mirror of
https://github.com/tnodir/fort
synced 2024-11-15 05:18:07 +00:00
Driver: "Stop Traffic" is effective, when "Filter Enabled" is turned on.
This commit is contained in:
parent
d792191549
commit
dc5384e333
13
README.md
13
README.md
@ -50,12 +50,13 @@ Filtered apps will be shown in the "Blocked" tab.
|
|||||||
|
|
||||||
#### Filtering steps:
|
#### Filtering steps:
|
||||||
1) If **address** is 127.* or 255.255.255.255 and "Filter Local Addresses" is turned off, then _**PERMIT**_
|
1) If **address** is 127.* or 255.255.255.255 and "Filter Local Addresses" is turned off, then _**PERMIT**_
|
||||||
2) If "Stop Traffic" is turned on, then _**BLOCK**_
|
2) If "Filter Enabled" is turned off, then _**PERMIT**_
|
||||||
3) If "Filter Enabled" is turned off or **address** is not from "Internet Addresses", then _**PERMIT**_
|
3) If "Stop Traffic" is turned on, then _**BLOCK**_
|
||||||
4) If "Stop Internet Traffic" is turned on, then _**BLOCK**_
|
4) If **address** is not from "Internet Addresses", then _**PERMIT**_
|
||||||
5) If **address** is not from "Allowed Internet Addresses", then _**BLOCK**_
|
5) If "Stop Internet Traffic" is turned on, then _**BLOCK**_
|
||||||
6) If **app path** is allowed, then _**PERMIT**_
|
6) If **address** is not from "Allowed Internet Addresses", then _**BLOCK**_
|
||||||
7) Log about blocked event and _**BLOCK**_
|
7) If **app path** is allowed, then _**PERMIT**_
|
||||||
|
8) Log about blocked event and _**BLOCK**_
|
||||||
|
|
||||||
## Code Quality Monitor
|
## Code Quality Monitor
|
||||||
|
|
||||||
|
@ -109,44 +109,45 @@ static void fort_callout_classify_v4(const FWPS_INCOMING_VALUES0 *inFixedValues,
|
|||||||
|
|
||||||
const FORT_CONF_FLAGS conf_flags = conf_ref->conf.flags;
|
const FORT_CONF_FLAGS conf_flags = conf_ref->conf.flags;
|
||||||
|
|
||||||
if (conf_flags.stop_traffic)
|
|
||||||
goto block;
|
|
||||||
|
|
||||||
UCHAR block_reason = FORT_BLOCK_REASON_UNKNOWN;
|
|
||||||
BOOL blocked = TRUE;
|
|
||||||
|
|
||||||
if (!conf_flags.filter_enabled) {
|
|
||||||
if (conf_flags.log_stat && conf_flags.log_stat_no_filter) {
|
|
||||||
blocked = FALSE;
|
|
||||||
} else
|
|
||||||
goto permit;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!fort_conf_ip_is_inet(&conf_ref->conf,
|
|
||||||
(fort_conf_zones_ip_included_func *) fort_conf_zones_ip_included, &g_device->conf,
|
|
||||||
remote_ip))
|
|
||||||
goto permit;
|
|
||||||
|
|
||||||
if (blocked && conf_flags.stop_inet_traffic)
|
|
||||||
goto block;
|
|
||||||
|
|
||||||
const UINT32 process_id = (UINT32) inMetaValues->processId;
|
const UINT32 process_id = (UINT32) inMetaValues->processId;
|
||||||
const UINT32 path_len =
|
const UINT32 path_len =
|
||||||
inMetaValues->processPath->size - sizeof(WCHAR); /* chop terminating zero */
|
inMetaValues->processPath->size - sizeof(WCHAR); /* chop terminating zero */
|
||||||
const PVOID path = inMetaValues->processPath->data;
|
const PVOID path = inMetaValues->processPath->data;
|
||||||
|
|
||||||
if (blocked
|
UCHAR block_reason = FORT_BLOCK_REASON_UNKNOWN;
|
||||||
&& !fort_conf_ip_inet_included(&conf_ref->conf,
|
BOOL blocked = TRUE;
|
||||||
|
|
||||||
|
if (conf_flags.filter_enabled) {
|
||||||
|
if (conf_flags.stop_traffic)
|
||||||
|
goto end;
|
||||||
|
|
||||||
|
if (!fort_conf_ip_is_inet(&conf_ref->conf,
|
||||||
|
(fort_conf_zones_ip_included_func *) fort_conf_zones_ip_included,
|
||||||
|
&g_device->conf, remote_ip)) {
|
||||||
|
blocked = FALSE; /* permit (LAN) */
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (conf_flags.stop_inet_traffic)
|
||||||
|
goto end;
|
||||||
|
|
||||||
|
if (!fort_conf_ip_inet_included(&conf_ref->conf,
|
||||||
(fort_conf_zones_ip_included_func *) fort_conf_zones_ip_included,
|
(fort_conf_zones_ip_included_func *) fort_conf_zones_ip_included,
|
||||||
&g_device->conf, remote_ip)) {
|
&g_device->conf, remote_ip)) {
|
||||||
block_reason = FORT_BLOCK_REASON_IP_INET;
|
block_reason = FORT_BLOCK_REASON_IP_INET;
|
||||||
goto block_log;
|
goto end;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
