Documentation ¶
Index ¶
- Constants
- Variables
- func KeyAndValueInTags(tags []Tag, key, value string) bool
- func KeyInTags(tags []Tag, key string) bool
- func MatchFingerprints(prints *parsedFingerprints, md MatchingData) (highestScore int)
- type Fingerprint
- type LayeredProfile
- func (lp *LayeredProfile) DefaultAction() uint8
- func (lp *LayeredProfile) GetProfileSource(configKey string) string
- func (lp *LayeredProfile) LocalProfile() *Profile
- func (lp *LayeredProfile) LocalProfileWithoutLocking() *Profile
- func (lp *LayeredProfile) LockForUsage()
- func (lp *LayeredProfile) MarkStillActive()
- func (lp *LayeredProfile) MatchEndpoint(ctx context.Context, entity *intel.Entity) (endpoints.EPResult, endpoints.Reason)
- func (lp *LayeredProfile) MatchFilterLists(ctx context.Context, entity *intel.Entity) (endpoints.EPResult, endpoints.Reason)
- func (lp *LayeredProfile) MatchSPNUsagePolicy(ctx context.Context, entity *intel.Entity) (endpoints.EPResult, endpoints.Reason)
- func (lp *LayeredProfile) MatchServiceEndpoint(ctx context.Context, entity *intel.Entity) (endpoints.EPResult, endpoints.Reason)
- func (lp *LayeredProfile) NeedsUpdate() (outdated bool)
- func (lp *LayeredProfile) RevisionCnt() (revisionCounter uint64)
- func (lp *LayeredProfile) SecurityLevel() uint8
- func (lp *LayeredProfile) StackedExitHubPolicies() []endpoints.Endpoints
- func (lp *LayeredProfile) UnlockForUsage()
- func (lp *LayeredProfile) Update(md MatchingData, createProfileCallback func() *Profile) (revisionCounter uint64)
- type MatchingData
- type Profile
- func (profile *Profile) AddEndpoint(newEntry string)
- func (profile *Profile) AddServiceEndpoint(newEntry string)
- func (profile *Profile) GetEndpoints() endpoints.Endpoints
- func (profile *Profile) GetServiceEndpoints() endpoints.Endpoints
- func (profile *Profile) IsOutdated() bool
- func (profile *Profile) LastActive() int64
- func (profile *Profile) LayeredProfile() *LayeredProfile
- func (profile *Profile) MarkStillActive()
- func (profile *Profile) Save() error
- func (profile *Profile) ScopedID() string
- func (profile *Profile) String() string
- type Tag
Constants ¶
const ( FingerprintTypeTagID = "tag" FingerprintTypeCmdlineID = "cmdline" FingerprintTypeEnvID = "env" FingerprintTypePathID = "path" // Matches both MatchingPath and Path. FingerprintOperationEqualsID = "equals" FingerprintOperationPrefixID = "prefix" FingerprintOperationRegexID = "regex" )
Fingerprint Type IDs.
const ( SourceLocal profileSource = "local" // local, editable SourceSpecial profileSource = "special" // specials (read-only) )
Profile Sources.
const ( DefaultActionNotSet uint8 = 0 DefaultActionBlock uint8 = 1 DefaultActionAsk uint8 = 2 DefaultActionPermit uint8 = 3 )
Default Action IDs.
const ( IconTypeFile iconType = "path" IconTypeDatabase iconType = "database" IconTypeBlob iconType = "blob" )
Supported icon types.
