mirrors/fort
1
0
Fork 0
mirror of https://github.com/tnodir/fort synced 2024-11-15 05:36:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Partial revert "Driver: Prepare "path_type""

Browse Source 
This reverts commit 512930407b.
This commit is contained in:
Nodir Temirkhodjaev 2022-01-10 08:13:05 +03:00
parent e0f6840731
commit 059415c5a7
19 changed files with 98 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/driver/common/fortdef.h
View File

@ -21,10 +21,4 @@ enum FortBlockReason {
FORT_BLOCK_REASON_APP_GROUP_DEFAULT,
};
enum FortPathType {
FORT_PATH_TYPE_EXE = 0,
FORT_PATH_TYPE_SYSTEM,
FORT_PATH_TYPE_SERVICE,
};
#endif // FORTDEF_H

37
src/driver/common/fortlog.c
View File

@ -4,20 +4,18 @@
#include "fortdef.h"
FORT_API void fort_log_blocked_header_write(
char *p, BOOL blocked, UINT32 pid, UCHAR path_type, UINT32 path_len)
FORT_API void fort_log_blocked_header_write(char *p, BOOL blocked, UINT32 pid, UINT32 path_len)
{
UINT32 *up = (UINT32 *) p;
*up++ = fort_log_flag_type(blocked ? FORT_LOG_TYPE_BLOCKED : FORT_LOG_TYPE_ALLOWED)
| fort_log_flag_opt(path_type) | path_len;
*up++ = fort_log_flag_type(blocked ? FORT_LOG_TYPE_BLOCKED : FORT_LOG_TYPE_ALLOWED) | path_len;
*up = pid;
}
FORT_API void fort_log_blocked_write(
char *p, BOOL blocked, UINT32 pid, UCHAR path_type, UINT32 path_len, const char *path)
char *p, BOOL blocked, UINT32 pid, UINT32 path_len, const char *path)
{
fort_log_blocked_header_write(p, blocked, pid, path_type, path_len);
fort_log_blocked_header_write(p, blocked, pid, path_len);
if (path_len != 0) {
RtlCopyMemory(p + FORT_LOG_BLOCKED_HEADER_SIZE, path, path_len);
@ -25,25 +23,24 @@ FORT_API void fort_log_blocked_write(
}
FORT_API void fort_log_blocked_header_read(
const char *p, BOOL *blocked, UINT32 *pid, UCHAR *path_type, UINT32 *path_len)
const char *p, BOOL *blocked, UINT32 *pid, UINT32 *path_len)
{
const UINT32 *up = (const UINT32 *) p;
*blocked = fort_log_type(up) == FORT_LOG_TYPE_BLOCKED;
*path_type = fort_log_opt(up);
*path_len = (*up++ & ~FORT_LOG_FLAG_EX_MASK);
*pid = *up;
}
void fort_log_blocked_ip_header_write(char *p, BOOL inbound, UCHAR block_reason, UCHAR ip_proto,
UINT16 local_port, UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip, UINT32 pid,
UCHAR path_type, UINT32 path_len)
UINT32 path_len)
{
UINT32 *up = (UINT32 *) p;
*up++ = fort_log_flag_type(FORT_LOG_TYPE_BLOCKED_IP) | (inbound ? FORT_LOG_FLAG_IP_INBOUND : 0)
| path_len;
*up++ = block_reason | ((UINT32) path_type << 8) | ((UINT32) ip_proto << 16);
*up++ = block_reason | ((UINT32) ip_proto << 16);
*up++ = local_port | ((UINT32) remote_port << 16);
*up++ = local_ip;
*up++ = remote_ip;
@ -52,10 +49,10 @@ void fort_log_blocked_ip_header_write(char *p, BOOL inbound, UCHAR block_reason,
void fort_log_blocked_ip_write(char *p, BOOL inbound, UCHAR block_reason, UCHAR ip_proto,
UINT16 local_port, UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip, UINT32 pid,
UCHAR path_type, UINT32 path_len, const char *path)
UINT32 path_len, const char *path)
{
fort_log_blocked_ip_header_write(p, inbound, block_reason, ip_proto, local_port, remote_port,
local_ip, remote_ip, pid, path_type, path_len);
local_ip, remote_ip, pid, path_len);
if (path_len != 0) {
RtlCopyMemory(p + FORT_LOG_BLOCKED_IP_HEADER_SIZE, path, path_len);
@ -64,14 +61,13 @@ void fort_log_blocked_ip_write(char *p, BOOL inbound, UCHAR block_reason, UCHAR
void fort_log_blocked_ip_header_read(const char *p, BOOL *inbound, UCHAR *block_reason,
UCHAR *ip_proto, UINT16 *local_port, UINT16 *remote_port, UINT32 *local_ip,
UINT32 *remote_ip, UINT32 *pid, UCHAR *path_type, UINT32 *path_len)
UINT32 *remote_ip, UINT32 *pid, UINT32 *path_len)
{
const UINT32 *up = (const UINT32 *) p;
*inbound = (*up & FORT_LOG_FLAG_IP_INBOUND) != 0;
*path_len = (*up++ & ~FORT_LOG_FLAG_EX_MASK);
*block_reason = *((const UCHAR *) up);
*path_type = (UCHAR) (*up >> 8);
*ip_proto = (UCHAR) (*up++ >> 16);
*local_port = *((const UINT16 *) up);
*remote_port = (UINT16) (*up++ >> 16);
@ -80,30 +76,27 @@ void fort_log_blocked_ip_header_read(const char *p, BOOL *inbound, UCHAR *block_
*pid = *up;
}
FORT_API void fort_log_proc_new_header_write(char *p, UINT32 pid, UCHAR path_type, UINT32 path_len)
FORT_API void fort_log_proc_new_header_write(char *p, UINT32 pid, UINT32 path_len)
{
UINT32 *up = (UINT32 *) p;
*up++ = fort_log_flag_type(FORT_LOG_TYPE_PROC_NEW) | fort_log_flag_opt(path_type) | path_len;
*up++ = fort_log_flag_type(FORT_LOG_TYPE_PROC_NEW) | path_len;
*up = pid;
}
FORT_API void fort_log_proc_new_write(
char *p, UINT32 pid, UCHAR path_type, UINT32 path_len, const char *path)
FORT_API void fort_log_proc_new_write(char *p, UINT32 pid, UINT32 path_len, const char *path)
{
fort_log_proc_new_header_write(p, pid, path_type, path_len);
fort_log_proc_new_header_write(p, pid, path_len);
if (path_len != 0) {
RtlCopyMemory(p + FORT_LOG_PROC_NEW_HEADER_SIZE, path, path_len);
}
}
FORT_API void fort_log_proc_new_header_read(
const char *p, UINT32 *pid, UCHAR *path_type, UINT32 *path_len)
FORT_API void fort_log_proc_new_header_read(const char *p, UINT32 *pid, UINT32 *path_len)
{
const UINT32 *up = (const UINT32 *) p;
*path_type = fort_log_opt(up);
*path_len = (*up++ & ~FORT_LOG_FLAG_EX_MASK);
*pid = *up;
}