blocked = FALSE; /* permit (Filter Disabled) */
|
||||||
|
if (!(conf_flags.log_stat && conf_flags.log_stat_no_filter))
|
||||||
|
goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
FORT_APP_FLAGS app_flags =
|
FORT_APP_FLAGS app_flags =
|
||||||
fort_conf_app_find(&conf_ref->conf, path, path_len, fort_conf_exe_find);
|
fort_conf_app_find(&conf_ref->conf, path, path_len, fort_conf_exe_find);
|
||||||
|
|
||||||
if (!blocked || (app_flags.v == 0 && conf_flags.allow_all_new)
|
if (!blocked /* collect traffic, when Filter Disabled */
|
||||||
|
|| (app_flags.v == 0 && conf_flags.allow_all_new) /* collect new Blocked Programs */
|
||||||
|| !fort_conf_app_blocked(&conf_ref->conf, app_flags, &block_reason)) {
|
|| !fort_conf_app_blocked(&conf_ref->conf, app_flags, &block_reason)) {
|
||||||
if (conf_flags.log_stat) {
|
if (conf_flags.log_stat) {
|
||||||
const UINT64 flow_id = inMetaValues->flowHandle;
|
const UINT64 flow_id = inMetaValues->flowHandle;
|
||||||
@ -167,7 +168,8 @@ static void fort_callout_classify_v4(const FWPS_INCOMING_VALUES0 *inFixedValues,
|
|||||||
if (!NT_SUCCESS(status)) {
|
if (!NT_SUCCESS(status)) {
|
||||||
if (status == FORT_STATUS_FLOW_BLOCK) {
|
if (status == FORT_STATUS_FLOW_BLOCK) {
|
||||||
block_reason = FORT_BLOCK_REASON_REAUTH;
|
block_reason = FORT_BLOCK_REASON_REAUTH;
|
||||||
goto block_log;
|
blocked = TRUE;
|
||||||
|
goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
|
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
|
||||||
@ -178,7 +180,7 @@ static void fort_callout_classify_v4(const FWPS_INCOMING_VALUES0 *inFixedValues,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
blocked = FALSE;
|
blocked = FALSE; /* permit */
|
||||||
}
|
}
|
||||||
|
|
||||||
if (app_flags.v == 0 && (conf_flags.allow_all_new || conf_flags.log_blocked)
|
if (app_flags.v == 0 && (conf_flags.allow_all_new || conf_flags.log_blocked)
|
||||||
@ -193,28 +195,28 @@ static void fort_callout_classify_v4(const FWPS_INCOMING_VALUES0 *inFixedValues,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!blocked)
|
end:
|
||||||
goto permit;
|
if (blocked) {
|
||||||
|
/* Log the blocked connection */
|
||||||
block_log:
|
if (block_reason != FORT_BLOCK_REASON_UNKNOWN && conf_flags.log_blocked_ip) {
|
||||||
if (conf_flags.log_blocked_ip) {
|
|
||||||
const UINT32 local_ip = inFixedValues->incomingValue[localIpField].value.uint32;
|
const UINT32 local_ip = inFixedValues->incomingValue[localIpField].value.uint32;
|
||||||
const UINT16 local_port = inFixedValues->incomingValue[localPortField].value.uint16;
|
const UINT16 local_port = inFixedValues->incomingValue[localPortField].value.uint16;
|
||||||
const UINT16 remote_port = inFixedValues->incomingValue[remotePortField].value.uint16;
|
const UINT16 remote_port = inFixedValues->incomingValue[remotePortField].value.uint16;
|
||||||
const IPPROTO ip_proto = (IPPROTO) inFixedValues->incomingValue[ipProtoField].value.uint8;
|
const IPPROTO ip_proto =
|
||||||
|
(IPPROTO) inFixedValues->incomingValue[ipProtoField].value.uint8;
|
||||||
|
|
||||||
fort_buffer_blocked_ip_write(&g_device->buffer, inbound, block_reason, ip_proto, local_port,
|
fort_buffer_blocked_ip_write(&g_device->buffer, inbound, block_reason, ip_proto,
|
||||||
remote_port, local_ip, remote_ip, process_id, path_len, path, &irp, &info);
|
local_port, remote_port, local_ip, remote_ip, process_id, path_len, path, &irp,
|
||||||
|
&info);
|
||||||
}
|
}
|
||||||
|
|
||||||
block:
|
/* Block the connection */
|
||||||
fort_callout_classify_block(classifyOut);
|
fort_callout_classify_block(classifyOut);
|
||||||
goto end;
|
} else {
|
||||||
|
/* Allow the connection */
|
||||||
permit:
|
|
||||||
fort_callout_classify_permit(filter, classifyOut);
|
fort_callout_classify_permit(filter, classifyOut);
|
||||||
|
}
|
||||||
|
|
||||||
end:
|
|
||||||
fort_conf_ref_put(&g_device->conf, conf_ref);
|
fort_conf_ref_put(&g_device->conf, conf_ref);
|
||||||
|
|
||||||
if (irp != NULL) {
|
if (irp != NULL) {
|
||||||
|
Loading…
Reference in New Issue
Block a user