The pop-ups display 3 labels:
- The name of the app (Firefox, aMule, Chromium, etc)
- The path of the binary (/usr/bin/telnet)
- The cmd line that was typed or executed (telnet 1.1.1.1)
The app name is always displayed. If we haven't found the app for a
given connection, "Unknown process" is displayed".
The app path is where the binary is located, and the app arguments is
the cmd line that wsa typed by the user, or executed by a process.
So for example, if you execute: telnet 1.1.1.1, the user wouldn't know
what is the path of the application. Someone could have faked it, thus
it's useful to display path to the binary.
On the other hand, if you execute /usr/bin/telnet.netkit 1.1.1.1, the
binary path is already part of the cmdline, so there's no need to show
that information to the user.
request #334:
- added context menu: clone
- added context menu: edit
- added context menu: enable/disable
- clicking on any cell selects the row, instead of only a cell.
- removed internals fields of a rule in the rule's details view
- fixed displaying rules by nodes, type, etc, after clicking on the left
panel.
- don't allow to edit rules that are of unknown type
(simple, regexp, network, list).
- Use unixnano field when inserting rules to the DB, instead of the time
when it's actually inserted.
- Fixed displaying local node stats with linuxmint's python3-grpcio
(1.16.x)
- ui, ruleseditor: added missing operator when using a regular
expression on the DstIP/Net field.
- daemon, rules: ensure that regular expressions are of type string
before evaluating them.
reported here: #333
When the GUI is translated, we were not getting IP/domains regexp
correctly. In other languages "to" has a different number of characters
(a, para, zu, ...)
Use the timestamp instead of the event object when iterating over the last events. ~15x speed increase.
Increase event buffer to 100. On my machine I routinely hit the ceiling of 50 events under some multitasking workloads. Small buffer results in connection attempts not being logged.
Fix Makefile to rebuild when ui.proto changes
The major steps are:
- take advantage of sqlite's default autoincremented rowid column
- add index of the db columns
- when a filter is applied, we build a map of rowids corresponding to the filter
- when user scrolls the view, query the db only for that portion of db which contains the rows to be displayed
- because sqlite cannot use an index when a wildcard is at the start of the LIKE expression, e.g. "process LIKE '%sbin%'", use a workaround:
- keep track of all distinct values in each column
- check in python if any of the distinct values contain the filter string
- reconstruct the query string: instead of "process LIKE '%sbin%'" we use "process IN (<list of distinct values containing 'sbin'>)"
Minor steps:
- mimic some QSqlQueryModel's methods so that our model can be a drop-in replacement
- disable view's default scrollbar and use our own scrollbar which is aware of how many rows are in the db