21
src/driver/common/fortlog.h
View File

@ -58,34 +58,31 @@
extern "C" {
#endif
FORT_API void fort_log_blocked_header_write(
char *p, BOOL blocked, UINT32 pid, UCHAR path_type, UINT32 path_len);
FORT_API void fort_log_blocked_header_write(char *p, BOOL blocked, UINT32 pid, UINT32 path_len);
FORT_API void fort_log_blocked_write(
char *p, BOOL blocked, UINT32 pid, UCHAR path_type, UINT32 path_len, const char *path);
char *p, BOOL blocked, UINT32 pid, UINT32 path_len, const char *path);
FORT_API void fort_log_blocked_header_read(
const char *p, BOOL *blocked, UINT32 *pid, UCHAR *path_type, UINT32 *path_len);
const char *p, BOOL *blocked, UINT32 *pid, UINT32 *path_len);
FORT_API void fort_log_blocked_ip_header_write(char *p, BOOL inbound, UCHAR block_reason,
UCHAR ip_proto, UINT16 local_port, UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip,
UINT32 pid, UCHAR path_type, UINT32 path_len);
UINT32 pid, UINT32 path_len);
FORT_API void fort_log_blocked_ip_write(char *p, BOOL inbound, UCHAR block_reason, UCHAR ip_proto,
UINT16 local_port, UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip, UINT32 pid,
UCHAR path_type, UINT32 path_len, const char *path);
UINT32 path_len, const char *path);
FORT_API void fort_log_blocked_ip_header_read(const char *p, BOOL *inbound, UCHAR *block_reason,
UCHAR *ip_proto, UINT16 *local_port, UINT16 *remote_port, UINT32 *local_ip,
UINT32 *remote_ip, UINT32 *pid, UCHAR *path_type, UINT32 *path_len);
UINT32 *remote_ip, UINT32 *pid, UINT32 *path_len);
FORT_API void fort_log_proc_new_header_write(char *p, UINT32 pid, UCHAR path_type, UINT32 path_len);
FORT_API void fort_log_proc_new_header_write(char *p, UINT32 pid, UINT32 path_len);
FORT_API void fort_log_proc_new_write(
char *p, UINT32 pid, UCHAR path_type, UINT32 path_len, const char *path);
FORT_API void fort_log_proc_new_write(char *p, UINT32 pid, UINT32 path_len, const char *path);
FORT_API void fort_log_proc_new_header_read(
const char *p, UINT32 *pid, UCHAR *path_type, UINT32 *path_len);
FORT_API void fort_log_proc_new_header_read(const char *p, UINT32 *pid, UINT32 *path_len);
FORT_API void fort_log_stat_traf_header_write(char *p, UINT16 proc_count);

14
src/driver/fortbuf.c
View File

@ -135,7 +135,7 @@ FORT_API NTSTATUS fort_buffer_prepare(
}
FORT_API NTSTATUS fort_buffer_blocked_write(PFORT_BUFFER buf, BOOL blocked, UINT32 pid,
UCHAR path_type, UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info)
UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info)
{
KLOCK_QUEUE_HANDLE lock_queue;
NTSTATUS status;
@ -152,7 +152,7 @@ FORT_API NTSTATUS fort_buffer_blocked_write(PFORT_BUFFER buf, BOOL blocked, UINT
status = fort_buffer_prepare(buf, len, &out, irp, info);
if (NT_SUCCESS(status)) {
fort_log_blocked_write(out, blocked, pid, path_type, path_len, path);
fort_log_blocked_write(out, blocked, pid, path_len, path);
}
}
KeReleaseInStackQueuedSpinLock(&lock_queue);
@ -162,7 +162,7 @@ FORT_API NTSTATUS fort_buffer_blocked_write(PFORT_BUFFER buf, BOOL blocked, UINT
NTSTATUS fort_buffer_blocked_ip_write(PFORT_BUFFER buf, BOOL inbound, UCHAR block_reason,
UCHAR ip_proto, UINT16 local_port, UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip,
UINT32 pid, UCHAR path_type, UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info)
UINT32 pid, UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info)
{
KLOCK_QUEUE_HANDLE lock_queue;
NTSTATUS status;
@ -180,7 +180,7 @@ NTSTATUS fort_buffer_blocked_ip_write(PFORT_BUFFER buf, BOOL inbound, UCHAR bloc
if (NT_SUCCESS(status)) {
fort_log_blocked_ip_write(out, inbound, block_reason, ip_proto, local_port, remote_port,
local_ip, remote_ip, pid, path_type, path_len, path);
local_ip, remote_ip, pid, path_len, path);
}
}
KeReleaseInStackQueuedSpinLock(&lock_queue);
@ -188,8 +188,8 @@ NTSTATUS fort_buffer_blocked_ip_write(PFORT_BUFFER buf, BOOL inbound, UCHAR bloc
return status;
}
FORT_API NTSTATUS fort_buffer_proc_new_write(PFORT_BUFFER buf, UINT32 pid, UCHAR path_type,
UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info)
FORT_API NTSTATUS fort_buffer_proc_new_write(
PFORT_BUFFER buf, UINT32 pid, UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info)
{
KLOCK_QUEUE_HANDLE lock_queue;
NTSTATUS status;
@ -206,7 +206,7 @@ FORT_API NTSTATUS fort_buffer_proc_new_write(PFORT_BUFFER buf, UINT32 pid, UCHAR
status = fort_buffer_prepare(buf, len, &out, irp, info);
if (NT_SUCCESS(status)) {
fort_log_proc_new_write(out, pid, path_type, path_len, path);
fort_log_proc_new_write(out, pid, path_len, path);
}
}
KeReleaseInStackQueuedSpinLock(&lock_queue);

8
src/driver/fortbuf.h
View File

@ -41,14 +41,14 @@ FORT_API NTSTATUS fort_buffer_prepare(
PFORT_BUFFER buf, UINT32 len, PCHAR *out, PIRP *irp, ULONG_PTR *info);
FORT_API NTSTATUS fort_buffer_blocked_write(PFORT_BUFFER buf, BOOL blocked, UINT32 pid,
UCHAR path_type, UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info);
UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info);
FORT_API NTSTATUS fort_buffer_blocked_ip_write(PFORT_BUFFER buf, BOOL inbound, UCHAR block_reason,
UCHAR ip_proto, UINT16 local_port, UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip,
UINT32 pid, UCHAR path_type, UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info);
UINT32 pid, UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info);
FORT_API NTSTATUS fort_buffer_proc_new_write(PFORT_BUFFER buf, UINT32 pid, UCHAR path_type,
UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info);
FORT_API NTSTATUS fort_buffer_proc_new_write(PFORT_BUFFER buf, UINT32 pid, UINT32 path_len,
const PVOID path, PIRP *irp, ULONG_PTR *info);
FORT_API NTSTATUS fort_buffer_xmove(
PFORT_BUFFER buf, PIRP irp, PVOID out, ULONG out_len, ULONG_PTR *info);

