profile

package
v0.2.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 22, 2019 License: AGPL-3.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	PlatformLinux   = "linux"
	PlatformWindows = "windows"
	PlatformMac     = "macos"
)

Platform identifiers

View Source 
const (
	UserNamespace    = "user"
	StampNamespace   = "stamp"
	SpecialNamespace = "special"
)

Namespaces

View Source 
const (
	// Profile Modes
	Prompt    uint8 = 0 // Prompt first-seen connections
	Blacklist uint8 = 1 // Allow everything not explicitly denied
	Whitelist uint8 = 2 // Only allow everything explicitly allowed

	// Network Locations
	Internet  uint8 = 16 // Allow connections to the Internet
	LAN       uint8 = 17 // Allow connections to the local area network
	Localhost uint8 = 18 // Allow connections on the local host

	// Specials
	Related       uint8 = 32 // If and before prompting, allow domains that are related to the program
	PeerToPeer    uint8 = 33 // Allow program to directly communicate with peers, without resolving DNS first
	Service       uint8 = 34 // Allow program to accept incoming connections
	Independent   uint8 = 35 // Ignore profile settings coming from the Community
	RequireGate17 uint8 = 36 // Require all connections to go over Gate17
)

Profile Flags

Variables

View Source 
var (
	// ErrFlagsParseFailed is returned if a an invalid flag is encountered while parsing
	ErrFlagsParseFailed = errors.New("profiles: failed to parse flags")
)

Functions

func DeactivateProfileSet 

func DeactivateProfileSet(set *Set)

DeactivateProfileSet marks a profile set as not active.

func GetFingerprintWeight 

func GetFingerprintWeight(fpType string) (weight int)

GetFingerprintWeight returns the weight of the given fingerprint type.

func GetPathIdentifier 

func GetPathIdentifier(path string) string

GetPathIdentifier returns the identifier from the given path

func GetUpdateVersion added in v0.2.2 

func GetUpdateVersion() uint32

GetUpdateVersion returns the current profiles internal update version

func MakeProfileKey 

func MakeProfileKey(namespace, ID string) string

MakeProfileKey creates the correct key for a profile with the given namespace and ID.

Types

type EPResult added in v0.2.2 

type EPResult uint8

EPResult represents the result of a check against an EndpointPermission 

const (
	NoMatch EPResult = iota
	Undeterminable
	Denied
	Permitted
)

EndpointPermission return values

func (EPResult) String added in v0.2.2 

func (epr EPResult) String() string

type EPType added in v0.2.2 

type EPType uint8

EPType represents the type of an EndpointPermission 

const (
	EptUnknown   EPType = 0
	EptAny       EPType = 1
	EptDomain    EPType = 2
	EptIPv4      EPType = 3
	EptIPv6      EPType = 4
	EptIPv4Range EPType = 5
	EptIPv6Range EPType = 6
	EptASN       EPType = 7
	EptCountry   EPType = 8
)

EPType values

func (EPType) String added in v0.2.2 

func (ept EPType) String() string

type EndpointPermission 

type EndpointPermission struct {
	Type  EPType
	Value string

	Protocol  uint8
	StartPort uint16
	EndPort   uint16

	Permit  bool
	Created int64
}

EndpointPermission holds a decision about an endpoint.

func (EndpointPermission) MatchesDomain added in v0.2.2 

func (ep EndpointPermission) MatchesDomain(domain string) (result EPResult, reason string)

MatchesDomain checks if the given endpoint matches the EndpointPermission.

func (EndpointPermission) MatchesIP added in v0.2.2 

func (ep EndpointPermission) MatchesIP(domain string, ip net.IP, protocol uint8, port uint16, getDomainOfIP func() string) (result EPResult, reason string)

MatchesIP checks if the given endpoint matches the EndpointPermission. _getDomainOfIP_, if given, will be used to get the domain if not given.

func (EndpointPermission) String 

func (ep EndpointPermission) String() string

type Endpoints 

type Endpoints []*EndpointPermission

Endpoints is a list of permitted or denied endpoints.

func (Endpoints) CheckDomain added in v0.2.2 

func (e Endpoints) CheckDomain(domain string) (result EPResult, reason string)

CheckDomain checks the if the given endpoint matches a EndpointPermission in the list.

func (Endpoints) CheckIP added in v0.2.2 

func (e Endpoints) CheckIP(domain string, ip net.IP, protocol uint8, port uint16, checkReverseIP bool, securityLevel uint8) (result EPResult, reason string)

CheckIP checks the if the given endpoint matches a EndpointPermission in the list. If _checkReverseIP_ and no domain is given, the IP will be resolved to a domain, if necessary.

