2018-04-02 17:54:56 +02:00
|
|
|
syntax = "proto3";
|
|
|
|
|
|
2018-04-06 15:58:19 +02:00
|
|
|
package protocol;
|
2018-04-02 17:54:56 +02:00
|
|
|
|
2021-03-28 16:38:21 +02:00
|
|
|
option go_package = "github.com/evilsocket/opensnitch/daemon/ui/protocol";
|
|
|
|
|
|
2018-04-02 17:54:56 +02:00
|
|
|
service UI {
|
2018-04-02 18:26:04 +02:00
|
|
|
rpc Ping(PingRequest) returns (PingReply) {}
|
2018-04-08 15:32:20 +02:00
|
|
|
rpc AskRule (Connection) returns (Rule) {}
|
2020-05-10 17:44:56 +02:00
|
|
|
rpc Subscribe (ClientConfig) returns (ClientConfig) {}
|
|
|
|
|
rpc Notifications (stream NotificationReply) returns (stream Notification) {}
|
2022-10-12 13:31:45 +02:00
|
|
|
rpc PostAlert(Alert) returns (MsgResponse) {}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
- Send error messages (kernel not compatible, etc)
|
|
|
|
|
- Send warnings (eBPF modules failed loading, etc)
|
|
|
|
|
- Send kernel events: new execs, bytes recv/sent, ...
|
|
|
|
|
- Alert of events defined by the user: alert when a rule matches
|
|
|
|
|
*/
|
|
|
|
|
message Alert {
|
|
|
|
|
enum Priority {
|
|
|
|
|
LOW = 0;
|
|
|
|
|
MEDIUM = 1;
|
|
|
|
|
HIGH = 2;
|
|
|
|
|
}
|
|
|
|
|
enum Type {
|
|
|
|
|
ERROR = 0;
|
|
|
|
|
WARNING = 1;
|
|
|
|
|
INFO = 2;
|
|
|
|
|
}
|
|
|
|
|
enum Action {
|
|
|
|
|
NONE = 0;
|
|
|
|
|
SHOW_ALERT = 1;
|
|
|
|
|
SAVE_TO_DB = 2;
|
|
|
|
|
}
|
|
|
|
|
// What caused the alert
|
|
|
|
|
enum What {
|
|
|
|
|
GENERIC = 0;
|
|
|
|
|
PROC_MONITOR = 1;
|
|
|
|
|
FIREWALL = 2;
|
|
|
|
|
CONNECTION = 3;
|
|
|
|
|
RULE = 4;
|
|
|
|
|
NETLINK = 5;
|
|
|
|
|
// bind, exec, etc
|
|
|
|
|
KERNEL_EVENT = 6;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
uint64 id = 1;
|
|
|
|
|
Type type = 2;
|
|
|
|
|
// TODO: group of actions: SHOW_ALERT | SAVE_TO_DB
|
|
|
|
|
Action action = 3;
|
|
|
|
|
Priority priority = 4;
|
|
|
|
|
What what = 5;
|
|
|
|
|
// https://developers.google.com/protocol-buffers/docs/reference/go-generated#oneof
|
|
|
|
|
oneof data {
|
|
|
|
|
// errors, messages, etc
|
|
|
|
|
string text = 6;
|
|
|
|
|
// proc events: send/recv bytes, etc
|
|
|
|
|
Process proc = 8;
|
|
|
|
|
// conn events: bind, listen, etc
|
|
|
|
|
Connection conn = 9;
|
|
|
|
|
Rule rule = 10;
|
|
|
|
|
FwRule fwrule = 11;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
message MsgResponse {
|
|
|
|
|
uint64 id = 1;
|
2018-04-08 15:32:20 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
message Event {
|
|
|
|
|
string time = 1;
|
|
|
|
|
Connection connection = 2;
|
|
|
|
|
Rule rule = 3;
|
2020-12-22 11:47:09 +03:00
|
|
|
int64 unixnano = 4;
|
2018-04-02 18:26:04 +02:00
|
|
|
}
|
|
|
|
|
|
2018-04-06 01:44:15 +02:00
|
|
|
message Statistics {
|
2018-04-06 13:55:03 +02:00
|
|
|
string daemon_version = 1;
|
2018-04-08 17:20:37 +02:00
|
|
|
uint64 rules = 2;
|
|
|
|
|
uint64 uptime = 3;
|
|
|
|
|
uint64 dns_responses = 4;
|
|
|
|
|
uint64 connections = 5;
|
|
|
|
|
uint64 ignored = 6;
|
|
|
|
|
uint64 accepted = 7;
|
|
|
|
|
uint64 dropped = 8;
|
|
|
|
|
uint64 rule_hits = 9;
|
|
|
|
|
uint64 rule_misses = 10;
|
|
|
|
|
map<string, uint64> by_proto = 11;
|
|
|
|
|
map<string, uint64> by_address = 12;
|
|
|
|
|
map<string, uint64> by_host = 13;
|
|
|
|
|
