Skip to content

Commit 96e9abd

Browse files
author
Safing
committed
Document not finished parts
1 parent a634192 commit 96e9abd

File tree

1 file changed

+12
-9
lines changed

1 file changed

+12
-9
lines changed

firewall/inspection/portscan/detect.go

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -34,11 +34,11 @@ type ipData struct {
3434
}
3535

3636
const (
37-
//fixme
38-
cleanUpInterval = 1 * time.Minute
37+
//fixme: Which production-values do we want to have?
38+
cleanUpInterval = 1 * time.Minute //fixme: Debug-Value
3939
cleanUpMaxDelay = 5 * time.Minute
4040

41-
startAfter = 1 * time.Second //When should the Portscan Detection start to prevent blocking Apps that just try to reconnect?
41+
startAfter = 1 * time.Second //fixme: Debug Value; When should the Portscan Detection start to prevent blocking Apps that just try to reconnect?
4242
decreaseInterval = 11 * time.Second
4343
unblockIdleTime = 1 * time.Hour
4444
undoSuspicionIdleTime = 24 * time.Hour
@@ -80,10 +80,10 @@ func (d *Detector) Inspect(conn *network.Connection, pkt packet.Packet) (pktVerd
8080

8181
ctx := pkt.Ctx()
8282

83-
//fixme: DEL
84-
if conn.LocalIP.Equal(net.IP([]byte{255, 255, 255, 255})) {
85-
return network.VerdictUndecided, false, nil
86-
}
83+
//Delete for production. This just reduces the amount of Debug Messages significantly
84+
// if conn.LocalIP.Equal(net.IP([]byte{255, 255, 255, 255})) {
85+
// return network.VerdictUndecided, false, nil
86+
// }
8787
log.Tracer(ctx).Debugf("new connection for Portscan detection")
8888

8989
rIP, ok := conn.Entity.GetIP() //remote IP
@@ -152,7 +152,10 @@ func handleMaliciousPacket(ctx context.Context, inMap bool, conn *network.Connec
152152
ips[ipString] = &ipData{
153153
score: addScore,
154154
blockedPorts: []tcpUDPport{
155-
tcpUDPport{protocol: conn.IPProtocol, port: conn.LocalPort},
155+
tcpUDPport{
156+
protocol: conn.IPProtocol,
157+
port: conn.LocalPort,
158+
},
156159
},
157160
lastSeen: time.Now(),
158161
lastUpdated: time.Now(),
@@ -177,7 +180,7 @@ func handleMaliciousPacket(ctx context.Context, inMap bool, conn *network.Connec
177180
entry.blocked = true
178181
entry.previousOffender = true
179182

180-
//fixme: actually I just want to know if THIS threat exists - I don't need prefixing. Maybe we can do it simpler ...
183+
//TODO: actually I just want to know if THIS threat exists - I don't need prefixing. Maybe we can do it simpler ... (less CPU-intensive)
181184
if t, _ := status.GetThreats(threadPrefix + ipString); len(t) == 0 {
182185
log.Tracer(ctx).Debugf("new Threat")
183186
status.AddOrUpdateThreat(&status.Threat{

0 commit comments

Comments
 (0)