-
-
Notifications
You must be signed in to change notification settings - Fork 498
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Under certain conditions, when we dumped inodes via netlink, we were linking network connections to wrong applications. - To improve this situation: 1) Use netfilter's UID by default: Sometimes the UID reported via netlink was different than the one reported by libnetfilter. libnetfilter UID is always correct. If you had a rule that filtered by UID, this problem could cause to prompt you again to allow the connection. 2) Use the netlink entry that matches exactly the properties of an outgoing connection: There're some in-kernel sockets that doesn't match 1:1 outgoing connections (daemon/netlink/socket.go#L22). In order to identify the applications that initiate these network connections we use a workaround. But under certain conditions (source port reuse), we were associating connections to wrong applications. So in order to avoid this problem, if there's a 1:1 match use that netlink entry. If not, fallback to the workaround. - misc: added more logs to better debug these issues.
- Loading branch information
1 parent
743ef71
commit 479b8de
Showing
2 changed files
with
12 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters