From 78de37da927c1f303ca792ba7826a25936c042ce Mon Sep 17 00:00:00 2001
From: 3hhh <tripleh@hackingthe.net>
Date: Sat, 15 May 2021 12:35:50 +0200
Subject: [PATCH] firewall: mark an IP as handled in
 /qubes-firewall_handled/[ip] after each handling iteration

Actually a counter is increased after each handling iteration.
This is useful for user applications to remain up to date with the
changes implemented by the Qubes firewall.
---
 qubesagent/firewall.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/qubesagent/firewall.py b/qubesagent/firewall.py
index de21647..a9aa998 100755
--- a/qubesagent/firewall.py
+++ b/qubesagent/firewall.py
@@ -143,6 +143,19 @@ class FirewallWorker(object):
         for host, hostaddrs in dns.items():
             self.qdb.write('/dns/{}/{}'.format(source, host), str(hostaddrs))
 
+    def update_handled(self, addr):
+        """
+        Update the QubesDB count of how often the given address was handled.
+        User applications may watch these paths for count increases to remain
+        up to date with QubesDB changes.
+        """
+        cnt = self.qdb.read('/qubes-firewall_handled/{}'.format(addr))
+        try:
+            cnt = int(cnt)
+        except (TypeError, ValueError):
+            cnt = 0
+        self.qdb.write('/qubes-firewall_handled/{}'.format(addr), str(cnt+1))
+
     def list_targets(self):
         return set(t.split('/')[2] for t in self.qdb.list('/qubes-firewall/'))
 
@@ -179,6 +192,8 @@ class FirewallWorker(object):
                 self.log_error(
                     'Failed to block traffic for {}'.format(addr))
 
+        self.update_handled(addr)
+
     @staticmethod
     def dns_addresses(family=None):
         with open('/etc/resolv.conf') as resolv: