mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #188 from Northern-Lights/syscall-fix

Browse source 
Update probed function sys_execve to do_execve
This commit is contained in:
evilsocket 2018-09-06 15:51:11 +03:00 committed by GitHub
commit 980876e517
Failed to generate hash of commit
5 changed files with 57 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
daemon/conman/connection.go
View file

@ -71,7 +71,7 @@ func NewConnection(nfp *netfilter.Packet, ip *layers.IPv4) (c *Connection, err e
c = &Connection{
SrcIP: ip.SrcIP,
DstIP: ip.DstIP,
DstHost: dns.HostOr(ip.DstIP, ""),
DstHost: dns.HostOr(ip.DstIP, ip.DstIP.String()),
pkt: nfp,
}

43
daemon/dns/track.go
View file

@ -12,7 +12,7 @@ import (
var (
responses = make(map[string]string, 0)
lock = sync.Mutex{}
lock = sync.RWMutex{}
)
func TrackAnswers(packet gopacket.Packet) bool {
@ -41,37 +41,50 @@ func TrackAnswers(packet gopacket.Packet) bool {
}
for _, ans := range dnsAns.Answers {
if ans.Name != nil && ans.IP != nil {
Track(ans.IP, string(ans.Name))
if ans.Name != nil {
if ans.IP != nil {
Track(ans.IP.String(), string(ans.Name))
} else if ans.CNAME != nil {
Track(string(ans.CNAME), string(ans.Name))
}
}
}
return true
}
func Track(ip net.IP, hostname string) {
address := ip.String()
func Track(resolved string, hostname string) {
lock.Lock()
defer lock.Unlock()
responses[address] = hostname
responses[resolved] = hostname
log.Debug("New DNS record: %s -> %s", address, hostname)
log.Debug("New DNS record: %s -> %s", resolved, hostname)
}
func Host(ip net.IP) (host string, found bool) {
address := ip.String()
func Host(resolved string) (host string, found bool) {
lock.RLock()
defer lock.RUnlock()
lock.Lock()
defer lock.Unlock()
host, found = responses[address]
host, found = responses[resolved]
return
}
func HostOr(ip net.IP, or string) string {
if host, found := Host(ip); found == true {
if host, found := Host(ip.String()); found == true {
// host might have been CNAME; go back until we reach the "root"
seen := make(map[string]bool) // prevent possibility of loops
for {
orig, had := Host(host)
if seen[orig] {
break
}
if !had {
break
}
seen[orig] = true
host = orig
}
return host
}
return or

21
daemon/firewall/rules.go
View file

@ -32,6 +32,27 @@ func RunRule(enable bool, rule []string) (err error) {
// INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
func QueueDNSResponses(enable bool, queueNum int) (err error) {
// If enable, we're going to insert as #1, not append
if enable {
// FIXME: this is basically copy/paste of RunRule() above b/c we can't
// shoehorn "-I" with the boolean 'enable' switch
rule := []string{
"-I",
"INPUT",
"1",
"--protocol", "udp",
"--sport", "53",
"-j", "NFQUEUE",
"--queue-num", fmt.Sprintf("%d", queueNum),
"--queue-bypass",
}
lock.Lock()
defer lock.Unlock()
_, err := core.Exec("iptables", rule)
return err
}
// Otherwise, it's going to be disable
return RunRule(enable, []string{
"INPUT",
"--protocol", "udp",

2
daemon/procmon/watcher.go
View file

@ -10,7 +10,7 @@ import (
const (
probeName = "opensnitch_exec_probe"
syscallName = "sys_execve"
syscallName = "do_execve"
)
type procData struct {

7
ui/opensnitch/dialogs/stats.py
View file

@ -201,7 +201,12 @@ class StatsDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
by_users = {}
if self._address is None:
for uid, hits in self._stats.by_uid.items():
by_users["%s (%s)" % (pwd.getpwuid(int(uid)).pw_name, uid)] = hits
try:
pw_name = pwd.getpwall(int(uid)).pw_name
except KeyError:
pw_name = "(UID error)"
finally:
by_users["%s (%s)" % (pw_name, uid)] = hits
else:
by_users = self._stats.by_uid