mirrors/fort
1
0
Fork 0
mirror of https://github.com/tnodir/fort synced 2024-11-15 06:35:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

UI: Programs: Add ability to not collect blocked connections

Browse Source
This commit is contained in:
Nodir Temirkhodjaev 2023-03-05 16:19:23 +03:00
parent 7d52017903
commit ad24de59dc
18 changed files with 244 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/driver/common/fortconf.h
View File

@ -134,14 +134,17 @@ typedef struct fort_app_flags
struct
{
UCHAR group_index;
UCHAR use_group_perm : 1;
UCHAR apply_child : 1;
UCHAR lan_only : 1;
UCHAR blocked : 1;
UCHAR alerted : 1;
UCHAR is_new : 1;
UCHAR found : 1;
UINT16 group_index : 5;
/* UINT16 reserved : 2; */
UINT16 use_group_perm : 1;
UINT16 apply_child : 1;
UINT16 lan_only : 1;
UINT16 log_blocked : 1;
UINT16 log_conn : 1;
UINT16 blocked : 1;
UINT16 alerted : 1;
UINT16 is_new : 1;
UINT16 found : 1;
};
};
} FORT_APP_FLAGS, *PFORT_APP_FLAGS;
@ -171,6 +174,7 @@ typedef struct fort_conf_group
{
UINT16 group_bits;
UINT16 log_blocked;
UINT16 log_conn;
UINT16 limit_bits;

31
src/driver/fortcout.c
View File

@ -39,6 +39,21 @@ static void fort_callout_classify_continue(FWPS_CLASSIFY_OUT0 *classifyOut)
classifyOut->actionType = FWP_ACTION_CONTINUE;
}
static FORT_APP_FLAGS fort_callout_conf_app_flags(
PFORT_CALLOUT_ALE_EXTRA cx, PFORT_CONF_REF conf_ref)
{
if (cx->app_flags_found)
return cx->app_flags;
const FORT_APP_FLAGS app_flags = fort_conf_app_find(
&conf_ref->conf, cx->path->Buffer, cx->path->Length, fort_conf_exe_find);
cx->app_flags_found = TRUE;
cx->app_flags = app_flags;
return app_flags;
}
inline static BOOL fort_callout_classify_blocked_log_stat(FORT_CALLOUT_ARG ca,
FORT_CALLOUT_ALE_INDEX ci, PFORT_CALLOUT_ALE_EXTRA cx, PFORT_CONF_REF conf_ref,
FORT_APP_FLAGS app_flags)
@ -48,7 +63,7 @@ inline static BOOL fort_callout_classify_blocked_log_stat(FORT_CALLOUT_ARG ca,
const IPPROTO ip_proto = (IPPROTO) ca.inFixedValues->incomingValue[ci.ipProto].value.uint8;
const BOOL is_tcp = (ip_proto == IPPROTO_TCP);
const UCHAR group_index = app_flags.group_index;
const UCHAR group_index = (UCHAR) app_flags.group_index;
const BOOL is_reauth = (cx->classify_flags & FWP_CONDITION_FLAG_IS_REAUTHORIZE) != 0;
BOOL is_new_proc = FALSE;
@ -90,9 +105,14 @@ inline static void fort_callout_classify_blocked_log_path(PFORT_CALLOUT_ALE_EXTR
}
inline static void fort_callout_classify_blocked_log_ip(FORT_CALLOUT_ARG ca,
FORT_CALLOUT_ALE_INDEX ci, PFORT_CALLOUT_ALE_EXTRA cx, FORT_CONF_FLAGS conf_flags)
FORT_CALLOUT_ALE_INDEX ci, PFORT_CALLOUT_ALE_EXTRA cx, PFORT_CONF_REF conf_ref,
FORT_CONF_FLAGS conf_flags)
{
if (cx->block_reason != FORT_BLOCK_REASON_UNKNOWN && conf_flags.log_blocked_ip) {
const FORT_APP_FLAGS app_flags = fort_callout_conf_app_flags(cx, conf_ref);
if (app_flags.v != 0 && !app_flags.log_blocked)
return;
const UINT32 *local_ip = ca.isIPv6
? (const UINT32 *) ca.inFixedValues->incomingValue[ci.localIp].value.byteArray16
: &ca.inFixedValues->incomingValue[ci.localIp].value.uint32;
@ -110,8 +130,7 @@ inline static void fort_callout_classify_blocked_log_ip(FORT_CALLOUT_ARG ca,
inline static void fort_callout_classify_blocked_log(FORT_CALLOUT_ARG ca, FORT_CALLOUT_ALE_INDEX ci,
PFORT_CALLOUT_ALE_EXTRA cx, PFORT_CONF_REF conf_ref, FORT_CONF_FLAGS conf_flags)
{
FORT_APP_FLAGS app_flags = fort_conf_app_find(
&conf_ref->conf, cx->path->Buffer, cx->path->Length, fort_conf_exe_find);
const FORT_APP_FLAGS app_flags = fort_callout_conf_app_flags(cx, conf_ref);
if (!cx->blocked /* collect traffic, when Filter Disabled */
|| (app_flags.v == 0 && conf_flags.allow_all_new) /* collect new Blocked Programs */
@ -198,7 +217,7 @@ inline static void fort_callout_classify_check_conf(FORT_CALLOUT_ARG ca, FORT_CA
cx->process_id = process_id;
cx->path = &path;
cx->real_path = &real_path;
cx->inherited = inherited;
cx->inherited = (UCHAR) inherited;
cx->blocked = TRUE;
cx->block_reason = FORT_BLOCK_REASON_UNKNOWN;
@ -209,7 +228,7 @@ inline static void fort_callout_classify_check_conf(FORT_CALLOUT_ARG ca, FORT_CA
if (cx->blocked) {
/* Log the blocked connection */
fort_callout_classify_blocked_log_ip(ca, ci, cx, conf_flags);
fort_callout_classify_blocked_log_ip(ca, ci, cx, conf_ref, conf_flags);
/* Block the connection */
fort_callout_classify_block(ca.classifyOut);