36
src/driver/fortcout.c
View File

@ -40,8 +40,8 @@ static BOOL fort_callout_classify_v4_blocked_log_stat(const FWPS_INCOMING_VALUES
FWPS_CLASSIFY_OUT0 *classifyOut, int flagsField, int localIpField, int remoteIpField,
int localPortField, int remotePortField, int ipProtoField, BOOL inbound,
UINT32 classify_flags, UINT32 remote_ip, FORT_CONF_FLAGS conf_flags, UINT32 process_id,
UCHAR path_type, UINT32 path_len, PVOID path, PFORT_CONF_REF conf_ref, INT8 *block_reason,
BOOL blocked, FORT_APP_FLAGS app_flags, PIRP *irp, ULONG_PTR *info)
UINT32 path_len, PVOID path, PFORT_CONF_REF conf_ref, INT8 *block_reason, BOOL blocked,
FORT_APP_FLAGS app_flags, PIRP *irp, ULONG_PTR *info)
{
const UINT64 flow_id = inMetaValues->flowHandle;
@ -65,8 +65,7 @@ static BOOL fort_callout_classify_v4_blocked_log_stat(const FWPS_INCOMING_VALUES
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Classify v4: Flow assoc. error: %x\n", status);
} else if (is_new_proc) {
fort_buffer_proc_new_write(
&fort_device()->buffer, process_id, path_type, path_len, path, irp, info);
fort_buffer_proc_new_write(&fort_device()->buffer, process_id, path_len, path, irp, info);
}
return FALSE;
@ -77,8 +76,8 @@ static BOOL fort_callout_classify_v4_blocked_log(const FWPS_INCOMING_VALUES0 *in
FWPS_CLASSIFY_OUT0 *classifyOut, int flagsField, int localIpField, int remoteIpField,
int localPortField, int remotePortField, int ipProtoField, BOOL inbound,
UINT32 classify_flags, UINT32 remote_ip, FORT_CONF_FLAGS conf_flags, UINT32 process_id,
UCHAR path_type, UINT32 path_len, PVOID path, PFORT_CONF_REF conf_ref, INT8 *block_reason,
BOOL blocked, PIRP *irp, ULONG_PTR *info)
UINT32 path_len, PVOID path, PFORT_CONF_REF conf_ref, INT8 *block_reason, BOOL blocked,
PIRP *irp, ULONG_PTR *info)
{
FORT_APP_FLAGS app_flags =
fort_conf_app_find(&conf_ref->conf, path, path_len, fort_conf_exe_find);
@ -90,8 +89,8 @@ static BOOL fort_callout_classify_v4_blocked_log(const FWPS_INCOMING_VALUES0 *in
&& fort_callout_classify_v4_blocked_log_stat(inFixedValues, inMetaValues, filter,
classifyOut, flagsField, localIpField, remoteIpField, localPortField,
remotePortField, ipProtoField, inbound, classify_flags, remote_ip,
conf_flags, process_id, path_type, path_len, path, conf_ref, block_reason,
blocked, app_flags, irp, info))
conf_flags, process_id, path_len, path, conf_ref, block_reason, blocked,
app_flags, irp, info))
return TRUE; /* blocked */
blocked = FALSE; /* allow */
@ -104,8 +103,8 @@ static BOOL fort_callout_classify_v4_blocked_log(const FWPS_INCOMING_VALUES0 *in
app_flags.is_new = 1;
if (NT_SUCCESS(fort_conf_ref_exe_add_path(conf_ref, path, path_len, app_flags))) {
fort_buffer_blocked_write(&fort_device()->buffer, blocked, process_id, path_type,
path_len, path, irp, info);
fort_buffer_blocked_write(
&fort_device()->buffer, blocked, process_id, path_len, path, irp, info);
}
}
@ -117,8 +116,8 @@ static BOOL fort_callout_classify_v4_blocked(const FWPS_INCOMING_VALUES0 *inFixe
FWPS_CLASSIFY_OUT0 *classifyOut, int flagsField, int localIpField, int remoteIpField,
int localPortField, int remotePortField, int ipProtoField, BOOL inbound,
UINT32 classify_flags, UINT32 remote_ip, FORT_CONF_FLAGS conf_flags, UINT32 process_id,
UCHAR path_type, UINT32 path_len, PVOID path, PFORT_CONF_REF conf_ref, INT8 *block_reason,
PIRP *irp, ULONG_PTR *info)
UINT32 path_len, PVOID path, PFORT_CONF_REF conf_ref, INT8 *block_reason, PIRP *irp,
ULONG_PTR *info)
{
BOOL blocked = TRUE;
@ -149,8 +148,8 @@ static BOOL fort_callout_classify_v4_blocked(const FWPS_INCOMING_VALUES0 *inFixe
return fort_callout_classify_v4_blocked_log(inFixedValues, inMetaValues, filter, classifyOut,
flagsField, localIpField, remoteIpField, localPortField, remotePortField, ipProtoField,
inbound, classify_flags, remote_ip, conf_flags, process_id, path_type, path_len, path,
conf_ref, block_reason, blocked, irp, info);
inbound, classify_flags, remote_ip, conf_flags, process_id, path_len, path, conf_ref,
block_reason, blocked, irp, info);
}
static void fort_callout_classify_v4_check(const FWPS_INCOMING_VALUES0 *inFixedValues,
@ -166,13 +165,12 @@ static void fort_callout_classify_v4_check(const FWPS_INCOMING_VALUES0 *inFixedV
const UINT32 path_len =
inMetaValues->processPath->size - sizeof(WCHAR); /* chop terminating zero */
const PVOID path = inMetaValues->processPath->data;
const UCHAR path_type = (*(LPCWSTR) path == L'S') ? FORT_PATH_TYPE_SYSTEM : FORT_PATH_TYPE_EXE;
INT8 block_reason = FORT_BLOCK_REASON_UNKNOWN;
const BOOL blocked = fort_callout_classify_v4_blocked(inFixedValues, inMetaValues, filter,
classifyOut, flagsField, localIpField, remoteIpField, localPortField, remotePortField,
ipProtoField, inbound, classify_flags, remote_ip, conf_flags, process_id, path_type,
path_len, path, conf_ref, &block_reason, irp, info);
ipProtoField, inbound, classify_flags, remote_ip, conf_flags, process_id, path_len,
path, conf_ref, &block_reason, irp, info);
if (blocked) {
/* Log the blocked connection */
@ -184,8 +182,8 @@ static void fort_callout_classify_v4_check(const FWPS_INCOMING_VALUES0 *inFixedV
(IPPROTO) inFixedValues->incomingValue[ipProtoField].value.uint8;
fort_buffer_blocked_ip_write(&fort_device()->buffer, inbound, block_reason, ip_proto,
local_port, remote_port, local_ip, remote_ip, process_id, path_type, path_len,
path, irp, info);
local_port, remote_port, local_ip, remote_ip, process_id, path_len, path, irp,
info);
}
/* Block the connection */

