Consider following scenario:
- Disable Subgraph firewall gnome extension.
- Use an application without policy to trigger prompt request.
Daemon logs an error "Error sending dbus RequestPrompt message" at this point.
- Enable Subgraph firewall gnome extension.
- Retry connection using the same application.
Expected result is that firewall continues processing packets as usual. What actually happens is that firewall hangs for five minutes each time you retry connecting using application for which prompting has failed before.
Cursory look at the source code suggest that this is a result of promptInProgress flag not having being cleared after a failure. Thus when next pending connection is queued for processing, the routine responsible for promptLoop is never signaled and remains waiting on condition variable. Neither is it woken up immediately by prompts triggered for different applications as packets are processed in sequential manner, one at a time, so that processing of first one must timeout before processing continues.
Consider following scenario:
Daemon logs an error "Error sending dbus RequestPrompt message" at this point.
Expected result is that firewall continues processing packets as usual. What actually happens is that firewall hangs for five minutes each time you retry connecting using application for which prompting has failed before.
Cursory look at the source code suggest that this is a result of promptInProgress flag not having being cleared after a failure. Thus when next pending connection is queued for processing, the routine responsible for promptLoop is never signaled and remains waiting on condition variable. Neither is it woken up immediately by prompts triggered for different applications as packets are processed in sequential manner, one at a time, so that processing of first one must timeout before processing continues.