mirror of
https://github.com/tnodir/fort
synced 2024-11-15 07:06:08 +00:00
UI: Statistics: Add "Collect Traffic, when Filter Disabled" option.
This commit is contained in:
parent
7423421e52
commit
d792191549
@ -29,6 +29,7 @@ typedef struct fort_conf_flags
|
||||
UINT32 app_allow_all : 1;
|
||||
UINT32 log_blocked : 1;
|
||||
UINT32 log_stat : 1;
|
||||
UINT32 log_stat_no_filter : 1;
|
||||
UINT32 log_allowed_ip : 1;
|
||||
UINT32 log_blocked_ip : 1;
|
||||
|
||||
|
@ -112,13 +112,22 @@ static void fort_callout_classify_v4(const FWPS_INCOMING_VALUES0 *inFixedValues,
|
||||
if (conf_flags.stop_traffic)
|
||||
goto block;
|
||||
|
||||
if (!conf_flags.filter_enabled
|
||||
|| !fort_conf_ip_is_inet(&conf_ref->conf,
|
||||
(fort_conf_zones_ip_included_func *) fort_conf_zones_ip_included,
|
||||
&g_device->conf, remote_ip))
|
||||
UCHAR block_reason = FORT_BLOCK_REASON_UNKNOWN;
|
||||
BOOL blocked = TRUE;
|
||||
|
||||
if (!conf_flags.filter_enabled) {
|
||||
if (conf_flags.log_stat && conf_flags.log_stat_no_filter) {
|
||||
blocked = FALSE;
|
||||
} else
|
||||
goto permit;
|
||||
}
|
||||
|
||||
if (!fort_conf_ip_is_inet(&conf_ref->conf,
|
||||
(fort_conf_zones_ip_included_func *) fort_conf_zones_ip_included, &g_device->conf,
|
||||
remote_ip))
|
||||
goto permit;
|
||||
|
||||
if (conf_flags.stop_inet_traffic)
|
||||
if (blocked && conf_flags.stop_inet_traffic)
|
||||
goto block;
|
||||
|
||||
const UINT32 process_id = (UINT32) inMetaValues->processId;
|
||||
@ -126,12 +135,10 @@ static void fort_callout_classify_v4(const FWPS_INCOMING_VALUES0 *inFixedValues,
|
||||
inMetaValues->processPath->size - sizeof(WCHAR); /* chop terminating zero */
|
||||
const PVOID path = inMetaValues->processPath->data;
|
||||
|
||||
UCHAR block_reason = FORT_BLOCK_REASON_UNKNOWN;
|
||||
BOOL blocked = TRUE;
|
||||
|
||||
if (!fort_conf_ip_inet_included(&conf_ref->conf,
|
||||
(fort_conf_zones_ip_included_func *) fort_conf_zones_ip_included, &g_device->conf,
|
||||
remote_ip)) {
|
||||
if (blocked
|
||||
&& !fort_conf_ip_inet_included(&conf_ref->conf,
|
||||
(fort_conf_zones_ip_included_func *) fort_conf_zones_ip_included,
|
||||
&g_device->conf, remote_ip)) {
|
||||
block_reason = FORT_BLOCK_REASON_IP_INET;
|
||||
goto block_log;
|
||||
}
|
||||
@ -139,7 +146,7 @@ static void fort_callout_classify_v4(const FWPS_INCOMING_VALUES0 *inFixedValues,
|
||||
FORT_APP_FLAGS app_flags =
|
||||
fort_conf_app_find(&conf_ref->conf, path, path_len, fort_conf_exe_find);
|
||||
|
||||
if ((app_flags.v == 0 && conf_flags.allow_all_new)
|
||||
if (!blocked || (app_flags.v == 0 && conf_flags.allow_all_new)
|
||||
|| !fort_conf_app_blocked(&conf_ref->conf, app_flags, &block_reason)) {
|
||||
if (conf_flags.log_stat) {
|
||||
const UINT64 flow_id = inMetaValues->flowHandle;
|
||||
@ -174,7 +181,8 @@ static void fort_callout_classify_v4(const FWPS_INCOMING_VALUES0 *inFixedValues,
|
||||
blocked = FALSE;
|
||||
}
|
||||
|
||||
if (app_flags.v == 0 && (conf_flags.allow_all_new || conf_flags.log_blocked)) {
|
||||
if (app_flags.v == 0 && (conf_flags.allow_all_new || conf_flags.log_blocked)
|
||||
&& conf_flags.filter_enabled) {
|
||||
app_flags.blocked = (UCHAR) blocked;
|
||||
app_flags.alerted = 1;
|
||||
app_flags.is_new = 1;
|
||||
|
@ -15,6 +15,7 @@ FirewallConf::FirewallConf(QObject *parent) :
|
||||
m_allowAllNew(false),
|
||||
m_logBlocked(false),
|
||||
m_logStat(false),
|
||||
m_logStatNoFilter(false),
|
||||
m_logAllowedIp(false),
|
||||
