Driver: Log "inbound" state of blocked connection.

2024-11-15 10:25:10 +00:00 · 2021-02-13 10:37:33 +05:00 · 2021-02-13 10:37:33 +05:00 · a3ca7f3ecc
commit a3ca7f3ecc
parent 36087de0ef
21 changed files with 195 additions and 127 deletions
--- a/src/driver/common/fortlog.c
+++ b/src/driver/common/fortlog.c
@ -30,13 +30,13 @@ FORT_API void fort_log_blocked_header_read(
    *pid = *up;
 }
-void fort_log_blocked_ip_header_write(char *p, UCHAR block_reason, UCHAR ip_proto,
+void fort_log_blocked_ip_header_write(char *p, BOOL inbound, UCHAR block_reason, UCHAR ip_proto,
        UINT16 local_port, UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip, UINT32 pid,
        UINT32 path_len)
 {
    UINT32 *up = (UINT32 *) p;
-    *up++ = FORT_LOG_FLAG_BLOCKED_IP | path_len;
+    *up++ = FORT_LOG_FLAG_BLOCKED_IP | (inbound ? FORT_LOG_FLAG_IP_INBOUND : 0) | path_len;
    *up++ = block_reason | ((UINT32) ip_proto << 16);
    *up++ = local_port | ((UINT32) remote_port << 16);
    *up++ = local_ip;
@ -44,24 +44,25 @@ void fort_log_blocked_ip_header_write(char *p, UCHAR block_reason, UCHAR ip_prot
    *up = pid;
 }
-void fort_log_blocked_ip_write(char *p, UCHAR block_reason, UCHAR ip_proto, UINT16 local_port,
+void fort_log_blocked_ip_write(char *p, BOOL inbound, UCHAR block_reason, UCHAR ip_proto,
-        UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip, UINT32 pid, UINT32 path_len,
+        UINT16 local_port, UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip, UINT32 pid,
-        const char *path)
+        UINT32 path_len, const char *path)
 {
-    fort_log_blocked_ip_header_write(
+    fort_log_blocked_ip_header_write(p, inbound, block_reason, ip_proto, local_port, remote_port,
-            p, block_reason, ip_proto, local_port, remote_port, local_ip, remote_ip, pid, path_len);
+            local_ip, remote_ip, pid, path_len);
    if (path_len != 0) {
        RtlCopyMemory(p + FORT_LOG_BLOCKED_IP_HEADER_SIZE, path, path_len);
    }
 }
-void fort_log_blocked_ip_header_read(const char *p, UCHAR *block_reason, UCHAR *ip_proto,
+void fort_log_blocked_ip_header_read(const char *p, BOOL *inbound, UCHAR *block_reason,
-        UINT16 *local_port, UINT16 *remote_port, UINT32 *local_ip, UINT32 *remote_ip, UINT32 *pid,
+        UCHAR *ip_proto, UINT16 *local_port, UINT16 *remote_port, UINT32 *local_ip,
-        UINT32 *path_len)
+        UINT32 *remote_ip, UINT32 *pid, UINT32 *path_len)
 {
    const UINT32 *up = (const UINT32 *) p;
    *inbound = (*up & FORT_LOG_FLAG_IP_INBOUND) != 0;
    *path_len = (*up++ & ~FORT_LOG_FLAG_EX_MASK);
    *block_reason = *((const UCHAR *) up);
    *ip_proto = (UCHAR)(*up++ >> 16);
--- a/src/driver/common/fortlog.h
+++ b/src/driver/common/fortlog.h
@ -13,6 +13,7 @@
 #define FORT_LOG_FLAG_STAT_TRAF     0x02000000
 #define FORT_LOG_FLAG_TIME          0x04000000
 #define FORT_LOG_FLAG_BLOCKED_ALLOW 0x10000000
 #define FORT_LOG_FLAG_IP_INBOUND    0x10000000
 #define FORT_LOG_FLAG_TYPE_MASK     0x0FF00000
 #define FORT_LOG_FLAG_OPT_MASK      0xF0000000
 #define FORT_LOG_FLAG_EX_MASK       (FORT_LOG_FLAG_TYPE_MASK | FORT_LOG_FLAG_OPT_MASK)
@ -64,17 +65,17 @@ FORT_API void fort_log_blocked_write(
 FORT_API void fort_log_blocked_header_read(
        const char *p, BOOL *blocked, UINT32 *pid, UINT32 *path_len);
-FORT_API void fort_log_blocked_ip_header_write(char *p, UCHAR block_reason, UCHAR ip_proto,
+FORT_API void fort_log_blocked_ip_header_write(char *p, BOOL inbound, UCHAR block_reason,