26
src/ui/driver/drivercommon.cpp
View File

@ -127,42 +127,40 @@ quint32 logType(const char *input)
return fort_log_type(input);
}
void logBlockedHeaderWrite(
char *output, bool blocked, quint32 pid, quint8 pathType, quint32 pathLen)
void logBlockedHeaderWrite(char *output, bool blocked, quint32 pid, quint32 pathLen)
{
fort_log_blocked_header_write(output, blocked, pid, pathType, pathLen);
fort_log_blocked_header_write(output, blocked, pid, pathLen);
}
void logBlockedHeaderRead(
const char *input, int *blocked, quint32 *pid, quint8 *pathType, quint32 *pathLen)
void logBlockedHeaderRead(const char *input, int *blocked, quint32 *pid, quint32 *pathLen)
{
fort_log_blocked_header_read(input, blocked, pid, pathType, pathLen);
fort_log_blocked_header_read(input, blocked, pid, pathLen);
}
void logBlockedIpHeaderWrite(char *output, int inbound, quint8 blockReason, quint8 ipProto,
quint16 localPort, quint16 remotePort, quint32 localIp, quint32 remoteIp, quint32 pid,
quint8 pathType, quint32 pathLen)
quint32 pathLen)
{
fort_log_blocked_ip_header_write(output, inbound, blockReason, ipProto, localPort, remotePort,
localIp, remoteIp, pid, pathType, pathLen);
localIp, remoteIp, pid, pathLen);
}
void logBlockedIpHeaderRead(const char *input, int *inbound, quint8 *blockReason, quint8 *ipProto,
quint16 *localPort, quint16 *remotePort, quint32 *localIp, quint32 *remoteIp, quint32 *pid,
quint8 *pathType, quint32 *pathLen)
quint32 *pathLen)
{
fort_log_blocked_ip_header_read(input, inbound, blockReason, ipProto, localPort, remotePort,
localIp, remoteIp, pid, pathType, pathLen);
localIp, remoteIp, pid, pathLen);
}
void logProcNewHeaderWrite(char *output, quint32 pid, quint8 pathType, quint32 pathLen)
void logProcNewHeaderWrite(char *output, quint32 pid, quint32 pathLen)
{
fort_log_proc_new_header_write(output, pid, pathType, pathLen);
fort_log_proc_new_header_write(output, pid, pathLen);
}
void logProcNewHeaderRead(const char *input, quint32 *pid, quint8 *pathType, quint32 *pathLen)
void logProcNewHeaderRead(const char *input, quint32 *pid, quint32 *pathLen)
{
fort_log_proc_new_header_read(input, pid, pathType, pathLen);
fort_log_proc_new_header_read(input, pid, pathLen);
}
void logStatTrafHeaderRead(const char *input, quint16 *procCount)

14
src/ui/driver/drivercommon.h
View File

@ -41,20 +41,18 @@ quint32 logTimeSize();
quint32 logType(const char *input);
void logBlockedHeaderWrite(
char *output, bool blocked, quint32 pid, quint8 pathType, quint32 pathLen);
void logBlockedHeaderRead(
const char *input, int *blocked, quint32 *pid, quint8 *pathType, quint32 *pathLen);
void logBlockedHeaderWrite(char *output, bool blocked, quint32 pid, quint32 pathLen);
void logBlockedHeaderRead(const char *input, int *blocked, quint32 *pid, quint32 *pathLen);
void logBlockedIpHeaderWrite(char *output, int inbound, quint8 blockReason, quint8 ipProto,
quint16 localPort, quint16 remotePort, quint32 localIp, quint32 remoteIp, quint32 pid,
quint8 pathType, quint32 pathLen);
quint32 pathLen);
void logBlockedIpHeaderRead(const char *input, int *inbound, quint8 *blockReason, quint8 *ipProto,
quint16 *localPort, quint16 *remotePort, quint32 *localIp, quint32 *remoteIp, quint32 *pid,
quint8 *pathType, quint32 *pathLen);
quint32 *pathLen);
void logProcNewHeaderWrite(char *output, quint32 pid, quint8 pathType, quint32 pathLen);
void logProcNewHeaderRead(const char *input, quint32 *pid, quint8 *pathType, quint32 *pathLen);
void logProcNewHeaderWrite(char *output, quint32 pid, quint32 pathLen);
void logProcNewHeaderRead(const char *input, quint32 *pid, quint32 *pathLen);
void logStatTrafHeaderRead(const char *input, quint16 *procCount);