9
src/driver/fortcoutarg.h
View File

@ -3,6 +3,8 @@
#include "fortdrv.h"
#include "common/fortconf.h"
typedef struct fort_callout_arg
{
const FWPS_INCOMING_VALUES0 *inFixedValues;
@ -31,10 +33,13 @@ typedef struct fort_callout_ale_index
typedef struct fort_callout_ale_extra
{
BOOL inherited : 1;
BOOL blocked : 1;
UCHAR app_flags_found : 1;
UCHAR inherited : 1;
UCHAR blocked : 1;
INT8 block_reason;
FORT_APP_FLAGS app_flags;
UINT32 process_id;
UINT32 classify_flags;

4
src/ui/conf/app.h
View File

@ -7,9 +7,11 @@
class App
{
public:
bool useGroupPerm = false;
bool useGroupPerm = true;
bool applyChild = false;
bool lanOnly = false;
bool logBlocked = true;
bool logConn = true;
bool blocked = false;
bool alerted = false;

12
src/ui/conf/appgroup.cpp
View File

@ -9,6 +9,7 @@ AppGroup::AppGroup(QObject *parent) :
m_enabled(true),
m_applyChild(false),
m_lanOnly(false),
m_logBlocked(true),
m_logConn(true),
m_periodEnabled(false),
m_limitInEnabled(false),
@ -40,6 +41,14 @@ void AppGroup::setLanOnly(bool on)
}
}
void AppGroup::setLogBlocked(bool on)
{
if (bool(m_logBlocked) != on) {
m_logBlocked = on;
setEdited(true);
}
}
void AppGroup::setLogConn(bool on)
{
if (bool(m_logConn) != on) {
@ -188,6 +197,7 @@ void AppGroup::copy(const AppGroup &o)
m_enabled = o.enabled();
m_applyChild = o.applyChild();
m_lanOnly = o.lanOnly();
m_logBlocked = o.logBlocked();
m_logConn = o.logConn();
m_periodEnabled = o.periodEnabled();
@ -220,6 +230,7 @@ QVariant AppGroup::toVariant() const
map["applyChild"] = applyChild();
map["lanOnly"] = lanOnly();
map["logBlocked"] = logBlocked();
map["logConn"] = logConn();
map["periodEnabled"] = periodEnabled();
@ -254,6 +265,7 @@ void AppGroup::fromVariant(const QVariant &v)
m_applyChild = map["applyChild"].toBool();
m_lanOnly = map["lanOnly"].toBool();
m_logBlocked = map["logBlocked"].toBool();
m_logConn = map["logConn"].toBool();
m_periodEnabled = map["periodEnabled"].toBool();

4
src/ui/conf/appgroup.h
View File

@ -26,6 +26,9 @@ public:
bool lanOnly() const { return m_lanOnly; }
void setLanOnly(bool on);
bool logBlocked() const { return m_logBlocked; }
void setLogBlocked(bool on);
bool logConn() const { return m_logConn; }
void setLogConn(bool on);
@ -92,6 +95,7 @@ private:
bool m_applyChild : 1;
bool m_lanOnly : 1;
bool m_logBlocked : 1;
bool m_logConn : 1;
bool m_periodEnabled : 1;

