mirror of
https://github.com/evilsocket/opensnitch.git
synced 2025-03-04 00:24:40 +01:00
f032575af0
Added option to configure multiple nfqueues. Post with detailed information about the performance: https://github.com/evilsocket/opensnitch/discussions/1104 After using -queues 1:6 , you need to configure the rules manually: (for TCP) nft insert rule inet mangle output tcp flags syn / fin,syn,rst,ack queue to numgen inc mod 6 TODO: - Configure queues in the fw automatically based on the queues defined. - Investigate if we need to use runtime.LockOSThread() in NewQueue(). - Allow to use multiple instances of the daemon: * One daemon acts as the main daemon, connected to the server (UI) and managing the rules and notifications. * The other daemons only intercept and apply verdicts on packets, with the rules loaded from a central directory (/etc/opensnitchd/rules) FIXME: - There's a deadlock repeating the packets when a connection is waiting for approval. - Investigate the high mem consumption under heavy load. |
||
|---|---|---|
| .. | ||
| conman | ||
| core | ||
| data/rules | ||
| dns | ||
| firewall | ||
| log | ||
| netfilter | ||
| netlink | ||
| netstat | ||
| procmon | ||
| rule | ||
| statistics | ||
| ui | ||
| .gitignore | ||
| default-config.json | ||
| go.mod | ||
| Gopkg.toml | ||
| main.go | ||
| Makefile | ||
| opensnitchd-dinit | ||
| opensnitchd-openrc | ||
| opensnitchd.service | ||
| system-fw.json | ||