const ( // UnidentifiedProfileID is the profile ID used for unidentified processes. UnidentifiedProfileID = "_unidentified" // UnidentifiedProfileName is the name used for unidentified processes. UnidentifiedProfileName = "Other Connections" // UnidentifiedProfileDescription is the description used for unidentified processes. UnidentifiedProfileDescription = `` /* 276-byte string literal not displayed */ // UnsolicitedProfileID is the profile ID used for unsolicited connections. UnsolicitedProfileID = "_unsolicited" // UnsolicitedProfileName is the name used for unsolicited connections. UnsolicitedProfileName = "Network Noise" // UnsolicitedProfileDescription is the description used for unsolicited connections. UnsolicitedProfileDescription = `` /* 418-byte string literal not displayed */ // SystemProfileID is the profile ID used for the system/kernel. SystemProfileID = "_system" // SystemProfileName is the name used for the system/kernel. SystemProfileName = "Operating System" // SystemProfileDescription is the description used for the system/kernel. SystemProfileDescription = "This is the operation system itself." // SystemResolverProfileID is the profile ID used for the system's DNS resolver. SystemResolverProfileID = "_system-resolver" // SystemResolverProfileName is the name used for the system's DNS resolver. SystemResolverProfileName = "System DNS Client" // SystemResolverProfileDescription is the description used for the system's DNS resolver. SystemResolverProfileDescription = `` /* 650-byte string literal not displayed */ // PortmasterProfileID is the profile ID used for the Portmaster Core itself. PortmasterProfileID = "_portmaster" // PortmasterProfileName is the name used for the Portmaster Core itself. PortmasterProfileName = "Portmaster Core Service" // PortmasterProfileDescription is the description used for the Portmaster Core itself. PortmasterProfileDescription = `This is the Portmaster itself, which runs in the background as a system service. App specific settings have no effect.` // PortmasterAppProfileID is the profile ID used for the Portmaster App. PortmasterAppProfileID = "_portmaster-app" // PortmasterAppProfileName is the name used for the Portmaster App. PortmasterAppProfileName = "Portmaster User Interface" // PortmasterAppProfileDescription is the description used for the Portmaster App. PortmasterAppProfileDescription = `This is the Portmaster UI Windows.` // PortmasterNotifierProfileID is the profile ID used for the Portmaster Notifier. PortmasterNotifierProfileID = "_portmaster-notifier" // PortmasterNotifierProfileName is the name used for the Portmaster Notifier. PortmasterNotifierProfileName = "Portmaster Notifier" // PortmasterNotifierProfileDescription is the description used for the Portmaster Notifier. PortmasterNotifierProfileDescription = `This is the Portmaster UI Tray Notifier.` )
Variables ¶
var ( CfgOptionDefaultActionKey = "filter/defaultAction" DefaultActionPermitValue = "permit" DefaultActionBlockValue = "block" DefaultActionAskValue = "ask" CfgOptionBlockScopeInternetKey = "filter/blockInternet" CfgOptionBlockScopeLANKey = "filter/blockLAN" CfgOptionBlockScopeLocalKey = "filter/blockLocal" CfgOptionBlockP2PKey = "filter/blockP2P" CfgOptionBlockInboundKey = "filter/blockInbound" CfgOptionEndpointsKey = "filter/endpoints" CfgOptionServiceEndpointsKey = "filter/serviceEndpoints" CfgOptionFilterListsKey = "filter/lists" CfgOptionFilterSubDomainsKey = "filter/includeSubdomains" CfgOptionFilterCNAMEKey = "filter/includeCNAMEs" CfgOptionRemoveOutOfScopeDNSKey = "filter/removeOutOfScopeDNS" CfgOptionRemoveBlockedDNSKey = "filter/removeBlockedDNS" CfgOptionDomainHeuristicsKey = "filter/domainHeuristics" CfgOptionPreventBypassingKey = "filter/preventBypassing" CfgOptionDisableAutoPermitKey = "filter/disableAutoPermit" CfgOptionEnableHistoryKey = "history/enable" CfgOptionKeepHistoryKey = "history/keep" CfgOptionUseSPNKey = "spn/use" CfgOptionSPNUsagePolicyKey = "spn/usagePolicy" CfgOptionRoutingAlgorithmKey = "spn/routingAlgorithm" CfgOptionExitHubPolicyKey = "spn/exitHubPolicy" )
Configuration Keys.
