MCPcopy
hub / github.com/evilsocket/opensnitch / Match

Method Match

daemon/rule/operator.go:336–413  ·  view source on GitHub ↗

Match tries to match parts of a connection with the given operator.

(con *conman.Connection, hasChecksums bool)

Source from the content-addressed store, hash-verified

334
335// Match tries to match parts of a connection with the given operator.
336func (o *Operator) Match(con *conman.Connection, hasChecksums bool) bool {
337
338 if o.Operand == OpTrue {
339 return true
340 } else if o.Operand == OpList {
341 return o.listMatch(con, hasChecksums)
342 } else if o.Operand == OpProcessPath {
343 return o.cb(con.Process.Path)
344 } else if o.Operand == OpProcessParentPath {
345 p := con.Process
346 for pp := p.Parent; pp != nil; pp = pp.Parent {
347 if o.cb(pp.Path) {
348 return true
349 }
350 }
351 return false
352 } else if o.Operand == OpProcessCmd {
353 return o.cb(strings.Join(con.Process.Args, " "))
354 } else if o.Operand == OpDstHost {
355 return o.cb(con.DstHost)
356 } else if o.Operand == OpDstIP {
357 return o.cb(con.DstIP.String())
358 } else if o.Operand == OpDstPort {
359 return o.cb(strconv.FormatUint(uint64(con.DstPort), 10))
360 } else if o.Operand == OpDomainsLists {
361 return o.cb(con.DstHost)
362 } else if o.Operand == OpIPLists {
363 return o.cb(con.DstIP.String())
364 } else if o.Operand == OpHashMD5Lists {
365 return o.cb(con.Process.Checksums[procmon.HashMD5])
366 } else if o.Operand == OpUserID || o.Operand == OpUserName {
367 return o.cb(strconv.Itoa(con.Entry.UserId))
368 } else if o.Operand == OpDstNetwork {
369 return o.cb(con.DstIP)
370 } else if o.Operand == OpSrcNetwork {
371 return o.cb(con.SrcIP)
372 } else if o.Operand == OpNetLists {
373 return o.cb(con.DstIP)
374 } else if o.Operand == OpDomainsRegexpLists {
375 return o.cb(con.DstHost)
376 } else if o.Operand == OpIfaceIn {
377 if ifname, err := net.InterfaceByIndex(con.Pkt.IfaceInIdx); err == nil {
378 return o.cb(ifname.Name)
379 }
380 } else if o.Operand == OpIfaceOut {
381 if ifname, err := net.InterfaceByIndex(con.Pkt.IfaceOutIdx); err == nil {
382 return o.cb(ifname.Name)
383 }
384 } else if o.Operand == OpProcessHashMD5 || o.Operand == OpProcessHashSHA1 {
385 ret := true
386 if !hasChecksums {
387 return ret
388 }
389 con.Process.RLock()
390 for algo := range con.Process.Checksums {
391 ret = o.cb(con.Process.Checksums[algo])
392 if ret {
393 break

Calls 4

listMatchMethod · 0.95
RLockMethod · 0.80
RUnlockMethod · 0.80
StringMethod · 0.45