From 059415c5a7a505af0526a9e26577cce45c3563bd Mon Sep 17 00:00:00 2001 From: Nodir Temirkhodjaev Date: Mon, 10 Jan 2022 08:13:05 +0300 Subject: [PATCH] Partial revert "Driver: Prepare "path_type"" This reverts commit 512930407bc2fe4793e7e3430a33a08765731b1f. --- src/driver/common/fortdef.h | 6 ------ src/driver/common/fortlog.c | 37 ++++++++++++++-------------------- src/driver/common/fortlog.h | 21 +++++++++---------- src/driver/fortbuf.c | 14 ++++++------- src/driver/fortbuf.h | 8 ++++---- src/driver/fortcout.c | 36 ++++++++++++++++----------------- src/ui/driver/drivercommon.cpp | 26 +++++++++++------------- src/ui/driver/drivercommon.h | 14 ++++++------- src/ui/log/logbuffer.cpp | 19 ++++++----------- src/ui/log/logentryblocked.cpp | 9 +++------ src/ui/log/logentryblocked.h | 4 ---- src/ui/log/logentryprocnew.cpp | 5 ----- src/ui/log/logentryprocnew.h | 4 ---- src/ui/model/appstatmodel.cpp | 2 +- src/ui/model/appstatmodel.h | 1 - src/ui/stat/migrations/1.sql | 1 - src/ui/stat/statmanager.cpp | 34 +++++++++++-------------------- src/ui/stat/statmanager.h | 14 ++++--------- src/ui/stat/statsql.cpp | 5 ++--- 19 files changed, 98 insertions(+), 162 deletions(-) diff --git a/src/driver/common/fortdef.h b/src/driver/common/fortdef.h index d3f4f86f..4591574e 100644 --- a/src/driver/common/fortdef.h +++ b/src/driver/common/fortdef.h @@ -21,10 +21,4 @@ enum FortBlockReason { FORT_BLOCK_REASON_APP_GROUP_DEFAULT, }; -enum FortPathType { - FORT_PATH_TYPE_EXE = 0, - FORT_PATH_TYPE_SYSTEM, - FORT_PATH_TYPE_SERVICE, -}; - #endif // FORTDEF_H diff --git a/src/driver/common/fortlog.c b/src/driver/common/fortlog.c index 85a3473d..86c09ae2 100644 --- a/src/driver/common/fortlog.c +++ b/src/driver/common/fortlog.c @@ -4,20 +4,18 @@ #include "fortdef.h" -FORT_API void fort_log_blocked_header_write( - char *p, BOOL blocked, UINT32 pid, UCHAR path_type, UINT32 path_len) +FORT_API void fort_log_blocked_header_write(char *p, BOOL blocked, UINT32 pid, UINT32 path_len) { UINT32 *up = (UINT32 *) p; - *up++ = fort_log_flag_type(blocked ? FORT_LOG_TYPE_BLOCKED : FORT_LOG_TYPE_ALLOWED) - | fort_log_flag_opt(path_type) | path_len; + *up++ = fort_log_flag_type(blocked ? FORT_LOG_TYPE_BLOCKED : FORT_LOG_TYPE_ALLOWED) | path_len; *up = pid; } FORT_API void fort_log_blocked_write( - char *p, BOOL blocked, UINT32 pid, UCHAR path_type, UINT32 path_len, const char *path) + char *p, BOOL blocked, UINT32 pid, UINT32 path_len, const char *path) { - fort_log_blocked_header_write(p, blocked, pid, path_type, path_len); + fort_log_blocked_header_write(p, blocked, pid, path_len); if (path_len != 0) { RtlCopyMemory(p + FORT_LOG_BLOCKED_HEADER_SIZE, path, path_len); @@ -25,25 +23,24 @@ FORT_API void fort_log_blocked_write( } FORT_API void fort_log_blocked_header_read( - const char *p, BOOL *blocked, UINT32 *pid, UCHAR *path_type, UINT32 *path_len) + const char *p, BOOL *blocked, UINT32 *pid, UINT32 *path_len) { const UINT32 *up = (const UINT32 *) p; *blocked = fort_log_type(up) == FORT_LOG_TYPE_BLOCKED; - *path_type = fort_log_opt(up); *path_len = (*up++ & ~FORT_LOG_FLAG_EX_MASK); *pid = *up; } void fort_log_blocked_ip_header_write(char *p, BOOL inbound, UCHAR block_reason, UCHAR ip_proto, UINT16 local_port, UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip, UINT32 pid, - UCHAR path_type, UINT32 path_len) + UINT32 path_len) { UINT32 *up = (UINT32 *) p; *up++ = fort_log_flag_type(FORT_LOG_TYPE_BLOCKED_IP) | (inbound ? FORT_LOG_FLAG_IP_INBOUND : 0) | path_len; - *up++ = block_reason | ((UINT32) path_type << 8) | ((UINT32) ip_proto << 16); + *up++ = block_reason | ((UINT32) ip_proto << 16); *up++ = local_port | ((UINT32) remote_port << 16); *up++ = local_ip; *up++ = remote_ip; @@ -52,10 +49,10 @@ void fort_log_blocked_ip_header_write(char *p, BOOL inbound, UCHAR block_reason, void fort_log_blocked_ip_write(char *p, BOOL inbound, UCHAR block_reason, UCHAR ip_proto, UINT16 local_port, UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip, UINT32 pid, - UCHAR path_type, UINT32 path_len, const char *path) + UINT32 path_len, const char *path) { fort_log_blocked_ip_header_write(p, inbound, block_reason, ip_proto, local_port, remote_port, - local_ip, remote_ip, pid, path_type, path_len); + local_ip, remote_ip, pid, path_len); if (path_len != 0) { RtlCopyMemory(p + FORT_LOG_BLOCKED_IP_HEADER_SIZE, path, path_len); @@ -64,14 +61,13 @@ void