(packet netfilter.Packet)
| 398 | } |
| 399 | |
| 400 | func onPacket(packet netfilter.Packet) { |
| 401 | // DNS response, just parse, track and accept. |
| 402 | if dns.TrackAnswers(packet.Packet) == true { |
| 403 | packet.SetVerdictAndMark(netfilter.NF_ACCEPT, packet.Mark) |
| 404 | stats.OnDNSResponse() |
| 405 | return |
| 406 | } |
| 407 | |
| 408 | // Parse the connection state |
| 409 | con := conman.Parse(packet, uiClient.InterceptUnknown()) |
| 410 | if con == nil { |
| 411 | applyDefaultAction(&packet, nil) |
| 412 | return |
| 413 | } |
| 414 | // accept our own connections |
| 415 | if con.Process.ID == os.Getpid() { |
| 416 | packet.SetVerdict(netfilter.NF_ACCEPT) |
| 417 | return |
| 418 | } |
| 419 | |
| 420 | // search a match in preloaded rules |
| 421 | r := acceptOrDeny(&packet, con) |
| 422 | |
| 423 | if r != nil && r.Nolog { |
| 424 | return |
| 425 | } |
| 426 | // XXX: if a connection is not intercepted due to InterceptUnknown == false, |
| 427 | // it's not sent to the server, which leads to miss information. |
| 428 | stats.OnConnectionEvent(con, r, r == nil) |
| 429 | } |
| 430 | |
| 431 | func applyDefaultAction(packet *netfilter.Packet, con *conman.Connection) { |
| 432 | log.Trace("Applying DefaultAction (%s) on %s", uiClient.DefaultAction(), con) |
no test coverage detected