From a99b68ec9144357ea70c4f6ce47996d37b38c218 Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 12 Nov 2024 15:10:41 +0100 Subject: [PATCH 1/3] Warn instead of failing when process username cannot be found --- service/process/process.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service/process/process.go b/service/process/process.go index 60dac7ebf..4e0eeeae1 100644 --- a/service/process/process.go +++ b/service/process/process.go @@ -256,7 +256,7 @@ func loadProcess(ctx context.Context, key string, pInfo *processInfo.Process) (* // Username process.UserName, err = pInfo.UsernameWithContext(ctx) if err != nil { - return nil, fmt.Errorf("process: failed to get Username for p%d: %w", pInfo.Pid, err) + log.Tracer(ctx).Warningf("process: failed to get username (PID %d): %s", pInfo.Pid, err) } // TODO: User Home From 07acb9befac484982e0ff5b7e362d82d5ba45096 Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 12 Nov 2024 15:11:07 +0100 Subject: [PATCH 2/3] Notify packet issues asynchronously --- service/compat/callbacks.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/service/compat/callbacks.go b/service/compat/callbacks.go index 2abfa8583..71fd8b69d 100644 --- a/service/compat/callbacks.go +++ b/service/compat/callbacks.go @@ -3,6 +3,7 @@ package compat import ( "net" + "github.com/safing/portmaster/service/mgr" "github.com/safing/portmaster/service/network/packet" "github.com/safing/portmaster/service/process" ) @@ -31,10 +32,16 @@ func SubmitDNSCheckDomain(subdomain string) (respondWith net.IP) { // ReportSecureDNSBypassIssue reports a DNS bypassing issue for the given process. func ReportSecureDNSBypassIssue(p *process.Process) { - secureDNSBypassIssue.notify(p) + module.mgr.Go("report secure dns bypass issue", func(w *mgr.WorkerCtx) error { + secureDNSBypassIssue.notify(p) + return nil + }) } // ReportMultiPeerUDPTunnelIssue reports a multi-peer UDP tunnel for the given process. func ReportMultiPeerUDPTunnelIssue(p *process.Process) { - multiPeerUDPTunnelIssue.notify(p) + module.mgr.Go("report multi-peer udp tunnel issue", func(w *mgr.WorkerCtx) error { + multiPeerUDPTunnelIssue.notify(p) + return nil + }) } From f4b96e1ce7ba95893c8dff929f6e0ef1e5b22809 Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 12 Nov 2024 15:13:44 +0100 Subject: [PATCH 3/3] Make saving IP and CNAMEs more defensive --- service/firewall/dns.go | 6 +++--- service/nameserver/nameserver.go | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/service/firewall/dns.go b/service/firewall/dns.go index 8a6e19738..9b1a55e5a 100644 --- a/service/firewall/dns.go +++ b/service/firewall/dns.go @@ -302,11 +302,11 @@ func UpdateIPsAndCNAMEs(q *resolver.Query, rrCache *resolver.RRCache, conn *netw Expires: rrCache.Expires, } - // Resolve all CNAMEs in the correct order and add the to the record. + // Resolve all CNAMEs in the correct order and add the to the record - up to max 50 layers. domain := q.FQDN - for { + for range 50 { nextDomain, isCNAME := cnames[domain] - if !isCNAME { + if !isCNAME || nextDomain == domain { break } diff --git a/service/nameserver/nameserver.go b/service/nameserver/nameserver.go index c699cd993..1d346220a 100644 --- a/service/nameserver/nameserver.go +++ b/service/nameserver/nameserver.go @@ -224,8 +224,8 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, request *dns.Msg) } // Save the request as open, as we don't know if there will be a connection or not. - network.SaveOpenDNSRequest(q, rrCache, conn) firewall.UpdateIPsAndCNAMEs(q, rrCache, conn) + network.SaveOpenDNSRequest(q, rrCache, conn) case network.VerdictUndeterminable: fallthrough