NordSecurity
diff --git a/‎cmd/daemon/main.go‎
Lines changed: 42 additions & 19 deletions b/‎cmd/daemon/main.go‎
Lines changed: 42 additions & 19 deletions
diff --git a/‎daemon/jobs_test.go‎
Lines changed: 11 additions & 0 deletions b/‎daemon/jobs_test.go‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎daemon/routes/iprule/iprule.go‎
Lines changed: 1 addition & 1 deletion b/‎daemon/routes/iprule/iprule.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎go.mod‎
Lines changed: 3 additions & 3 deletions b/‎go.mod‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎go.sum‎
Lines changed: 6 additions & 0 deletions b/‎go.sum‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎internal/filesystem.go‎
Lines changed: 0 additions & 42 deletions b/‎internal/filesystem.go‎
Lines changed: 0 additions & 42 deletions
@@ -65,6 +65,7 @@ import (
 	"github.com/NordSecurity/nordvpn-linux/request"
 	"github.com/NordSecurity/nordvpn-linux/sharedctx"
 	"github.com/NordSecurity/nordvpn-linux/snapconf"
+	"github.com/vishvananda/netlink"
 
 	"google.golang.org/grpc"
 )
@@ -127,7 +128,7 @@ func main() {
 
 	// Config
 	configEvents := daemonevents.NewConfigEvents()
-	fsystem := config.NewFilesystemConfigManager(
+	cfgMgr := config.NewFilesystemConfigManager(
 		config.SettingsDataFilePath,
 		config.InstallFilePath,
 		Salt,
@@ -136,9 +137,9 @@ func main() {
 		configEvents.Config,
 	)
 	var cfg config.Config
-	if err := fsystem.Load(&cfg); err != nil {
+	if err := cfgMgr.Load(&cfg); err != nil {
 		log.Println(err)
-		if err := fsystem.Reset(); err != nil {
+		if err := cfgMgr.Reset(); err != nil {
 			log.Fatalln(err)
 		}
 	}
@@ -234,7 +235,7 @@ func main() {
 		httpClientWithRotator,
 		validator,
 	)
-	meshAPIex := registry.NewRegistry(
+	meshRegistry := registry.NewRegistry(
 		defaultAPI,
 		meshnetEvents.SelfRemoved,
 	)
@@ -282,17 +283,17 @@ func main() {
 	// obfuscated machineID
 	deviceID := fmt.Sprintf("%x", sha256.Sum256([]byte(cfg.MachineID.String()+Salt)))
 
-	analytics := newAnalytics(eventsDbPath, fsystem, defaultAPI, Version, Environment, deviceID)
+	analytics := newAnalytics(eventsDbPath, cfgMgr, defaultAPI, Version, Environment, deviceID)
 	heartBeatSubject.Subscribe(analytics.NotifyHeartBeat)
 	daemonEvents.Subscribe(analytics)
 	daemonEvents.Service.Connect.Subscribe(loggerSubscriber.NotifyConnect)
 	daemonEvents.Settings.Publish(cfg)
 
-	if fsystem.NewInstallation {
+	if cfgMgr.NewInstallation {
 		daemonEvents.Service.UiItemsClick.Publish(events.UiItemsAction{ItemName: "first_open", ItemType: "button", ItemValue: "first_open", FormReference: "daemon"})
 	}
 
-	vpnLibConfigGetter := vpnLibConfigGetterImplementation(fsystem)
+	vpnLibConfigGetter := vpnLibConfigGetterImplementation(cfgMgr)
 
 	internalVpnEvents := vpn.NewInternalVPNEvents()
 
@@ -394,17 +395,17 @@ func main() {
 	norduserClient := norduserservice.NewNorduserGRPCClient()
 
 	meshnetChecker := meshnet.NewRegisteringChecker(
-		fsystem,
+		cfgMgr,
 		keygen,
-		meshAPIex,
+		meshRegistry,
 	)
 
 	meshnetEvents.PeerUpdate.Subscribe(refresher.NewMeshnet(
-		meshAPIex, meshnetChecker, fsystem, netw,
+		meshRegistry, meshnetChecker, cfgMgr, netw,
 	).NotifyPeerUpdate)
 