m_logBlockedIp(false),
|
||||
m_appBlockAll(true),
|
||||
@ -88,6 +89,14 @@ void FirewallConf::setLogStat(bool logStat)
|
||||
}
|
||||
}
|
||||
|
||||
void FirewallConf::setLogStatNoFilter(bool logStatNoFilter)
|
||||
{
|
||||
if (m_logStatNoFilter != logStatNoFilter) {
|
||||
m_logStatNoFilter = logStatNoFilter;
|
||||
emit logStatNoFilterChanged();
|
||||
}
|
||||
}
|
||||
|
||||
void FirewallConf::setLogAllowedIp(bool logAllowedIp)
|
||||
{
|
||||
if (m_logAllowedIp != logAllowedIp) {
|
||||
@ -356,6 +365,7 @@ void FirewallConf::copyImmediateFlags(const FirewallConf &o)
|
||||
{
|
||||
setLogBlocked(o.logBlocked());
|
||||
setLogStat(o.logStat());
|
||||
setLogStatNoFilter(o.logStatNoFilter());
|
||||
setLogAllowedIp(o.logAllowedIp());
|
||||
setLogBlockedIp(o.logBlockedIp());
|
||||
setTrafUnit(o.trafUnit());
|
||||
|
@ -27,6 +27,8 @@ class FirewallConf : public QObject
|
||||
Q_PROPERTY(bool allowAllNew READ allowAllNew WRITE setAllowAllNew NOTIFY allowAllNewChanged)
|
||||
Q_PROPERTY(bool logBlocked READ logBlocked WRITE setLogBlocked NOTIFY logBlockedChanged)
|
||||
Q_PROPERTY(bool logStat READ logStat WRITE setLogStat NOTIFY logStatChanged)
|
||||
Q_PROPERTY(bool logStatNoFilter READ logStatNoFilter WRITE setLogStatNoFilter NOTIFY
|
||||
logStatNoFilterChanged)
|
||||
Q_PROPERTY(bool logAllowedIp READ logAllowedIp WRITE setLogAllowedIp NOTIFY logAllowedIpChanged)
|
||||
Q_PROPERTY(bool logBlockedIp READ logBlockedIp WRITE setLogBlockedIp NOTIFY logBlockedIpChanged)
|
||||
Q_PROPERTY(bool appBlockAll READ appBlockAll WRITE setAppBlockAll NOTIFY appBlockAllChanged)
|
||||
@ -80,6 +82,9 @@ public:
|
||||
bool logStat() const { return m_logStat; }
|
||||
void setLogStat(bool logStat);
|
||||
|
||||
bool logStatNoFilter() const { return m_logStatNoFilter; }
|
||||
void setLogStatNoFilter(bool logStatNoFilter);
|
||||
|
||||
bool logAllowedIp() const { return m_logAllowedIp; }
|
||||
void setLogAllowedIp(bool logAllowedIp);
|
||||
|
||||
@ -156,6 +161,7 @@ signals:
|
||||
void allowAllNewChanged();
|
||||
void logBlockedChanged();
|
||||
void logStatChanged();
|
||||
void logStatNoFilterChanged();
|
||||
void logAllowedIpChanged();
|
||||
void logBlockedIpChanged();
|
||||
void appBlockAllChanged();
|
||||
@ -197,6 +203,7 @@ private:
|
||||
|
||||
bool m_logBlocked : 1;
|
||||
bool m_logStat : 1;
|
||||
bool m_logStatNoFilter : 1;
|
||||
|
||||
bool m_logAllowedIp : 1;
|
||||
bool m_logBlockedIp : 1;
|
||||
|
@ -125,6 +125,7 @@ void StatisticsPage::onRetranslateUi()
|
||||
|
||||
m_btTrafOptions->setText(tr("Options"));
|
||||
m_cbLogStat->setText(tr("Collect Traffic Statistics"));
|
||||
m_cbLogStatNoFilter->setText(tr("Collect Traffic, when Filter Disabled"));
|
||||
m_ctpActivePeriod->checkBox()->setText(tr("Active time period:"));
|
||||
m_lscMonthStart->label()->setText(tr("Month starts on:"));
|
||||
|
||||
@ -417,6 +418,7 @@ void StatisticsPage::setupGraphOptionsMenu()
|
||||
void StatisticsPage::setupTrafOptionsMenu()
|
||||
{
|
||||
setupLogStat();
|
||||
setupLogStatNoFilter();
|
||||
setupActivePeriod();
|
||||
setupMonthStart();
|
||||
setupTrafHourKeepDays();
|
||||
@ -428,10 +430,10 @@ void StatisticsPage::setupTrafOptionsMenu()
|
||||
setupBlockedIpKeepCount();
|
||||
|
||||
// Menu
|
||||
const QList<QWidget *> menuWidgets = { m_cbLogStat, m_ctpActivePeriod, m_lscMonthStart,
|
||||
ControlUtil::createSeparator(), m_lscTrafHourKeepDays, m_lscTrafDayKeepDays,
|
||||