var ( // SPNRulesQuickSettings is a list of countries the SPN currently is present in // as quick settings in order to help users with SPN related policy settings. // This is a quick win to make the MVP easier to use, but will be replaced by // a better solution in the future. SPNRulesQuickSettings = []config.QuickSetting{ {Name: "Exclude Canada (CA)", Action: config.QuickMergeTop, Value: []string{"- CA"}}, {Name: "Exclude Finland (FI)", Action: config.QuickMergeTop, Value: []string{"- FI"}}, {Name: "Exclude France (FR)", Action: config.QuickMergeTop, Value: []string{"- FR"}}, {Name: "Exclude Germany (DE)", Action: config.QuickMergeTop, Value: []string{"- DE"}}, {Name: "Exclude Israel (IL)", Action: config.QuickMergeTop, Value: []string{"- IL"}}, {Name: "Exclude Poland (PL)", Action: config.QuickMergeTop, Value: []string{"- PL"}}, {Name: "Exclude United Kingdom (GB)", Action: config.QuickMergeTop, Value: []string{"- GB"}}, {Name: "Exclude United States of America (US)", Action: config.QuickMergeTop, Value: []string{"- US"}}, } // SPNRulesVerdictNames defines the verdicts names to be used for SPN Rules. SPNRulesVerdictNames = map[string]string{ "-": "Exclude", "+": "Allow", } // SPNRulesHelp defines the help text for SPN related Hub selection rules. SPNRulesHelp = strings.ReplaceAll(`Rules are checked from top to bottom, stopping after the first match. They can match the following attributes of SPN Nodes: - Country (based on IPs): "US" (two-letter country codes according to ISO 3166-1 alpha-2) - AS number: "AS123456" - Address: "192.168.0.1" - Network: "192.168.0.1/24" - Anything: "*" `, `"`, "`") )
Functions ¶
func KeyAndValueInTags ¶ added in v0.9.9
KeyAndValueInTags checks is the given key/value pair is in the tags.
func MatchFingerprints ¶ added in v0.9.9
func MatchFingerprints(prints *parsedFingerprints, md MatchingData) (highestScore int)
MatchFingerprints returns the highest matching score of the given fingerprints and matching data.
Types ¶
type Fingerprint ¶
type Fingerprint struct { Type string Key string // Key must always fully match. Operation string Value string }
Fingerprint defines a way of matching a process. The Key is only valid - but required - for some types.
func (Fingerprint) MatchesKey ¶ added in v0.9.9
func (fp Fingerprint) MatchesKey(key string) bool
MatchesKey returns whether the optional fingerprint key (for some types only) matches the given key.
type LayeredProfile ¶ added in v0.4.0
type LayeredProfile struct { record.Base sync.RWMutex LayerIDs []string RevisionCounter uint64 DisableAutoPermit config.BoolOption `json:"-"` BlockScopeLocal config.BoolOption `json:"-"` BlockScopeLAN config.BoolOption `json:"-"` BlockScopeInternet config.BoolOption `json:"-"` BlockP2P config.BoolOption `json:"-"` BlockInbound config.BoolOption `json:"-"` RemoveOutOfScopeDNS config.BoolOption `json:"-"` RemoveBlockedDNS config.BoolOption `json:"-"` FilterSubDomains config.BoolOption `json:"-"` FilterCNAMEs config.BoolOption `json:"-"` PreventBypassing config.BoolOption `json:"-"` DomainHeuristics config.BoolOption `json:"-"` UseSPN config.BoolOption `json:"-"` SPNRoutingAlgorithm config.StringOption `json:"-"` EnableHistory config.BoolOption `json:"-"` KeepHistory config.IntOption `json:"-"` // contains filtered or unexported fields }
LayeredProfile combines multiple Profiles.
func NewLayeredProfile ¶ added in v0.4.0
func NewLayeredProfile(localProfile *Profile) *LayeredProfile
NewLayeredProfile returns a new layered profile based on the given local profile.
func (*LayeredProfile) DefaultAction ¶ added in v0.4.0
func (lp *LayeredProfile) DefaultAction() uint8
DefaultAction returns the active default action ID. This functions requires the layered profile to be read locked.