97
src/ui/conf/confmanager.cpp
View File

@ -35,7 +35,7 @@ namespace {
const QLoggingCategory LC("conf");
constexpr int DATABASE_USER_VERSION = 17;
constexpr int DATABASE_USER_VERSION = 18;
constexpr int APP_END_TIMER_INTERVAL_MIN = 100;
constexpr int APP_END_TIMER_INTERVAL_MAX = 24 * 60 * 60 * 1000; // 1 day
@ -47,7 +47,7 @@ const char *const sqlSelectAddressGroups = "SELECT addr_group_id, include_all, e
" ORDER BY order_index;";
const char *const sqlSelectAppGroups = "SELECT app_group_id, enabled, apply_child,"
" lan_only, log_conn, period_enabled,"
" lan_only, log_blocked, log_conn, period_enabled,"
" limit_in_enabled, limit_out_enabled,"
" speed_limit_in, speed_limit_out,"
" limit_packet_loss, limit_latency,"
@ -71,26 +71,26 @@ const char *const sqlUpdateAddressGroup = "UPDATE address_group"
" WHERE addr_group_id = ?1;";
const char *const sqlInsertAppGroup = "INSERT INTO app_group(app_group_id, order_index, enabled,"
" apply_child, lan_only, log_conn, period_enabled,"
" limit_in_enabled, limit_out_enabled,"
" apply_child, lan_only, log_blocked, log_conn,"
" period_enabled, limit_in_enabled, limit_out_enabled,"
" speed_limit_in, speed_limit_out,"
" limit_packet_loss, limit_latency,"
" limit_bufsize_in, limit_bufsize_out,"
" name, block_text, allow_text,"
" period_from, period_to)"
" VALUES(?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10, ?11, ?12,"
" ?13, ?14, ?15, ?16, ?17, ?18, ?19, ?20);";
" ?13, ?14, ?15, ?16, ?17, ?18, ?19, ?20, ?21);";
const char *const sqlUpdateAppGroup = "UPDATE app_group"
" SET order_index = ?2, enabled = ?3,"
" apply_child = ?4, lan_only = ?5,"
" log_conn = ?6, period_enabled = ?7,"
" limit_in_enabled = ?8, limit_out_enabled = ?9,"
" speed_limit_in = ?10, speed_limit_out = ?11,"
" limit_packet_loss = ?12, limit_latency = ?13,"
" limit_bufsize_in = ?14, limit_bufsize_out = ?15,"
" name = ?16, block_text = ?17, allow_text = ?18,"
" period_from = ?19, period_to = ?20"
" log_blocked = ?6, log_conn = ?7, period_enabled = ?8,"
" limit_in_enabled = ?9, limit_out_enabled = ?10,"
" speed_limit_in = ?11, speed_limit_out = ?12,"
" limit_packet_loss = ?13, limit_latency = ?14,"
" limit_bufsize_in = ?15, limit_bufsize_out = ?16,"
" name = ?17, block_text = ?18, allow_text = ?19,"
" period_from = ?20, period_to = ?21"
" WHERE app_group_id = ?1;";
const char *const sqlDeleteAppGroup = "DELETE FROM app_group"
@ -118,6 +118,8 @@ const char *const sqlSelectAppById = "SELECT"
" t.use_group_perm,"
" t.apply_child,"
" t.lan_only,"
" t.log_blocked,"
" t.log_conn,"
" t.blocked"
" FROM app t"
" JOIN app_group g ON g.app_group_id = t.app_group_id"
@ -129,6 +131,8 @@ const char *const sqlSelectApps = "SELECT"
" t.use_group_perm,"
" t.apply_child,"
" t.lan_only,"
" t.log_blocked,"
" t.log_conn,"
" t.blocked,"
" (alert.app_id IS NOT NULL) as alerted"
" FROM app t"
@ -140,7 +144,7 @@ const char *const sqlSelectMinEndApp = "SELECT MIN(end_time) FROM app"
const char *const sqlSelectEndedApps = "SELECT t.app_id, g.order_index as group_index,"
" t.path, t.name, t.use_group_perm,"
" t.apply_child, t.lan_only"
" t.apply_child, t.lan_only, t.log_blocked, t.log_conn"
" FROM app t"
" JOIN app_group g ON g.app_group_id = t.app_group_id"
" WHERE end_time <= ?1 AND blocked = 0;";
@ -148,14 +152,15 @@ const char *const sqlSelectEndedApps = "SELECT t.app_id, g.order_index as group_
const char *const sqlSelectAppIdByPath = "SELECT app_id FROM app WHERE path = ?1;";
const char *const sqlUpsertApp = "INSERT INTO app(app_group_id, path, name,"
" use_group_perm, apply_child, lan_only, blocked,"
" use_group_perm, apply_child, lan_only,"
" log_blocked, log_conn, blocked,"
" creat_time, end_time)"
" VALUES(?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9)"
" VALUES(?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10, ?11)"
" ON CONFLICT(path) DO UPDATE"
" SET app_group_id = ?1, name = ?3,"
" use_group_perm = ?4, apply_child = ?5,"
" lan_only = ?6, blocked = ?7,"
" creat_time = ?8, end_time = ?9"
" lan_only = ?6, log_blocked = ?7, log_conn = ?8,"
" blocked = ?9, creat_time = ?10, end_time = ?11"
" RETURNING app_id;";
const char *const sqlInsertAppAlert = "INSERT INTO app_alert(app_id) VALUES(?1);";
@ -166,7 +171,9 @@ const char *const sqlDeleteAppAlert = "DELETE FROM app_alert WHERE app_id = ?1;"
const char *const sqlUpdateApp = "UPDATE app"
" SET app_group_id = ?2, name = ?3, use_group_perm = ?4,"
" apply_child = ?5, lan_only = ?6, blocked = ?7, end_time = ?8"
" apply_child = ?5, lan_only = ?6,"
" log_blocked = ?7, log_conn = ?8,"
" blocked = ?9, end_time = ?10"
" WHERE app_id = ?1;";
const char *const sqlUpdateAppName = "UPDATE app SET name = ?2 WHERE app_id = ?1;";
