We added UPSERTS, to update the time of a rule when a connection matched
that rule.
However UPSERTS in SQLite weren't introduced until v3.24.x, thus it
causes errors on older versions (like the ones shipped with Ubuntu
16/18).
On the other hand, we need to replace the rules once we receive them
from the daemon, to reflect on the GUI any change made on the rules by hand.
More info: #344
The pop-ups display 3 labels:
- The name of the app (Firefox, aMule, Chromium, etc)
- The path of the binary (/usr/bin/telnet)
- The cmd line that was typed or executed (telnet 1.1.1.1)
The app name is always displayed. If we haven't found the app for a
given connection, "Unknown process" is displayed".
The app path is where the binary is located, and the app arguments is
the cmd line that wsa typed by the user, or executed by a process.
So for example, if you execute: telnet 1.1.1.1, the user wouldn't know
what is the path of the application. Someone could have faked it, thus
it's useful to display path to the binary.
On the other hand, if you execute /usr/bin/telnet.netkit 1.1.1.1, the
binary path is already part of the cmdline, so there's no need to show
that information to the user.
* maintain a cache of struct Process for currently active PIDs
decreases PID lookup time from ~100usec to ~5usec
* Update activepids.go
remove import "os"
Co-authored-by: themighty1 <you@example.com>
Mullvad VPN uses an nfmark on packets when establishing a connection with their VPN servers.
If we don't preserve the nfmark, the connection will never be established.
request #334:
- added context menu: clone
- added context menu: edit
- added context menu: enable/disable
- clicking on any cell selects the row, instead of only a cell.
- removed internals fields of a rule in the rule's details view
- fixed displaying rules by nodes, type, etc, after clicking on the left
panel.
- don't allow to edit rules that are of unknown type
(simple, regexp, network, list).
- Use unixnano field when inserting rules to the DB, instead of the time
when it's actually inserted.
- Fixed displaying local node stats with linuxmint's python3-grpcio
(1.16.x)
- ui, ruleseditor: added missing operator when using a regular
expression on the DstIP/Net field.
- daemon, rules: ensure that regular expressions are of type string
before evaluating them.
reported here: #333
We had an OUTPUT rule to drop marked packets. Packets are marked with a
mark when a user defined rule denies a connection.
The thing is that we only intercept NEW connections, and when we deny a
connnection using NF_DROP, the packets doesn't flow to the next iptables
rule or chain. So it'd be rare to see a packet on the OUTPUT chain marked
with the DropMark.
Besides, nfq_set_verdict2() doesn't seem to place the mark on the
packets (libnetfilter-queue 1.0.5).
This OUTPUT rule had 0 hits on different systems and users.
