } diff --git a/daemon/firewall/iptables/system.go b/daemon/firewall/iptables/system.go index df6d79c118..1cfbd7b7b1 100644 --- a/daemon/firewall/iptables/system.go +++ b/daemon/firewall/iptables/system.go @@ -28,7 +28,7 @@ func (ipt *Iptables) CreateSystemRule(rule *config.FwRule, table, chain, hook st ipt.RunRule(NEWCHAIN, common.EnableRule, logErrors, []string{chainName, "-t", table}) // Insert the rule at the top of the chain - if err := ipt.RunRule(INSERT, common.EnableRule, logErrors, []string{hook, "-t", table, "-j", chainName}); err == nil { + if err4, err6 := ipt.RunRule(INSERT, common.EnableRule, logErrors, []string{hook, "-t", table, "-j", chainName}); err4 == nil && err6 == nil { ipt.chains.Rules[table+"-"+chainName] = &SystemRule{ Table: table, Chain: chain, @@ -102,7 +102,7 @@ func (ipt *Iptables) DeleteSystemRules(force, backupExistingChains, logErrors bo } // DeleteSystemRule deletes a new rule. -func (ipt *Iptables) DeleteSystemRule(action Action, rule *config.FwRule, table, chain string, enable bool) *common.FirewallError { +func (ipt *Iptables) DeleteSystemRule(action Action, rule *config.FwRule, table, chain string, enable bool) (err4, err6 error) { chainName := SystemRulePrefix + "-" + chain if table == "" { table = "filter" @@ -120,9 +120,9 @@ func (ipt *Iptables) DeleteSystemRule(action Action, rule *config.FwRule, table, } // AddSystemRule inserts a new rule. -func (ipt *Iptables) AddSystemRule(action Action, rule *config.FwRule, table, chain string, enable bool) *common.FirewallError { +func (ipt *Iptables) AddSystemRule(action Action, rule *config.FwRule, table, chain string, enable bool) (err4, err6 error) { if rule == nil { - return nil + return nil, nil } ipt.chains.rwm.RLock() defer ipt.chains.rwm.RUnlock() diff --git a/daemon/firewall/nftables/nftables.go b/daemon/firewall/nftables/nftables.go index 9a4ba7c898..00f55ec064 100644 --- a/daemon/firewall/nftables/nftables.go +++ b/daemon/firewall/nftables/nftables.go @@ -118,10 +118,10 @@ func (n *Nft) EnableInterception() { return } - if err := n.QueueDNSResponses(true, true); err != nil { + if err, _ := n.QueueDNSResponses(true, true); err != nil { log.Error("Error while running DNS nftables rule: %s", err) } - if err := n.QueueConnections(true, true); err != nil { + if err, _ := n.QueueConnections(true, true); err != nil { log.Error("Error while running conntrack nftables rule: %s", err) } // start monitoring firewall rules to intercept network traffic. diff --git a/daemon/firewall/nftables/rules.go b/daemon/firewall/nftables/rules.go index 85dd811761..a3a7c3e57a 100644 --- a/daemon/firewall/nftables/rules.go +++ b/daemon/firewall/nftables/rules.go @@ -3,7 +3,6 @@ package nftables import ( "fmt" - "github.com/evilsocket/opensnitch/daemon/firewall/common" "github.com/evilsocket/opensnitch/daemon/firewall/nftables/exprs" "github.com/evilsocket/opensnitch/daemon/log" "github.com/google/nftables" @@ -17,9 +16,9 @@ import ( // of resolved domains. // This rule must be added in top of the system rules, otherwise it may get bypassed. // nft insert rule ip filter input udp sport 53 queue num 0 bypass -func (n *Nft) QueueDNSResponses(enable, logError bool) *common.FirewallError { +func (n *Nft) QueueDNSResponses(enable bool, logError bool) (error, error) { if n.conn == nil { - return nil + return nil, nil } families := []string{exprs.NFT_FAMILY_INET} for _, fam := range families { @@ -68,10 +67,10 @@ func (n *Nft) QueueDNSResponses(enable, logError bool) *common.FirewallError { } // apply changes if !n.Commit() { - return &common.FirewallError{Err4: fmt.Errorf("Error adding DNS interception rules"), Err6: nil} + return fmt.Errorf("Error adding DNS interception rules"), nil } - return nil + return nil, nil } // QueueConnections inserts the firewall rule which redirects connections to us. @@ -79,17 +78,17 @@ func (n *Nft) QueueDNSResponses(enable, logError bool) *common.FirewallError { // This rule must be added at the end of all the other rules, that way we can add // rules above this one to exclude a service/app from being intercepted. // nft insert rule ip mangle OUTPUT ct state new queue num 0 bypass -func (n *Nft) QueueConnections(enable, logError bool) *common.FirewallError { +func (n *Nft) QueueConnections(enable bool, logError bool) (error, error) { if n.conn == nil { - return &common.FirewallError{Err4: fmt.Errorf("nftables QueueConnections: netlink connection not active"), Err6: nil} + return nil, fmt.Errorf("nftables QueueConnections: netlink connection not active") } table := getTable(exprs.NFT_CHAIN_MANGLE, exprs.NFT_FAMILY_INET) if table == nil { - return &common.FirewallError{Err4: fmt.Errorf("QueueConnections() Error getting table mangle-inet"), Err6: nil} + return nil, fmt.Errorf("QueueConnections() Error getting table mangle-inet") } chain := getChain(exprs.NFT_HOOK_OUTPUT, table) if chain == nil { - return &common.FirewallError{Err4: fmt.Errorf("QueueConnections() Error getting outputChain: output-%s", table.Name), Err6: nil} + return nil, fmt.Errorf("QueueConnections() Error getting outputChain: output-%s", table.Name) } n.conn.AddRule(&nftables.Rule{ @@ -116,7 +115,7 @@ func (n *Nft) QueueConnections(enable, logError bool) *common.FirewallError { }) // apply changes if !n.Commit() { - return &common.FirewallError{Err4: fmt.Errorf("Error adding interception rule "), Err6: nil} + return fmt.Errorf("Error adding interception rule "), nil } if enable { @@ -127,7 +126,7 @@ func (n *Nft) QueueConnections(enable, logError bool) *common.FirewallError { } } - return nil + return nil, nil } func (n *Nft) insertRule(chain, table, family string, position uint64, exprs *[]expr.Any) error { diff --git a/daemon/firewall/nftables/system.go b/daemon/firewall/nftables/system.go index 4ac3c0a497..8ca15b572b 100644 --- a/daemon/firewall/nftables/system.go +++ b/daemon/firewall/nftables/system.go @@ -3,7 +3,6 @@ package nftables import ( "strings" - "github.com/evilsocket/opensnitch/daemon/firewall/common" "github.com/evilsocket/opensnitch/daemon/firewall/config" "github.com/evilsocket/opensnitch/daemon/firewall/iptables" "github.com/evilsocket/opensnitch/daemon/firewall/nftables/exprs" @@ -134,5 +133,5 @@ func (n *Nft) AddSystemRule(rule *config.FwRule, chain *config.FwChain) *common. } } - return nil + return nil, nil } diff --git a/daemon/firewall/rules.go b/daemon/firewall/rules.go index d097284e6a..5e45bd9054 100644 --- a/daemon/firewall/rules.go +++ b/daemon/firewall/rules.go @@ -22,8 +22,8 @@ type Firewall interface { EnableInterception() DisableInterception(bool) - QueueDNSResponses(bool, bool) *common.FirewallError - QueueConnections(bool, bool) *common.FirewallError + QueueDNSResponses(bool, bool) (error, error) + QueueConnections(bool, bool) (error, error) CleanRules(bool) AddSystemRules(bool, bool) diff --git a/daemon/go.sum b/daemon/go.sum new file mode 100644 index 0000000000..05acd9bddd --- /dev/null +++ b/daemon/go.sum @@ -0,0 +1,241 @@ +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/toml v0.4.1 h1:GaI7EiDXDRfa8VshkTj7Fym7ha+y8/XxIgD2okUIjLw= +github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak= +github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cilium/ebpf v0.5.