func (Endpoints) IsSet 

func (e Endpoints) IsSet() bool

IsSet returns whether the Endpoints object is "set".

func (Endpoints) String 

func (e Endpoints) String() string

type Fingerprint 

type Fingerprint struct {
	OS       string
	Type     string
	Value    string
	Comment  string
	LastUsed int64
}

Fingerprint links processes to profiles.

func (*Fingerprint) MatchesOS 

func (fp *Fingerprint) MatchesOS() bool

MatchesOS returns whether the Fingerprint is applicable for the current OS.

type Flags 

type Flags map[uint8]uint8

Flags are used to quickly add common attributes to profiles

func (Flags) Add 

func (flags Flags) Add(flag, levels uint8)

Add adds a flag to the Flags with the given level.

func (Flags) Check 

func (flags Flags) Check(flag, level uint8) (active bool, ok bool)

Check checks if a flag is set at all and if it's active in the given security level.

func (Flags) Remove 

func (flags Flags) Remove(flag uint8)

Remove removes a flag from the Flags.

func (Flags) String 

func (flags Flags) String() string

String return a string representation of Flags

type Profile 

type Profile struct {
	record.Base
	sync.Mutex

	// Profile Metadata
	ID          string
	Name        string
	Description string
	Homepage    string
	// Icon is a path to the icon and is either prefixed "f:" for filepath, "d:" for a database path or "e:" for the encoded data.
	Icon string

	// User Profile Only
	LinkedPath           string
	StampProfileID       string
	StampProfileAssigned int64

	// Fingerprints
	Fingerprints []*Fingerprint

	// The mininum security level to apply to connections made with this profile
	SecurityLevel    uint8
	Flags            Flags
	Endpoints        Endpoints
	ServiceEndpoints Endpoints

	// When this Profile was approximately last used (for performance reasons not every single usage is saved)
	Created        int64
	ApproxLastUsed int64
}

Profile is used to predefine a security profile for applications.

func EnsureProfile 

func EnsureProfile(r record.Record) (*Profile, error)

EnsureProfile ensures that the given record is a *Profile, and returns it.

func GetStampProfile 

func GetStampProfile(ID string) (*Profile, error)

GetStampProfile loads a profile from the database.

func GetUserProfile 

func GetUserProfile(ID string) (*Profile, error)

GetUserProfile loads a profile from the database.

func New 

func New() *Profile

New returns a new Profile.

func (*Profile) AddFingerprint 

func (p *Profile) AddFingerprint(fp *Fingerprint)

AddFingerprint adds the given fingerprint to the profile.

func (*Profile) DetailedString 

func (profile *Profile) DetailedString() string

DetailedString returns a more detailed string representation of theProfile.

func (*Profile) MarkUsed 

func (profile *Profile) MarkUsed() (updated bool)

MarkUsed marks the profile as used, eventually.

func (*Profile) Save 

func (profile *Profile) Save(namespace string) error

Save saves the profile to the database

func (*Profile) String 

func (profile *Profile) String() string

String returns a string representation of the Profile.

type Set 

type Set struct {
	sync.Mutex
	// contains filtered or unexported fields
}

Set handles Profile chaining.

func NewSet 

func NewSet(ctx context.Context, id string, user, stamp *Profile) *Set

NewSet returns a new profile set with given the profiles.

func (*Set) CheckEndpointDomain added in v0.2.2 

func (set *Set) CheckEndpointDomain(domain string) (result EPResult, reason string)

CheckEndpointDomain checks if the given endpoint matches an entry in the corresponding list. This is for outbound communication only.

func (*Set) CheckEndpointIP added in v0.2.2 

func (set *Set) CheckEndpointIP(domain string, ip net.IP, protocol uint8, port uint16, inbound bool) (result EPResult, reason string)

CheckEndpointIP checks if the given endpoint matches an entry in the corresponding list.

func (*Set) CheckFlag 

func (set *Set) CheckFlag(flag uint8) (active bool)

CheckFlag returns whether a given flag is set.

func (*Set) GetProfileMode 

func (set *Set) GetProfileMode() uint8

GetProfileMode returns the active profile mode.

func (*Set) SecurityLevel 

func (set *Set) SecurityLevel() uint8

SecurityLevel returns the applicable security level for the profile set.

func (*Set) Update 

func (set *Set) Update(securityLevel uint8)

Update gets the new global and default profile and updates the independence status. It must be called when reusing a profile set for a series of calls.

func (*Set) UserProfile 

func (set *Set) UserProfile() *Profile

UserProfile returns the user profile.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.