The eBPF cache is meant mainly for certain applications that
establish 2-4 new connections in under 1-2 seconds. Thus, a cache of 1
minute per item was too much, 10-20 seconds is enough.
Also, check old items every minute to keep the number of items low.
- Improved user experience, by remembering rows selection when going
back from a detail view. Fixes#620.
- Fixed Users' view query (it didn't list user's connections
correctly and it wasn't efficient).
We were not deleting our rules correctly on exit if another fw tool had
added rules to the nftables tables. This problem caused to detect that
our rules were not added, so we added them again.
Restore rules' columns properly after:
- double clicking on the Rules column of the main tab -> and then
clicking on the back button.
- clicking on the Temporary/Permanent items of the Rules tab.
- clicking on a Rule and going back again to the list of rules.
Misc:
- Disallow double-clicks when entering into a detail view from the
Events tab.
- Removed extra/repeated columns adjusting.
Closes#619
When using DoT or DoH opensnitch cannot intercept the dns packets.
Therefore the UI always shows IP addresses instead of hostnames. To fix
this issue an ebpf (uprobe) filter was created to hook getaddrinfo and
gethostbyname calls.
In order to be independent of libbcc an additional module was added to
ebpf_prog. Without libbcc the libc function offsets must be resolved
manually. In order to find the loaded glibc version some cgo code was
added.
The button to delete events of a view is not displayed on the Nodes or
Rules view. It's only displayed in these views when entering into a
detail view.
Closes#605
In some scenarios, showing a notificatio led to a crash with the error:
Dbus.Error.ServiceUnknown: The name ... was not provided by any .service
files.
There are two issues when connecting to the GUI via TCP on localhost:
- Sometimes when the daemon is launched with the GUI already running, the
notifications channel is not established.
* Give 10 seconds to connect, if it timeouts, disconnect everything
and try to reconnect again.
- After some time the notifications channel is closed from the server
side (i.e., the GUI), and it is not restablished.
* Forcefully disconnect everything, and let it reconnect again.
Both issues should be investigated further to find the root problem.
Rules of type lists [domains, IPs, network ranges] are reloaded
whenever a file containing the data changes.
One could expect to update these files once or twice a day, but
by updating the files continuously it was possible to cause a leak,
leading to a crash.
debhelper-compat 12 caused on ubuntu 16 errors after installing.
debhelper-compa 11 doesn't fail on ubuntu 16, and works on SysVinit
and systemd based systems.
On ubuntu 16 though, the service is not enabled nor started
automatically.
If the events were saved to a DB on disk,
there were long delays when opening the events window.
Now the events window loads faster, but the Events view is not as
performant as before. It means that while you're monitoring connections,
the GUI may consume 1-5% of the CPU and ~25% when you apply a filter
(only in that moment).
With the previous approach the CPU usage was close to 0-1% in both
cases, so we need to find a way of not causing long delays while being
performant.
More about this:
https://github.com/evilsocket/opensnitch/issues/566#issuecomment-1014930627
- Use a good quality icon on all dialogs.
- Set the icon off when closing, to let the user know that we're
exiting.
- Decreased time to wait to exit to 5secs.
- setDesktopFileName() is only available since 5.7.
- use pragma quick_check to improve DB loading when events are saved to
disk.
- optimize DB on close.
WIP.
Until now we used Qt's systray notifications. They couldn't be disabled
and didn't integrate well with non-Qt based Desktop Environments. Also
we depended on the system tray availability, which is not always
available (i3, phosh, ...).
Now the user can choose to use Qt's notifications, the system
notification service or disabled them completely.
Pros:
- The notification style is defined by the Desktop Environment.
- Can be configured globally from the system settings.
- In many DEs, the notifications are grouped into a single view. So if
you miss any event, you can go there and check out what happened.
- Now we can display notifications on DEs where we couldn't before.
- It's a standard supported by major DEs.
Cons:
- Sometimes we can't connect to the D-Bus mainloop instance. We need to
investigate it.
TODO:
- Deny/Allow new outgoing connections from the notifications,
replacing the current pop-ups.
Requested here: #468 , #476 and #477 .
Instead of the builtin buttons to increase the value of spin boxes, use
regular buttons. It'll be easier to use on touchable devices.
Note: This feature can also be achieved by customizing SpinBoxes' css
style.
- If sys.exit() fails, force exit after 10s.
- Close db connection on exit.
- When closing the GUI (server), set connected nodes to offline.
The status will be updated when nodes connect again / when the server
is available again.
Otherwise, we may end up with nodes marked as _online_ when in reality
they're not connected.
- Add nodes on the main thread.