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= +github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= +github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= +github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.5.0 h1:LUVKkCeviFUMKqHa4tXIIij/lbhnMbP7Fn5wKdKkRh4= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= +github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/gopacket v1.1.14 h1:1+TEhSu8Mh154ZBVjyd1Nt2Bb7cnyOeE3GQyb1WGLqI= +github.com/google/gopacket v1.1.14/go.mod h1:UCLx9mCmAwsVbn6qQl1WIEt2SO7Nd2fD0th1TBAsqBw= +github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8= +github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo= +github.com/google/nftables v0.1.0 h1:T6lS4qudrMufcNIZ8wSRrL+iuwhsKxpN+zFLxhUWOqk= +github.com/google/nftables v0.1.0/go.mod h1:b97ulCCFipUC+kSin+zygkvUVpx0vyIAwxXFdY3PlNc= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/iovisor/gobpf v0.2.0 h1:34xkQxft+35GagXBk3n23eqhm0v7q0ejeVirb8sqEOQ= +github.com/iovisor/gobpf v0.2.0/go.mod h1:WSY9Jj5RhdgC3ci1QaacvbFdQ8cbrEjrpiZbLHLt2s4= +github.com/josharian/native v0.0.0-20200817173448-b6b71def0850 h1:uhL5Gw7BINiiPAo24A2sxkcDI0Jt/sqp1v5xQCniEFA= +github.com/josharian/native v0.0.0-20200817173448-b6b71def0850/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= +github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA= +github.com/josharian/native v1.1.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= +github.com/jsimonetti/rtnetlink v0.0.0-20190606172950-9527aa82566a/go.mod h1:Oz+70psSo5OFh8DBl0Zv2ACw7Esh6pPUphlvZG9x7uw= +github.com/jsimonetti/rtnetlink v0.0.0-20200117123717-f846d4f6c1f4/go.mod h1:WGuG/smIU4J/54PblvSbh+xvCZmpJnFgr3ds6Z55XMQ= +github.com/jsimonetti/rtnetlink v0.0.0-20201009170750-9c6f07d100c1/go.mod h1:hqoO/u39cqLeBLebZ8fWdE96O7FxrAsRYhnVOdgHxok= +github.com/jsimonetti/rtnetlink v0.0.0-20201216134343-bde56ed16391/go.mod h1:cR77jAZG3Y3bsb8hF6fHJbFoyFukLFOkQ98S0pQz3xw= +github.com/jsimonetti/rtnetlink v0.0.0-20201220180245-69540ac93943/go.mod h1:z4c53zj6Eex712ROyh8WI0ihysb5j2ROyV42iNogmAs= +github.com/jsimonetti/rtnetlink v0.0.0-20210122163228-8d122574c736/go.mod h1:ZXpIyOK59ZnN7J0BV99cZUPmsqDRZ3eq5X+st7u/oSA= +github.com/jsimonetti/rtnetlink v0.0.0-20210212075122-66c871082f2b/go.mod h1:8w9Rh8m+aHZIG69YPGGem1i5VzoyRC8nw2kA8B+ik5U= +github.com/jsimonetti/rtnetlink v0.0.0-20210525051524-4cc836578190/go.mod h1:NmKSdU4VGSiv1bMsdqNALI4RSvvjtz65tTMCnD05qLo= +github.com/jsimonetti/rtnetlink v0.0.0-20211022192332-93da33804786 h1:N527AHMa793TP5z5GNAn/VLPzlc0ewzWdeP/25gDfgQ= +github.com/jsimonetti/rtnetlink v0.0.0-20211022192332-93da33804786/go.mod h1:v4hqbTdfQngbVSZJVWUhGE/lbTFf9jb+ygmNUDQMuOs= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/mdlayher/ethtool v0.0.0-20210210192532-2b88debcdd43/go.mod h1:+t7E0lkKfbBsebllff1xdTmyJt8lH37niI6kwFk9OTo= +github.com/mdlayher/ethtool v0.0.0-20211028163843-288d040e9d60 h1:tHdB+hQRHU10CfcK0furo6rSNgZ38JT8uPh70c/pFD8= +github.com/mdlayher/ethtool v0.0.0-20211028163843-288d040e9d60/go.mod h1:aYbhishWc4Ai3I2U4Gaa2n3kHWSwzme6EsG/46HRQbE= +github.com/mdlayher/genetlink v1.0.0 h1:OoHN1OdyEIkScEmRgxLEe2M9U8ClMytqA5niynLtfj0= +github.com/mdlayher/genetlink v1.0.0/go.mod h1:0rJ0h4itni50A86M2kHcgS85ttZazNt7a8H2a2cw0Gc= +github.com/mdlayher/netlink v0.0.0-20190409211403-11939a169225/go.mod h1:eQB3mZE4aiYnlUsyGGCOpPETfdQq4Jhsgf1fk3cwQaA= +github.com/mdlayher/netlink v1.0.0/go.mod h1:KxeJAFOFLG6AjpyDkQ/iIhxygIUKD+vcwqcnu43w/+M= +github.com/mdlayher/netlink v1.1.0/go.mod h1:H4WCitaheIsdF9yOYu8CFmCgQthAPIWZmcKp9uZHgmY= +github.com/mdlayher/netlink v1.1.1/go.mod h1:WTYpFb/WTvlRJAyKhZL5/uy69TDDpHHu2VZmb2XgV7o= +github.com/mdlayher/netlink v1.2.0/go.mod h1:kwVW1io0AZy9A1E2YYgaD4Cj+C+GPkU6klXCMzIJ9p8= +github.com/mdlayher/netlink v1.2.1/go.mod h1:bacnNlfhqHqqLo4WsYeXSqfyXkInQ9JneWI68v1KwSU= +github.com/mdlayher/netlink v1.2.2-0.20210123213345-5cc92139ae3e/go.mod h1:bacnNlfhqHqqLo4WsYeXSqfyXkInQ9JneWI68v1KwSU= +github.com/mdlayher/netlink v1.3.0/go.mod h1:xK/BssKuwcRXHrtN04UBkwQ6dY9VviGGuriDdoPSWys= +github.com/mdlayher/netlink v1.4.0/go.mod h1:dRJi5IABcZpBD2A3D0Mv/AiX8I9uDEu5oGkAVrekmf8= +github.com/mdlayher/netlink v1.4.1/go.mod