-        UINT16 local_port, UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip, UINT32 pid,
+        UCHAR ip_proto, UINT16 local_port, UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip,
-        UINT32 path_len);
+        UINT32 pid, UINT32 path_len);
-FORT_API void fort_log_blocked_ip_write(char *p, UCHAR block_reason, UCHAR ip_proto,
+FORT_API void fort_log_blocked_ip_write(char *p, BOOL inbound, UCHAR block_reason, UCHAR ip_proto,
        UINT16 local_port, UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip, UINT32 pid,
        UINT32 path_len, const char *path);
-FORT_API void fort_log_blocked_ip_header_read(const char *p, UCHAR *block_reason, UCHAR *ip_proto,
+FORT_API void fort_log_blocked_ip_header_read(const char *p, BOOL *inbound, UCHAR *block_reason,
-        UINT16 *local_port, UINT16 *remote_port, UINT32 *local_ip, UINT32 *remote_ip, UINT32 *pid,
+        UCHAR *ip_proto, UINT16 *local_port, UINT16 *remote_port, UINT32 *local_ip,
-        UINT32 *path_len);
+        UINT32 *remote_ip, UINT32 *pid, UINT32 *path_len);
 FORT_API void fort_log_proc_new_header_write(char *p, UINT32 pid, UINT32 path_len);
--- a/src/driver/fortbuf.c
+++ b/src/driver/fortbuf.c
@ -162,9 +162,9 @@ FORT_API NTSTATUS fort_buffer_blocked_write(PFORT_BUFFER buf, BOOL blocked, UINT
    return status;
 }
-NTSTATUS fort_buffer_blocked_ip_write(PFORT_BUFFER buf, UCHAR block_reason, UCHAR ip_proto,
+NTSTATUS fort_buffer_blocked_ip_write(PFORT_BUFFER buf, BOOL inbound, UCHAR block_reason,
-        UINT16 local_port, UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip, UINT32 pid,
+        UCHAR ip_proto, UINT16 local_port, UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip,
-        UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info)
+        UINT32 pid, UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info)
 {
    KLOCK_QUEUE_HANDLE lock_queue;
    NTSTATUS status;
@ -181,7 +181,7 @@ NTSTATUS fort_buffer_blocked_ip_write(PFORT_BUFFER buf, UCHAR block_reason, UCHA
        status = fort_buffer_prepare(buf, len, &out, irp, info);
        if (NT_SUCCESS(status)) {
-            fort_log_blocked_ip_write(out, block_reason, ip_proto, local_port, remote_port,
+            fort_log_blocked_ip_write(out, inbound, block_reason, ip_proto, local_port, remote_port,
                    local_ip, remote_ip, pid, path_len, path);
        }
    }
--- a/src/driver/fortbuf.h
+++ b/src/driver/fortbuf.h
@ -43,9 +43,9 @@ FORT_API NTSTATUS fort_buffer_prepare(
 FORT_API NTSTATUS fort_buffer_blocked_write(PFORT_BUFFER buf, BOOL blocked, UINT32 pid,
        UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info);
-FORT_API NTSTATUS fort_buffer_blocked_ip_write(PFORT_BUFFER buf, UCHAR block_reason, UCHAR ip_proto,
+FORT_API NTSTATUS fort_buffer_blocked_ip_write(PFORT_BUFFER buf, BOOL inbound, UCHAR block_reason,
-        UINT16 local_port, UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip, UINT32 pid,
+        UCHAR ip_proto, UINT16 local_port, UINT16 remote_port, UINT32 local_ip, UINT32 remote_ip,
-        UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info);
+        UINT32 pid, UINT32 path_len, const PVOID path, PIRP *irp, ULONG_PTR *info);
 FORT_API NTSTATUS fort_buffer_proc_new_write(PFORT_BUFFER buf, UINT32 pid, UINT32 path_len,
        const PVOID path, PIRP *irp, ULONG_PTR *info);
--- a/src/driver/fortdrv.c
+++ b/src/driver/fortdrv.c
@ -81,7 +81,7 @@ static void fort_callout_classify_continue(FWPS_CLASSIFY_OUT0 *classifyOut)