@ -301,21 +308,22 @@ bool loadAppGroups(SqliteDb *db, FirewallConf &conf)
appGroup->setEnabled(stmt.columnBool(1));
appGroup->setApplyChild(stmt.columnBool(2));
appGroup->setLanOnly(stmt.columnBool(3));
appGroup->setLogConn(stmt.columnBool(4));
appGroup->setPeriodEnabled(stmt.columnBool(5));
appGroup->setLimitInEnabled(stmt.columnBool(6));
appGroup->setLimitOutEnabled(stmt.columnBool(7));
appGroup->setSpeedLimitIn(quint32(stmt.columnInt(8)));
appGroup->setSpeedLimitOut(quint32(stmt.columnInt(9)));
appGroup->setLimitPacketLoss(quint16(stmt.columnInt(10)));
appGroup->setLimitLatency(quint32(stmt.columnInt(11)));
appGroup->setLimitBufferSizeIn(quint32(stmt.columnInt(12)));
appGroup->setLimitBufferSizeOut(quint32(stmt.columnInt(13)));
appGroup->setName(stmt.columnText(14));
appGroup->setBlockText(stmt.columnText(15));
appGroup->setAllowText(stmt.columnText(16));
appGroup->setPeriodFrom(stmt.columnText(17));
appGroup->setPeriodTo(stmt.columnText(18));
appGroup->setLogBlocked(stmt.columnBool(4));
appGroup->setLogConn(stmt.columnBool(5));
appGroup->setPeriodEnabled(stmt.columnBool(6));
appGroup->setLimitInEnabled(stmt.columnBool(7));
appGroup->setLimitOutEnabled(stmt.columnBool(8));
appGroup->setSpeedLimitIn(quint32(stmt.columnInt(9)));
appGroup->setSpeedLimitOut(quint32(stmt.columnInt(10)));
appGroup->setLimitPacketLoss(quint16(stmt.columnInt(11)));
appGroup->setLimitLatency(quint32(stmt.columnInt(12)));
appGroup->setLimitBufferSizeIn(quint32(stmt.columnInt(13)));
appGroup->setLimitBufferSizeOut(quint32(stmt.columnInt(14)));
appGroup->setName(stmt.columnText(15));
appGroup->setBlockText(stmt.columnText(16));
appGroup->setAllowText(stmt.columnText(17));
appGroup->setPeriodFrom(stmt.columnText(18));
appGroup->setPeriodTo(stmt.columnText(19));
appGroup->setEdited(false);
conf.addAppGroup(appGroup);
@ -332,8 +340,8 @@ bool saveAppGroup(SqliteDb *db, AppGroup *appGroup, int orderIndex)
const auto vars = QVariantList()
<< (rowExists ? appGroup->id() : QVariant()) << orderIndex << appGroup->enabled()
<< appGroup->applyChild() << appGroup->lanOnly() << appGroup->logConn()
<< appGroup->periodEnabled() << appGroup->limitInEnabled()
<< appGroup->applyChild() << appGroup->lanOnly() << appGroup->logBlocked()
<< appGroup->logConn() << appGroup->periodEnabled() << appGroup->limitInEnabled()
<< appGroup->limitOutEnabled() << appGroup->speedLimitIn() << appGroup->speedLimitOut()
<< appGroup->limitPacketLoss() << appGroup->limitLatency()
<< appGroup->limitBufferSizeIn() << appGroup->limitBufferSizeOut() << appGroup->name()
@ -820,7 +828,8 @@ bool ConfManager::updateApp(const App &app)
const auto vars = QVariantList()
<< app.appId << appGroup->id() << app.appName << app.useGroupPerm << app.applyChild
<< app.lanOnly << app.blocked << (!app.endTime.isNull() ? app.endTime : QVariant());
<< app.lanOnly << app.logBlocked << app.logConn << app.blocked
<< (!app.endTime.isNull() ? app.endTime : QVariant());
sqliteDb()->executeEx(sqlUpdateApp, vars, 0, &ok);
if (ok) {
@ -898,8 +907,10 @@ bool ConfManager::walkApps(const std::function<walkAppsCallback> &func)
app.useGroupPerm = stmt.columnBool(2);
app.applyChild = stmt.columnBool(3);
app.lanOnly = stmt.columnBool(4);
app.blocked = stmt.columnBool(5);
app.alerted = stmt.columnBool(6);
app.logBlocked = stmt.columnBool(5);
app.logConn = stmt.columnBool(6);
app.blocked = stmt.columnBool(7);
app.alerted = stmt.columnBool(8);
if (!func(app))
return false;
@ -925,6 +936,8 @@ void ConfManager::updateAppEndTimes()
app.useGroupPerm = stmt.columnBool(4);
app.applyChild = stmt.columnBool(5);
app.lanOnly = stmt.columnBool(6);
app.logBlocked = stmt.columnBool(7);
app.logConn = stmt.columnBool(8);
app.blocked = true;
updateApp(app);
@ -1138,8 +1151,8 @@ bool ConfManager::addOrUpdateApp(const App &app)
const auto vars = QVariantList()
<< appGroup->id() << app.appPath << app.appName << app.useGroupPerm << app.applyChild
<< app.lanOnly << app.blocked << QDateTime::currentDateTime()
<< (!app.endTime.isNull() ? app.endTime : QVariant());
<< app.lanOnly << app.logBlocked << app.logConn << app.blocked
<< QDateTime::currentDateTime() << (!app.endTime.isNull() ? app.endTime : QVariant());
const auto appIdVar = sqliteDb()->executeEx(sqlUpsertApp, vars, 1, &ok);
@ -1178,7 +1191,9 @@ bool ConfManager::updateDriverAppBlocked(qint64 appId, bool blocked, bool &chang
app.useGroupPerm = stmt.columnBool(2);
app.applyChild = stmt.columnBool(3);
app.lanOnly = stmt.columnBool(4);
app.blocked = stmt.columnBool(5);
app.logBlocked = stmt.columnBool(5);
app.logConn = stmt.columnBool(6);
app.blocked = stmt.columnBool(7);
if (blocked != app.blocked) {
app.blocked = blocked;