map<string, uint64> by_port = 14;
|
|
|
|
|
map<string, uint64> by_uid = 15;
|
|
|
|
|
map<string, uint64> by_executable = 16;
|
|
|
|
|
repeated Event events = 17;
|
2018-04-06 01:44:15 +02:00
|
|
|
}
|
|
|
|
|
|
2018-04-02 18:26:04 +02:00
|
|
|
message PingRequest {
|
|
|
|
|
uint64 id = 1;
|
2018-04-06 01:44:15 +02:00
|
|
|
Statistics stats = 2;
|
2018-04-02 18:26:04 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
message PingReply {
|
|
|
|
|
uint64 id = 1;
|
2018-04-02 17:54:56 +02:00
|
|
|
}
|
|
|
|
|
|
2022-10-12 13:31:45 +02:00
|
|
|
message Process {
|
|
|
|
|
uint64 pid = 1;
|
|
|
|
|
uint64 ppid = 2;
|
|
|
|
|
uint64 uid = 3;
|
|
|
|
|
string comm = 4;
|
|
|
|
|
string path = 5;
|
|
|
|
|
repeated string args = 6;
|
|
|
|
|
map<string, string> env = 7;
|
|
|
|
|
string cwd = 8;
|
|
|
|
|
uint64 io_reads = 9;
|
|
|
|
|
uint64 io_writes = 10;
|
|
|
|
|
uint64 net_reads = 11;
|
|
|
|
|
uint64 net_writes = 12;
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-08 15:32:20 +02:00
|
|
|
message Connection {
|
2018-04-02 18:26:04 +02:00
|
|
|
string protocol = 1;
|
|
|
|
|
string src_ip = 2;
|
|
|
|
|
uint32 src_port = 3;
|
|
|
|
|
string dst_ip = 4;
|
|
|
|
|
string dst_host = 5;
|
|
|
|
|
uint32 dst_port = 6;
|
2018-04-05 15:26:36 +02:00
|
|
|
uint32 user_id = 7;
|
|
|
|
|
uint32 process_id = 8;
|
|
|
|
|
string process_path = 9;
|
2020-06-04 01:14:25 +02:00
|
|
|
string process_cwd = 10;
|
|
|
|
|
repeated string process_args = 11;
|
|
|
|
|
map<string, string> process_env = 12;
|
2018-04-02 17:54:56 +02:00
|
|
|
}
|
|
|
|
|
|
2018-04-08 15:32:20 +02:00
|
|
|
message Operator {
|
2018-04-07 13:52:25 +02:00
|
|
|
string type = 1;
|
|
|
|
|
string operand = 2;
|
|
|
|
|
string data = 3;
|
2020-10-23 00:02:16 +02:00
|
|
|
bool sensitive = 4;
|
rules: improved operator list parsing and conversion
Previously when creating a new rule we followed these steps:
- Create a new protobuf Rule object from the ruleseditor or the
pop-ups.
- If the rule contained more than one operator, we converted the
list of operators to a JSON string.
- This JSON string was sent back to the daemon, and saved to the
DB.
- The list of operators were never expanded on the GUI, i.e., they
were not saved as a list of protobuf Operator objects.
- Once received in the daemon, the JSON string was parsed and
converted to a protobuf Operator list of objects.
Both, the JSON string and the list of protobuf Operator objects were
saved to disk, but the JSON string was ignored when loading the
rules.
Saving the list of operators as a JSON string was a problem if you
wanted to create or modify rules without the GUI.
Now when creating or modifying rules from the GUI, the list of operators
is no longer converted to JSON string. Instead the list is sent to the
daemon as a list of protobuf Operators, and saved as JSON objects.
Notes:
- The JSON string is no longer saved to disk as part of the rules.
- The list of operators is still saved as JSON string to the DB.
- About not enabled rules:
Previously, not enabled rules only had the list of operators as JSON
string, with the field list:[] empty.
Now the list of operators is saved as JSON objects, but if the rule
is not enabled, it won't be parsed/loaded.
Closes #1047
(cherry picked from commit b93051026e6a82ba07a5ac2f072880e69f04c238)
2024-06-21 11:38:46 +02:00
|
|
|
repeated Operator list = 5;
|
2018-04-07 13:52:25 +02:00
|
|
|
}
|
|
|
|
|
|
2018-04-08 15:32:20 +02:00
|
|
|
message Rule {
|
2023-07-30 18:16:56 +02:00
|
|
|
int64 created = 1;
|
|
|
|
|
string name = 2;
|
|
|
|
|
string description = 3;
|
|
|
|
|
bool enabled = 4;
|
|
|
|
|
bool precedence = 5;
|
|
|
|
|
bool nolog = 6;
|
|
|
|
|
string action = 7;
|
|
|
|
|
string duration = 8;
|
|
|
|
|
Operator operator = 9;
|
2018-04-02 17:54:56 +02:00
|
|
|
}
|
2020-04-19 20:13:31 +02:00
|
|
|
|
|
|
|
|
enum Action {
|
|
|
|
|
NONE = 0;
|
2022-05-03 22:05:12 +02:00
|
|
|
ENABLE_INTERCEPTION = 1;
|
|
|
|
|
DISABLE_INTERCEPTION = 2;
|
|
|
|
|
ENABLE_FIREWALL = 3;
|
|
|
|
|
DISABLE_FIREWALL = 4;
|
|
|
|
|
RELOAD_FW_RULES = 5;
|
|
|
|
|
CHANGE_CONFIG = 6;
|
|
|
|
|
ENABLE_RULE = 7;
|
|
|
|
|
DISABLE_RULE = 8;
|
|
|
|
|
DELETE_RULE = 9;
|
|
|
|
|
CHANGE_RULE = 10;
|
|
|
|
|
LOG_LEVEL = 11;
|
|
|
|
|
STOP = 12;
|
|
|
|
|
MONITOR_PROCESS = 13;
|
|
|
|
|
STOP_MONITOR_PROCESS = 14;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
message StatementValues {
|
|
|
|
|
string Key = 1;
|
|
|
|
|
string Value = 2;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
message Statement {
|
|
|
|
|
string Op = 1;
|
|
|
|
|
string Name = 2;
|
|
|
|
|
repeated StatementValues Values = 3;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
message Expressions {
|
|
|
|
|
Statement Statement = 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
message FwRule {
|
|
|
|
|
// DEPRECATED: for backward compatibility with iptables
|
|
|
|
|
string Table = 1;
|
|
|
|
|
string Chain = 2;
|
|
|
|
|
|
|
|
|
|
string UUID = 3;
|
|
|
|
|
bool Enabled = 4;
|
|
|
|
|
uint64 Position = 5;
|
|
|
|
|
string Description = 6;
|
|
|
|
|
string Parameters = 7;
|
|
|
|
|
repeated Expressions Expressions = 8;
|
|
|
|
|
string Target = 9;
|
|
|
|
|
string TargetParameters = 10;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
message FwChain {
|
|
|
|
|
string Name = 1;
|
|
|
|
|
string Table = 2;
|
|
|
|
|
string Family = 3;
|
|
|
|
|
string Priority = 4;
|
|
|
|
|
string Type = 5;
|
|
|
|
|
string Hook = 6;
|
|
|
|
|
string Policy = 7;
|
|
|
|
|
repeated FwRule Rules = 8;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
message FwChains {
|
|
|
|
|
// DEPRECATED: backward compatibility with iptables
|
|
|
|
|
FwRule Rule = 1;
|
|
|
|
|
repeated FwChain Chains = 2;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
message SysFirewall {
|
|
|
|
|
bool Enabled = 1;
|
|
|
|
|
uint32 Version = 2;
|
|
|
|
|
repeated FwChains SystemRules = 3;
|
2020-04-19 20:13:31 +02:00
|
|
|
}
|
|
|
|
|
|
2020-05-10 17:44:56 +02:00
|
|
|
// client configuration sent on Subscribe()
|
2020-04-19 20:13:31 +02:00
|
|
|
message ClientConfig {
|
|
|
|
|
uint64 id = 1;
|
|
|
|
|
string name = 2;
|
|
|
|
|
string version = 3;
|
|
|
|
|
bool isFirewallRunning = 4;
|
|
|
|
|
// daemon configuration as json string
|
|
|
|
|
string config = 5;
|
|
|
|
|
uint32 logLevel = 6;
|
|
|
|
|
repeated Rule rules = 7;
|
2022-05-03 22:05:12 +02:00
|
|
|
SysFirewall systemFirewall = 8;
|
2020-04-19 20:13:31 +02:00
|
|
|
}
|
|
|
|
|
|
2020-05-10 17:44:56 +02:00
|
|
|
// notification sent to the clients (daemons)
|
2020-04-19 20:13:31 +02:00
|
|
|
message Notification {
|
|
|
|
|
uint64 id = 1;
|
|
|
|
|
string clientName = 2;
|
|
|
|
|
string serverName = 3;
|
|
|
|
|
// CHANGE_CONFIG: 2, data: {"default_timeout": 1, ...}
|
|
|
|
|
Action type = 4;
|
|
|
|
|
string data = 5;
|
|
|
|
|
repeated Rule rules = 6;
|
2022-05-03 22:05:12 +02:00
|
|
|
SysFirewall sysFirewall = 7;
|
2020-04-19 20:13:31 +02:00
|
|
|
}
|
2020-05-10 17:44:56 +02:00
|
|
|
|
|
|
|
|
// notification reply sent to the server (GUI)
|
|
|
|
|
message NotificationReply {
|
|
|
|
|
uint64 id = 1;
|
|
|
|
|
NotificationReplyCode code = 2;
|
|
|
|
|
string data = 3;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
enum NotificationReplyCode {
|
|
|
|
|
OK = 0;
|
|
|
|
|
ERROR = 1;
|
|
|
|
|
}
|