From 703c9efba589c3ab8ac5a6a2c01f27fc40a5278b Mon Sep 17 00:00:00 2001 From: Olivier Blin Date: Wed, 30 Apr 2008 20:19:29 +0000 Subject: move ifw code in network::net_applet::ifw --- bin/net_applet | 223 +-------------------------------------------------------- 1 file changed, 3 insertions(+), 220 deletions(-) (limited to 'bin') diff --git a/bin/net_applet b/bin/net_applet index 811a773..52f4bce 100755 --- a/bin/net_applet +++ b/bin/net_applet @@ -15,7 +15,6 @@ use network::vpn; use run_program; use mygtk2 qw(gtknew gtkset); use dbus_object; -use network::ifw; use network::monitor; use network::signal_strength; use detect_devices; @@ -177,20 +176,8 @@ my ($monitor); eval { $dbus = dbus_object::system_bus() } if !defined($global_settings{DBUS}) || text2bool($global_settings{DBUS}); eval { $monitor = network::monitor->new($dbus) } if $dbus; eval { - $ifw = network::ifw->new($dbus, sub { - my ($_con, $msg) = @_; - my $member = $msg->get_member; - if ($member eq 'Attack') { - handle_ifw_message($msg->get_args_list); - } elsif ($member eq 'Listen') { - handle_ifw_listen($msg->get_args_list); - } elsif ($member eq 'Init') { - $ifw->attach_object; - checkNetworkForce(); - } elsif ($member eq 'AlertAck') { - $ifw_alert = 0; - } - }); + require network::net_applet::ifw; + network::net_applet::ifw::create(); } if $dbus; $notification_queue = Gtk2::Notify::Queue->new($icon); @@ -213,7 +200,7 @@ $icon->signal_connect(popup_menu => sub { checkNetworkForce(); cronNetwork(); gtkflush(); #- for notifications to appear on the status icon position -get_unprocessed_ifw_messages(); +network::net_applet::ifw::get_unprocessed_ifw_messages(); $SIG{HUP} = sub { print "received SIGHUP, reloading network configuration\n"; @@ -360,34 +347,6 @@ sub go2State { update_applet() if $need_update; } -sub get_current_network() { - detect_devices::is_wireless_interface($current_interface) && find { $_->{current} } values %wireless_networks; -} - -sub get_state_pixbuf() { - my $wnet = $current_state eq 'connected' && get_current_network(); - $wnet ? - network::signal_strength::get_strength_icon($wnet) : - $pixbufs{state}{$current_state}; -} - -sub enable_ifw_alert() { - unless ($ifw_alert) { - $ifw_alert = 1; - network::net_applet::update_tray_icon(); - Glib::Timeout->add(1000, sub { - network::net_applet::update_tray_icon(); - $ifw_alert; - }); - } -} - -sub disable_ifw_alert() { - eval { $ifw->send_alert_ack }; - $ifw_alert = 0; - network::net_applet::update_tray_icon(); -} - sub update_applet() { $wireless_device = detect_devices::get_wireless_interface(); @@ -527,179 +486,3 @@ sub setAutoStart { qq(AUTOSTART=$state ); } - -sub get_unprocessed_ifw_messages() { - my @packets = eval { $ifw->get_reports }; - while (my @ifw_message = splice(@packets, 0, 10)) { - handle_ifw_message(@ifw_message); - } -} - -sub set_verdict { - my ($attack, $apply_verdict) = @_; - eval { $apply_verdict->($attack) }; - $@ and err_dialog(N("Interactive Firewall"), N("Unable to contact daemon")); -} - -sub apply_verdict_blacklist { - my ($attack) = @_; - $ifw->set_blacklist_verdict($attack->{seq}, 1); -} - -sub apply_verdict_ignore { - my ($attack) = @_; - $ifw->set_blacklist_verdict($attack->{seq}, 0); -} - -sub apply_verdict_whitelist { - my ($attack) = @_; - $ifw->whitelist($attack->{addr}); - apply_verdict_ignore($attack); -} - -sub handle_ifw_message { - my $message = network::ifw::attack_to_hash(\@_); - unless ($message->{msg}) { - print "unhandled attack type, skipping\n"; - return; - } - my $is_attack = $message->{prefix} ne 'NEW'; - enable_ifw_alert() if $is_attack; - $notification_queue->add({ - title => N("Interactive Firewall"), - pixbuf => $pixbufs{firewall}, - message => $message->{msg}, - timeout => sub { - set_verdict($message, \&apply_verdict_ignore); - }, - if_($is_attack, - urgency => 'critical', - actions => [ { - action => 'clicked', - label => #-PO: "Process" is a verb - N("Process attack"), - callback => sub { - disable_ifw_alert(); - ask_attack_verdict($message); - }, - } ], - ), - }); -} - -sub ask_attack_verdict { - my ($attack) = @_; - - my $w = ugtk2->new(N("Interactive Firewall: intrusion detected"), - icon => "drakfirewall"); - my ($blacklist, $whitelist, $ignore, $auto); - - my $update_automatic_mode = sub { $auto->get_active and $interactive_cb->set_active(1) }; - my $set_verdict = sub { - my ($verdict) = @_; - set_verdict($attack, $verdict); - $notification_queue->process_next; - }; - gtkadd($w->{window}, - gtknew('VBox', spacing => 5, children_loose => [ - gtknew('HBox', children => [ - 0, Gtk2::Image->new_from_stock('gtk-dialog-warning', 'dialog'), - 0, gtknew('Label', text => " "), - 1, gtknew('VBox', children => [ - 0, $attack->{msg}, - 0, N("What do you want to do with this attacker?") - ]) - ]), - gtksignal_connect(gtkadd(Gtk2::Expander->new(N("Attack details")), - gtknew('HBox', children => [ - 0, gtknew('Label', text => " "), - 1, gtknew('VBox', children_loose => [ - N("Attack time: %s", $attack->{date}), - N("Network interface: %s", $attack->{indev}), - N("Attack type: %s", $attack->{prefix}), - if_($attack->{protocol}, N("Protocol: %s", $attack->{protocol})), - N("Attacker IP address: %s", $attack->{ip_addr}), - if_($attack->{hostname} ne $attack->{ip_addr}, N("Attacker hostname: %s", $attack->{hostname})), - ( - $attack->{service} ne $attack->{port} ? - N("Service attacked: %s", $attack->{service}) : - N("Port attacked: %s", $attack->{port}), - ), - if_($attack->{icmp_type}, N("Type of ICMP attack: %s", $attack->{icmp_type})) - ]), - ])), - activate => sub { $_[0]->get_expanded and $w->shrink_topwindow } - ), - $auto = gtknew('CheckButton', text => N("Always blacklist (do not ask again)"), toggled => sub { - $whitelist->set_sensitive(!$_[0]->get_active); - $ignore->set_sensitive(!$_[0]->get_active); - }), - gtknew('HButtonBox', layout => 'edge', children_loose => [ - $blacklist = gtknew('Button', text => N("Blacklist"), clicked => sub { - $w->destroy; - $update_automatic_mode->(); - $set_verdict->(\&apply_verdict_blacklist); - }), - $whitelist = gtknew('Button', text => N("Whitelist"), clicked => sub { - $w->destroy; - $update_automatic_mode->(); - $set_verdict->(\&apply_verdict_whitelist); - }), - $ignore = gtknew('Button', text => N("Ignore"), clicked => sub { - $w->destroy; - $set_verdict->(\&apply_verdict_ignore); - }), - ]), - ])); - eval { $auto->set_active(!$ifw->get_interactive) }; - $blacklist->grab_focus; - gtksignal_connect($w->{window}, delete_event => sub { - $set_verdict->(\&apply_verdict_ignore); - }); - $w->{window}->show_all; -} - -sub handle_ifw_listen { - my $listen = network::ifw::parse_listen_message(\@_); - enable_ifw_alert(); - $notification_queue->add({ - title => N("Interactive Firewall: new service"), - pixbuf => $pixbufs{firewall}, - message => $listen->{message}, - actions => [ { - action => 'clicked', - label => #-PO: "Process" is a verb - N("Process connection"), - callback => sub { - disable_ifw_alert(); - ask_listen_verdict($listen); - }, - } ], - }); -} - -sub ask_listen_verdict { - my ($listen) = @_; - - my $w = ugtk2->new(N("Interactive Firewall: new service"), icon => "drakfirewall"); - my $set_verdict = sub { - $notification_queue->process_next; - }; - gtkadd($w->{window}, - gtknew('VBox', spacing => 5, children_loose => [ - gtknew('HBox', children => [ - 0, Gtk2::Image->new_from_stock('gtk-dialog-warning', 'dialog'), - 1, gtknew('VBox', children => [ - 0, $listen->{message}, - 0, N("Do you want to open this service?"), - ]) - ]), - gtknew('CheckButton', text => N("Remember this answer"), toggled => sub {}), - gtknew('HButtonBox', layout => 'edge', children_loose => [ - gtknew('Button', text => N("Allow"), clicked => sub { $w->destroy; $set_verdict->(1) }), - gtknew('Button', text => N("Block"), clicked => sub { $w->destroy; $set_verdict->(0) }), - ]), - ])); - gtksignal_connect($w->{window}, delete_event => sub { $set_verdict->() }); - $w->{window}->show_all; -} -- cgit v1.2.1