 	meshUnsetter := meshunsetter.NewMeshnet(
-		fsystem,
+		cfgMgr,
 		netw,
 		errSubject,
 		norduserClient,
@@ -414,7 +415,7 @@ func main() {
 	accountUpdateEvents := daemonevents.NewAccountUpdateEvents()
 	accountUpdateEvents.Subscribe(statePublisher)
 	authChecker := auth.NewRenewingChecker(
-		fsystem,
+		cfgMgr,
 		defaultAPI,
 		daemonEvents.User.MFA,
 		errSubject,
@@ -426,7 +427,7 @@ func main() {
 		infoSubject,
 		errSubject,
 		meshnetEvents.PeerUpdate,
-		nc.NewCredsFetcher(defaultAPI, fsystem))
+		nc.NewCredsFetcher(defaultAPI, cfgMgr))
 
 	dataUpdateEvents := daemonevents.NewDataUpdateEvents()
 	dataUpdateEvents.Subscribe(statePublisher)
@@ -442,7 +443,7 @@ func main() {
 	rpc := daemon.NewRPC(
 		internal.Environment(Environment),
 		authChecker,
-		fsystem,
+		cfgMgr,
 		dm,
 		defaultAPI,
 		defaultAPI,
@@ -460,22 +461,30 @@ func main() {
 		notificationClient,
 		analytics,
 		norduserService,
-		meshAPIex,
+		meshRegistry,
 		statePublisher,
 		sharedContext,
 	)
+
+	filesharePortController := meshnet.NewPortAccessController(cfgMgr, netw, meshRegistry)
+	fileshareProcMonitor := meshnet.NewProcMonitor(
+		&filesharePortController,
+		netlinkMonitorSetupFn,
+	)
+
 	meshService := meshnet.NewServer(
 		authChecker,
-		fsystem,
+		cfgMgr,
 		meshnetChecker,
 		defaultAPI,
 		netw,
-		meshAPIex,
+		meshRegistry,
 		threatProtectionLiteServers,
 		errSubject,
 		meshnetEvents.PeerUpdate,
 		daemonEvents,
 		norduserClient,
+		fileshareProcMonitor,
 		sharedContext,
 	)
 
@@ -573,11 +582,11 @@ func main() {
 		go rpc.StartAutoConnect(network.ExponentialBackoff)
 	}
 
-	monitor, err := netstate.NewNetlinkMonitor([]string{openvpn.InterfaceName, nordlynx.InterfaceName})
+	netMonitor, err := netstate.NewNetlinkMonitor([]string{openvpn.InterfaceName, nordlynx.InterfaceName})
 	if err != nil {
 		log.Fatalln(err)
 	}
-	monitor.Start(netw)
+	netMonitor.Start(netw)
 
 	if authChecker.IsLoggedIn() {
 		go daemon.StartNC("[startup]", notificationClient)
@@ -606,3 +615,17 @@ func main() {
 		log.Println(internal.ErrorPrefix, "stopping KillSwitch:", err)
 	}
 }
+
+func netlinkMonitorSetupFn() (meshnet.MonitorChannels, error) {
+	eventCh := make(chan netlink.ProcEvent, 128)
+	doneCh := make(chan struct{})
+	errCh := make(chan error)
+	if err := netlink.ProcEventMonitor(eventCh, doneCh, errCh); err != nil {
+		return meshnet.MonitorChannels{}, err
+	}
+	return meshnet.MonitorChannels{
+		EventCh: eventCh,
+		DoneCh:  doneCh,
+		ErrCh:   errCh,
+	}, nil
+}
@@ -36,6 +36,7 @@ func (failingLoginChecker) IsMFAEnabled() (bool, error) { return false, nil }
 func (failingLoginChecker) IsVPNExpired() (bool, error) {
 	return true, errors.New("IsVPNExpired error")
 }
+
 func (failingLoginChecker) GetDedicatedIPServices() ([]auth.DedicatedIPService, error) {
 	return nil, fmt.Errorf("Not implemented")
 }
@@ -154,6 +155,15 @@ func (*meshNetworker) GetConnectionParameters() (vpn.ServerData, bool) {
 	return vpn.ServerData{}, false
 }
 
+type handlerDummy struct{}
+
+func (handlerDummy) OnProcessStarted(meshnet.ProcEvent) {}
+func (handlerDummy) OnProcessStopped(meshnet.ProcEvent) {}
+
+func monitorSetupDummy() (meshnet.MonitorChannels, error) {
+	return meshnet.MonitorChannels{}, nil
+}
+
 func TestStartAutoMeshnet(t *testing.T) {
 	category.Set(t, category.Unit)
 