 static void fort_callout_classify_v4(const FWPS_INCOMING_VALUES0 *inFixedValues,
        const FWPS_INCOMING_METADATA_VALUES0 *inMetaValues, const FWPS_FILTER0 *filter,
        FWPS_CLASSIFY_OUT0 *classifyOut, int flagsField, int localIpField, int remoteIpField,
-        int localPortField, int remotePortField, int ipProtoField)
+        int localPortField, int remotePortField, int ipProtoField, BOOL inbound)
 {
    PIRP irp = NULL;
    ULONG_PTR info;
@ -195,7 +195,7 @@ block_log:
        const UINT16 remote_port = inFixedValues->incomingValue[remotePortField].value.uint16;
        const IPPROTO ip_proto = (IPPROTO) inFixedValues->incomingValue[ipProtoField].value.uint8;
-        fort_buffer_blocked_ip_write(&g_device->buffer, block_reason, ip_proto, local_port,
+        fort_buffer_blocked_ip_write(&g_device->buffer, inbound, block_reason, ip_proto, local_port,
                remote_port, local_ip, remote_ip, process_id, path_len, path, &irp, &info);
    }
@ -226,7 +226,7 @@ static void NTAPI fort_callout_connect_v4(const FWPS_INCOMING_VALUES0 *inFixedVa
            FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_REMOTE_ADDRESS,
            FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_LOCAL_PORT,
            FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_REMOTE_PORT,
-            FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_PROTOCOL);
+            FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_PROTOCOL, FALSE);
 }
 static void NTAPI fort_callout_accept_v4(const FWPS_INCOMING_VALUES0 *inFixedValues,
@ -242,7 +242,7 @@ static void NTAPI fort_callout_accept_v4(const FWPS_INCOMING_VALUES0 *inFixedVal
            FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_REMOTE_ADDRESS,
            FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_LOCAL_PORT,
            FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_REMOTE_PORT,
-            FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_PROTOCOL);
+            FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_IP_PROTOCOL, TRUE);
 }
 static NTSTATUS NTAPI fort_callout_notify(
--- a/src/tests/LogBufferTest/tst_logbuffer.h
+++ b/src/tests/LogBufferTest/tst_logbuffer.h
@ -71,38 +71,42 @@ TEST_F(LogBufferTest, BlockedIpWriteRead)
    LogBuffer buf(entrySize * testCount);
-    const quint8 blockReason = 7;
+    LogEntryBlockedIp entry;
-    const quint8 proto = 6;
+    entry.setKernelPath(path);
    const quint16 localPort = 5;
    const quint16 remotePort = 4;
    const quint32 localIp = 3;
    const quint32 remoteIp = 2;
    const quint32 pid = 1;
    LogEntryBlockedIp entry(
            blockReason, proto, localPort, remotePort, localIp, remoteIp, pid, path);
    // Write
    for (int i = 0; i < testCount; ++i) {
        int v = i;
        entry.setInbound((v & 1) != 0);
        entry.setBlockReason(++v);
        entry.setIpProto(++v);
        entry.setLocalPort(++v);
        entry.setRemotePort(++v);
        entry.setLocalIp(++v);
        entry.setRemoteIp(++v);
        entry.setPid(++v);
        buf.writeEntryBlockedIp(&entry);
    }
    // Read
-    int readCount = 0;
+    int index = 0;
    while (buf.peekEntryType() == LogEntry::AppBlockedIp) {
        buf.readEntryBlockedIp(&entry);
        int v = index++;
        ASSERT_EQ(entry.type(), LogEntry::AppBlockedIp);
-        ASSERT_EQ(entry.proto(), proto);
+        ASSERT_EQ(entry.inbound(), (v & 1) != 0);
-        ASSERT_EQ(entry.localPort(), localPort);
+        ASSERT_EQ(entry.blockReason(), ++v);
