From ea9d75033ce4c772267b622047d41f669e034e92 Mon Sep 17 00:00:00 2001
From: Dustyn Blackmore <dustynblackmore@macbookpro.pantsoptional.net>
Date: Thu, 17 May 2018 17:36:39 +1000
Subject: [PATCH] Minor Refactor

Fixed bug with interface.json changes not working.

Changed actions to verdicts on nfpacket object.

Minor other undocumented changes.
---
 src/index.js                             | 16 +++++++++++----
 src/nfpacket/index.js                    |  4 ++--
 src/nfpacket/{actions.js => verdicts.js} | 26 +++++++++++-------------
 3 files changed, 26 insertions(+), 20 deletions(-)
 rename src/nfpacket/{actions.js => verdicts.js} (66%)

diff --git a/src/index.js b/src/index.js
index 85334c8..6473995 100644
--- a/src/index.js
+++ b/src/index.js
@@ -34,6 +34,14 @@ function checkConfig (err, filename) {
         fs.readFile('./config/interfaces.json', 'utf8', (err, data) => {
           if (err) throw err;
           let newInterfaces = JSON.parse(data);
+          Object.keys(newInterfaces.interfaces).forEach(interface => {
+            interfaces.forEach(thisInterface => {
+              if (thisInterface.name === interface && thisInterface.zone !== newInterfaces.interfaces[interface].zone) {
+                thisInterface.zone = newInterfaces.interfaces[interface].zone;
+              }
+            })
+          });
+
           systemInterfaces = newInterfaces.interfaces;
         });
         break;
@@ -147,14 +155,14 @@ function handlePacket (packet) {
             }
           }
           // Do not further traverse ruleset, or this function ; wasted cycles.
-          return packet.actions.verdict(packet.verdict, packet.mark);
+          return packet.verdicts.getVerdict();
           // packet.nfpacket.setVerdict(packet.verdict, packet.mark);
         }
         // The global default is enabled, yet there is no ports key..
         //    (Likely) means this is a port-less protocol, or a blanket 'allow' rule is in place.
       } else {
         packet.verdict = packet.enums.netfilterVerdict.NF_ACCEPT;
-        return packet.actions.verdict(packet.verdict, packet.mark);
+        return packet.verdicts.getVerdict();
         //packet.nfpacket.setVerdict(packet.verdict, packet.mark);
       }
       // Else, as if globally accepted we don't need to traverse other zones.
@@ -189,7 +197,7 @@ function handlePacket (packet) {
     }
   }
 
-  return packet.actions.verdict(packet.verdict, packet.mark);
+  return packet.verdicts.getVerdict();
 }
 
 function updateOutput () {
@@ -267,4 +275,4 @@ nft.flush().then(
   (err) => console.log('Failed to insert final counters: ' + err)
 );
 
-const outputInterval = setInterval(updateOutput, 5000);
+const outputInterval = setInterval(updateOutput, 25000);
diff --git a/src/nfpacket/index.js b/src/nfpacket/index.js
index 1e344a3..5cb6451 100644
--- a/src/nfpacket/index.js
+++ b/src/nfpacket/index.js
@@ -1,4 +1,4 @@
-const actions = require('./actions');
+const verdicts = require('./verdicts');
 const encoding = require('./encoding');
 const enums = require('./enums.js');
 const statable = require('./../state');
@@ -17,7 +17,7 @@ module.exports = (dependencies) => (nfpacket) => {
     return Object.assign(
       state,
       {
-        actions: actions(dependencies)(state),
+        verdicts: verdicts(dependencies)(state),
         encoding: encoding(dependencies.pcapIPv4)(state)
       }
     );
diff --git a/src/nfpacket/actions.js b/src/nfpacket/verdicts.js
similarity index 66%
rename from src/nfpacket/actions.js
rename to src/nfpacket/verdicts.js
index e8867df..b6cd4b9 100644
--- a/src/nfpacket/actions.js
+++ b/src/nfpacket/verdicts.js
@@ -1,37 +1,35 @@
-const actions = (dependencies) => (state) => ({
-  accept: (mark) => {
+module.exports = (dependencies) => (state) => ({
+  accept: () => {
     state.nfpacket
-      ? state.nfpacket.setVerdict(state.enums.netfilterVerdict.NF_ACCEPT, mark)
+      ? state.nfpacket.setVerdict(state.enums.netfilterVerdict.NF_ACCEPT, state.mark)
       : false
   },
-  reject: (mark) => {
+  reject: () => {
     // This allows us to admin-prohibit and immediately reject outgoing, intead of droop (timeout).
     if (state.direction === 'outgoing') {
       state.nfpacket.setVerdict(state.enums.netfilterVerdict.NF_REPEAT, 777)
     } else {
       state.nfpacket
-        ? state.nfpacket.setVerdict(state.enums.netfilterVerdict.NF_DROP, mark)
+        ? state.nfpacket.setVerdict(state.enums.netfilterVerdict.NF_DROP, state.mark)
         : false
     }
   },
-  requeue: (mark) => {
+  requeue: () => {
     state.nfpacket
-      ? state.nfpacket.setVerdict(state.enums.netfilterVerdict.NF_REPEAT, mark)
+      ? state.nfpacket.setVerdict(state.enums.netfilterVerdict.NF_REPEAT, state.mark)
       : false
   },
-  verdict: (verdict, mark) => {
-    switch (verdict) {
+  getVerdict: () => {
+    switch (state.verdict) {
       case state.enums.netfilterVerdict.NF_ACCEPT:
-        return state.actions.accept;
+        return state.verdicts.accept;
         break;
       case state.enums.netfilterVerdict.NF_REPEAT:
-        return state.actions.requeue;
+        return state.verdicts.requeue;
         break;
       default:
-        return state.actions.reject;
+        return state.verdicts.reject;
         break;
     }
   }
 })
-
-module.exports = actions;