h1:e4/KuJ+s8UhfUpO9z00/fDZZmhSrs+oxyqAS9cNgn6Q= +github.com/mdlayher/netlink v1.4.2 h1:3sbnJWe/LETovA7yRZIX3f9McVOWV3OySH6iIBxiFfI= +github.com/mdlayher/netlink v1.4.2/go.mod h1:13VaingaArGUTUxFLf/iEovKxXji32JAtF858jZYEug= +github.com/mdlayher/netlink v1.7.1 h1:FdUaT/e33HjEXagwELR8R3/KL1Fq5x3G5jgHLp/BTmg= +github.com/mdlayher/netlink v1.7.1/go.mod h1:nKO5CSjE/DJjVhk/TNp6vCE1ktVxEA8VEh8drhZzxsQ= +github.com/mdlayher/socket v0.0.0-20210307095302-262dc9984e00/go.mod h1:GAFlyu4/XV68LkQKYzKhIo/WW7j3Zi0YRAz/BOoanUc= +github.com/mdlayher/socket v0.0.0-20211007213009-516dcbdf0267/go.mod h1:nFZ1EtZYK8Gi/k6QNu7z7CgO20i/4ExeQswwWuPmG/g= +github.com/mdlayher/socket v0.0.0-20211102153432-57e3fa563ecb h1:2dC7L10LmTqlyMVzFJ00qM25lqESg9Z4u3GuEXN5iHY= +github.com/mdlayher/socket v0.0.0-20211102153432-57e3fa563ecb/go.mod h1:nFZ1EtZYK8Gi/k6QNu7z7CgO20i/4ExeQswwWuPmG/g= +github.com/mdlayher/socket v0.4.0 h1:280wsy40IC9M9q1uPGcLBwXpcTQDtoGwVt+BNoITxIw= +github.com/mdlayher/socket v0.4.0/go.mod h1:xxFqz5GRCUN3UEOm9CZqEJsAbe1C8OwSK46NlmWuVoc= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/varlink/go v0.4.0 h1:+/BQoUO9eJK/+MTSHwFcJch7TMsb6N6Dqp6g0qaXXRo= +github.com/varlink/go v0.4.0/go.mod h1:DKg9Y2ctoNkesREGAEak58l+jOC6JU2aqZvUYs5DynU= +github.com/vishvananda/netlink v0.0.0-20210811191823-e1a867c6b452 h1:xe1bLd/sNkKVWdZuAb2+4JeMQMYyQ7Av38iRrE1lhm8= +github.com/vishvananda/netlink v0.0.0-20210811191823-e1a867c6b452/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= +github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI= +github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae h1:4hwBBUfQCFe3Cym0ZtKyq7L16eZUtYKs+BaHDN6mAns= +github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= +github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= +github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38= +golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= +golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs= +golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191007182048-72f939374954/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201216054612-986b41b23924/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210928044308-7d9f5e0b762b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211201190559-0a0e4e1bb54c/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211209124913-491a49abca63 h1:iocB37TsdFuN6IBRZ+ry36wrkoV51/tl5vOWqkcPGvY= +golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190411185658-b44545bcd369/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201118182958-a01c418693c7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201218084310-7d0127a74742/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210110051926-789bb1bd4061/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210123111255-9b0068b26619/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210216163648-f7da38b97c65/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210525143221-35b2ab0089ea/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211205182925-97ca703d548d h1:FjkYO/PPp4Wi0EAUOVLxePm7qVW4r4ctbWpURyuOD0E= +golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= +golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo= +golang.org/x/tools v0.1.8 h1:P1HhGGuLW4aAclzjtmJdf0mJOjVUZUzOTqkAkWL+l6w= +golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= +golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4= +golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk= +golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20230323212658-478b75c54725 h1:VmCWItVXcKboEMCwZaWge+1JLiTCQSngZeINF+wzO+g= +google.golang.org/genproto v0.0.0-20230323212658-478b75c54725/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= +google.golang.org/grpc v1.32.0 h1:zWTV+LMdc3kaiJMSTOFz2UgSBgx8RNQoTGiZu3fR9S0= +google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.54.0 