-        ASSERT_EQ(entry.remotePort(), remotePort);
+        ASSERT_EQ(entry.ipProto(), ++v);
-        ASSERT_EQ(entry.localIp(), localIp);
+        ASSERT_EQ(entry.localPort(), ++v);
-        ASSERT_EQ(entry.remoteIp(), remoteIp);
+        ASSERT_EQ(entry.remotePort(), ++v);
-        ASSERT_EQ(entry.pid(), pid);
+        ASSERT_EQ(entry.localIp(), ++v);
        ASSERT_EQ(entry.remoteIp(), ++v);
        ASSERT_EQ(entry.pid(), ++v);
        ASSERT_EQ(entry.kernelPath(), path);
        ++readCount;
    }
-    ASSERT_EQ(readCount, testCount);
+    ASSERT_EQ(index, testCount);
 }
 TEST_F(LogBufferTest, TimeWriteRead)
--- a/src/ui/form/opt/pages/statisticspage.cpp
+++ b/src/ui/form/opt/pages/statisticspage.cpp
@ -38,8 +38,8 @@ namespace {
 const ValuesList trafKeepDayValues = { 60, -1, 90, 180, 365, 365 * 3, 365 * 5, 365 * 10 };
 const ValuesList trafKeepMonthValues = { 2, -1, 3, 6, 12, 12 * 3, 12 * 5, 12 * 10 };
-const ValuesList logIpKeepCountValues = { 1000, -1, 1000, 5000, 10000, 50000, 100000, 500000,
+const ValuesList logIpKeepCountValues = { 3000, 1000, 5000, 10000, 50000, 100000, 500000, 1000000,
-    1000000, 5000000, 10000000 };
+    5000000, 10000000 };
 const ValuesList quotaValues = { 10, 0, 100, 500, 1024, 8 * 1024, 10 * 1024, 30 * 1024, 50 * 1024,
    100 * 1024 };
@ -209,8 +209,8 @@ void StatisticsPage::retranslateQuotaNames()
 void StatisticsPage::retranslateIpKeepCountNames()
 {
-    const QStringList list = { tr("Custom"), tr("Forever"), "1K", "5K", "10K", "50K", "100K",
+    const QStringList list = { tr("Custom"), "1K", "5K", "10K", "50K", "100K", "500K", "1M", "5M",
-        "500K", "1M", "5M", "10M" };
+        "10M" };
    m_lscAllowedIpKeepCount->setNames(list);
    m_lscBlockedIpKeepCount->setNames(list);
@ -607,7 +607,7 @@ void StatisticsPage::setupQuotaMonthMb()
 void StatisticsPage::setupAllowedIpKeepCount()
 {
    m_lscAllowedIpKeepCount = new LabelSpinCombo();
-    m_lscAllowedIpKeepCount->spinBox()->setRange(-1, 999999999);
+    m_lscAllowedIpKeepCount->spinBox()->setRange(0, 999999999);
    m_lscAllowedIpKeepCount->setValues(logIpKeepCountValues);
    connect(m_lscAllowedIpKeepCount->spinBox(), QOverload<int>::of(&QSpinBox::valueChanged), this,
@ -624,7 +624,7 @@ void StatisticsPage::setupAllowedIpKeepCount()
 void StatisticsPage::setupBlockedIpKeepCount()
 {
    m_lscBlockedIpKeepCount = new LabelSpinCombo();
-    m_lscBlockedIpKeepCount->spinBox()->setRange(-1, 999999999);
+    m_lscBlockedIpKeepCount->spinBox()->setRange(0, 999999999);
    m_lscBlockedIpKeepCount->setValues(logIpKeepCountValues);
    connect(m_lscBlockedIpKeepCount->spinBox(), QOverload<int>::of(&QSpinBox::valueChanged), this,
--- a/src/ui/fortcommon.cpp
+++ b/src/ui/fortcommon.cpp
@ -138,20 +138,20 @@ void FortCommon::logBlockedHeaderRead(
    fort_log_blocked_header_read(input, blocked, pid, pathLen);
 }
-void FortCommon::logBlockedIpHeaderWrite(char *output, quint8 blockReason, quint8 ipProto,
+void FortCommon::logBlockedIpHeaderWrite(char *output, int inbound, quint8 blockReason,
-        quint16 localPort, quint16 remotePort, quint32 localIp, quint32 remoteIp, quint32 pid,
+        quint8 ipProto, quint16 localPort, quint16 remotePort, quint32 localIp, quint32 remoteIp,
-        quint32 pathLen)
+        quint32 pid, quint32 pathLen)
 {
-    fort_log_blocked_ip_header_write(
+    fort_log_blocked_ip_header_write(output, inbound, blockReason, ipProto, localPort, remotePort,
-            output, blockReason, ipProto, localPort, remotePort, localIp, remoteIp, pid, pathLen);
