MCPcopy
hub / github.com/evilsocket/opensnitch / FindFirstMatch

Method FindFirstMatch

daemon/rule/loader.go:497–515  ·  view source on GitHub ↗

FindFirstMatch will try match the connection against the existing rule set.

(con *conman.Connection)

Source from the content-addressed store, hash-verified

495
496// FindFirstMatch will try match the connection against the existing rule set.
497func (l *Loader) FindFirstMatch(con *conman.Connection) (match *Rule) {
498 l.RLock()
499 defer l.RUnlock()
500
501 for _, idx := range l.activeRules {
502 rule, _ := l.rules[idx]
503 if rule.Match(con, l.checkSums) {
504 // We have a match.
505 // Save the rule in order to don't ask the user to take action,
506 // and keep iterating until a Deny or a Priority rule appears.
507 match = rule
508 if rule.Action == Reject || rule.Action == Deny || rule.Precedence == true {
509 return rule
510 }
511 }
512 }
513
514 return match
515}

Callers 5

acceptOrDenyFunction · 0.80
testFindPriorityMatchFunction · 0.80
testFindDenyMatchFunction · 0.80
testFindAllowMatchFunction · 0.80
testFindEnabledFunction · 0.80

Calls 3

RLockMethod · 0.80
RUnlockMethod · 0.80
MatchMethod · 0.45

Tested by 4

testFindPriorityMatchFunction · 0.64
testFindDenyMatchFunction · 0.64
testFindAllowMatchFunction · 0.64
testFindEnabledFunction · 0.64