- Log packet mark, which may help debugging VPN connections for example.
- Log the nfqueue number when we fail to setup the queue.
* Suggest to restart the computer on one particular case (#912).
- Fixed firewall dialog label alignment.
- Fixed potential race condition when stopping the daemon, and there're
connections being enqueued.
- Added "clear" button to GUI's filter line (#786)
- Create ebpf cache object only if the modules have been loaded.
- Set default stats workers to the sme amount defined in configuration.
Closes#785
When testing this patch under a heavy load of 300 new connections per second running for 12 hours, I saw a few timeouts.
This means that there are legitimate cases when sending the packet to the channel will not go through
no matter how long we wait.
However, compared to the old behavior, the amount of dropped packets decreased by a factor of 100x.
The value of timeout is chosen to be 1 millisecond, because it feels reasonable that if after so long the packet did
not go through, it is not due to a congested channel but due to some other error which will not go away even if we wait longer.
When the daemon is stopped, we need to close opened netfilter recurses.
Otherwise we can fall into a situation where we leave NFQUEUE queues
opened, which causes opensnitch to not run anymore until system restart
or a manual intervention, because there's a NFQUEUE queue already created
with the same ID.
This is what was happening as a collateral effect of #41.
In old libnetfilter_queue libs, we can't know the UID of the packet
because the function nfq_get_uid is not present.
We check it dynamically on run time, but we were doing it wrong, so the
daemon didn't run with old libs.
Thaks to Pain-Patate for reporting it in #18.
With the current implementation, it's not possible to know what
process/pid has created an outgoing connection, but there's still
valuable information that the user may want to know, so:
- display outgoing connections even if the process name/path is unknown.
(src ip, dst ip, dst port, uid)
- get outgoing connection uid if kernel > 3.6.