m_lscTrafMonthKeepMonths, ControlUtil::createSeparator(), m_lscQuotaDayMb,
|
||||
m_lscQuotaMonthMb, ControlUtil::createSeparator(), m_lscAllowedIpKeepCount,
|
||||
const QList<QWidget *> menuWidgets = { m_cbLogStat, m_cbLogStatNoFilter, m_ctpActivePeriod,
|
||||
m_lscMonthStart, ControlUtil::createSeparator(), m_lscTrafHourKeepDays,
|
||||
m_lscTrafDayKeepDays, m_lscTrafMonthKeepMonths, ControlUtil::createSeparator(),
|
||||
m_lscQuotaDayMb, m_lscQuotaMonthMb, ControlUtil::createSeparator(), m_lscAllowedIpKeepCount,
|
||||
m_lscBlockedIpKeepCount };
|
||||
auto layout = ControlUtil::createLayoutByWidgets(menuWidgets);
|
||||
|
||||
@ -455,6 +457,18 @@ void StatisticsPage::setupLogStat()
|
||||
m_cbLogStat->setFont(ControlUtil::fontDemiBold());
|
||||
}
|
||||
|
||||
void StatisticsPage::setupLogStatNoFilter()
|
||||
{
|
||||
m_cbLogStatNoFilter = ControlUtil::createCheckBox(false, [&](bool checked) {
|
||||
if (conf()->logStatNoFilter() == checked)
|
||||
return;
|
||||
|
||||
conf()->setLogStatNoFilter(checked);
|
||||
|
||||
fortManager()->applyConfImmediateFlags();
|
||||
});
|
||||
}
|
||||
|
||||
void StatisticsPage::setupActivePeriod()
|
||||
{
|
||||
m_ctpActivePeriod = new CheckTimePeriod();
|
||||
@ -737,6 +751,7 @@ void StatisticsPage::updatePage()
|
||||
m_pageUpdating = true;
|
||||
|
||||
m_cbLogStat->setChecked(conf()->logStat());
|
||||
m_cbLogStatNoFilter->setChecked(conf()->logStatNoFilter());
|
||||
|
||||
m_ctpActivePeriod->checkBox()->setChecked(conf()->activePeriodEnabled());
|
||||
m_ctpActivePeriod->timeEdit1()->setTime(CheckTimePeriod::toTime(conf()->activePeriodFrom()));
|
||||
|
@ -56,6 +56,7 @@ private:
|
||||
void setupGraphOptionsMenu();
|
||||
void setupTrafOptionsMenu();
|
||||
void setupLogStat();
|
||||
void setupLogStatNoFilter();
|
||||
void setupActivePeriod();
|
||||
void setupMonthStart();
|
||||
void setupTrafHourKeepDays();
|
||||
@ -112,6 +113,7 @@ private:
|
||||
LabelColor *m_graphGridColor = nullptr;
|
||||
QPushButton *m_btTrafOptions = nullptr;
|
||||
QCheckBox *m_cbLogStat = nullptr;
|
||||
QCheckBox *m_cbLogStatNoFilter = nullptr;
|
||||
CheckTimePeriod *m_ctpActivePeriod = nullptr;
|
||||
LabelSpinCombo *m_lscMonthStart = nullptr;
|
||||
LabelSpinCombo *m_lscTrafHourKeepDays = nullptr;
|
||||
|
@ -230,6 +230,7 @@ bool FortSettings::writeConfIni(const FirewallConf &conf)
|
||||
setIniValue("allowAllNew", conf.allowAllNew());
|
||||
setIniValue("logBlocked", conf.logBlocked());
|
||||
setIniValue("logStat", conf.logStat());
|
||||
setIniValue("logStatNoFilter", conf.logStatNoFilter());
|
||||
setIniValue("logAllowedIp", conf.logAllowedIp());
|
||||
setIniValue("logBlockedIp", conf.logBlockedIp());
|
||||
setIniValue("appBlockAll", conf.appBlockAll());
|
||||
|
@ -36,6 +36,7 @@ void writeConfFlags(const FirewallConf &conf, PFORT_CONF_FLAGS confFlags)
|
||||
|
||||
confFlags->log_blocked = conf.logBlocked();
|
||||
confFlags->log_stat = conf.logStat();
|
||||
confFlags->log_stat_no_filter = conf.logStatNoFilter();
|
||||
|
||||
confFlags->log_allowed_ip = conf.logAllowedIp();
|
||||
confFlags->log_blocked_ip = conf.logBlockedIp();
|
||||
|
@ -14,6 +14,6 @@
|
||||
#define APP_UPDATES_URL "https://github.com/tnodir/fort/releases"
|
||||
#define APP_UPDATES_API_URL "https://api.github.com/repos/tnodir/fort/releases/latest"
|
||||
|
||||
#define DRIVER_VERSION 22
|
||||
#define DRIVER_VERSION 23
|
||||
|
||||
#endif // FORT_VERSION_H
|
||||
|
Loading…
Reference in New Issue
Block a user