3
src/ui/conf/migrations/1.sql
View File

@ -100,6 +100,7 @@ CREATE TABLE app_group(
enabled BOOLEAN NOT NULL,
apply_child BOOLEAN NOT NULL DEFAULT 0,
lan_only BOOLEAN NOT NULL DEFAULT 0,
log_blocked BOOLEAN NOT NULL DEFAULT 1,
log_conn BOOLEAN NOT NULL DEFAULT 1,
period_enabled BOOLEAN NOT NULL,
limit_in_enabled BOOLEAN NOT NULL,
@ -126,6 +127,8 @@ CREATE TABLE app(
use_group_perm BOOLEAN NOT NULL DEFAULT 1,
apply_child BOOLEAN NOT NULL DEFAULT 0,
lan_only BOOLEAN NOT NULL DEFAULT 0,
log_blocked BOOLEAN NOT NULL DEFAULT 1,
log_conn BOOLEAN NOT NULL DEFAULT 1,
blocked BOOLEAN NOT NULL,
creat_time INTEGER NOT NULL,
end_time INTEGER,

62
src/ui/form/opt/pages/applicationspage.cpp
View File

@ -96,6 +96,9 @@ void ApplicationsPage::onRetranslateUi()
m_cbApplyChild->setText(tr("Apply same rules to child processes"));
m_cbLanOnly->setText(tr("Restrict access to LAN only"));
m_cbLogBlocked->setText(tr("Collect blocked connections"));
m_cbLogConn->setText(tr("Collect connection statistics"));
m_cscLimitIn->checkBox()->setText(tr("Download speed limit:"));
m_cscLimitOut->checkBox()->setText(tr("Upload speed limit:"));
retranslateGroupLimits();
@ -105,8 +108,6 @@ void ApplicationsPage::onRetranslateUi()
m_limitBufferSizeIn->label()->setText(tr("Download Buffer Size:"));
m_limitBufferSizeOut->label()->setText(tr("Upload Buffer Size:"));
m_cbLogConn->setText(tr("Collect connection statistics"));
m_cbGroupEnabled->setText(tr("Enabled"));
m_ctpGroupPeriod->checkBox()->setText(tr("time period:"));
@ -377,18 +378,18 @@ void ApplicationsPage::setupGroupPeriodEnabled()
void ApplicationsPage::setupGroupOptions()
{
setupGroupOptionFlags();
setupGroupLog();
setupGroupLimitIn();
setupGroupLimitOut();
setupGroupLimitLatency();
setupGroupLimitPacketLoss();
setupGroupLimitBufferSize();
setupGroupLogConn();
// Menu
const QList<QWidget *> menuWidgets = { m_cbApplyChild, m_cbLanOnly,
ControlUtil::createSeparator(), m_cscLimitIn, m_cscLimitOut, m_limitLatency,
m_limitPacketLoss, m_limitBufferSizeIn, m_limitBufferSizeOut,
ControlUtil::createSeparator(), m_cbLogConn };
ControlUtil::createSeparator(), m_cbLogBlocked, m_cbLogConn, ControlUtil::createSeparator(),
m_cscLimitIn, m_cscLimitOut, m_limitLatency, m_limitPacketLoss, m_limitBufferSizeIn,
m_limitBufferSizeOut };
auto layout = ControlUtil::createLayoutByWidgets(menuWidgets);
auto menu = ControlUtil::createMenuByLayout(layout, this);
@ -420,6 +421,31 @@ void ApplicationsPage::setupGroupOptionFlags()
});
}
void ApplicationsPage::setupGroupLog()
{
m_cbLogBlocked = ControlUtil::createCheckBox(false, [&](bool checked) {
AppGroup *appGroup = this->appGroup();
if (appGroup->logBlocked() == checked)
return;
appGroup->setLogBlocked(checked);
ctrl()->setOptEdited();
});
m_cbLogConn = ControlUtil::createCheckBox(false, [&](bool checked) {
AppGroup *appGroup = this->appGroup();
if (appGroup->logConn() == checked)
return;
appGroup->setLogConn(checked);
ctrl()->setOptEdited();
});
m_cbLogConn->setVisible(false); // TODO: Collect allowed connections
}
void ApplicationsPage::setupGroupLimitIn()
{
m_cscLimitIn = createGroupLimit();
@ -534,29 +560,16 @@ void ApplicationsPage::setupGroupLimitBufferSize()
});
}
void ApplicationsPage::setupGroupLogConn()
{
m_cbLogConn = ControlUtil::createCheckBox(false, [&](bool checked) {
AppGroup *appGroup = this->appGroup();
if (appGroup->logConn() == checked)
return;
appGroup->setLogConn(checked);
ctrl()->setOptEdited();
});
m_cbLogConn->setVisible(false); // TODO: Collect allowed connections
}
void ApplicationsPage::setupGroupOptionsEnabled()
{
const auto refreshOptionsEnabled = [&] {
const bool logStat = conf()->logStat();
m_cbLogBlocked->setEnabled(logStat);
m_cbLogConn->setEnabled(logStat);
m_cscLimitIn->setEnabled(logStat);
m_cscLimitOut->setEnabled(logStat);
m_cbLogConn->setEnabled(logStat);
};
refreshOptionsEnabled();
@ -639,6 +652,9 @@ void ApplicationsPage::updateGroup()
m_cbApplyChild->setChecked(appGroup->applyChild());
m_cbLanOnly->setChecked(appGroup->lanOnly());
m_cbLogBlocked->setChecked(appGroup->logBlocked());
m_cbLogConn->setChecked(appGroup->logConn());
m_cscLimitIn->checkBox()->setChecked(appGroup->limitInEnabled());
m_cscLimitIn->spinBox()->setValue(int(appGroup->speedLimitIn()));
@ -650,8 +666,6 @@ void ApplicationsPage::updateGroup()
m_limitBufferSizeIn->spinBox()->setValue(int(appGroup->limitBufferSizeIn()));
m_limitBufferSizeOut->spinBox()->setValue(int(appGroup->limitBufferSizeOut()));
m_cbLogConn->setChecked(appGroup->logConn());
m_cbGroupEnabled->setChecked(appGroup->enabled());
m_ctpGroupPeriod->checkBox()->setChecked(appGroup->periodEnabled());