h1:EhTqbhiYeixwWQtAEZAxmV9MGqcjEU2mFx52xCzNyag= +google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= +google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.2.1/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY= +honnef.co/go/tools v0.2.2 h1:MNh1AVMyVX23VUHE2O27jm6lNj3vjO5DexS4A1xvnzk= +honnef.co/go/tools v0.2.2/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY= +honnef.co/go/tools v0.4.3 h1:o/n5/K5gXqk8Gozvs2cnL0F2S1/g1vcGCAx2vETjITw= +honnef.co/go/tools v0.4.3/go.mod h1:36ZgoUOrqOk1GxwHhyryEkq8FQWkUO2xGuSMhUCcdvA= From 3c811d7cf1bb18ab7308a23ab1198e4c50b8986c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcelina=20Ho=C5=82ub?= Date: Sun, 2 Apr 2023 00:28:10 +0200 Subject: [PATCH 5/8] chore: post-reversal cleanup --- daemon/firewall/iptables/rules.go | 1 - daemon/firewall/nftables/system.go | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/daemon/firewall/iptables/rules.go b/daemon/firewall/iptables/rules.go index 2b29da8b7b..633951db05 100644 --- a/daemon/firewall/iptables/rules.go +++ b/daemon/firewall/iptables/rules.go @@ -16,7 +16,6 @@ func (ipt *Iptables) RunRule(action Action, enable bool, logError bool, rule []s rule = append([]string{string(action)}, rule...) - var err4, err6 error ipt.mu.Lock() defer ipt.mu.Unlock() diff --git a/daemon/firewall/nftables/system.go b/daemon/firewall/nftables/system.go index 8ca15b572b..09d1192ca8 100644 --- a/daemon/firewall/nftables/system.go +++ b/daemon/firewall/nftables/system.go @@ -115,7 +115,7 @@ func (n *Nft) DeleteSystemRules(force, restoreExistingChains, logErrors bool) { } // AddSystemRule inserts a new rule. -func (n *Nft) AddSystemRule(rule *config.FwRule, chain *config.FwChain) *common.FirewallError { +func (n *Nft) AddSystemRule(rule *config.FwRule, chain *config.FwChain) (err4, err6 error) { n.mu.Lock() defer n.mu.Unlock() exprList := []expr.Any{} From 7b3a0dca3e2f5780d16645585f83007486d1a0ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcelina=20Ho=C5=82ub?= Date: Sun, 2 Apr 2023 00:32:40 +0200 Subject: [PATCH 6/8] chore(config): remove errant json tags --- daemon/firewall/config/config.go | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/daemon/firewall/config/config.go b/daemon/firewall/config/config.go index 98fad8fa28..121296918b 100644 --- a/daemon/firewall/config/config.go +++ b/daemon/firewall/config/config.go @@ -60,19 +60,18 @@ type Expressions struct { // FwRule holds the fields of a rule type FwRule struct { // we need to keep old fields in the struct. Otherwise when receiving a conf from the GUI, the legacy rules would be deleted. - rwm *sync.RWMutex - Chain string `json:"chain,omitempty"` // TODO: deprecated, remove - Table string `json:"table,omitempty"` // TODO: deprecated, remove - Parameters string `json:"parameters,omitempty"` // TODO: deprecated: remove - - UUID string `json:"uuid"` - Description string `json:"description"` - Expressions []*Expressions `json:"expressions"` - Target string `json:"target"` - TargetParameters string `json:"target_parameters"` - - Position uint64 `json:"position,string"` - Enabled bool `json:"enabled"` + Chain string // TODO: deprecated, remove + Table string + Parameters string + + UUID string + Description string + Expressions []*Expressions + Target string + TargetParameters string + + Position uint64 + Enabled bool } // FwChain holds the information that defines a firewall chain. @@ -104,9 +103,9 @@ type chainsList struct { // SystemConfig holds the list of rules to be added to the system type SystemConfig struct { rwm sync.RWMutex - SystemRules []*chainsList `json:"chains_list"` - Version uint32 `json:"versions"` - Enabled bool `json:"enabled"` + SystemRules []*chainsList + Version uint32 + Enabled bool } // Config holds the functionality to re/load the firewall configuration from disk. From c6caea3e3dbd872cd1e41ec6b55880a40e9edd63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcelina=20Ho=C5=82ub?