problem:
- after losing network connectivity node<->server, the node didn't restore
the connection. In reality, the connection with the server was not
closed, but the notifications channel was closed due to inactivity
after 20s.
set inactivity timeouts to 20s on both node and server. Previous
timeouts were 2h for the main connection and 20s for the streaming
channels (notifications).
- get rid of the logic to determine if the server is alive or not based
on sending pings.
Instead, use the connection events when a node connects/disconnects
(Subscribe).
The Ping call is still used to send the statistics.
other:
- fixed exception when updating the status of a node.
- fixed remote nodes rules editing.
- improved notifications when a node is not connected and an action is
performed on it (edit a rule, disable/enable a rule, etc).
- ui: fixed error getting the icon of an app.
- ui: fixed getting the list of pids of an app.
- ui: improved proc details start/stop icon behaviour.
- daemon: improved error message when we fail getting the details of a
process.
others:
- changed icon search by system-search.
Added the description of an app to the pop-ups, to help users know
what an application is or does.
The discovery of app icons has been improved for those edge cases where
the system is not properly configured and we were not able to get the
icon of the app.
Initial support to filter connections using lists of domains.
The lists must be in hosts format:
- 0.0.0.0 www.domain.com
- 127.0.0.1 www.domain.com
From the rules editor, create a new rule, and select
[x] To this lists of domains
Select a directory with files in hosts format, select [x] Priority rule,
select [x] Deny and click on Apply.
An example of a list in hosts format:
https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt
Note: you can also add a list of domains to allow, not only domains to
block.
TODOs:
- support for URLs besides directories (local lists).
- support for scheduled updates of the above URLs.
related #298
We added UPSERTS, to update the time of a rule when a connection matched
that rule.
However UPSERTS in SQLite weren't introduced until v3.24.x, thus it
causes errors on older versions (like the ones shipped with Ubuntu
16/18).
On the other hand, we need to replace the rules once we receive them
from the daemon, to reflect on the GUI any change made on the rules by hand.
More info: #344
rename, remove unused targets
trigger targets only when relevant files actually are changed
git:
do not track files which are generated during make
github actions fix to not rely on a pre-built ui.pb.go
The pop-ups display 3 labels:
- The name of the app (Firefox, aMule, Chromium, etc)
- The path of the binary (/usr/bin/telnet)
- The cmd line that was typed or executed (telnet 1.1.1.1)
The app name is always displayed. If we haven't found the app for a
given connection, "Unknown process" is displayed".
The app path is where the binary is located, and the app arguments is
the cmd line that wsa typed by the user, or executed by a process.
So for example, if you execute: telnet 1.1.1.1, the user wouldn't know
what is the path of the application. Someone could have faked it, thus
it's useful to display path to the binary.
On the other hand, if you execute /usr/bin/telnet.netkit 1.1.1.1, the
binary path is already part of the cmdline, so there's no need to show
that information to the user.
request #334:
- added context menu: clone
- added context menu: edit
- added context menu: enable/disable
- clicking on any cell selects the row, instead of only a cell.
- removed internals fields of a rule in the rule's details view
- fixed displaying rules by nodes, type, etc, after clicking on the left
panel.
- don't allow to edit rules that are of unknown type
(simple, regexp, network, list).
- Use unixnano field when inserting rules to the DB, instead of the time
when it's actually inserted.
- Fixed displaying local node stats with linuxmint's python3-grpcio
(1.16.x)
- ui, ruleseditor: added missing operator when using a regular
expression on the DstIP/Net field.
- daemon, rules: ensure that regular expressions are of type string
before evaluating them.
reported here: #333
When the GUI is translated, we were not getting IP/domains regexp
correctly. In other languages "to" has a different number of characters
(a, para, zu, ...)