3
src/ui/form/opt/pages/applicationspage.h
View File

@ -49,12 +49,12 @@ private:
void setupGroupPeriodEnabled();
void setupGroupOptions();
void setupGroupOptionFlags();
void setupGroupLog();
void setupGroupLimitIn();
void setupGroupLimitOut();
void setupGroupLimitLatency();
void setupGroupLimitPacketLoss();
void setupGroupLimitBufferSize();
void setupGroupLogConn();
void setupGroupOptionsEnabled();
void setupBlockApps();
void setupAllowApps();
@ -86,6 +86,7 @@ private:
LabelDoubleSpin *m_limitPacketLoss = nullptr;
LabelSpin *m_limitBufferSizeIn = nullptr;
LabelSpin *m_limitBufferSizeOut = nullptr;
QCheckBox *m_cbLogBlocked = nullptr;
QCheckBox *m_cbLogConn = nullptr;
AppsColumn *m_blockApps = nullptr;
AppsColumn *m_allowApps = nullptr;

33
src/ui/form/prog/programeditdialog.cpp
View File

@ -79,6 +79,8 @@ void ProgramEditDialog::initialize(const AppRow &appRow, const QVector<qint64> &
m_cbUseGroupPerm->setChecked(appRow.useGroupPerm);
m_cbApplyChild->setChecked(appRow.applyChild);
m_cbLanOnly->setChecked(appRow.lanOnly);
m_cbLogBlocked->setChecked(appRow.logBlocked);
m_cbLogConn->setChecked(appRow.logConn);
m_rbAllowApp->setChecked(!appRow.blocked);
m_rbBlockApp->setChecked(appRow.blocked);
m_cscBlockAppIn->checkBox()->setChecked(false);
@ -121,6 +123,10 @@ void ProgramEditDialog::retranslateUi()
m_cbUseGroupPerm->setText(tr("Use Application Group's Enabled State"));
m_cbApplyChild->setText(tr("Apply same rules to child processes"));
m_cbLanOnly->setText(tr("Restrict access to LAN only"));
m_cbLogBlocked->setText(tr("Collect blocked connections"));
m_cbLogConn->setText(tr("Collect connection statistics"));
m_rbAllowApp->setText(tr("Allow"));
m_rbBlockApp->setText(tr("Block"));
@ -150,6 +156,9 @@ void ProgramEditDialog::setupUi()
// Form Layout
auto formLayout = setupAppLayout();
// Log
auto logLayout = setupLogLayout();
// Allow/Block
auto allowLayout = setupAllowLayout();
@ -179,6 +188,8 @@ void ProgramEditDialog::setupUi()
auto layout = new QVBoxLayout();
layout->addLayout(formLayout);
layout->addWidget(ControlUtil::createSeparator());
layout->addLayout(logLayout);
layout->addWidget(ControlUtil::createSeparator());
layout->addLayout(allowLayout);
layout->addWidget(m_cscBlockAppIn);
layout->addLayout(blockAtLayout);
@ -305,6 +316,25 @@ void ProgramEditDialog::setupComboAppGroups()
connect(confManager(), &ConfManager::confChanged, this, refreshComboAppGroups);
}
QLayout *ProgramEditDialog::setupLogLayout()
{
auto layout = new QFormLayout();
// Log Blocked
m_cbLogBlocked = new QCheckBox();
layout->addRow(QString(), m_cbLogBlocked);
// Log Conn
m_cbLogConn = new QCheckBox();
m_cbLogConn->setVisible(false); // TODO: Collect allowed connections
layout->addRow(QString(), m_cbLogConn);
return layout;
}
QLayout *ProgramEditDialog::setupAllowLayout()
{
auto allowLayout = new QHBoxLayout();
@ -379,6 +409,8 @@ bool ProgramEditDialog::save()
app.useGroupPerm = m_cbUseGroupPerm->isChecked();
app.applyChild = m_cbApplyChild->isChecked();
app.lanOnly = m_cbLanOnly->isChecked();
app.logBlocked = m_cbLogBlocked->isChecked();
app.logConn = m_cbLogConn->isChecked();
app.blocked = m_rbBlockApp->isChecked();
app.groupIndex = m_comboAppGroup->currentIndex();
app.appPath = appPath;
@ -412,6 +444,7 @@ bool ProgramEditDialog::saveApp(App &app)
{
const bool appEdited = (app.useGroupPerm != m_appRow.useGroupPerm
|| app.applyChild != m_appRow.applyChild || app.lanOnly != m_appRow.lanOnly
|| app.logBlocked != m_appRow.logBlocked || app.logConn != m_appRow.logConn
|| app.blocked != m_appRow.blocked || app.groupIndex != m_appRow.groupIndex
|| app.appPath != m_appRow.appPath || app.endTime != m_appRow.endTime);