func (*LayeredProfile) GetProfileSource ¶ added in v0.6.0
func (lp *LayeredProfile) GetProfileSource(configKey string) string
GetProfileSource returns the database key of the first profile in the layers that has the given configuration key set. If it returns an empty string, the global profile can be assumed to have been effective.
func (*LayeredProfile) LocalProfile ¶ added in v0.6.0
func (lp *LayeredProfile) LocalProfile() *Profile
LocalProfile returns the local profile associated with this layered profile.
func (*LayeredProfile) LocalProfileWithoutLocking ¶ added in v0.9.1
func (lp *LayeredProfile) LocalProfileWithoutLocking() *Profile
LocalProfileWithoutLocking returns the local profile associated with this layered profile, but without locking the layered profile. This method my only be used when the caller already has a lock on the layered profile.
func (*LayeredProfile) LockForUsage ¶ added in v0.6.0
func (lp *LayeredProfile) LockForUsage()
LockForUsage locks the layered profile, including all layers individually.
func (*LayeredProfile) MarkStillActive ¶ added in v0.6.0
func (lp *LayeredProfile) MarkStillActive()
MarkStillActive marks all the layers as still active.
func (*LayeredProfile) MatchEndpoint ¶ added in v0.4.0
func (lp *LayeredProfile) MatchEndpoint(ctx context.Context, entity *intel.Entity) (endpoints.EPResult, endpoints.Reason)
MatchEndpoint checks if the given endpoint matches an entry in any of the profiles. This functions requires the layered profile to be read locked.
func (*LayeredProfile) MatchFilterLists ¶ added in v0.4.0
func (lp *LayeredProfile) MatchFilterLists(ctx context.Context, entity *intel.Entity) (endpoints.EPResult, endpoints.Reason)
MatchFilterLists matches the entity against the set of filter lists. This functions requires the layered profile to be read locked.
func (*LayeredProfile) MatchSPNUsagePolicy ¶ added in v0.8.5
func (lp *LayeredProfile) MatchSPNUsagePolicy(ctx context.Context, entity *intel.Entity) (endpoints.EPResult, endpoints.Reason)
MatchSPNUsagePolicy checks if the given endpoint matches an entry in any of the profiles. This functions requires the layered profile to be read locked.
func (*LayeredProfile) MatchServiceEndpoint ¶ added in v0.4.0
func (lp *LayeredProfile) MatchServiceEndpoint(ctx context.Context, entity *intel.Entity) (endpoints.EPResult, endpoints.Reason)
MatchServiceEndpoint checks if the given endpoint of an inbound connection matches an entry in any of the profiles. This functions requires the layered profile to be read locked.
func (*LayeredProfile) NeedsUpdate ¶ added in v0.6.0
func (lp *LayeredProfile) NeedsUpdate() (outdated bool)
NeedsUpdate checks for outdated profiles.
func (*LayeredProfile) RevisionCnt ¶ added in v0.4.4
func (lp *LayeredProfile) RevisionCnt() (revisionCounter uint64)
RevisionCnt returns the current profile revision counter.
func (*LayeredProfile) SecurityLevel ¶ added in v0.4.0
func (lp *LayeredProfile) SecurityLevel() uint8
SecurityLevel returns the highest security level of all layered profiles. This function is atomic and does not require any locking.
func (*LayeredProfile) StackedExitHubPolicies ¶ added in v0.8.5
func (lp *LayeredProfile) StackedExitHubPolicies() []endpoints.Endpoints
StackedExitHubPolicies returns all exit hub policies of the layered profile, including the global one.
func (*LayeredProfile) UnlockForUsage ¶ added in v0.6.0
func (lp *LayeredProfile) UnlockForUsage()
UnlockForUsage unlocks the layered profile, including all layers individually.
func (*LayeredProfile) Update ¶ added in v0.4.0
func (lp *LayeredProfile) Update(md MatchingData, createProfileCallback func() *Profile) (revisionCounter uint64)
Update checks for and replaces any outdated profiles.
type MatchingData ¶ added in v0.9.9
type MatchingData interface { Tags() []Tag Env() map[string]string Path() string MatchingPath() string Cmdline() string }
MatchingData is an interface to fetching data in the matching process.