= Date: Sun, 2 Apr 2023 00:34:44 +0200 Subject: [PATCH 7/8] chore(common): restore goto, rm outerLoop --- daemon/firewall/common/common.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/daemon/firewall/common/common.go b/daemon/firewall/common/common.go index 30135708c0..86156d669f 100644 --- a/daemon/firewall/common/common.go +++ b/daemon/firewall/common/common.go @@ -113,11 +113,10 @@ func (c *Common) NewRulesChecker(areRulesLoaded callbackBool, reloadRules callba // StartCheckingRules monitors if our rules are loaded. // If the rules to intercept traffic are not loaded, we'll try to insert them again. func (c *Common) startCheckingRules(areRulesLoaded callbackBool, reloadRules callback) { -outerLoop: for { select { case <-c.stopCheckerChan.exit(): - break outerLoop + goto Exit case <-c.RulesChecker.C: if areRulesLoaded() == false { reloadRules() @@ -125,6 +124,7 @@ outerLoop: } } +Exit: log.Info("exit checking firewall rules") } From 857c2da74e0babc80f9c246d84e783dad0bea794 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcelina=20Ho=C5=82ub?= Date: Sun, 2 Apr 2023 00:35:54 +0200 Subject: [PATCH 8/8] chore: remove go.sum from the index chore(config): remove errantly removed comments and tags --- daemon/firewall/config/config.go | 6 +- daemon/go.sum | 241 ------------------------------- 2 files changed, 3 insertions(+), 244 deletions(-) delete mode 100644 daemon/go.sum diff --git a/daemon/firewall/config/config.go b/daemon/firewall/config/config.go index 121296918b..088f0cc348 100644 --- a/daemon/firewall/config/config.go +++ b/daemon/firewall/config/config.go @@ -61,8 +61,8 @@ type Expressions struct { type FwRule struct { // we need to keep old fields in the struct. Otherwise when receiving a conf from the GUI, the legacy rules would be deleted. Chain string // TODO: deprecated, remove - Table string - Parameters string + Table string // TODO: deprecated, remove + Parameters string // TODO: deprecated, remove UUID string Description string @@ -70,7 +70,7 @@ type FwRule struct { Target string TargetParameters string - Position uint64 + Position uint64 `json:",string"` Enabled bool } diff --git a/daemon/go.sum b/daemon/go.sum deleted file mode 100644 index 05acd9bddd..0000000000 --- a/daemon/go.sum +++ /dev/null @@ -1,241 +0,0 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v0.4.1 h1:GaI7EiDXDRfa8VshkTj7Fym7ha+y8/XxIgD2okUIjLw= -github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= -github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak= -github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cilium/ebpf v0.5.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= -github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= -github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= -github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.5.0 h1:LUVKkCeviFUMKqHa4tXIIij/lbhnMbP7Fn5wKdKkRh4= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= -github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/gopacket v1.1.14 h1:1+TEhSu8Mh154ZBVjyd1Nt2Bb7cnyOeE3GQyb1WGLqI= -github.com/google/gopacket v1.1.14/go.mod h1:UCLx9mCmAwsVbn6qQl1WIEt2SO7Nd2fD0th1TBAsqBw= -github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8= -github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo= -github.com/google/nftables v0.1.0 h1:T6lS4qudrMufcNIZ8wSRrL+iuwhsKxpN+zFLxhUWOqk= -github.com/google/nftables v0.1.0/go.mod h1:b97ulCCFipUC+kSin+zygkvUVpx0vyIAwxXFdY3PlNc= -github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= -github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/iovisor/gobpf v0.2.0 h1:34xkQxft+35GagXBk3n23eqhm0v7q0ejeVirb8sqEOQ= -github.com/iovisor/gobpf v0.2.0/go.mod h1:WSY9Jj5RhdgC3ci1QaacvbFdQ8cbrEjrpiZbLHLt2s4= -github.com/josharian/native v0.0.0-20200817173448-b6b71def0850 h1:uhL5Gw7BINiiPAo24A2sxkcDI0Jt/sqp1v5xQCniEFA= -github.com/josharian/native v0.0.0-20200817173448-b6b71def0850/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= -github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA= -github.com/josharian/native v1.1.