Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

firewall: mark an IP as handled in /qubes-firewall_handled/[ip] after

Browse Source 
each handling iteration

Actually a counter is increased after each handling iteration.
This is useful for user applications to remain up to date with the
changes implemented by the Qubes firewall.
This commit is contained in:
3hhh 2021-05-15 12:35:50 +02:00
parent dda500b837
commit 78de37da92
No known key found for this signature in database
GPG Key ID: EB03A691DB2F0833
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
qubesagent/firewall.py
View File

@ -143,6 +143,19 @@ class FirewallWorker(object):
for host, hostaddrs in dns.items(): for host, hostaddrs in dns.items():
self.qdb.write('/dns/{}/{}'.format(source, host), str(hostaddrs)) self.qdb.write('/dns/{}/{}'.format(source, host), str(hostaddrs))
def update_handled(self, addr):
"""
Update the QubesDB count of how often the given address was handled.
User applications may watch these paths for count increases to remain
up to date with QubesDB changes.
"""
cnt = self.qdb.read('/qubes-firewall_handled/{}'.format(addr))
try:
cnt = int(cnt)
except (TypeError, ValueError):
cnt = 0
self.qdb.write('/qubes-firewall_handled/{}'.format(addr), str(cnt+1))
def list_targets(self): def list_targets(self):
return set(t.split('/')[2] for t in self.qdb.list('/qubes-firewall/')) return set(t.split('/')[2] for t in self.qdb.list('/qubes-firewall/'))
@ -179,6 +192,8 @@ class FirewallWorker(object):
self.log_error( self.log_error(
'Failed to block traffic for {}'.format(addr)) 'Failed to block traffic for {}'.format(addr))
self.update_handled(addr)
@staticmethod @staticmethod
def dns_addresses(family=None): def dns_addresses(family=None):
with open('/etc/resolv.conf') as resolv: with open('/etc/resolv.conf') as resolv: