opensnitch

mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 16:44:46 +01:00

History

Gustavo Iñiguez Goia 479b8ded59 improved connections parsing Under certain conditions, when we dumped inodes via netlink, we were linking network connections to wrong applications. - To improve this situation: 1) Use netfilter's UID by default: Sometimes the UID reported via netlink was different than the one reported by libnetfilter. libnetfilter UID is always correct. If you had a rule that filtered by UID, this problem could cause to prompt you again to allow the connection. 2) Use the netlink entry that matches exactly the properties of an outgoing connection: There're some in-kernel sockets that doesn't match 1:1 outgoing connections (daemon/netlink/socket.go#L22). In order to identify the applications that initiate these network connections we use a workaround. But under certain conditions (source port reuse), we were associating connections to wrong applications. So in order to avoid this problem, if there's a 1:1 match use that netlink entry. If not, fallback to the workaround. - misc: added more logs to better debug these issues.	2021-11-15 13:26:52 +01:00
..
socket.go	improved connections parsing	2021-11-15 13:26:52 +01:00
socket_linux.go	added action reject	2021-09-12 10:54:24 +02:00

Gustavo Iñiguez Goia 479b8ded59 improved connections parsing

Under certain conditions, when we dumped inodes via netlink, we were
linking network connections to wrong applications.

- To improve this situation:

1) Use netfilter's UID by default:
   Sometimes the UID reported via netlink was different than the one
   reported by libnetfilter. libnetfilter UID is always correct.
   If you had a rule that filtered by UID, this problem could cause to
   prompt you again to allow the connection.

2) Use the netlink entry that matches exactly the properties of an
   outgoing connection:
   There're some in-kernel sockets that doesn't match 1:1 outgoing
   connections (daemon/netlink/socket.go#L22).
   In order to identify the applications that initiate these network
   connections we use a workaround. But under certain conditions
   (source port reuse), we were associating connections to wrong
   applications.
   So in order to avoid this problem, if there's a 1:1 match use that
   netlink entry. If not, fallback to the workaround.

- misc: added more logs to better debug these issues.

2021-11-15 13:26:52 +01:00

socket.go

improved connections parsing

2021-11-15 13:26:52 +01:00

socket_linux.go

added action reject

2021-09-12 10:54:24 +02:00