19
src/ui/log/logbuffer.cpp
View File

@ -61,8 +61,7 @@ void LogBuffer::writeEntryBlocked(const LogEntryBlocked *logEntry)
char *output = this->output();
DriverCommon::logBlockedHeaderWrite(
output, logEntry->blocked(), logEntry->pid(), logEntry->pathType(), pathLen);
DriverCommon::logBlockedHeaderWrite(output, logEntry->blocked(), logEntry->pid(), pathLen);
if (pathLen) {
output += DriverCommon::logBlockedHeaderSize();
@ -78,10 +77,9 @@ void LogBuffer::readEntryBlocked(LogEntryBlocked *logEntry)
const char *input = this->input();
quint8 pathType;
int blocked;
quint32 pid, pathLen;
DriverCommon::logBlockedHeaderRead(input, &blocked, &pid, &pathType, &pathLen);
DriverCommon::logBlockedHeaderRead(input, &blocked, &pid, &pathLen);
QString path;
if (pathLen) {
@ -91,7 +89,6 @@ void LogBuffer::readEntryBlocked(LogEntryBlocked *logEntry)
logEntry->setBlocked(blocked);
logEntry->setPid(pid);
logEntry->setPathType(pathType);
logEntry->setKernelPath(path);
const int entrySize = int(DriverCommon::logBlockedSize(pathLen));
@ -110,7 +107,7 @@ void LogBuffer::writeEntryBlockedIp(const LogEntryBlockedIp *logEntry)
DriverCommon::logBlockedIpHeaderWrite(output, logEntry->inbound(), logEntry->blockReason(),
logEntry->ipProto(), logEntry->localPort(), logEntry->remotePort(), logEntry->localIp(),
logEntry->remoteIp(), logEntry->pid(), logEntry->pathType(), pathLen);
logEntry->remoteIp(), logEntry->pid(), pathLen);
if (pathLen) {
output += DriverCommon::logBlockedIpHeaderSize();
@ -127,7 +124,6 @@ void LogBuffer::readEntryBlockedIp(LogEntryBlockedIp *logEntry)
const char *input = this->input();
int inbound;
quint8 pathType;
quint8 blockReason;
quint8 proto;
quint16 localPort;
@ -135,7 +131,7 @@ void LogBuffer::readEntryBlockedIp(LogEntryBlockedIp *logEntry)
quint32 localIp, remoteIp;
quint32 pid, pathLen;
DriverCommon::logBlockedIpHeaderRead(input, &inbound, &blockReason, &proto, &localPort,
&remotePort, &localIp, &remoteIp, &pid, &pathType, &pathLen);
&remotePort, &localIp, &remoteIp, &pid, &pathLen);
QString path;
if (pathLen) {
@ -151,7 +147,6 @@ void LogBuffer::readEntryBlockedIp(LogEntryBlockedIp *logEntry)
logEntry->setRemotePort(remotePort);
logEntry->setIpProto(proto);
logEntry->setPid(pid);
logEntry->setPathType(pathType);
logEntry->setKernelPath(path);
const int entrySize = int(DriverCommon::logBlockedIpSize(pathLen));
@ -168,7 +163,7 @@ void LogBuffer::writeEntryProcNew(const LogEntryProcNew *logEntry)
char *output = this->output();
DriverCommon::logProcNewHeaderWrite(output, logEntry->pid(), logEntry->pathType(), pathLen);
DriverCommon::logProcNewHeaderWrite(output, logEntry->pid(), pathLen);
if (pathLen != 0) {
output += DriverCommon::logProcNewHeaderSize();
@ -184,9 +179,8 @@ void LogBuffer::readEntryProcNew(LogEntryProcNew *logEntry)
const char *input = this->input();
quint8 pathType;
quint32 pid, pathLen;
DriverCommon::logProcNewHeaderRead(input, &pid, &pathType, &pathLen);
DriverCommon::logProcNewHeaderRead(input, &pid, &pathLen);
QString path;
if (pathLen != 0) {
@ -194,7 +188,6 @@ void LogBuffer::readEntryProcNew(LogEntryProcNew *logEntry)
path = QString::fromWCharArray((const wchar_t *) input, pathLen / sizeof(wchar_t));
}
logEntry->setPathType(pathType);
logEntry->setPid(pid);
logEntry->setKernelPath(path);

9
src/ui/log/logentryblocked.cpp
View File

@ -1,7 +1,9 @@
#include "logentryblocked.h"
LogEntryBlocked::LogEntryBlocked(quint32 pid, const QString &kernelPath) :
m_blocked(true), m_pid(pid), m_kernelPath(kernelPath)
m_blocked(true),
m_pid(pid),
m_kernelPath(kernelPath)
{
}
@ -15,11 +17,6 @@ void LogEntryBlocked::setBlocked(bool blocked)
m_blocked = blocked;
}
void LogEntryBlocked::setPathType(quint8 v)
{
m_pathType = v;
}
void LogEntryBlocked::setPid(quint32 pid)
{
m_pid = pid;

