Documentation
¶
Index ¶
- Constants
- Variables
- func DeactivateProfileSet(set *Set)
- func GetFingerprintWeight(fpType string) (weight int)
- func GetPathIdentifier(path string) string
- func MakeProfileKey(namespace, ID string) string
- type EndpointPermission
- type Endpoints
- type Fingerprint
- type Flags
- type Profile
- type Set
- func (set *Set) CheckEndpoint(domainOrIP string, protocol uint8, port uint16, inbound bool) (permit bool, reason string, ok bool)
- func (set *Set) CheckFlag(flag uint8) (active bool)
- func (set *Set) GetProfileMode() uint8
- func (set *Set) SecurityLevel() uint8
- func (set *Set) Update(securityLevel uint8)
- func (set *Set) UserProfile() *Profile
Constants ¶
const ( PlatformLinux = "linux" PlatformWindows = "windows" PlatformMac = "macos" )
Platform identifiers
const ( UserNamespace = "user" StampNamespace = "stamp" SpecialNamespace = "special" )
Namespaces
const ( // Profile Modes Prompt uint8 = 0 // Prompt first-seen connections Blacklist uint8 = 1 // Allow everything not explicitly denied Whitelist uint8 = 2 // Only allow everything explicitly allowed // Network Locations Internet uint8 = 16 // Allow connections to the Internet LAN uint8 = 17 // Allow connections to the local area network Localhost uint8 = 18 // Allow connections on the local host // Specials Related uint8 = 32 // If and before prompting, allow domains that are related to the program PeerToPeer uint8 = 33 // Allow program to directly communicate with peers, without resolving DNS first Service uint8 = 34 // Allow program to accept incoming connections Independent uint8 = 35 // Ignore profile settings coming from the Community RequireGate17 uint8 = 36 // Require all connections to go over Gate17 )
Profile Flags
Variables ¶
var ( // ErrFlagsParseFailed is returned if a an invalid flag is encountered while parsing ErrFlagsParseFailed = errors.New("profiles: failed to parse flags") )
Functions ¶
func DeactivateProfileSet ¶
func DeactivateProfileSet(set *Set)
DeactivateProfileSet marks a profile set as not active.
func GetFingerprintWeight ¶
GetFingerprintWeight returns the weight of the given fingerprint type.
func GetPathIdentifier ¶
GetPathIdentifier returns the identifier from the given path
func MakeProfileKey ¶
MakeProfileKey creates the correct key for a profile with the given namespace and ID.
Types ¶
type EndpointPermission ¶
type EndpointPermission struct {
DomainOrIP string
Wildcard bool
Protocol uint8
StartPort uint16
EndPort uint16
Permit bool
Created int64
}
EndpointPermission holds a decision about an endpoint.
func (EndpointPermission) Matches ¶
func (ep EndpointPermission) Matches(domainOrIP string, protocol uint8, port uint16, isDomain bool, getDomainOfIP func() string) (match bool, reason string)
Matches checks whether the given endpoint has a managed permission. If getDomainOfIP (returns reverse and forward dns matching domain name) is supplied, this declares an incoming connection.
func (EndpointPermission) String ¶
func (ep EndpointPermission) String() string
type Endpoints ¶
type Endpoints []*EndpointPermission
Endpoints is a list of permitted or denied endpoints.
func (Endpoints) Check ¶
func (e Endpoints) Check(domainOrIP string, protocol uint8, port uint16, checkReverseIP bool, securityLevel uint8) (permit bool, reason string, ok bool)
Check checks if the given domain is governed in the list of domains and returns whether it is permitted. If getDomainOfIP (returns reverse and forward dns matching domain name) is supplied, an IP will be resolved to a domain, if necessary.
type Fingerprint ¶
Fingerprint links processes to profiles.
func (*Fingerprint) MatchesOS ¶
func (fp *Fingerprint) MatchesOS() bool
MatchesOS returns whether the Fingerprint is applicable for the current OS.
type Flags ¶
Flags are used to quickly add common attributes to profiles
type Profile ¶
type Profile struct {
record.Base
sync.Mutex
// Profile Metadata
ID string
Name string
Description string
Homepage string
// Icon is a path to the icon and is either prefixed "f:" for filepath, "d:" for a database path or "e:" for the encoded data.
Icon string
// User Profile Only
LinkedPath string
StampProfileID string
StampProfileAssigned int64
// Fingerprints
Fingerprints []*Fingerprint
// The mininum security level to apply to connections made with this profile
SecurityLevel uint8
Flags Flags
Endpoints Endpoints
ServiceEndpoints Endpoints
// When this Profile was approximately last used (for performance reasons not every single usage is saved)
Created int64
ApproxLastUsed int64
}
Profile is used to predefine a security profile for applications.
func EnsureProfile ¶
EnsureProfile ensures that the given record is a *Profile, and returns it.
func GetStampProfile ¶
GetStampProfile loads a profile from the database.
func GetUserProfile ¶
GetUserProfile loads a profile from the database.
func (*Profile) AddFingerprint ¶
func (p *Profile) AddFingerprint(fp *Fingerprint)
AddFingerprint adds the given fingerprint to the profile.
func (*Profile) DetailedString ¶
DetailedString returns a more detailed string representation of theProfile.
type Set ¶
Set handles Profile chaining.
func (*Set) CheckEndpoint ¶
func (set *Set) CheckEndpoint(domainOrIP string, protocol uint8, port uint16, inbound bool) (permit bool, reason string, ok bool)
CheckEndpoint checks if the given protocol and port are governed in any the lists of ports and returns whether it is permitted.
func (*Set) GetProfileMode ¶
GetProfileMode returns the active profile mode.
func (*Set) SecurityLevel ¶
SecurityLevel returns the applicable security level for the profile set.
func (*Set) Update ¶
Update gets the new global and default profile and updates the independence status. It must be called when reusing a profile set for a series of calls.
func (*Set) UserProfile ¶
UserProfile returns the user profile.
Source Files
Directories