fort_log_blocked_ip_write(char *p, BOOL inbound, UCHAR block_reason, UCHAR void fort_log_blocked_ip_header_read(const char *p, BOOL *inbound, UCHAR *block_reason, UCHAR *ip_proto, UINT16 *local_port, UINT16 *remote_port, UINT32 *local_ip, - UINT32 *remote_ip, UINT32 *pid, UCHAR *path_type, UINT32 *path_len) + UINT32 *remote_ip, UINT32 *pid, UINT32 *path_len) { const UINT32 *up = (const UINT32 *) p; *inbound = (*up & FORT_LOG_FLAG_IP_INBOUND) != 0; *path_len = (*up++ & ~FORT_LOG_FLAG_EX_MASK); *block_reason = *((const UCHAR *) up); - *path_type = (UCHAR) (*up >> 8); *ip_proto = (UCHAR) (*up++ >> 16); *local_port = *((const UINT16 *) up); *remote_port = (UINT16) (*up++ >> 16); @@ -80,30 +76,27 @@ void fort_log_blocked_ip_header_read(const char *p, BOOL *inbound, UCHAR *block_ *pid = *up; } -FORT_API void fort_log_proc_new_header_write(char *p, UINT32 pid, UCHAR path_type, UINT32 path_len) +FORT_API void fort_log_proc_new_header_write(char *p, UINT32 pid, UINT32 path_len) { UINT32 *up = (UINT32 *) p; - *up++ = fort_log_flag_type(FORT_LOG_TYPE_PROC_NEW) | fort_log_flag_opt(path_type) | path_len; + *up++ = fort_log_flag_type(FORT_LOG_TYPE_PROC_NEW) | path_len; *up = pid; } -FORT_API void fort_log_proc_new_write( - char *p, UINT32 pid, UCHAR path_type, UINT32 path_len, const char *path) +FORT_API void fort_log_proc_new_write(char *p, UINT32 pid, UINT32 path_len, const char *path) { - fort_log_proc_new_header_write(p, pid, path_type, path_len); + fort_log_proc_new_header_write(p, pid, path_len); if (path_len != 0) { RtlCopyMemory(p + FORT_LOG_PROC_NEW_HEADER_SIZE, path, path_len); } } -FORT_API void fort_log_proc_new_header_read( - const char *p, UINT32 *pid, UCHAR *path_type, UINT32 *path_len) +FORT_API void fort_log_proc_new_header_read(const char *p, UINT32 *pid, UINT32 *path_len) { const UINT32 *up = (const UINT32 *) p; - *path_type = fort_log_opt(up); *path_len = (*up++ & ~FORT_LOG_FLAG_EX_MASK); *pid = *up; } diff --git a/src/driver/common/fortlog.h b/src/driver/common/fortlog.h index 85dd0a3c..10b6cf01 100644 --- a/src/driver/common/fortlog.h +++ b/src/driver/common/fortlog.h @@ -58,34 +58,31 @@ extern "C" { #endif -FORT_API void fort_log_blocked_header_write( - char *p, BOOL blocked, UINT32 pid, UCHAR path_type, UINT32 path_len); +FORT_API void fort_log_blocked_header_write(char *p, BOOL blocked, UINT32 pid, UINT32 path_len); FORT_API void fort_log_blocked_write( - char *p, BOOL blocked, UINT32 pid, UCHAR path_type, UINT32 path_len, const char *path); + char *p, BOOL blocked, UINT32 pid, UINT32 path_len, const char *path); FORT_API void fort_log_blocked_header_read( - const char *p, BOOL *blocked, UINT32 *pid, UCHAR *path_type, UINT32 *path_len); + const char *p, BOOL *blocked, UINT32 *pid, UINT32 *path_len); FORT_API void fort_log_blocked_ip_header_write(char *p, BOOL inbound, UCHAR block_reason, UCHAR ip_proto, UINT16 local_port, UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip, - UINT32 pid, UCHAR path_type, UINT32 path_len); + UINT32 pid, UINT32 path_len); FORT_API void fort_log_blocked_ip_write(char *p, BOOL inbound, UCHAR block_reason, UCHAR ip_proto, UINT16 local_port, UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip, UINT32 pid, - UCHAR path_type, UINT32 path_len, const char *path); + UINT32 path_len, const char *path); FORT_API void fort_log_blocked_ip_header_read(const char *p, BOOL *inbound, UCHAR *block_reason, UCHAR *ip_proto, UINT16 *local_port, UINT16 *remote_port, UINT32 *local_ip, - UINT32 *remote_ip, UINT32 *pid, UCHAR *path_type, UINT32 *path_len); + UINT32 *remote_ip, UINT32 *pid, UINT32 *path_len); -FORT_API void fort_log_proc_new_header_write(char *p, UINT32 pid, UCHAR path_type, UINT32 path_len); +FORT_API void fort_log_proc_new_header_write(char *p, UINT32 pid, UINT32 path_len); -FORT_API void fort_log_proc_new_write( - char *p, UINT32 pid, UCHAR path_type, UINT32 path_len, const char *path); +FORT_API void fort_log_proc_new_write(char *p, UINT32 pid, UINT32 path_len, const char *path); -FORT_API void fort_log_proc_new_header_read( - const char *p, UINT32 *pid, UCHAR *path_type, UINT32 *path_len); +FORT_API void fort_log_proc_new_header_read(const char *p, UINT32 *pid, UINT32 *path_len); FORT_API void fort_log_stat_traf_header_write(char *p, UINT16 proc_count); diff --git a/src/driver/fortbuf.c b/src/driver/fortbuf.c index febb887f..7717b67a 100644 --- a/src/driver/fortbuf.c +++ b/src/driver/fortbuf.c @@ -135,7 +135,7 @@ FORT_API NTSTATUS fort_buffer_prepare( } FORT_API NTSTATUS fort_buffer_blocked_write(PFORT_BUFFER buf, BOOL blocked, UINT32 pid, - UCHAR path_type, UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info) + UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info) { KLOCK_QUEUE_HANDLE lock_queue; NTSTATUS status; @@ -152,7 +152,7 @@ FORT_API NTSTATUS fort_buffer_blocked_write(PFORT_BUFFER buf, BOOL blocked, UINT status = fort_buffer_prepare(buf, len, &out, irp, info); if (NT_SUCCESS(status)) { - fort_log_blocked_write(out, blocked, pid, path_type, path_len, path); + fort_log_blocked_write(out, blocked, pid, path_len, path); } } KeReleaseInStackQueuedSpinLock(&lock_queue); @@ -162,7 +162,7 @@ FORT_API NTSTATUS fort_buffer_blocked_write(PFORT_BUFFER buf, BOOL blocked, UINT NTSTATUS fort_buffer_blocked_ip_write(PFORT_BUFFER buf, BOOL inbound, UCHAR block_reason, UCHAR ip_proto, UINT16 local_port, UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip, - UINT32 pid, UCHAR path_type, UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info) + UINT32 pid, UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info) { KLOCK_QUEUE_HANDLE lock_queue; NTSTATUS status; @@ -180,7 +180,7 @@ NTSTATUS fort_buffer_blocked_ip_write(PFORT_BUFFER buf, BOOL inbound, UCHAR bloc if (NT_SUCCESS(status)) { fort_log_blocked_ip_write(out, inbound, block_reason, ip_proto, local_port, remote_port, - local_ip, remote_ip, pid, path_type, path_len, path); + local_ip, remote_ip, pid, path_len, path); } } KeReleaseInStackQueuedSpinLock(&lock_queue); @@ -188,8 +188,8 @@ NTSTATUS fort_buffer_blocked_ip_write(PFORT_BUFFER buf, BOOL inbound, UCHAR bloc return status; } -FORT_API NTSTATUS fort_buffer_proc_new_write(PFORT_BUFFER buf, UINT32 pid, UCHAR path_type, - UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info) +FORT_API NTSTATUS fort_buffer_proc_new_write( + PFORT_BUFFER buf, UINT32 pid, UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info) { KLOCK_QUEUE_HANDLE lock_queue; NTSTATUS status; @@ -206,7 +206,7 @@ FORT_API NTSTATUS fort_buffer_proc_new_write(PFORT_BUFFER buf, UINT32 pid, UCHAR status = fort_buffer_prepare(buf, len, &out, irp, info); if (NT_SUCCESS(status)) { - fort_log_proc_new_write(out, pid, path_type, path_len, path); + fort_log_proc_new_write(out, pid, path_len, path); } } KeReleaseInStackQueuedSpinLock(&lock_queue); diff --git a/src/driver/fortbuf.h b/src/driver/fortbuf.h index 6c5dfe8f..8fb46e49 100644 --- a/src/driver/fortbuf.h +++ b/src/driver/fortbuf.h @@ -41,14 +41,14 @@ FORT_API NTSTATUS fort_buffer_prepare( PFORT_BUFFER buf, UINT32 len, PCHAR *out, PIRP *irp, ULONG_PTR *info); FORT_API NTSTATUS fort_buffer_blocked_write(PFORT_BUFFER buf, BOOL blocked, UINT32 pid, - UCHAR path_type, UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info); + UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info); FORT_API NTSTATUS fort_buffer_blocked_ip_write(PFORT_BUFFER buf, BOOL inbound, UCHAR block_reason, UCHAR ip_proto, UINT16 local_port, UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip, - UINT32 pid, UCHAR path_type, UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info); + UINT32 pid, UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info); -FORT_API NTSTATUS fort_buffer_proc_new_write(PFORT_BUFFER buf, UINT32 pid, UCHAR path_type, - UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info); +FORT_API NTSTATUS fort_buffer_proc_new_write(PFORT_BUFFER buf, UINT32 pid, UINT32 path_len, + const PVOID path, PIRP *irp, ULONG_PTR *info); FORT_API NTSTATUS fort_buffer_xmove( PFORT_BUFFER buf, PIRP irp, PVOID out, ULONG out_len, ULONG_PTR *info); diff --git a/src/driver/fortcout.c b/src/driver/fortcout.c index 3dd52e52..905ffa51 100644 --- a/src/driver/fortcout.c +++ b/src/driver/fortcout.c @@ -40,8 +40,8 @@ static BOOL fort_callout_classify_v4_blocked_log_stat(const FWPS_INCOMING_VALUES FWPS_CLASSIFY_OUT0 *classifyOut, int flagsField, int localIpField, int remoteIpField, int localPortField, int remotePortField, int ipProtoField, BOOL inbound, UINT32 classify_flags, UINT32 remote_ip, FORT_CONF_FLAGS conf_flags, UINT32 process_id, - UCHAR path_type, UINT32 path_len, PVOID path, PFORT_CONF_REF conf_ref, INT8 *block_reason, - BOOL blocked, FORT_APP_FLAGS app_flags, PIRP *irp, ULONG_PTR *info) + UINT32 path_len, PVOID path, PFORT_CONF_REF