+            localIp, remoteIp, pid, pathLen);
 }
-void FortCommon::logBlockedIpHeaderRead(const char *input, quint8 *blockReason, quint8 *ipProto,
+void FortCommon::logBlockedIpHeaderRead(const char *input, int *inbound, quint8 *blockReason,
-        quint16 *localPort, quint16 *remotePort, quint32 *localIp, quint32 *remoteIp, quint32 *pid,
+        quint8 *ipProto, quint16 *localPort, quint16 *remotePort, quint32 *localIp,
-        quint32 *pathLen)
+        quint32 *remoteIp, quint32 *pid, quint32 *pathLen)
 {
-    fort_log_blocked_ip_header_read(
+    fort_log_blocked_ip_header_read(input, inbound, blockReason, ipProto, localPort, remotePort,
-            input, blockReason, ipProto, localPort, remotePort, localIp, remoteIp, pid, pathLen);
+            localIp, remoteIp, pid, pathLen);
 }
 void FortCommon::logProcNewHeaderWrite(char *output, quint32 pid, quint32 pathLen)
--- a/src/ui/fortcommon.h
+++ b/src/ui/fortcommon.h
@ -51,12 +51,12 @@ public:
    static void logBlockedHeaderRead(
            const char *input, int *blocked, quint32 *pid, quint32 *pathLen);
-    static void logBlockedIpHeaderWrite(char *output, quint8 blockReason, quint8 ipProto,
+    static void logBlockedIpHeaderWrite(char *output, int inbound, quint8 blockReason,
-            quint16 localPort, quint16 remotePort, quint32 localIp, quint32 remoteIp, quint32 pid,
+            quint8 ipProto, quint16 localPort, quint16 remotePort, quint32 localIp,
-            quint32 pathLen);
+            quint32 remoteIp, quint32 pid, quint32 pathLen);
-    static void logBlockedIpHeaderRead(const char *input, quint8 *blockReason, quint8 *ipProto,
+    static void logBlockedIpHeaderRead(const char *input, int *inbound, quint8 *blockReason,
-            quint16 *localPort, quint16 *remotePort, quint32 *localIp, quint32 *remoteIp,
+            quint8 *ipProto, quint16 *localPort, quint16 *remotePort, quint32 *localIp,
-            quint32 *pid, quint32 *pathLen);
+            quint32 *remoteIp, quint32 *pid, quint32 *pathLen);
    static void logProcNewHeaderWrite(char *output, quint32 pid, quint32 pathLen);
    static void logProcNewHeaderRead(const char *input, quint32 *pid, quint32 *pathLen);
--- a/src/ui/fortmanager.cpp
+++ b/src/ui/fortmanager.cpp
@ -71,8 +71,8 @@ FortManager::FortManager(FortSettings *fortSettings, QObject *parent) :
    m_appInfoCache(new AppInfoCache(this)),
    m_appListModel(new AppListModel(m_confManager, this)),
    m_appStatModel(new AppStatModel(m_statManager, this)),
-    m_connListModel(new ConnListModel(m_confManager, this)),
+    m_zoneListModel(new ZoneListModel(m_confManager, this)),
-    m_zoneListModel(new ZoneListModel(m_confManager, this))
+    m_connListModel(new ConnListModel(m_statManager, this))
 {
    setupTranslationManager();
    setupThreadPool();
--- a/src/ui/fortmanager.h
+++ b/src/ui/fortmanager.h
@ -54,8 +54,8 @@ public:
    TaskManager *taskManager() const { return m_taskManager; }
    AppListModel *appListModel() const { return m_appListModel; }
    AppStatModel *appStatModel() const { return m_appStatModel; }
    ConnListModel *connListModel() const { return m_connListModel; }
    ZoneListModel *zoneListModel() const { return m_zoneListModel; }
    ConnListModel *connListModel() const { return m_connListModel; }
 signals:
    void optWindowChanged();
@ -237,8 +237,8 @@ private:
    AppListModel *m_appListModel = nullptr;
    AppStatModel *m_appStatModel = nullptr;
    ConnListModel *m_connListModel = nullptr;
