mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

added initial support for ICMP and SCTP

Browse source 
Closes: 714
This commit is contained in:
Gustavo Iñiguez Goia 2022-12-18 00:41:06 +01:00
parent 342c75a6e1
commit 50217afc9f
Failed to generate hash of commit
6 changed files with 80 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
daemon/conman/connection.go
View file

@ -247,6 +247,27 @@ func (c *Connection) parseDirection(protoType string) bool {
c.SrcPort = uint(udplite.SrcPort)
ret = true
}
} else if sctpLayer := c.Pkt.Packet.Layer(layers.LayerTypeSCTP); sctpLayer != nil {
if sctp, ok := sctpLayer.(*layers.SCTP); ok == true && sctp != nil {
c.Protocol = "sctp" + protoType
c.DstPort = uint(sctp.DstPort)
c.SrcPort = uint(sctp.SrcPort)
ret = true
}
} else if icmpLayer := c.Pkt.Packet.Layer(layers.LayerTypeICMPv4); icmpLayer != nil {
if icmp, ok := icmpLayer.(*layers.ICMPv4); ok == true && icmp != nil {
c.Protocol = "icmp"
c.DstPort = 0
c.SrcPort = 0
ret = true
}
} else if icmp6Layer := c.Pkt.Packet.Layer(layers.LayerTypeICMPv6); icmp6Layer != nil {
if icmp6, ok := icmp6Layer.(*layers.ICMPv6); ok == true && icmp6 != nil {
c.Protocol = "icmp" + protoType
c.DstPort = 0
c.SrcPort = 0
ret = true
}
}
return ret

6
daemon/netlink/socket.go
View file

@ -39,6 +39,12 @@ func GetSocketInfo(proto string, srcIP net.IP, srcPort uint, dstIP net.IP, dstPo
ipproto = syscall.IPPROTO_UDPLITE
}
}
if protoLen >= 4 && proto[:4] == "sctp" {
ipproto = syscall.IPPROTO_SCTP
}
if protoLen >= 4 && proto[:4] == "icmp" {
ipproto = syscall.IPPROTO_RAW
}
if sockList, err := SocketGet(family, ipproto, uint16(srcPort), uint16(dstPort), srcIP, dstIP); err == nil {
for n, sock := range sockList {
if sock.UID != 0xffffffff {

5
daemon/procmon/ebpf/find.go
View file

@ -68,6 +68,11 @@ func getPidFromEbpf(proto string, srcPort uint, srcIP net.IP, dstIP net.IP, dstP
// the connection the next times.
delItemIfFound := true
_, ok := ebpfMaps[proto]
if !ok {
return
}
var value networkEventT
var key []byte
var isIP4 bool = (proto == "tcp") || (proto == "udp") || (proto == "udplite")

6
daemon/procmon/ebpf/utils.go
View file

@ -80,7 +80,11 @@ func getItems(proto string, isIPv6 bool) (items uint) {
firstrun := true
for {
ok, err := m.LookupNextElement(ebpfMaps[proto].bpfmap, unsafe.Pointer(&lookupKey[0]),
mp, ok := ebpfMaps[proto]
if !ok {
return
}
ok, err := m.LookupNextElement(mp.bpfmap, unsafe.Pointer(&lookupKey[0]),
unsafe.Pointer(&nextKey[0]), unsafe.Pointer(&value))
if !ok || err != nil { //reached end of map
log.Debug("[ebpf] %s map: %d active items", proto, items)

26
ui/opensnitch/dialogs/prompt.py
View file

@ -137,14 +137,16 @@ class PromptDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
def showEvent(self, event):
super(PromptDialog, self).showEvent(event)
self.activateWindow()
self.adjust_size()
self.move_popup()
def adjust_size(self):
if self._width is None or self._height is None:
self._width = self.width()
self._height = self.height()
self.setMinimumSize(self._width, self._height)
self.setMaximumSize(self._width, self._height)
self.move_popup()
def move_popup(self):
popup_pos = self._cfg.getInt(self._cfg.DEFAULT_POPUP_POSITION)
@ -172,9 +174,12 @@ class PromptDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
self.checkDstIP.setVisible(state)
self.whatIPCombo.setVisible(state)
self.destIPLabel.setVisible(not state)
self.checkDstPort.setVisible(state)
self.checkDstPort.setVisible(state == True and (self._con != None and self._con.dst_port != 0))
self.checkUserID.setVisible(state)
self._ischeckAdvanceded = state
self.adjust_size()
self.move_popup()
def _button_clicked(self):
self._stop_countdown()
@ -245,6 +250,9 @@ class PromptDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
self._timeout_triggered = True
self._send_rule()
def _hide_widget(self, widget, hide):
widget.setVisible(not hide)
def _configure_default_duration(self):
if self._cfg.hasKey(self._cfg.DEFAULT_DURATION_KEY):
cur_idx = self._cfg.getInt(self._cfg.DEFAULT_DURATION_KEY)
@ -332,7 +340,13 @@ class PromptDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
self.sourceIPLabel.setText(con.src_ip)
self.destIPLabel.setText(con.dst_ip)
self.destPortLabel.setText(str(con.dst_port))
if con.dst_port == 0:
self.destPortLabel.setText("")
else:
self.destPortLabel.setText(str(con.dst_port))
self._hide_widget(self.destPortLabel, con.dst_port == 0)
self._hide_widget(self.destPortLabel_1, con.dst_port == 0)
self._hide_widget(self.checkDstPort, con.dst_port == 0 or not self._ischeckAdvanceded)
if self._local:
try:
@ -472,6 +486,12 @@ class PromptDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
con.protocol.upper(),
con.dst_port )
# icmp port is 0 (i.e.: no port)
if con.dst_port == 0:
msg_action = QC.translate("popups", "is connecting to <b>%s</b>, %s") % ( \
con.dst_host or con.dst_ip,
con.protocol.upper() )
if con.dst_port == 53 and con.dst_ip != con.dst_host and con.dst_host != "":
msg_action = QC.translate("popups", "is attempting to resolve <b>%s</b> via %s, %s port %d") % ( \
con.dst_host,

20
ui/opensnitch/res/ruleseditor.ui
View file

@ -275,6 +275,26 @@
<string notr="true">UDPLITE6</string>
</property>
</item>
<item>
<property name="text">
<string>ICMP</string>
</property>
</item>
<item>
<property name="text">
<string>ICMP6</string>
</property>
</item>
<item>
<property name="text">
<string>SCTP</string>
</property>
</item>
<item>
<property name="text">
<string>SCTP6</string>
</property>
</item>
</widget>
</item>
<item row="3" column="0">