opensnitch

mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00

History

Gustavo Iñiguez Goia 9a34665d0e improved PID discovering One of the steps of PIDs discovering is knowing what's the socket inode of a connection. The first try is to dump the active connections in the kernel, using NETLINK_SOCK_DIAG via netlink. Sometimes when a source port was reused, the kernel could return multiple entries with the same source port, leading us to associate connections with the wrong application. This change fixes this problem, while allowing us to discover other apps. More information: https://github.com/evilsocket/opensnitch/issues/387#issuecomment-888663121 Note: this problem shouldn't occur using the procs monitor method eBPF.	2021-07-29 15:40:25 +02:00
..
socket.go	improved PID discovering	2021-07-29 15:40:25 +02:00
socket_linux.go	eBPF: ignore netlink errors if there're no connections	2021-05-29 00:16:18 +02:00

Gustavo Iñiguez Goia 9a34665d0e improved PID discovering

One of the steps of PIDs discovering is knowing what's the socket inode
of a connection. The first try is to dump the active connections in the
kernel, using NETLINK_SOCK_DIAG via netlink.

Sometimes when a source port was reused, the kernel could return multiple
entries with the same source port, leading us to associate connections with
the wrong application.

This change fixes this problem, while allowing us to discover other
apps.
More information:
https://github.com/evilsocket/opensnitch/issues/387#issuecomment-888663121

Note: this problem shouldn't occur using the procs monitor method eBPF.

2021-07-29 15:40:25 +02:00

socket.go

improved PID discovering

2021-07-29 15:40:25 +02:00

socket_linux.go

eBPF: ignore netlink errors if there're no connections

2021-05-29 00:16:18 +02:00