conf_ref, INT8 *block_reason, BOOL blocked, + FORT_APP_FLAGS app_flags, PIRP *irp, ULONG_PTR *info) { const UINT64 flow_id = inMetaValues->flowHandle; @@ -65,8 +65,7 @@ static BOOL fort_callout_classify_v4_blocked_log_stat(const FWPS_INCOMING_VALUES DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL, "FORT: Classify v4: Flow assoc. error: %x\n", status); } else if (is_new_proc) { - fort_buffer_proc_new_write( - &fort_device()->buffer, process_id, path_type, path_len, path, irp, info); + fort_buffer_proc_new_write(&fort_device()->buffer, process_id, path_len, path, irp, info); } return FALSE; @@ -77,8 +76,8 @@ static BOOL fort_callout_classify_v4_blocked_log(const FWPS_INCOMING_VALUES0 *in FWPS_CLASSIFY_OUT0 *classifyOut, int flagsField, int localIpField, int remoteIpField, int localPortField, int remotePortField, int ipProtoField, BOOL inbound, UINT32 classify_flags, UINT32 remote_ip, FORT_CONF_FLAGS conf_flags, UINT32 process_id, - UCHAR path_type, UINT32 path_len, PVOID path, PFORT_CONF_REF conf_ref, INT8 *block_reason, - BOOL blocked, PIRP *irp, ULONG_PTR *info) + UINT32 path_len, PVOID path, PFORT_CONF_REF conf_ref, INT8 *block_reason, BOOL blocked, + PIRP *irp, ULONG_PTR *info) { FORT_APP_FLAGS app_flags = fort_conf_app_find(&conf_ref->conf, path, path_len, fort_conf_exe_find); @@ -90,8 +89,8 @@ static BOOL fort_callout_classify_v4_blocked_log(const FWPS_INCOMING_VALUES0 *in && fort_callout_classify_v4_blocked_log_stat(inFixedValues, inMetaValues, filter, classifyOut, flagsField, localIpField, remoteIpField, localPortField, remotePortField, ipProtoField, inbound, classify_flags, remote_ip, - conf_flags, process_id, path_type, path_len, path, conf_ref, block_reason, - blocked, app_flags, irp, info)) + conf_flags, process_id, path_len, path, conf_ref, block_reason, blocked, + app_flags, irp, info)) return TRUE; /* blocked */ blocked = FALSE; /* allow */ @@ -104,8 +103,8 @@ static BOOL fort_callout_classify_v4_blocked_log(const FWPS_INCOMING_VALUES0 *in app_flags.is_new = 1; if (NT_SUCCESS(fort_conf_ref_exe_add_path(conf_ref, path, path_len, app_flags))) { - fort_buffer_blocked_write(&fort_device()->buffer, blocked, process_id, path_type, - path_len, path, irp, info); + fort_buffer_blocked_write( + &fort_device()->buffer, blocked, process_id, path_len, path, irp, info); } } @@ -117,8 +116,8 @@ static BOOL fort_callout_classify_v4_blocked(const FWPS_INCOMING_VALUES0 *inFixe FWPS_CLASSIFY_OUT0 *classifyOut, int flagsField, int localIpField, int remoteIpField, int localPortField, int remotePortField, int ipProtoField, BOOL inbound, UINT32 classify_flags, UINT32 remote_ip, FORT_CONF_FLAGS conf_flags, UINT32 process_id, - UCHAR path_type, UINT32 path_len, PVOID path, PFORT_CONF_REF conf_ref, INT8 *block_reason, - PIRP *irp, ULONG_PTR *info) + UINT32 path_len, PVOID path, PFORT_CONF_REF conf_ref, INT8 *block_reason, PIRP *irp, + ULONG_PTR *info) { BOOL blocked = TRUE; @@ -149,8 +148,8 @@ static BOOL fort_callout_classify_v4_blocked(const FWPS_INCOMING_VALUES0 *inFixe return fort_callout_classify_v4_blocked_log(inFixedValues, inMetaValues, filter, classifyOut, flagsField, localIpField, remoteIpField, localPortField, remotePortField, ipProtoField, - inbound, classify_flags, remote_ip, conf_flags, process_id, path_type, path_len, path, - conf_ref, block_reason, blocked, irp, info); + inbound, classify_flags, remote_ip, conf_flags, process_id, path_len, path, conf_ref, + block_reason, blocked, irp, info); } static void fort_callout_classify_v4_check(const FWPS_INCOMING_VALUES0 *inFixedValues, @@ -166,13 +165,12 @@ static void fort_callout_classify_v4_check(const FWPS_INCOMING_VALUES0 *inFixedV const UINT32 path_len = inMetaValues->processPath->size - sizeof(WCHAR); /* chop terminating zero */ const PVOID path = inMetaValues->processPath->data; - const UCHAR path_type = (*(LPCWSTR) path == L'S') ? FORT_PATH_TYPE_SYSTEM : FORT_PATH_TYPE_EXE; INT8 block_reason = FORT_BLOCK_REASON_UNKNOWN; const BOOL blocked = fort_callout_classify_v4_blocked(inFixedValues, inMetaValues, filter, classifyOut, flagsField, localIpField, remoteIpField, localPortField, remotePortField, - ipProtoField, inbound, classify_flags, remote_ip, conf_flags, process_id, path_type, - path_len, path, conf_ref, &block_reason, irp, info); + ipProtoField, inbound, classify_flags, remote_ip, conf_flags, process_id, path_len, + path, conf_ref, &block_reason, irp, info); if (blocked) { /* Log the blocked connection */ @@ -184,8 +182,8 @@ static void fort_callout_classify_v4_check(const FWPS_INCOMING_VALUES0 *inFixedV (IPPROTO) inFixedValues->incomingValue[ipProtoField].value.uint8; fort_buffer_blocked_ip_write(&fort_device()->buffer, inbound, block_reason, ip_proto, - local_port, remote_port, local_ip, remote_ip, process_id, path_type, path_len, - path, irp, info); + local_port, remote_port, local_ip, remote_ip, process_id, path_len, path, irp, + info); } /* Block the connection */ diff --git a/src/ui/driver/drivercommon.cpp b/src/ui/driver/drivercommon.cpp index 5194c420..14611002 100644 --- a/src/ui/driver/drivercommon.cpp +++ b/src/ui/driver/drivercommon.cpp @@ -127,42 +127,40 @@ quint32 logType(const char *input) return fort_log_type(input); } -void logBlockedHeaderWrite( - char *output, bool blocked, quint32 pid, quint8 pathType, quint32 pathLen) +void logBlockedHeaderWrite(char *output, bool blocked, quint32 pid, quint32 pathLen) { - fort_log_blocked_header_write(output, blocked, pid, pathType, pathLen); + fort_log_blocked_header_write(output, blocked, pid, pathLen); } -void logBlockedHeaderRead( - const char *input, int *blocked, quint32 *pid, quint8 *pathType, quint32 *pathLen) +void logBlockedHeaderRead(const char *input, int *blocked, quint32 *pid, quint32 *pathLen) { - fort_log_blocked_header_read(input, blocked, pid, pathType, pathLen); + fort_log_blocked_header_read(input, blocked, pid, pathLen); } void logBlockedIpHeaderWrite(char *output, int inbound, quint8 blockReason, quint8 ipProto, quint16 localPort, quint16 remotePort, quint32 localIp, quint32 remoteIp, quint32 pid, - quint8 pathType, quint32 pathLen) + quint32 pathLen) { fort_log_blocked_ip_header_write(output, inbound, blockReason, ipProto, localPort, remotePort, - localIp, remoteIp, pid, pathType, pathLen); + localIp, remoteIp, pid, pathLen); } void logBlockedIpHeaderRead(const char *input, int *inbound, quint8 *blockReason, quint8 *ipProto, quint16 *localPort, quint16 *remotePort, quint32 *localIp, quint32 *remoteIp, quint32 *pid, - quint8 *pathType, quint32 *pathLen) + quint32 *pathLen) { fort_log_blocked_ip_header_read(input, inbound, blockReason, ipProto, localPort, remotePort, - localIp, remoteIp, pid, pathType, pathLen); + localIp, remoteIp, pid, pathLen); } -void logProcNewHeaderWrite(char *output, quint32 pid, quint8 pathType, quint32 pathLen) +void logProcNewHeaderWrite(char *output, quint32 pid, quint32 pathLen) { - fort_log_proc_new_header_write(output, pid, pathType, pathLen); + fort_log_proc_new_header_write(output, pid, pathLen); } -void logProcNewHeaderRead(const char *input, quint32 *pid, quint8 *pathType, quint32 *pathLen) +void logProcNewHeaderRead(const char *input, quint32 *pid, quint32 *pathLen) { - fort_log_proc_new_header_read(input, pid, pathType, pathLen); + fort_log_proc_new_header_read(input, pid, pathLen); } void logStatTrafHeaderRead(const char *input, quint16 *procCount) diff --git a/src/ui/driver/drivercommon.h b/src/ui/driver/drivercommon.h index dc9c619e..d18d8ca3 100644 --- a/src/ui/driver/drivercommon.h +++ b/src/ui/driver/drivercommon.h @@ -41,20 +41,18 @@ quint32 logTimeSize(); quint32 logType(const char *input); -void logBlockedHeaderWrite( - char *output, bool blocked, quint32 pid, quint8 pathType, quint32 pathLen); -void logBlockedHeaderRead( - const char *input, int *blocked, quint32 *pid, quint8 *pathType, quint32 *pathLen); +void logBlockedHeaderWrite(char *output, bool blocked, quint32 pid, quint32 pathLen); +void logBlockedHeaderRead(const char *input, int *blocked, quint32 *pid, quint32 *pathLen); void logBlockedIpHeaderWrite(char *output, int inbound, quint8 blockReason, quint8 ipProto, quint16 localPort, quint16 remotePort, quint32 localIp, quint32 remoteIp, quint32 pid, - quint8 pathType, quint32 pathLen); + quint32 pathLen); void logBlockedIpHeaderRead(const char *input, int *inbound, quint8 *blockReason, quint8 *ipProto, quint16 *localPort, quint16 *remotePort, quint32 *localIp, quint32 *remoteIp, quint32 *pid, - quint8 *pathType, quint32 *pathLen); + quint32 *pathLen); -void logProcNewHeaderWrite(char *output, quint32 pid, quint8 pathType, quint32 pathLen); -void logProcNewHeaderRead(const char *input, quint32 *pid, quint8 *pathType, quint32 *pathLen); +void logProcNewHeaderWrite(char *output, quint32 pid, quint32 