optional nfqueue fail-open option

2025-02-18 17:36:15 +01:00
parent ece058d533
commit 59652fc697
11 changed files with 247 additions and 133 deletions
--- a/backend/modules/nfregex/firegex.py
+++ b/backend/modules/nfregex/firegex.py
@@ -88,7 +88,11 @@ class FiregexInterceptor:
        self.process = await asyncio.create_subprocess_exec(
            proxy_binary_path,
            stdout=asyncio.subprocess.PIPE, stdin=asyncio.subprocess.PIPE,
-            env={"MATCH_MODE": "stream" if self.srv.proto == "tcp" else "block", "NTHREADS": os.getenv("NTHREADS","1")},
+            env={
+                "MATCH_MODE": "stream" if self.srv.proto == "tcp" else "block",
+                "NTHREADS": os.getenv("NTHREADS","1"),
+                "FIREGEX_NFQUEUE_FAIL_OPEN": "1" if self.srv.fail_open else "0",
+            },
        )
        line_fut = self.process.stdout.readuntil()
        try:
--- a/backend/modules/nfregex/models.py
+++ b/backend/modules/nfregex/models.py
@@ -1,13 +1,14 @@
 import base64

 class Service:
-    def __init__(self, service_id: str, status: str, port: int, name: str, proto: str, ip_int: str, **other):
+    def __init__(self, service_id: str, status: str, port: int, name: str, proto: str, ip_int: str, fail_open: bool, **other):
        self.id = service_id
        self.status = status
        self.port = port
        self.name = name
        self.proto = proto
        self.ip_int = ip_int
+        self.fail_open = fail_open
    
    @classmethod
    def from_dict(cls, var: dict):