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= -github.com/jsimonetti/rtnetlink v0.0.0-20190606172950-9527aa82566a/go.mod h1:Oz+70psSo5OFh8DBl0Zv2ACw7Esh6pPUphlvZG9x7uw= -github.com/jsimonetti/rtnetlink v0.0.0-20200117123717-f846d4f6c1f4/go.mod h1:WGuG/smIU4J/54PblvSbh+xvCZmpJnFgr3ds6Z55XMQ= -github.com/jsimonetti/rtnetlink v0.0.0-20201009170750-9c6f07d100c1/go.mod h1:hqoO/u39cqLeBLebZ8fWdE96O7FxrAsRYhnVOdgHxok= -github.com/jsimonetti/rtnetlink v0.0.0-20201216134343-bde56ed16391/go.mod h1:cR77jAZG3Y3bsb8hF6fHJbFoyFukLFOkQ98S0pQz3xw= -github.com/jsimonetti/rtnetlink v0.0.0-20201220180245-69540ac93943/go.mod h1:z4c53zj6Eex712ROyh8WI0ihysb5j2ROyV42iNogmAs= -github.com/jsimonetti/rtnetlink v0.0.0-20210122163228-8d122574c736/go.mod h1:ZXpIyOK59ZnN7J0BV99cZUPmsqDRZ3eq5X+st7u/oSA= -github.com/jsimonetti/rtnetlink v0.0.0-20210212075122-66c871082f2b/go.mod h1:8w9Rh8m+aHZIG69YPGGem1i5VzoyRC8nw2kA8B+ik5U= -github.com/jsimonetti/rtnetlink v0.0.0-20210525051524-4cc836578190/go.mod h1:NmKSdU4VGSiv1bMsdqNALI4RSvvjtz65tTMCnD05qLo= -github.com/jsimonetti/rtnetlink v0.0.0-20211022192332-93da33804786 h1:N527AHMa793TP5z5GNAn/VLPzlc0ewzWdeP/25gDfgQ= -github.com/jsimonetti/rtnetlink v0.0.0-20211022192332-93da33804786/go.mod h1:v4hqbTdfQngbVSZJVWUhGE/lbTFf9jb+ygmNUDQMuOs= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/mdlayher/ethtool v0.0.0-20210210192532-2b88debcdd43/go.mod h1:+t7E0lkKfbBsebllff1xdTmyJt8lH37niI6kwFk9OTo= -github.com/mdlayher/ethtool v0.0.0-20211028163843-288d040e9d60 h1:tHdB+hQRHU10CfcK0furo6rSNgZ38JT8uPh70c/pFD8= -github.com/mdlayher/ethtool v0.0.0-20211028163843-288d040e9d60/go.mod h1:aYbhishWc4Ai3I2U4Gaa2n3kHWSwzme6EsG/46HRQbE= -github.com/mdlayher/genetlink v1.0.0 h1:OoHN1OdyEIkScEmRgxLEe2M9U8ClMytqA5niynLtfj0= -github.com/mdlayher/genetlink v1.0.0/go.mod h1:0rJ0h4itni50A86M2kHcgS85ttZazNt7a8H2a2cw0Gc= -github.com/mdlayher/netlink v0.0.0-20190409211403-11939a169225/go.mod h1:eQB3mZE4aiYnlUsyGGCOpPETfdQq4Jhsgf1fk3cwQaA= -github.com/mdlayher/netlink v1.0.0/go.mod h1:KxeJAFOFLG6AjpyDkQ/iIhxygIUKD+vcwqcnu43w/+M= -github.com/mdlayher/netlink v1.1.0/go.mod h1:H4WCitaheIsdF9yOYu8CFmCgQthAPIWZmcKp9uZHgmY= -github.com/mdlayher/netlink v1.1.1/go.mod h1:WTYpFb/WTvlRJAyKhZL5/uy69TDDpHHu2VZmb2XgV7o= -github.com/mdlayher/netlink v1.2.0/go.mod h1:kwVW1io0AZy9A1E2YYgaD4Cj+C+GPkU6klXCMzIJ9p8= -github.com/mdlayher/netlink v1.2.1/go.mod h1:bacnNlfhqHqqLo4WsYeXSqfyXkInQ9JneWI68v1KwSU= -github.com/mdlayher/netlink v1.2.2-0.20210123213345-5cc92139ae3e/go.mod h1:bacnNlfhqHqqLo4WsYeXSqfyXkInQ9JneWI68v1KwSU= -github.com/mdlayher/netlink v1.3.0/go.mod h1:xK/BssKuwcRXHrtN04UBkwQ6dY9VviGGuriDdoPSWys= -github.com/mdlayher/netlink v1.4.0/go.mod h1:dRJi5IABcZpBD2A3D0Mv/AiX8I9uDEu5oGkAVrekmf8= -github.com/mdlayher/netlink v1.4.1/go.mod h1:e4/KuJ+s8UhfUpO9z00/fDZZmhSrs+oxyqAS9cNgn6Q= -github.com/mdlayher/netlink v1.4.2 h1:3sbnJWe/LETovA7yRZIX3f9McVOWV3OySH6iIBxiFfI= -github.com/mdlayher/netlink v1.4.2/go.mod h1:13VaingaArGUTUxFLf/iEovKxXji32JAtF858jZYEug= -github.com/mdlayher/netlink v1.7.1 h1:FdUaT/e33HjEXagwELR8R3/KL1Fq5x3G5jgHLp/BTmg= -github.com/mdlayher/netlink v1.7.1/go.mod h1:nKO5CSjE/DJjVhk/TNp6vCE1ktVxEA8VEh8drhZzxsQ= -github.com/mdlayher/socket v0.0.0-20210307095302-262dc9984e00/go.mod h1:GAFlyu4/XV68LkQKYzKhIo/WW7j3Zi0YRAz/BOoanUc= -github.com/mdlayher/socket v0.0.0-20211007213009-516dcbdf0267/go.mod