pathLen); +void logProcNewHeaderRead(const char *input, quint32 *pid, quint32 *pathLen); void logStatTrafHeaderRead(const char *input, quint16 *procCount); diff --git a/src/ui/log/logbuffer.cpp b/src/ui/log/logbuffer.cpp index 07a8ac09..ddfa82e2 100644 --- a/src/ui/log/logbuffer.cpp +++ b/src/ui/log/logbuffer.cpp @@ -61,8 +61,7 @@ void LogBuffer::writeEntryBlocked(const LogEntryBlocked *logEntry) char *output = this->output(); - DriverCommon::logBlockedHeaderWrite( - output, logEntry->blocked(), logEntry->pid(), logEntry->pathType(), pathLen); + DriverCommon::logBlockedHeaderWrite(output, logEntry->blocked(), logEntry->pid(), pathLen); if (pathLen) { output += DriverCommon::logBlockedHeaderSize(); @@ -78,10 +77,9 @@ void LogBuffer::readEntryBlocked(LogEntryBlocked *logEntry) const char *input = this->input(); - quint8 pathType; int blocked; quint32 pid, pathLen; - DriverCommon::logBlockedHeaderRead(input, &blocked, &pid, &pathType, &pathLen); + DriverCommon::logBlockedHeaderRead(input, &blocked, &pid, &pathLen); QString path; if (pathLen) { @@ -91,7 +89,6 @@ void LogBuffer::readEntryBlocked(LogEntryBlocked *logEntry) logEntry->setBlocked(blocked); logEntry->setPid(pid); - logEntry->setPathType(pathType); logEntry->setKernelPath(path); const int entrySize = int(DriverCommon::logBlockedSize(pathLen)); @@ -110,7 +107,7 @@ void LogBuffer::writeEntryBlockedIp(const LogEntryBlockedIp *logEntry) DriverCommon::logBlockedIpHeaderWrite(output, logEntry->inbound(), logEntry->blockReason(), logEntry->ipProto(), logEntry->localPort(), logEntry->remotePort(), logEntry->localIp(), - logEntry->remoteIp(), logEntry->pid(), logEntry->pathType(), pathLen); + logEntry->remoteIp(), logEntry->pid(), pathLen); if (pathLen) { output += DriverCommon::logBlockedIpHeaderSize(); @@ -127,7 +124,6 @@ void LogBuffer::readEntryBlockedIp(LogEntryBlockedIp *logEntry) const char *input = this->input(); int inbound; - quint8 pathType; quint8 blockReason; quint8 proto; quint16 localPort; @@ -135,7 +131,7 @@ void LogBuffer::readEntryBlockedIp(LogEntryBlockedIp *logEntry) quint32 localIp, remoteIp; quint32 pid, pathLen; DriverCommon::logBlockedIpHeaderRead(input, &inbound, &blockReason, &proto, &localPort, - &remotePort, &localIp, &remoteIp, &pid, &pathType, &pathLen); + &remotePort, &localIp, &remoteIp, &pid, &pathLen); QString path; if (pathLen) { @@ -151,7 +147,6 @@ void LogBuffer::readEntryBlockedIp(LogEntryBlockedIp *logEntry) logEntry->setRemotePort(remotePort); logEntry->setIpProto(proto); logEntry->setPid(pid); - logEntry->setPathType(pathType); logEntry->setKernelPath(path); const int entrySize = int(DriverCommon::logBlockedIpSize(pathLen)); @@ -168,7 +163,7 @@ void LogBuffer::writeEntryProcNew(const LogEntryProcNew *logEntry) char *output = this->output(); - DriverCommon::logProcNewHeaderWrite(output, logEntry->pid(), logEntry->pathType(), pathLen); + DriverCommon::logProcNewHeaderWrite(output, logEntry->pid(), pathLen); if (pathLen != 0) { output += DriverCommon::logProcNewHeaderSize(); @@ -184,9 +179,8 @@ void LogBuffer::readEntryProcNew(LogEntryProcNew *logEntry) const char *input = this->input(); - quint8 pathType; quint32 pid, pathLen; - DriverCommon::logProcNewHeaderRead(input, &pid, &pathType, &pathLen); + DriverCommon::logProcNewHeaderRead(input, &pid, &pathLen); QString path; if (pathLen != 0) { @@ -194,7 +188,6 @@ void LogBuffer::readEntryProcNew(LogEntryProcNew *logEntry) path = QString::fromWCharArray((const wchar_t *) input, pathLen / sizeof(wchar_t)); } - logEntry->setPathType(pathType); logEntry->setPid(pid); logEntry->setKernelPath(path); diff --git a/src/ui/log/logentryblocked.cpp b/src/ui/log/logentryblocked.cpp index 29892261..62203e1b 100644 --- a/src/ui/log/logentryblocked.cpp +++ b/src/ui/log/logentryblocked.cpp @@ -1,7 +1,9 @@ #include "logentryblocked.h" LogEntryBlocked::LogEntryBlocked(quint32 pid, const QString &kernelPath) : - m_blocked(true), m_pid(pid), m_kernelPath(kernelPath) + m_blocked(true), + m_pid(pid), + m_kernelPath(kernelPath) { } @@ -15,11 +17,6 @@ void LogEntryBlocked::setBlocked(bool blocked) m_blocked = blocked; } -void LogEntryBlocked::setPathType(quint8 v) -{ - m_pathType = v; -} - void LogEntryBlocked::setPid(quint32 pid) { m_pid = pid; diff --git a/src/ui/log/logentryblocked.h b/src/ui/log/logentryblocked.h index ffe2e120..8121d7d2 100644 --- a/src/ui/log/logentryblocked.h +++ b/src/ui/log/logentryblocked.h @@ -13,9 +13,6 @@ public: bool blocked() const { return m_blocked; } void setBlocked(bool blocked); - quint8 pathType() const { return m_pathType; } - void setPathType(quint8 v); - quint32 pid() const { return m_pid; } void setPid(quint32 pid); @@ -26,7 +23,6 @@ public: private: bool m_blocked : 1; - quint8 m_pathType = 0; quint32 m_pid = 0; QString m_kernelPath; }; diff --git a/src/ui/log/logentryprocnew.cpp b/src/ui/log/logentryprocnew.cpp index 7c00e834..6731a4c9 100644 --- a/src/ui/log/logentryprocnew.cpp +++ b/src/ui/log/logentryprocnew.cpp @@ -5,11 +5,6 @@ LogEntryProcNew::LogEntryProcNew(quint32 pid, const QString &kernelPath) : { } -void LogEntryProcNew::setPathType(quint8 v) -{ - m_pathType = v; -} - void LogEntryProcNew::setPid(quint32 pid) { m_pid = pid; diff --git a/src/ui/log/logentryprocnew.h b/src/ui/log/logentryprocnew.h index 530602de..bd491ca7 100644 --- a/src/ui/log/logentryprocnew.h +++ b/src/ui/log/logentryprocnew.h @@ -10,9 +10,6 @@ public: FortLogType type() const override { return FORT_LOG_TYPE_PROC_NEW; } - quint8 pathType() const { return m_pathType; } - void setPathType(quint8 v); - quint32 pid() const { return m_pid; } void setPid(quint32 pid); @@ -22,7 +19,6 @@ public: QString path() const; private: - quint8 m_pathType = 0; quint32 m_pid = 0; QString m_kernelPath; }; diff --git a/src/ui/model/appstatmodel.cpp b/src/ui/model/appstatmodel.cpp index 30962041..9b2e63a2 100644 --- a/src/ui/model/appstatmodel.cpp +++ b/src/ui/model/appstatmodel.cpp @@ -83,7 +83,7 @@ void AppStatModel::updateList() m_appIds.clear(); m_appIds.append(0); // All - statManager()->getStatAppList(list, m_appIds, m_pathTypes); + statManager()->getStatAppList(list, m_appIds); setList(list); } diff --git a/src/ui/model/appstatmodel.h b/src/ui/model/appstatmodel.h index 42fea0c5..7e2e9720 100644 --- a/src/ui/model/appstatmodel.h +++ b/src/ui/model/appstatmodel.h @@ -42,7 +42,6 @@ private: private: QVector m_appIds; - QVector m_pathTypes; }; #endif // APPSTATMODEL_H diff --git a/src/ui/stat/migrations/1.sql b/src/ui/stat/migrations/1.sql index 3487f7e1..8b0828e1 100644 --- a/src/ui/stat/migrations/1.sql +++ b/src/ui/stat/migrations/1.sql @@ -1,7 +1,6 @@ CREATE TABLE app( app_id INTEGER PRIMARY KEY, path TEXT NOT NULL, - path_type INTEGER NOT NULL DEFAULT 0, creat_time INTEGER NOT NULL ); diff --git a/src/ui/stat/statmanager.cpp b/src/ui/stat/statmanager.cpp index 6e706145..be9beb51 100644 --- a/src/ui/stat/statmanager.cpp +++ b/src/ui/stat/statmanager.cpp @@ -24,7 +24,7 @@ Q_LOGGING_CATEGORY(CLOG_STAT_MANAGER, "stat") #define logWarning() qCWarning(CLOG_STAT_MANAGER, ) #define logCritical() qCCritical(CLOG_STAT_MANAGER, ) -#define DATABASE_USER_VERSION 5 +#define DATABASE_USER_VERSION 4 #define ACTIVE_PERIOD_CHECK_SECS (60 * OS_TICKS_PER_SECOND) @@ -51,10 +51,6 @@ bool migrateFunc(SqliteDb *db, int version, bool isNewDb, void *ctx) "app_id, traf_time, in_bytes, out_bytes"); db->executeStr(sql); } break; - case 5: { - // COMPAT: app.flags - db->execute("UPDATE app SET path_type = 1 WHERE path = 'System';"); - } break; } return true; @@ -284,14 +280,13 @@ void StatManager::clearAppIdCache() bool StatManager::logProcNew(const LogEntryProcNew &entry, qint64 unixTime) { - const quint8 pathType = entry.pathType(); const quint32 pid = entry.pid(); const QString &appPath = entry.path(); Q_ASSERT(!m_appPidPathMap.contains(pid)); - m_appPidPathMap.insert(pid, { pathType, appPath }); + m_appPidPathMap.insert(pid, appPath); - return getOrCreateAppId(appPath, pathType, unixTime) != INVALID_APP_ID; + return getOrCreateAppId(appPath, unixTime) != INVALID_APP_ID; } bool StatManager::logStatTraf(const LogEntryStatTraf &entry, qint64 unixTime) @@ -375,7 +370,7 @@ bool StatManager::logBlockedIp(const LogEntryBlockedIp &entry, qint64 unixTime) bool ok = false; sqliteDb()->beginTransaction(); - const qint64 appId = getOrCreateAppId(entry.path(), entry.pathType(), unixTime); + const qint64 appId = getOrCreateAppId(entry.path(), unixTime); if (appId != INVALID_APP_ID) { ok = createConnBlock(entry, unixTime, appId); } @@ -505,13 +500,12 @@ qint64 StatManager::getAppId(const QString &appPath) return appId; } -qint64 StatManager::createAppId(const QString &appPath, quint8 pathType, qint64 unixTime) +qint64 StatManager::createAppId(const QString &appPath, qint64 unixTime) { SqliteStmt *stmt = sqliteDb()->stmt(StatSql::sqlInsertAppId); stmt->bindText(1, appPath); - stmt->bindInt(2, pathType); - stmt->bindInt64(3, unixTime); + stmt->bindInt64(2, unixTime); if (sqliteDb()->done(stmt)) { return sqliteDb()->lastInsertRowid(); @@ -520,7 +514,7 @@ qint64 StatManager::createAppId(const QString &appPath, quint8 pathType, qint64 return INVALID_APP_ID; } -qint64 StatManager::getOrCreateAppId(const QString &appPath, quint8 pathType, qint64 unixTime) +qint64 StatManager::getOrCreateAppId(const QString &appPath, qint64 unixTime) { qint64 appId = getCachedAppId(appPath); if (appId == INVALID_APP_ID) { @@ -529,7 +523,7 @@ qint64 StatManager::getOrCreateAppId(const QString &appPath, quint8 pathType, qi if (unixTime == 0) { unixTime = DateUtil::getUnixTime(); } - appId = createAppId(appPath, pathType, unixTime); + appId = createAppId(appPath, unixTime); } Q_ASSERT(appId != INVALID_APP_ID); @@ -580,15 +574,13 @@ void StatManager::deleteOldTraffic(qint32 trafHour) doStmtList(deleteTrafStmts); } -void StatManager::getStatAppList( - QStringList &list, QVector &appIds, QVector &pathTypes) +void StatManager::getStatAppList(QStringList &list, QVector &appIds) { SqliteStmt *stmt = sqliteDb()->stmt(StatSql::sqlSelectStatAppList); while (stmt->step() == SqliteStmt::StepRow) { appIds.append(stmt->columnInt64(0)); - pathTypes.append(stmt->columnInt(1)); - list.append(stmt->columnText(2)); + list.append(stmt->columnText(1)); } stmt->reset(); } @@ -600,9 +592,7 @@ void StatManager::logTrafBytes(const QStmtList &insertStmtList, const QStmtList const bool inactive = (pidFlag & 1) != 0; const quint32 pid = pidFlag & ~quint32(1); - const AppPathInfo appPathInfo = m_appPidPathMap.value(pid); - const quint8 pathType = appPathInfo.pathType; - const QString appPath = appPathInfo.path; + const QString appPath = m_appPidPathMap.value(pid); if (Q_UNLIKELY(appPath.isEmpty())) { logCritical() << "UI & Driver's states mismatch! Expected processes:" @@ -617,7 +607,7 @@ void StatManager::logTrafBytes(const QStmtList &insertStmtList, const QStmtList if (inBytes == 0 && outBytes == 0) return; - const qint64 appId = getOrCreateAppId(appPath, pathType, unixTime); + const qint64 appId = getOrCreateAppId(appPath, unixTime); Q_ASSERT(appId != INVALID_APP_ID); if (m_isActivePeriod) { diff --git a/src/ui/stat/statmanager.h b/src/ui/stat/statmanager.h index 1268e3fb..c67ef6a4 100644 --- a/src/ui/stat/statmanager.h +++ b/src/ui/stat/statmanager.h @@ -49,7 +49,7 @@ public: bool logBlockedIp(const LogEntryBlockedIp &entry, qint64 unixTime); - void getStatAppList(QStringList &list, QVector &appIds, QVector &pathTypes); + void getStatAppList(QStringList &list, QVector &appIds); virtual bool deleteStatApp(qint64 appId); @@ -112,8 +112,8 @@ private: bool deleteOldConnBlock(); qint64 getAppId(const QString &appPath); - qint64 createAppId(const QString &appPath, quint8 pathType, qint64 unixTime); - qint64 getOrCreateAppId(const QString &appPath, quint8 pathType, qint64 unixTime = 0); + qint64 createAppId(const QString &appPath, qint64 unixTime); + qint64 getOrCreateAppId(const QString &appPath, qint64 unixTime = 0); bool deleteAppId(qint64 appId); void deleteOldTraffic(qint32 trafHour); @@ -169,13 +169,7 @@ private: SqliteDb *m_sqliteDb = nullptr; - struct AppPathInfo - { - quint8 pathType = 0; - QString path; - }; - - QHash m_appPidPathMap; // pid -> appPath + QHash m_appPidPathMap; // pid -> appPath QHash m_appPathIdCache; // appPath -> appId TriggerTimer m_connChangedTimer; diff --git a/src/ui/stat/statsql.cpp b/src/ui/stat/statsql.cpp index 6e0bb4e4..a95aa8fb 100644 --- a/src/ui/stat/statsql.cpp +++ b/src/ui/stat/statsql.cpp @@ -2,14 +2,13 @@ const char *const StatSql::sqlSelectAppId = "SELECT app_id FROM app WHERE path = ?1;"; -const char *const StatSql::sqlInsertAppId = "INSERT INTO app(path, path_type, creat_time)" - " VALUES(?1, ?2, ?3);"; +const char *const StatSql::sqlInsertAppId = "INSERT INTO app(path, creat_time) VALUES(?1, ?3);"; const char *const StatSql::sqlDeleteAppId = "DELETE FROM app WHERE app_id = ?1;"; const char *const StatSql::sqlSelectStatAppExists = "SELECT 1 FROM traffic_app WHERE app_id = ?1;"; -const char *const StatSql::sqlSelectStatAppList = "SELECT t.app_id, t.path_type, t.path FROM app t" +const char *const StatSql::sqlSelectStatAppList = "SELECT t.app_id, t.path FROM app t" " JOIN traffic_app ta ON ta.app_id = t.app_id" " ORDER BY t.app_id;";