    ZoneListModel *m_zoneListModel = nullptr;
    ConnListModel *m_connListModel = nullptr;
 };
 #endif // FORTMANAGER_H
--- a/src/ui/log/logbuffer.cpp
+++ b/src/ui/log/logbuffer.cpp
@ -104,8 +104,8 @@ void LogBuffer::writeEntryBlockedIp(const LogEntryBlockedIp *logEntry)
    char *output = this->output();
-    FortCommon::logBlockedIpHeaderWrite(output, logEntry->blockReason(), logEntry->proto(),
+    FortCommon::logBlockedIpHeaderWrite(output, logEntry->inbound(), logEntry->blockReason(),
-            logEntry->localPort(), logEntry->remotePort(), logEntry->localIp(),
+            logEntry->ipProto(), logEntry->localPort(), logEntry->remotePort(), logEntry->localIp(),
            logEntry->remoteIp(), logEntry->pid(), pathLen);
    if (pathLen) {
@ -122,14 +122,15 @@ void LogBuffer::readEntryBlockedIp(LogEntryBlockedIp *logEntry)
    const char *input = this->input();
    int inbound;
    quint8 blockReason;
    quint8 proto;
    quint16 localPort;
    quint16 remotePort;
    quint32 localIp, remoteIp;
    quint32 pid, pathLen;
-    FortCommon::logBlockedIpHeaderRead(input, &blockReason, &proto, &localPort, &remotePort,
+    FortCommon::logBlockedIpHeaderRead(input, &inbound, &blockReason, &proto, &localPort,
-            &localIp, &remoteIp, &pid, &pathLen);
+            &remotePort, &localIp, &remoteIp, &pid, &pathLen);
    QString path;
    if (pathLen) {
@ -137,12 +138,13 @@ void LogBuffer::readEntryBlockedIp(LogEntryBlockedIp *logEntry)
        path = QString::fromWCharArray((const wchar_t *) input, pathLen / int(sizeof(wchar_t)));
    }
    logEntry->setInbound(inbound != 0);
    logEntry->setBlockReason(blockReason);
    logEntry->setLocalIp(localIp);
    logEntry->setRemoteIp(remoteIp);
    logEntry->setLocalPort(localPort);
    logEntry->setRemotePort(remotePort);
-    logEntry->setProto(proto);
+    logEntry->setIpProto(proto);
    logEntry->setPid(pid);
    logEntry->setKernelPath(path);
--- a/src/ui/log/logentryblockedip.cpp
+++ b/src/ui/log/logentryblockedip.cpp
@ -1,11 +1,11 @@
 #include "logentryblockedip.h"
-LogEntryBlockedIp::LogEntryBlockedIp(quint8 blockReason, quint8 proto, quint16 localPort,
+LogEntryBlockedIp::LogEntryBlockedIp(quint8 blockReason, quint8 ipProto, quint16 localPort,
        quint16 remotePort, quint32 localIp, quint32 remoteIp, quint32 pid,
        const QString &kernelPath) :
    LogEntryBlocked(pid, kernelPath),
    m_blockReason(blockReason),
-    m_proto(proto),
+    m_ipProto(ipProto),
    m_localPort(localPort),
    m_remotePort(remotePort),
    m_localIp(localIp),
@ -13,14 +13,19 @@ LogEntryBlockedIp::LogEntryBlockedIp(quint8 blockReason, quint8 proto, quint16 l
 {
 }
 void LogEntryBlockedIp::setInbound(bool inbound)
 {
    m_inbound = inbound;
 }
 void LogEntryBlockedIp::setBlockReason(quint8 blockReason)
 {
    m_blockReason = blockReason;
 }
-void LogEntryBlockedIp::setProto(quint8 proto)
+void LogEntryBlockedIp::setIpProto(quint8 proto)
 {
-    m_proto = proto;
+    m_ipProto = proto;
 }
 void LogEntryBlockedIp::setLocalPort(quint16 port)
--- a/src/ui/log/logentryblockedip.h
+++ b/src/ui/log/logentryblockedip.h
@ -17,17 +17,20 @@ public:
        ReasonAppGroupDefault
    };
-    explicit LogEntryBlockedIp(quint8 blockReason = 0, quint8 proto = 0, quint16 localPort = 0,
+    explicit LogEntryBlockedIp(quint8 blockReason = 0, quint8 ipProto = 0, quint16 localPort = 0,
            quint16 remotePort = 0, quint32 localIp = 0, quint32 remoteIp = 0, quint32 pid = 0,
            const QString &kernelPath = QString());
