- Added python3-packaging as dependency to load dynamically the
protobuffers (python3-packaging for Fedora, python-rpm-packaging
metapackage for OpenSuse).
- Fixed patching protobuffers.
Protobuffers compiled with protobuf < 3.20.0 are incompatible with
protobuf >= 4.0.0:
https://github.com/evilsocket/opensnitch/wiki/GUI-known-problems#gui-does-not-show-up
This has been a source of problems for some users (#1214, #647), and
in some distributions, previous protobuffer does no longer work due to
incompatibility with the protobuf package version installed
(OpenSuse Tumbleweed).
So in order to solve this issue, we provide several protobuffers,
for old and new protobuf versions:
proto/ui_pb2* for protobuf >= 4.0.0
proto/pre3200/ui_pb2* for protobuf >= 3.6.0 and < 3.20.0
To avoid import errors, each protobuffer must be placed in its own
directory, and the name of the protobuffer files must be named with
the syntax <prefix>_pb2.py/<prefix>_pb2_grpc.py:
ui_pb2.py and ui_pb2_grpc.py
The default compiled protobuffer will be opensnitch/proto/ui_*.py
instead of opensnitch/ui_*.py
We were not handling configuration upgrades properly on rpm based
systems.
Now local changes to default-config.json and system-fw.json are kept,
and if the distributed files changes in the future, new files will be
created with the extension .rpmnew
(cherry picked from commit dddfdc924e)
Previously after installing the rpm GUI package, we created a symlink to
our .desktop file for all users, under /home/*/.config/autostart/
If the path didn't exist we created it, unfortunately as root, which
caused some problems with other applications like Gnome Tweaks.
Now a link is created under /etc/xdg/autostart/, which is what we use
with the debian packages.
Closes: #1068
(cherry picked from commit 86d3f54247)
Starting from a python3 release, distutils no longer install scripts
under /usr/bin by default, but under /usr/local/bin.
(around opensnitch v1.6.0-c5).
This causes on some immutable distros not to install the GUI, for
example Fedora SilverBlue:
https://github.com/projectatomic/rpm-ostree/issues/233Closes#880
- Don't rename libbpf's bpf_map_def struct, and distribute the needed bpf
headers.
The bpf_map_def struct has been deprecated for quite some time now,
and it was been removed on >= 6.2 anyway.
We still need it, because we use gobpf.
- Improved compilation behaviour:
- We don't require the kernel sources anymore. We can just use the
kernel headers from the distribution.
- There's no need to copy the sources to the kernel tree, the modules
can be compiled from the ebpf_prog/ dir.
- Compiling against kernels 6.x seems to solve the problem we had with
VPNs, where connections were not intercepted with modules compiled
against 5.8, on kernels >= 5.19.
The modules has been tested on kernels 4.17, 5.4, 5.10, 5.15, 6.1 and
6.2 (kernel connections included).
Closes: #939
- TOP_EU_US_Ads_Trackers_HOST list is no longer available, and the new
list is not in hosts format.
- curben malware list moved to malware-filter.gitlab.io
- some improvements
Closes#695
There's a new way of blocking lists of domains:
https://github.com/evilsocket/opensnitch/wiki/block-lists
However the update of the lists is not implemented yet. You can use
this or other simple script to download and update the lists (in hosts
format).