type Profile ¶
type Profile struct { record.Base sync.RWMutex // ID is a unique identifier for the profile. ID string // constant // Source describes the source of the profile. Source profileSource // constant // Name is a human readable name of the profile. It // defaults to the basename of the application. Name string // Description may hold an optional description of the // profile or the purpose of the application. Description string // Warning may hold an optional warning about this application. // It may be static or be added later on when the Portmaster detected an // issue with the application. Warning string // WarningLastUpdated holds the timestamp when the Warning field was last // updated. WarningLastUpdated time.Time // Homepage may refer to the website of the application // vendor. Homepage string // Icon holds the icon of the application. The value // may either be a filepath, a database key or a blob URL. // See IconType for more information. Icon string // IconType describes the type of the Icon property. IconType iconType // Deprecated: LinkedPath used to point to the executableis this // profile was created for. // Until removed, it will be added to the Fingerprints as an exact path match. LinkedPath string // constant // PresentationPath holds the path of an executable that should be used for // get representative information from, like the name of the program or the icon. // Is automatically removed when the path does not exist. // Is automatically populated with the next match when empty. PresentationPath string // UsePresentationPath can be used to enable/disable fetching information // from the executable at PresentationPath. In some cases, this is not // desirable. UsePresentationPath bool // Fingerprints holds process matching information. Fingerprints []Fingerprint // SecurityLevel is the mininum security level to apply to // connections made with this profile. // Note(ppacher): we may deprecate this one as it can easily // be "simulated" by adjusting the settings // directly. SecurityLevel uint8 // Config holds profile specific setttings. It's a nested // object with keys defining the settings database path. All keys // until the actual settings value (which is everything that is not // an object) need to be concatenated for the settings database // path. Config map[string]interface{} // LastEdited holds the UTC timestamp in seconds when the profile was last // edited by the user. This is not set automatically, but has to be manually // set by the user interface. LastEdited int64 // Created holds the UTC timestamp in seconds when the // profile has been created. Created int64 // Internal is set to true if the profile is attributed to a // Portmaster internal process. Internal is set during profile // creation and may be accessed without lock. Internal bool // contains filtered or unexported fields }
Profile is used to predefine a security profile for applications.
func EnsureProfile ¶
EnsureProfile ensures that the given record is a *Profile, and returns it.
func GetLocalProfile ¶ added in v0.9.9
func GetLocalProfile(id string, md MatchingData, createProfileCallback func() *Profile) ( profile *Profile, err error, )
GetLocalProfile fetches a profile. This function ensures that the loaded profile is shared among all callers. Always provide all available data points. Passing an ID without MatchingData is valid, but could lead to inconsistent data - use with caution.
func New ¶
New returns a new Profile. Optionally, you may supply custom configuration in the flat (key=value) form.
func (*Profile) AddEndpoint ¶ added in v0.4.0
AddEndpoint adds an endpoint to the endpoint list, saves the profile and reloads the configuration.
func (*Profile) AddServiceEndpoint ¶ added in v0.4.0
AddServiceEndpoint adds a service endpoint to the endpoint list, saves the profile and reloads the configuration.
func (*Profile) GetEndpoints ¶ added in v0.6.15
GetEndpoints returns the endpoint list of the profile. This functions requires the profile to be read locked.
func (*Profile) GetServiceEndpoints ¶ added in v0.6.15
GetServiceEndpoints returns the service endpoint list of the profile. This functions requires the profile to be read locked.
func (*Profile) IsOutdated ¶ added in v0.6.0
IsOutdated returns whether the this instance of the profile is marked as outdated.
func (*Profile) LastActive ¶ added in v0.6.0
LastActive returns the unix timestamp when the profile was last marked as still active.
func (*Profile) LayeredProfile ¶ added in v0.6.0
func (profile *Profile) LayeredProfile() *LayeredProfile
LayeredProfile returns the layered profile associated with this profile.
func (*Profile) MarkStillActive ¶ added in v0.6.0
func (profile *Profile) MarkStillActive()
MarkStillActive marks the profile as still active.