    LogEntry::LogType type() const override { return AppBlockedIp; }
    bool inbound() const { return m_inbound; }
    void setInbound(bool inbound);
    quint8 blockReason() const { return m_blockReason; }
    void setBlockReason(quint8 blockReason);
-    quint8 proto() const { return m_proto; }
+    quint8 ipProto() const { return m_ipProto; }
-    void setProto(quint8 proto);
+    void setIpProto(quint8 proto);
    quint16 localPort() const { return m_localPort; }
    void setLocalPort(quint16 port);
@ -42,8 +45,9 @@ public:
    void setRemoteIp(quint32 ip);
 private:
    bool m_inbound = false;
    quint8 m_blockReason = 0;
-    quint8 m_proto = 0;
+    quint8 m_ipProto = 0;
    quint16 m_localPort = 0;
    quint16 m_remotePort = 0;
    quint32 m_localIp = 0;
--- a/src/ui/model/connlistmodel.cpp
+++ b/src/ui/model/connlistmodel.cpp
@ -2,21 +2,16 @@
 #include "../log/logentryblockedip.h"
-ConnListModel::ConnListModel(ConfManager *confManager, QObject *parent) :
+ConnListModel::ConnListModel(StatManager *statManager, QObject *parent) :
-    StringListModel(parent), m_confManager(confManager)
+    TableItemModel(parent), m_statManager(statManager)
 {
 }
 void ConnListModel::setAppPath(const QString &appPath)
 {
    m_appPath = appPath;
 }
 void ConnListModel::handleLogBlockedIp(const LogEntryBlockedIp &logEntry)
 {
 #if 0
    const QString appPath = logEntry.path();
 #if 0
    const QString ipText = NetUtil::ip4ToText(logEntry.ip())
            + ", " + NetUtil::protocolName(logEntry.proto())
            + ':' + QString::number(logEntry.port());
@ -28,9 +23,57 @@ void ConnListModel::handleLogBlockedIp(const LogEntryBlockedIp &logEntry)
 #endif
 }
-void ConnListModel::clear()
+int ConnListModel::rowCount(const QModelIndex &parent) const
 {
-    m_appPath = QString();
+    Q_UNUSED(parent);
-    StringListModel::clear();
+    return m_connCount;
 }
 int ConnListModel::columnCount(const QModelIndex &parent) const
 {
    return parent.isValid() ? 0 : 4;
 }
 QVariant ConnListModel::headerData(int section, Qt::Orientation orientation, int role) const
 {
    if (orientation == Qt::Horizontal && role == Qt::DisplayRole) {
        switch (section) {
        case 0:
            return tr("Date");
        case 1:
            return tr("Download");
        case 2:
            return tr("Upload");
        case 3:
            return tr("Sum");
        }
    }
    return QVariant();
 }
 QVariant ConnListModel::data(const QModelIndex &index, int role) const
 {
    if (!index.isValid())
        return QVariant();
    if (role == Qt::DisplayRole) {
 //        const int row = index.row();
 //        const int column = index.column();
 //        updateRowCache(row);
 //        switch (column) {
 //        case 0:
 //            return formatTrafTime(m_rowCache.trafTime);
 //        case 1:
 //            return formatTrafUnit(m_rowCache.inBytes);
 //        case 2:
 //            return formatTrafUnit(m_rowCache.outBytes);
 //        case 3:
 //            return formatTrafUnit(m_rowCache.inBytes + m_rowCache.outBytes);
 //        }
    }
    return QVariant();
 }
--- a/src/ui/model/connlistmodel.h
+++ b/src/ui/model/connlistmodel.h
@ -1,30 +1,38 @@
 #ifndef CONNLISTMODEL_H
 #define CONNLISTMODEL_H
-#include "../util/model/stringlistmodel.h"
+#include "../util/model/tableitemmodel.h"
 class ConfManager;
 class LogEntryBlockedIp;
 class StatManager;
-class ConnListModel : public StringListModel
+struct ConnRow : CacheRow
 {
    qint32 trafTime = 0;
 };
