- When changing a policy, disable it until we receive a response.
Maybe we should even delay it a little bit more.
- When editing a fw rule, disable the Save button if the user didn't
change any field.
- Don't rename libbpf's bpf_map_def struct, and distribute the needed bpf
headers.
The bpf_map_def struct has been deprecated for quite some time now,
and it was been removed on >= 6.2 anyway.
We still need it, because we use gobpf.
- Improved compilation behaviour:
- We don't require the kernel sources anymore. We can just use the
kernel headers from the distribution.
- There's no need to copy the sources to the kernel tree, the modules
can be compiled from the ebpf_prog/ dir.
- Compiling against kernels 6.x seems to solve the problem we had with
VPNs, where connections were not intercepted with modules compiled
against 5.8, on kernels >= 5.19.
The modules has been tested on kernels 4.17, 5.4, 5.10, 5.15, 6.1 and
6.2 (kernel connections included).
Closes: #939
Some DEs and WMs don't support systray icons. In this situation we
display the GUI after 10s.
However many users were confused about this behaviour, thinking that
this delay displaying the GUI was a bug (#937).
Hopefully with a warning to the terminal and the desktop will help
them to know what's going on.
- Allow to copy rules to clipboard with CTRL-c
- Added contextual menus:
- edit to open the editor dialog.
- Action, to change the rule verdict without opening the rule dialog.
- Fixed error validating some meta expressions.
- Added option to enable/disable fw rules.
- Limit fw rules deletion to 1 rule for now, until a bug is fixed.
- Allow to filter connections by source IP/Network.
(it also may be useful filter by source port)
- Removed AlwaysOnTop Hint from rules editor dialog.
Closes#922
Up until now, clicking on a system notification caused several
behaviours depending on the Desktop Environment:
- On Gnome it executed opensnitch_ui.desktop, which as of today kills
the running opensnitch-ui process, and relaunches it.
- On other DEs the notifications was just dismissed.
To improve the first behaviour, the Hint "desktop-entry" has been removed.
Now clicking on a notification on Gnome will bring the main window to the
front if it's opened.
On the other hand a new button has been added to the notifications, to
open the main window if it's not opened, or bring it to the front
otherwise.
- Log packet mark, which may help debugging VPN connections for example.
- Log the nfqueue number when we fail to setup the queue.
* Suggest to restart the computer on one particular case (#912).
- On the very first install, or if the GUI's settings.conf file was not
created, GUI's DefaultAction item was not configured properly.
- Now when the daemon is not connected to the GUI, it'll use the
DefaultAction configured in /etc/opensnitchd/default-config.json
- When the daemon is connected to the GUI, the GUI will reconfigure
daemon's DefaultAction value when the one defined by the GUI.
In this case the value defined in default-config.json is not modified,
it'll only be valid while it's connected to the GUI.
Now when opening Preferences->Nodes, it'll display daemon's
DefaultAction defined in the file default-config.json file, which is the
default action applied when the daemon is not connected to the GUI.
Related: #884 , #896
- Don't allow a 0 or empty statement value, except for Meta.
- snat, dnat and redirect parameters must contain ":" to specify a port
or ip+port (192.168.1.1:8080, :8080).
- queue verdict parameter must be an integer.