h1:nFZ1EtZYK8Gi/k6QNu7z7CgO20i/4ExeQswwWuPmG/g= -github.com/mdlayher/socket v0.0.0-20211102153432-57e3fa563ecb h1:2dC7L10LmTqlyMVzFJ00qM25lqESg9Z4u3GuEXN5iHY= -github.com/mdlayher/socket v0.0.0-20211102153432-57e3fa563ecb/go.mod h1:nFZ1EtZYK8Gi/k6QNu7z7CgO20i/4ExeQswwWuPmG/g= -github.com/mdlayher/socket v0.4.0 h1:280wsy40IC9M9q1uPGcLBwXpcTQDtoGwVt+BNoITxIw= -github.com/mdlayher/socket v0.4.0/go.mod h1:xxFqz5GRCUN3UEOm9CZqEJsAbe1C8OwSK46NlmWuVoc= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/varlink/go v0.4.0 h1:+/BQoUO9eJK/+MTSHwFcJch7TMsb6N6Dqp6g0qaXXRo= -github.com/varlink/go v0.4.0/go.mod h1:DKg9Y2ctoNkesREGAEak58l+jOC6JU2aqZvUYs5DynU= -github.com/vishvananda/netlink v0.0.0-20210811191823-e1a867c6b452 h1:xe1bLd/sNkKVWdZuAb2+4JeMQMYyQ7Av38iRrE1lhm8= -github.com/vishvananda/netlink v0.0.0-20210811191823-e1a867c6b452/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= -github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI= -github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae h1:4hwBBUfQCFe3Cym0ZtKyq7L16eZUtYKs+BaHDN6mAns= -github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= -github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= -github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38= -golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= -golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs= -golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191007182048-72f939374954/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201216054612-986b41b23924/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210928044308-7d9f5e0b762b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211201190559-0a0e4e1bb54c/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211209124913-491a49abca63 h1:iocB37TsdFuN6IBRZ+ry36wrkoV51/tl5vOWqkcPGvY= -golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= -golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190411185658-b44545bcd369/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201118182958-a01c418693c7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201218084310-7d0127a74742/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210110051926-789bb1bd4061/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210123111255-9b0068b26619/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210216163648-f7da38b97c65/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210525143221-35b2ab0089ea/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211205182925-97ca703d548d h1:FjkYO/PPp4Wi0EAUOVLxePm7qVW4r4ctbWpURyuOD0E= -golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo= -golang.org/x/tools v0.1.8 h1:P1HhGGuLW4aAclzjtmJdf0mJOjVUZUzOTqkAkWL+l6w= -golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= -golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4= -golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk= -golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20230323212658-478b75c54725 h1:VmCWItVXcKboEMCwZaWge+1JLiTCQSngZeINF+wzO+g= -google.golang.org/genproto v0.0.0-20230323212658-478b75c54725/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.32.0 h1:zWTV+LMdc3kaiJMSTOFz2UgSBgx8RNQoTGiZu3fR9S0= -google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.54.0 h1:EhTqbhiYeixwWQtAEZAxmV9MGqcjEU2mFx52xCzNyag= -google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= -google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.2.1/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY= -honnef.co/go/tools v0.2.2 h1:MNh1AVMyVX23VUHE2O27jm6lNj3vjO5DexS4A1xvnzk= -honnef.co/go/tools v0.2.2/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY= -honnef.co/go/tools v0.4.3 h1:o/n5/K5gXqk8Gozvs2cnL0F2S1/g1vcGCAx2vETjITw= -honnef.co/go/tools v0.4.3/go.mod h1:36ZgoUOrqOk1GxwHhyryEkq8FQWkUO2xGuSMhUCcdvA=