 class ConnListModel : public TableItemModel
 {
    Q_OBJECT
 public:
-    explicit ConnListModel(ConfManager *confManager, QObject *parent = nullptr);
+    explicit ConnListModel(StatManager *statManager, QObject *parent = nullptr);
    QString appPath() const { return m_appPath; }
    void setAppPath(const QString &appPath);
    void handleLogBlockedIp(const LogEntryBlockedIp &logEntry);
-public slots:
+    int rowCount(const QModelIndex &parent = QModelIndex()) const override;
-    void clear() override;
+    int columnCount(const QModelIndex &parent = QModelIndex()) const override;
    QVariant headerData(
            int section, Qt::Orientation orientation, int role = Qt::DisplayRole) const override;
    QVariant data(const QModelIndex &index, int role = Qt::DisplayRole) const override;
 private:
-    ConfManager *m_confManager = nullptr;
+    StatManager *m_statManager = nullptr;
-    QString m_appPath;
+    int m_connCount = 0;
    mutable ConnRow m_rowCache;
 };
 #endif // CONNLISTMODEL_H
--- a/src/ui/model/traflistmodel.cpp
+++ b/src/ui/model/traflistmodel.cpp
@ -114,7 +114,7 @@ void TrafListModel::resetTraf()
    m_trafCount = getTrafCount(m_type, m_minTrafTime, m_maxTrafTime);
-    invalidateRowCache();
+    m_rowCache.invalidate();
    endResetModel();
 }
@ -125,16 +125,11 @@ void TrafListModel::reset()
        resetTraf();
    } else {
        beginResetModel();
-        invalidateRowCache();
+        m_rowCache.invalidate();
        endResetModel();
    }
 }
 void TrafListModel::invalidateRowCache()
 {
    m_rowCache.invalidate();
 }
 void TrafListModel::updateRowCache(int row) const
 {
    if (m_rowCache.isValid(row))
--- a/src/ui/model/traflistmodel.h
+++ b/src/ui/model/traflistmodel.h
@ -5,12 +5,8 @@
 class StatManager;
-struct TrafficRow
+struct TrafficRow : CacheRow
 {
    bool isValid(int row) const { return row == this->row; }
    void invalidate() { row = -1; }
    int row = -1;
    qint32 trafTime = 0;
    qint64 inBytes = 0;
    qint64 outBytes = 0;
@ -54,7 +50,6 @@ public slots:
    void reset();
 private:
    void invalidateRowCache();
    void updateRowCache(int row) const;
    QString formatTrafUnit(qint64 bytes) const;
--- a/src/ui/stat/migrations/1.sql
+++ b/src/ui/stat/migrations/1.sql
@ -56,7 +56,7 @@ CREATE TABLE conn_app(
  conn_time INTEGER NOT NULL,
  inbound BOOLEAN NOT NULL,
  blocked BOOLEAN NOT NULL,
-  proto INTEGER NOT NULL,
+  ip_proto INTEGER NOT NULL,
  local_port INTEGER NOT NULL,
  remote_port INTEGER NOT NULL,
  local_ip INTEGER NOT NULL,
--- a/src/ui/util/model/tableitemmodel.cpp
+++ b/src/ui/util/model/tableitemmodel.cpp
@ -34,6 +34,12 @@ Qt::ItemFlags TableItemModel::flags(const QModelIndex &index) const
    return Qt::ItemIsSelectable | Qt::ItemIsEnabled | Qt::ItemNeverHasChildren;
 }
 void TableItemModel::reset()
 {
    beginResetModel();
    endResetModel();
 }
 void TableItemModel::refresh()
 {
    const auto firstCell = index(0, 0);
--- a/src/ui/util/model/tableitemmodel.h
+++ b/src/ui/util/model/tableitemmodel.h
@ -3,6 +3,14 @@
 #include <QAbstractItemModel>
 struct CacheRow
 {
    bool isValid(int row) const { return row == this->row; }
    void invalidate() { row = -1; }
    int row = -1;
 };
 class TableItemModel : public QAbstractItemModel
 {
    Q_OBJECT
@ -20,11 +28,7 @@ public:
    Qt::ItemFlags flags(const QModelIndex &index) const override;
 public slots:
-    void reset()
+    void reset();
    {
        beginResetModel();
        endResetModel();
    }
    void refresh();
 };