@@ -215,6 +225,7 @@ func TestStartAutoMeshnet(t *testing.T) {
 				nil,
 				&daemonevents.Events{},
 				&testnorduser.MockNorduserClient{},
+				meshnet.NewProcMonitor(handlerDummy{}, monitorSetupDummy),
 				sharedctx.New(),
 			)
 
 
@@ -469,7 +469,7 @@ func fwmarkRule(prioID int, fwmark uint32, tableID int, ipv6 bool) *netlink.Rule
 	rule := netlink.NewRule()
 	rule.Priority = prioID
 	rule.Invert = true
-	rule.Mark = int(fwmark)
+	rule.Mark = fwmark
 	rule.Table = tableID
 	rule.Family = toNetlinkFamily(ipv6)
 	return rule
 
@@ -5,7 +5,7 @@ go 1.21.1
 toolchain go1.22.2
 
 // Bindings
-// NOTE: If you are chaning the binding versions here, keep in mind that you
+// NOTE: If you are changing the binding versions here, keep in mind that you
 // may also need to update versions in `./lib-versions.env` file.
 require (
 	github.com/NordSecurity/libdrop-go/v8 v8.0.0-20241017064027-670787595588
@@ -36,7 +36,7 @@ require (
 	github.com/quic-go/quic-go v0.42.0
 	github.com/stretchr/testify v1.9.0
 	github.com/urfave/cli/v2 v2.25.0
-	github.com/vishvananda/netlink v1.1.0
+	github.com/vishvananda/netlink v1.3.0
 	golang.org/x/crypto v0.24.0
 	golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f
 	golang.org/x/mod v0.17.0
@@ -89,7 +89,7 @@ require (
 	github.com/quic-go/qpack v0.4.0 // indirect
 	github.com/robfig/cron/v3 v3.0.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
-	github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 // indirect
+	github.com/vishvananda/netns v0.0.4 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
 
@@ -188,9 +188,13 @@ github.com/urfave/cli/v2 v2.25.0 h1:ykdZKuQey2zq0yin/l7JOm9Mh+pg72ngYMeB0ABn6q8=
 github.com/urfave/cli/v2 v2.25.0/go.mod h1:GHupkWPMM0M/sj1a2b4wUrWBPzazNrIjouW6fmdJLxc=
 github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0=
 github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
+github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQdrZk=
+github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs=
 github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
 github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695APm9hlsSMoOoE65U4/TcqNj90mc69Rlg=
 github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
+github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
+github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -277,6 +281,8 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
 golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 
@@ -518,45 +518,3 @@ func OpenOrCreateRegularFile(fileName string, flags int, permission fs.FileMode)
 
 	return file, nil
 }
-
-type (
-	readfileFunc func(name string) ([]byte, error)
-	readdirFunc  func(name string) ([]os.DirEntry, error)
-)
-
-var (
-	defaultReadfile readfileFunc = os.ReadFile
-	defaultReaddir  readdirFunc  = os.ReadDir
-)
-
-// IsProcessRunning returns `true` if the executable specified as an argument is being executed, `false` otherwise.
-func IsProcessRunning(execPath string) bool {
-	isRunning, err := isProcessRunning(execPath, defaultReaddir, defaultReadfile)
-	if err != nil {
-		log.Println(WarningPrefix, "failed to check if process is running, returning false:", err)
-		return false
-	}
-	return isRunning
-}
-
-func isProcessRunning(executablePath string, readdir readdirFunc, readfile readfileFunc) (bool, error) {
-	procDirs, err := readdir("/proc")
-	if err != nil {
-		return false, fmt.Errorf("error while reading /proc directories: %w", err)
-	}
-
-	for _, dir := range procDirs {
-		cmdlinePath := filepath.Join("/proc", dir.Name(), "cmdline")
-
-		cmdline, err := readfile(cmdlinePath)
-		if err != nil {
-			continue
-		}
-		args := strings.Split(string(cmdline), "\x00")
-		if len(args) > 0 && args[0] == filepath.Clean(executablePath) {
-			return true, nil
-		}
-	}
-
-	return false, nil
-}