Up until now we intercepted query and DNS answers using these methods:
- Intercepting DNS queries to port 53.
- Intercepting DNS answers from port 53
- Intercepting glibc DNS functions.
Unfortunately there are scenarios where these methods are not enough:
- When using DNSSEC, DoT, DoH, etc.
- When resolvers return DNS answers from cache
- When resolvers don't use glibc functions to resolve domains.
- When applications use D-BUS to query for domain names instead of
using UDP/TCP (VPNs, flatpaks, electron based apps, etc.).
With this new DNS monitor now we're able to intercept DNS answers when
systemd-resolved is used to resolve domains.
This includes queries from flatpaks and others containerized
applications, as well as cyphered DNS queries.
Closes#874
On some distros (Fedora 37), on the very 1st launch of the GUI, it
crashed with the error:
"object of type QCommonStyle has been deleted"
The only way I've found of getting rid of this error is by obtaining this
object on every paint() call.
In 5b5e2714ae we added support for
in-memory cached DB, to allow delete old events from memory (#844).
Unfortunately, on some systems this URI (file::memory:?cache=shared)
creates a file on disk on user's home.
This file is in the end a DB, so if users want to delete old events,
they'll have to save events to disk.
On the other hand, when in-memory DB is selected, we now disable the
option to delete old events from memory.
Closes#857
Due to how QsqlDatabase works from different threads, a connection to
the DB can only be used from the thread that created it.
In order to access a database from different threads you create a new
QsqlDatabase connection to the DB specifying the DB name/file.
With DBs written to the disk, the database file/name is always the
same (say /tmp/file.db).
But with in-memory databases, whenever you create a new connection with
:memory:, it always create a new in-memory DB, so the DB is empty for
the Cleaner() task, and that's why it was not deleting old events.
Closes#844
Added option to create rules from events, filling up the fields of the
new rule with the properties of a connection.
By default the rules' fields are not enabled.
Closes: #843
When using proc monitor method + interceptUnknown, allow to ask the user
about connections not associated with a process. Usually they're safe to
discard, but on some special cases it helps not disrupt some services.
Block of code to find connections via netstat moved to procmon/