3
src/ui/form/prog/programeditdialog.h
View File

@ -48,6 +48,7 @@ private:
QLayout *setupAppPathLayout();
QLayout *setupAppNameLayout();
void setupComboAppGroups();
QLayout *setupLogLayout();
QLayout *setupAllowLayout();
QLayout *setupCheckDateTimeEdit();
void setupAllowEclusiveGroup();
@ -70,6 +71,8 @@ private:
QCheckBox *m_cbUseGroupPerm = nullptr;
QCheckBox *m_cbApplyChild = nullptr;
QCheckBox *m_cbLanOnly = nullptr;
QCheckBox *m_cbLogBlocked = nullptr;
QCheckBox *m_cbLogConn = nullptr;
QRadioButton *m_rbAllowApp = nullptr;
QRadioButton *m_rbBlockApp = nullptr;
CheckSpinCombo *m_cscBlockAppIn = nullptr;

14
src/ui/model/applistmodel.cpp
View File

@ -260,10 +260,12 @@ bool AppListModel::updateAppRow(const QString &sql, const QVariantList &vars, Ap
appRow.useGroupPerm = stmt.columnBool(4);
appRow.applyChild = stmt.columnBool(5);
appRow.lanOnly = stmt.columnBool(6);
appRow.blocked = stmt.columnBool(7);
appRow.alerted = stmt.columnBool(8);
appRow.endTime = stmt.columnDateTime(9);
appRow.creatTime = stmt.columnDateTime(10);
appRow.logBlocked = stmt.columnBool(7);
appRow.logConn = stmt.columnBool(8);
appRow.blocked = stmt.columnBool(9);
appRow.alerted = stmt.columnBool(10);
appRow.endTime = stmt.columnDateTime(11);
appRow.creatTime = stmt.columnDateTime(12);
return true;
}
@ -306,6 +308,8 @@ QString AppListModel::sqlBase() const
" t.use_group_perm,"
" t.apply_child,"
" t.lan_only,"
" t.log_blocked,"
" t.log_conn,"
" t.blocked,"
" (alert.app_id IS NOT NULL) as alerted,"
" t.end_time,"
@ -323,7 +327,7 @@ QString AppListModel::sqlOrderColumn() const
columnsStr = "4 " + sqlOrderAsc() + ", 3";
break;
case 1: // State
columnsStr = "9 DESC, 8 " + sqlOrderAsc() + ", 1";
columnsStr = "11 DESC, 10 " + sqlOrderAsc() + ", 1";
break;
case 2: // Group
columnsStr = "2";

12
src/ui/rpc/confmanagerrpc.cpp
View File

@ -18,8 +18,8 @@ ConfManagerRpc::ConfManagerRpc(const QString &filePath, QObject *parent) :
bool ConfManagerRpc::addApp(const App &app)
{
return IoC<RpcManager>()->doOnServer(Control::Rpc_ConfManager_addApp,
{ app.useGroupPerm, app.applyChild, app.lanOnly, app.blocked, app.groupIndex,
app.appPath, app.appName, app.endTime });
{ app.useGroupPerm, app.applyChild, app.lanOnly, app.logBlocked, app.logConn,
app.blocked, app.groupIndex, app.appPath, app.appName, app.endTime });
}
bool ConfManagerRpc::deleteApp(qint64 appId)
@ -35,8 +35,9 @@ bool ConfManagerRpc::purgeApps()
bool ConfManagerRpc::updateApp(const App &app)
{
return IoC<RpcManager>()->doOnServer(Control::Rpc_ConfManager_updateApp,
{ app.useGroupPerm, app.applyChild, app.lanOnly, app.blocked, app.groupIndex, app.appId,
app.appPath, app.appName, app.endTime });
{ app.useGroupPerm, app.applyChild, app.lanOnly, app.logBlocked, app.logConn,
app.blocked, app.groupIndex, app.appId, app.appPath, app.appName,
app.endTime });
}
bool ConfManagerRpc::updateAppBlocked(qint64 appId, bool blocked)
@ -110,7 +111,8 @@ bool ConfManagerRpc::saveConf(FirewallConf &newConf)
const QVariant confVar = newConf.toVariant(true);
setSaving(true);
const bool ok = IoC<RpcManager>()->doOnServer(Control::Rpc_ConfManager_saveVariant, { confVar });
const bool ok =
IoC<RpcManager>()->doOnServer(Control::Rpc_ConfManager_saveVariant, { confVar });
setSaving(false);
if (!ok)

