When loading and setting the query limit configured, it was causing to
fire an unwanted combobox event, resulting in a DB query without limits,
which in turns with a lot of events was causing slowdowns when displaying
the events window.
We were using insert() and append() to add rules to the list of rules.
However these methods are only available on protobuf => 3.8.0
In order to have a better user experience, we'll use extend() instead of
append(). If insert() is available, then we'll use it. This way the
users won't have to install manually a newer protobuf version.
Note: using extend() instead of insert() means that the rule won't be
added on top of all the rules of that chain. If a user with an older
protobuf version (<= 3.8.0) adds a rule, it'll be added to the bottom of
the list, and maybe there're other rules that take precedence.
In order to display icons on the GUI, we use the Icon Naming
Specification defined by freedesktop [0].
However these icons are not always available due to several reasons.
In this situation until now, we have relied on the Qt's built-in
icons [1].
It has worked fine until Fedora 36/Gnome 4x, where even some built-in Qt
icons are missing (SP_VistaShield in particular).
Since Gnome uses symbolic icons [2], falling back to these icons when
the original one doesn't load, helps to display the missing icon.
These icons have the same name than the ones defined by freedesktop, but
with "-symbolic" as a suffix.
Tested on u16, u18, pop22.04, tumbleweed 15.3, f36, devuan/debian 11
(lxqt, unity, gnome3/4, kde).
If you think that there's a better way of handling this situation,
please, open an issue or submit a PR with a fix.
[0] https://specifications.freedesktop.org/icon-naming-spec/icon-naming-spec-latest.html
[1] https://doc.qt.io/qtforpython-5/PySide2/QtWidgets/QStyle.html#PySide2.QtWidgets.PySide2.QtWidgets.QStyle.StandardPixmap
[2] https://wiki.ubuntu.com/SymbolicIcons
- Added ability to add a description to the rules.
- Display the description field on the Rules view, and remove the internal
fields (operator, operator_data, etc).
- Added DB migrations.
- Improved rules' executable path field tooltip (#661).
Closes#652#466
- Bump nftable version to depend on latest version with fixes.
- Include opensnitch-dns.o eBPF object when creating the deb package.
- Replaced Suggests by Recommends, to install addtional but not
essential packages (like python3-pyasnc, and others).
- Added python3-grpcio, python3-protobuf and python3-slugify as
dependencies.
For systems without these packages, we'll use the old debian/ dir.
* Allow to configure firewall rules from the GUI (WIP)
New features:
- Configure and list system firewall rules from the GUI (nftables).
- Configure chains' policies.
- Add simple rules to allow incoming ports.
- Add simple rules to exclude apps (ports) from being intercepted.
This feature is only available for nftables. iptables is still supported,
you can add rules to the configuration file and they'll be loaded, but
you can't configure them from the GUI.
More information: #592
On light themes, the systray icon was barely visible. With the new
icons:
- on dark themes should be pretty similar to what we already had.
- on light themes they are much more distinguishables now.
Closes: #643, #339
- Improved user experience, by remembering rows selection when going
back from a detail view. Fixes#620.
- Fixed Users' view query (it didn't list user's connections
correctly and it wasn't efficient).
Restore rules' columns properly after:
- double clicking on the Rules column of the main tab -> and then
clicking on the back button.
- clicking on the Temporary/Permanent items of the Rules tab.
- clicking on a Rule and going back again to the list of rules.
Misc:
- Disallow double-clicks when entering into a detail view from the
Events tab.
- Removed extra/repeated columns adjusting.
Closes#619
The button to delete events of a view is not displayed on the Nodes or
Rules view. It's only displayed in these views when entering into a
detail view.
Closes#605
In some scenarios, showing a notificatio led to a crash with the error:
Dbus.Error.ServiceUnknown: The name ... was not provided by any .service
files.
If the events were saved to a DB on disk,
there were long delays when opening the events window.
Now the events window loads faster, but the Events view is not as
performant as before. It means that while you're monitoring connections,
the GUI may consume 1-5% of the CPU and ~25% when you apply a filter
(only in that moment).
With the previous approach the CPU usage was close to 0-1% in both
cases, so we need to find a way of not causing long delays while being
performant.
More about this:
https://github.com/evilsocket/opensnitch/issues/566#issuecomment-1014930627
- Use a good quality icon on all dialogs.
- Set the icon off when closing, to let the user know that we're
exiting.
- Decreased time to wait to exit to 5secs.
- setDesktopFileName() is only available since 5.7.
- use pragma quick_check to improve DB loading when events are saved to
disk.
- optimize DB on close.
WIP.
Until now we used Qt's systray notifications. They couldn't be disabled
and didn't integrate well with non-Qt based Desktop Environments. Also
we depended on the system tray availability, which is not always
available (i3, phosh, ...).
Now the user can choose to use Qt's notifications, the system
notification service or disabled them completely.
Pros:
- The notification style is defined by the Desktop Environment.
- Can be configured globally from the system settings.
- In many DEs, the notifications are grouped into a single view. So if
you miss any event, you can go there and check out what happened.
- Now we can display notifications on DEs where we couldn't before.
- It's a standard supported by major DEs.
Cons:
- Sometimes we can't connect to the D-Bus mainloop instance. We need to
investigate it.
TODO:
- Deny/Allow new outgoing connections from the notifications,
replacing the current pop-ups.
Requested here: #468 , #476 and #477 .
Instead of the builtin buttons to increase the value of spin boxes, use
regular buttons. It'll be easier to use on touchable devices.
Note: This feature can also be achieved by customizing SpinBoxes' css
style.
- If sys.exit() fails, force exit after 10s.
- Close db connection on exit.
- When closing the GUI (server), set connected nodes to offline.
The status will be updated when nodes connect again / when the server
is available again.
Otherwise, we may end up with nodes marked as _online_ when in reality
they're not connected.
- Add nodes on the main thread.
Per IP listed in the Address view, display the ASN that the IP belongs
to.
The user must have installed the package python3-pyasn.
If the ASN DB files exist under user's opensnitch directory, we'll try
to load them:
- ~/.config/opensnitch/ipasn_db.dat.gz
- ~/.config/opensnitch/asnames.json
Otherwise we'll try to load the one shipped with the python3-pyasn
package (/usr/lib/python3/dist-packages/data/ipasn_20140513_v12.dat.gz)
The package python3-pyasn provides 3 utils to download latest data:
- pyasn_util_download.py --latest
- pyasn_util_convert.py --single rib.20211230.1600.bz2 ~/.config/opensnitch/ipasn_db.dat
- gzip ~/.config/opensnitch/ipasn_db.dat
More info: https://github.com/hadiasghari/pyasn