4
src/ui/log/logentryblocked.h
View File

@ -13,9 +13,6 @@ public:
bool blocked() const { return m_blocked; }
void setBlocked(bool blocked);
quint8 pathType() const { return m_pathType; }
void setPathType(quint8 v);
quint32 pid() const { return m_pid; }
void setPid(quint32 pid);
@ -26,7 +23,6 @@ public:
private:
bool m_blocked : 1;
quint8 m_pathType = 0;
quint32 m_pid = 0;
QString m_kernelPath;
};

5
src/ui/log/logentryprocnew.cpp
View File

@ -5,11 +5,6 @@ LogEntryProcNew::LogEntryProcNew(quint32 pid, const QString &kernelPath) :
{
}
void LogEntryProcNew::setPathType(quint8 v)
{
m_pathType = v;
}
void LogEntryProcNew::setPid(quint32 pid)
{
m_pid = pid;

4
src/ui/log/logentryprocnew.h
View File

@ -10,9 +10,6 @@ public:
FortLogType type() const override { return FORT_LOG_TYPE_PROC_NEW; }
quint8 pathType() const { return m_pathType; }
void setPathType(quint8 v);
quint32 pid() const { return m_pid; }
void setPid(quint32 pid);
@ -22,7 +19,6 @@ public:
QString path() const;
private:
quint8 m_pathType = 0;
quint32 m_pid = 0;
QString m_kernelPath;
};

2
src/ui/model/appstatmodel.cpp
View File

@ -83,7 +83,7 @@ void AppStatModel::updateList()
m_appIds.clear();
m_appIds.append(0); // All
statManager()->getStatAppList(list, m_appIds, m_pathTypes);
statManager()->getStatAppList(list, m_appIds);
setList(list);
}

1
src/ui/model/appstatmodel.h
View File

@ -42,7 +42,6 @@ private:
private:
QVector<qint64> m_appIds;
QVector<quint8> m_pathTypes;
};
#endif // APPSTATMODEL_H

1
src/ui/stat/migrations/1.sql
View File

@ -1,7 +1,6 @@
CREATE TABLE app(
app_id INTEGER PRIMARY KEY,
path TEXT NOT NULL,
path_type INTEGER NOT NULL DEFAULT 0,
creat_time INTEGER NOT NULL
);

34
src/ui/stat/statmanager.cpp
View File

@ -24,7 +24,7 @@ Q_LOGGING_CATEGORY(CLOG_STAT_MANAGER, "stat")
#define logWarning() qCWarning(CLOG_STAT_MANAGER, )
#define logCritical() qCCritical(CLOG_STAT_MANAGER, )
#define DATABASE_USER_VERSION 5
#define DATABASE_USER_VERSION 4
#define ACTIVE_PERIOD_CHECK_SECS (60 * OS_TICKS_PER_SECOND)
@ -51,10 +51,6 @@ bool migrateFunc(SqliteDb *db, int version, bool isNewDb, void *ctx)
"app_id, traf_time, in_bytes, out_bytes");
db->executeStr(sql);
} break;
case 5: {
// COMPAT: app.flags
db->execute("UPDATE app SET path_type = 1 WHERE path = 'System';");
} break;
}
return true;
@ -284,14 +280,13 @@ void StatManager::clearAppIdCache()
bool StatManager::logProcNew(const LogEntryProcNew &entry, qint64 unixTime)
{
const quint8 pathType = entry.pathType();
const quint32 pid = entry.pid();
const QString &appPath = entry.path();
Q_ASSERT(!m_appPidPathMap.contains(pid));
m_appPidPathMap.insert(pid, { pathType, appPath });
m_appPidPathMap.insert(pid, appPath);
return getOrCreateAppId(appPath, pathType, unixTime) != INVALID_APP_ID;
return getOrCreateAppId(appPath, unixTime) != INVALID_APP_ID;
}
bool StatManager::logStatTraf(const LogEntryStatTraf &entry, qint64 unixTime)
@ -375,7 +370,7 @@ bool StatManager::logBlockedIp(const LogEntryBlockedIp &entry, qint64 unixTime)
bool ok = false;
sqliteDb()->beginTransaction();
const qint64 appId = getOrCreateAppId(entry.path(), entry.pathType(), unixTime);
const qint64 appId = getOrCreateAppId(entry.path(), unixTime);
if (appId != INVALID_APP_ID) {
ok = createConnBlock(entry, unixTime, appId);
}
@ -505,13 +500,12 @@ qint64 StatManager::getAppId(const QString &appPath)
return appId;
}
qint64 StatManager::createAppId(const QString &appPath, quint8 pathType, qint64 unixTime)
qint64 StatManager::createAppId(const QString &appPath, qint64 unixTime)
{
SqliteStmt *stmt = sqliteDb()->stmt(StatSql::sqlInsertAppId);
stmt->bindText(1, appPath);
stmt->bindInt(2, pathType);
stmt->bindInt64(3, unixTime);
stmt->bindInt64(2, unixTime);
if (sqliteDb()->done(stmt)) {
return sqliteDb()->lastInsertRowid();
@ -520,7 +514,7 @@ qint64 StatManager::createAppId(const QString &appPath, quint8 pathType, qint64
return INVALID_APP_ID;
}
qint64 StatManager::getOrCreateAppId(const QString &appPath, quint8 pathType, qint64 unixTime)
qint64 StatManager::getOrCreateAppId(const QString &appPath, qint64 unixTime)
{
qint64 appId = getCachedAppId(appPath);
if (appId == INVALID_APP_ID) {
@ -529,7 +523,7 @@ qint64 StatManager::getOrCreateAppId(const QString &appPath, quint8 pathType, qi
if (unixTime == 0) {
unixTime = DateUtil::getUnixTime();
}
appId = createAppId(appPath, pathType, unixTime);
appId = createAppId(appPath, unixTime);
}
Q_ASSERT(appId != INVALID_APP_ID);
@ -580,15 +574,13 @@ void StatManager::deleteOldTraffic(qint32 trafHour)
doStmtList(deleteTrafStmts);
}
void StatManager::getStatAppList(
QStringList &list, QVector<qint64> &appIds, QVector<quint8> &pathTypes)
void StatManager::getStatAppList(QStringList &list, QVector<qint64> &appIds)
{
SqliteStmt *stmt = sqliteDb()->stmt(StatSql::sqlSelectStatAppList);
while (stmt->step() == SqliteStmt::StepRow) {
appIds.append(stmt->columnInt64(0));
pathTypes.append(stmt->columnInt(1));
list.append(stmt->columnText(2));
list.append(stmt->columnText(1));
}
stmt->reset();
}
@ -600,9 +592,7 @@ void StatManager::logTrafBytes(const QStmtList &insertStmtList, const QStmtList
const bool inactive = (pidFlag & 1) != 0;
const quint32 pid = pidFlag & ~quint32(1);
const AppPathInfo appPathInfo = m_appPidPathMap.value(pid);
const quint8 pathType = appPathInfo.pathType;
const QString appPath = appPathInfo.path;
const QString appPath = m_appPidPathMap.value(pid);
if (Q_UNLIKELY(appPath.isEmpty())) {
logCritical() << "UI & Driver's states mismatch! Expected processes:"
@ -617,7 +607,7 @@ void StatManager::logTrafBytes(const QStmtList &insertStmtList, const QStmtList
if (inBytes == 0 && outBytes == 0)
return;
const qint64 appId = getOrCreateAppId(appPath, pathType, unixTime);
const qint64 appId = getOrCreateAppId(appPath, unixTime);
Q_ASSERT(appId != INVALID_APP_ID);
if (m_isActivePeriod) {

