Per IP listed in the Address view, display the ASN that the IP belongs
to.
The user must have installed the package python3-pyasn.
If the ASN DB files exist under user's opensnitch directory, we'll try
to load them:
- ~/.config/opensnitch/ipasn_db.dat.gz
- ~/.config/opensnitch/asnames.json
Otherwise we'll try to load the one shipped with the python3-pyasn
package (/usr/lib/python3/dist-packages/data/ipasn_20140513_v12.dat.gz)
The package python3-pyasn provides 3 utils to download latest data:
- pyasn_util_download.py --latest
- pyasn_util_convert.py --single rib.20211230.1600.bz2 ~/.config/opensnitch/ipasn_db.dat
- gzip ~/.config/opensnitch/ipasn_db.dat
More info: https://github.com/hadiasghari/pyasn
- Allow to keep a maximum number of events in the db, purging oldest
every hour.
- Perform db operations on the thread that created the connection with
the DB, to avoid segfaults.
- VACUUM db on exit.
- New db index on the rules' field time.
- Order detail views by Time column correctly.
- Fixed rules editor to apply a rule to All nodes when there's more
than one node connected.
- Added options to apply rules to a node (#576).
On the Rules tab select one or more rules, right click on them ->
Apply to: <node>
Needed for create the python package correctly: python setup.py build
Otherwise the build does not copy directories/files without that file.
Reported here: #565
- Fixed key navigation, scrollbars positioning and resizing event.
- Delegate rows painting operation to data().
- Emit dataChanged() only when the visible rows have changed.
The GUI was not usable when there were thousands of records. It used to
get frozen while loading large amount of data, specially when using a DB
stored on disk. Besides, when entering in the details view of an event
it was not possible to filter records by text.
Changes:
- Load by default 50 records instead of all records returned by a query.
- Improved/fixed detail views' queries.
New:
- Allow to filter data in all views, including detail views.
- Allow to limit records in all views.
- Added a help button to display a ballon message with useful
information.
Fixes:
- selection jumping continuously to row 256 when there were more than
256 rows.
https://github.com/evilsocket/opensnitch/issues/565#issuecomment-997346990
Even without setting query limits, the GUI is more usable than before,
but it needs more work. WIP.
As events are received from the daemon, the list of events is reloaded,
and the selection of rows was lost.
This caused several side effects: difficulty to delete multiple rules,
as well as analyze listed events because they were reloaded constantly.
Now if a row is selected, the new events are not loaded until rows
selection is not cleared.
closes#560
We had 3 options to filter connections by domain:
- www.domain.com
- *domain.com
- *.domain.com
The second option was a workaround to allow filter domain.com
Now we handle last 2 situations with a single option(/regular expression).
closes#536
Fixed GUI loading behaviour when DE's autologin is on.
Background:
Sometimes the system tray is not available, so our app's icon
does not show up. In this case we show the GUI to allow the user
manage the rules and view connections.
If the user activated the autologin option, on KDE (and probably others)
our service was launched before the panel was ready, so the system tray was
not available yet and we were showing the Events window.
Changes:
- Delay 10s the check to see if the system tray is available, to give it
time to load.
- Add X-KDE-Autostart-after=panel to kcm_opensnitch.desktop, to launch
the GUI only after the panel is loaded.
- Misc: removed OpenSnitch entry from System Settings on KDE, and update
the categories where the app is shown in the menus.
Closes#535
On Fedora 34, without the appindicator extension installed, when the GUI
was displayed it crashed with the following error:
TypeError: index 0 has type 'float' but 'int' is expected.
related: #526
This change allows to filter connections by PID.
Others have referred to this feature as "filter connections for this
instance/session" or similar, so maybe a better wording is needed.
Open a new discussion or send a PR if you have a better sentence that
describe this option please.
Don't overwrite rules when adding or editing rules, to avoid losing
already added rules.
- When adding a rule, check if there's already a rule with the same
name.
- After adding a new rule, enter into EDIT mode, to allow changes to the
rule without closing the dialog.
- If the user changes the name after adding a rule, check if there's a
rule with the same name.
- When editing a rule and the user changes the name, check if there's a
rule with the same name.
issue #512
- Added lists of IPs and network ranges. One per line. Blank lines or
lines that start with # are ignored.
- Added lists of domains with regular expressions. One per line.
Blank lines or lines that start with # are ignored.
Until now you could use regular expressions with the fields
"To this host" or "To this IP", to match multiple domains or IPs.
But if you wanted to use more than 2-3 domains or IPs it was not really
user friendly.
Hopefully we'll be a little more versatile to cover use cases like #461
and #485.
When blocking a connection via libnetfilter-queue using NF_DROP the
connection is discarded. If the blocked connection is a DNS query, the app
that initiated it will wait until it times out, which is ~30s.
This behaviour can for example cause slowdowns loading web pages: #481
This change adds the option to reject connections by killing the socket
that initiated them.
Denying:
$ time telnet 1.1.1.1 22
Trying 1.1.1.1...
telnet: Unable to connect to remote host: Connection timed out
real 2m10,039s
Rejecting:
$ time telnet 1.1.1.1 22
Trying 1.1.1.1...
telnet: Unable to connect to remote host: Software caused connection abort
real 0m0,005s
When the daemon connects to the GUI, use the default action
configured on the GUI to apply a verdict on new connections.
We were using daemon's default action, so if it was Allow but the user
had configured Deny on the GUI it was allowing connections, causing some
confusion (#489)
TODO: apply this action not only on connecting to the GUI, but also when
saving the configuration from the GUI.
When adding a new rule we were getting the duration as it appeared on
the combo box. It was used to create a Golang time.
However translators were translating the duration strings (30s, 5m,
etc), causing errors when saving the rule.
Now we just look for the index of the selected duration.
On KDE the events window was not restored to previous state when the
window was minimized to the taskbar.
This was fixed by @themighty1 in this PR #315, but there was an
unexpected behaviour on others DE.
As I haven't seen this error in others DE, we apply the original
fix, but only when the DE in use is KDE.
- Fixed typos in the preferences dialog (#465).
- Fixed hiding/showing rules combobox.
- Keep opensnitchd/default-config.json format when saving node's
configuration from the GUI.
- Now the columns names of the details views can be translated (#465).
- Fixed columns size restoring when clicking on the Events tab to view
the details of an item (process, rule or node).