26
src/ui/rpc/rpcmanager.cpp
View File

@ -61,11 +61,13 @@ bool processConfManager_addApp(
app.useGroupPerm = p.args.value(0).toBool();
app.applyChild = p.args.value(1).toBool();
app.lanOnly = p.args.value(2).toBool();
app.blocked = p.args.value(3).toBool();
app.groupIndex = p.args.value(4).toInt();
app.appPath = p.args.value(5).toString();
app.appName = p.args.value(6).toString();
app.endTime = p.args.value(7).toDateTime();
app.logBlocked = p.args.value(3).toBool();
app.logConn = p.args.value(4).toBool();
app.blocked = p.args.value(5).toBool();
app.groupIndex = p.args.value(6).toInt();
app.appPath = p.args.value(7).toString();
app.appName = p.args.value(8).toString();
app.endTime = p.args.value(9).toDateTime();
return confManager->addApp(app);
}
@ -89,12 +91,14 @@ bool processConfManager_updateApp(
app.useGroupPerm = p.args.value(0).toBool();
app.applyChild = p.args.value(1).toBool();
app.lanOnly = p.args.value(2).toBool();
app.blocked = p.args.value(3).toBool();
app.groupIndex = p.args.value(4).toInt();
app.appId = p.args.value(5).toLongLong();
app.appPath = p.args.value(6).toString();
app.appName = p.args.value(7).toString();
app.endTime = p.args.value(8).toDateTime();
app.logBlocked = p.args.value(3).toBool();
app.logConn = p.args.value(4).toBool();
app.blocked = p.args.value(5).toBool();
app.groupIndex = p.args.value(6).toInt();
app.appId = p.args.value(7).toLongLong();
app.appPath = p.args.value(8).toString();
app.appName = p.args.value(9).toString();
app.endTime = p.args.value(10).toDateTime();
return confManager->updateApp(app);
}

14
src/ui/util/conf/confutil.cpp
View File

@ -329,6 +329,8 @@ bool ConfUtil::parseAppGroups(EnvManager &envManager, const QList<AppGroup *> &a
App app;
app.applyChild = appGroup->applyChild();
app.lanOnly = appGroup->lanOnly();
app.logBlocked = appGroup->logBlocked();
app.logConn = appGroup->logConn();
app.groupIndex = i;
const auto blockText = envManager.expandString(appGroup->blockText());
@ -429,6 +431,8 @@ bool ConfUtil::addApp(
appEntry.flags.use_group_perm = app.useGroupPerm;
appEntry.flags.apply_child = app.applyChild;
appEntry.flags.lan_only = app.lanOnly;
appEntry.flags.log_blocked = app.logBlocked;
appEntry.flags.log_conn = app.logConn;
appEntry.flags.blocked = app.blocked;
appEntry.flags.alerted = app.alerted;
appEntry.flags.is_new = isNew;
@ -516,7 +520,8 @@ void ConfUtil::writeConf(char *output, const FirewallConf &conf,
writeApps(&data, exeAppsMap);
#undef CONF_DATA_OFFSET
writeAppGroupFlags(&drvConfIo->conf_group.group_bits, &drvConfIo->conf_group.log_conn, conf);
writeAppGroupFlags(&drvConfIo->conf_group.group_bits, &drvConfIo->conf_group.log_blocked,
&drvConfIo->conf_group.log_conn, conf);
writeLimits(drvConfIo->conf_group.limits, &drvConfIo->conf_group.limit_bits,
&drvConfIo->conf_group.limit_io_bits, conf.appGroups());
@ -541,15 +546,20 @@ void ConfUtil::writeConf(char *output, const FirewallConf &conf,
}
void ConfUtil::writeAppGroupFlags(
quint16 *groupBits, quint16 *logConnBits, const FirewallConf &conf)
quint16 *groupBits, quint16 *logBlockedBits, quint16 *logConnBits, const FirewallConf &conf)
{
*groupBits = 0;
*logBlockedBits = 0;
*logConnBits = 0;
int i = 0;
for (const AppGroup *appGroup : conf.appGroups()) {
if (appGroup->enabled()) {
*groupBits |= (1 << i);
}
if (appGroup->logBlocked()) {
*logBlockedBits |= (1 << i);
}
if (appGroup->logConn()) {
*logConnBits |= (1 << i);
}

4
src/ui/util/conf/confutil.h
View File

@ -92,8 +92,8 @@ private:
const appentry_map_t &wildAppsMap, const appentry_map_t &prefixAppsMap,
const appentry_map_t &exeAppsMap);
static void writeAppGroupFlags(
quint16 *groupBits, quint16 *logConnBits, const FirewallConf &conf);
static void writeAppGroupFlags(quint16 *groupBits, quint16 *logBlockedBits,
quint16 *logConnBits, const FirewallConf &conf);
static void writeLimits(struct fort_speed_limit *limits, quint16 *limitBits,
quint32 *limitIoBits, const QList<AppGroup *> &appGroups);

2
src/version/fort_version.h
View File

@ -15,6 +15,6 @@
#define APP_UPDATES_URL "https://github.com/tnodir/fort/releases"
#define APP_UPDATES_API_URL "https://api.github.com/repos/tnodir/fort/releases/latest"
#define DRIVER_VERSION 28
#define DRIVER_VERSION 29
#endif // FORT_VERSION_H