14
src/ui/stat/statmanager.h
View File

@ -49,7 +49,7 @@ public:
bool logBlockedIp(const LogEntryBlockedIp &entry, qint64 unixTime);
void getStatAppList(QStringList &list, QVector<qint64> &appIds, QVector<quint8> &pathTypes);
void getStatAppList(QStringList &list, QVector<qint64> &appIds);
virtual bool deleteStatApp(qint64 appId);
@ -112,8 +112,8 @@ private:
bool deleteOldConnBlock();
qint64 getAppId(const QString &appPath);
qint64 createAppId(const QString &appPath, quint8 pathType, qint64 unixTime);
qint64 getOrCreateAppId(const QString &appPath, quint8 pathType, qint64 unixTime = 0);
qint64 createAppId(const QString &appPath, qint64 unixTime);
qint64 getOrCreateAppId(const QString &appPath, qint64 unixTime = 0);
bool deleteAppId(qint64 appId);
void deleteOldTraffic(qint32 trafHour);
@ -169,13 +169,7 @@ private:
SqliteDb *m_sqliteDb = nullptr;
struct AppPathInfo
{
quint8 pathType = 0;
QString path;
};
QHash<quint32, AppPathInfo> m_appPidPathMap; // pid -> appPath
QHash<quint32, QString> m_appPidPathMap; // pid -> appPath
QHash<QString, qint64> m_appPathIdCache; // appPath -> appId
TriggerTimer m_connChangedTimer;

5
src/ui/stat/statsql.cpp
View File

@ -2,14 +2,13 @@
const char *const StatSql::sqlSelectAppId = "SELECT app_id FROM app WHERE path = ?1;";
const char *const StatSql::sqlInsertAppId = "INSERT INTO app(path, path_type, creat_time)"
" VALUES(?1, ?2, ?3);";
const char *const StatSql::sqlInsertAppId = "INSERT INTO app(path, creat_time) VALUES(?1, ?3);";
const char *const StatSql::sqlDeleteAppId = "DELETE FROM app WHERE app_id = ?1;";
const char *const StatSql::sqlSelectStatAppExists = "SELECT 1 FROM traffic_app WHERE app_id = ?1;";
const char *const StatSql::sqlSelectStatAppList = "SELECT t.app_id, t.path_type, t.path FROM app t"
const char *const StatSql::sqlSelectStatAppList = "SELECT t.app_id, t.path FROM app t"
" JOIN traffic_app ta ON ta.app_id = t.app_id"
" ORDER BY t.app_id;";