Proto commits in evilsocket/opensnitch

These 32 commits are when the Protocol Buffers files have changed:

2024-09-24

introducing daemon tasks daemon tasks are actions that are executed in background by the daemon. They're started from the GUI (server) via a Notification (protobuf), with the type TASK_START (protobuf). Once received in the daemon, the TaskManager starts the task in background. Tasks may run at interval times (every 5s, 2days, etc), until they finish an operation, until a timeout, etc. Each task has each own configuration options, which will customize the behaviour of its operations. In this version, if the GUI is closed, the daemon will stop all the running tasks. Each Task has a flag to ignore this behaviour, for example if they need to run until they finish and only send a notification to the GUI, instead of streaming data continuously to the GUI (server). - Up until now we only had one task that could be initiated from the GUI: the process monitor dialog. It has been migrated to a Task{}. - go.mod bumped to v1.20, to use unsafe string functions. - go.sum updated accordingly.

The documentation is generated from this commit.

2024-06-21

rules: improved operator list parsing and conversion Previously when creating a new rule we followed these steps: - Create a new protobuf Rule object from the ruleseditor or the pop-ups. - If the rule contained more than one operator, we converted the list of operators to a JSON string. - This JSON string was sent back to the daemon, and saved to the DB. - The list of operators were never expanded on the GUI, i.e., they were not saved as a list of protobuf Operator objects. - Once received in the daemon, the JSON string was parsed and converted to a protobuf Operator list of objects. Both, the JSON string and the list of protobuf Operator objects were saved to disk, but the JSON string was ignored when loading the rules. Saving the list of operators as a JSON string was a problem if you wanted to create or modify rules without the GUI. Now when creating or modifying rules from the GUI, the list of operators is no longer converted to JSON string. Instead the list is sent to the daemon as a list of protobuf Operators, and saved as JSON objects. Notes: - The JSON string is no longer saved to disk as part of the rules. - The list of operators is still saved as JSON string to the DB. - About not enabled rules: Previously, not enabled rules only had the list of operators as JSON string, with the field list:[] empty. Now the list of operators is saved as JSON objects, but if the rule is not enabled, it won't be parsed/loaded. Closes #1047 (cherry picked from commit b93051026e6a82ba07a5ac2f072880e69f04c238)

2024-06-06

chore(wiki): removed trailing whitespaces Also fixed typo for the qttools5-dev package name. For the clean up used `rg -l0 '[ \t]+$' | xargs -0 sd '[ \t]+$' ''`.

2024-04-23

collect and display bytes sent/recv per process New feature to collect and display bytes sent/received per process. - it only works with 'ebpf' monitor method. - the information is collected on kernel space and sent to the daemon: - when the connection socket is closed. - every 2s on large transfers. On this case the bytes are accumulated. The daemon sends the events to the server (GUI), where the information is added to the DB. The information is displayed on the GUI: - on the statusbar in real-time (based on the refresh interval defined). - on the Applications tab. By right clicking on the Applications tab headers, the user can reset Tx/Rx stats, and grouping bytes per unit (default) or not. Finally, the rx/tx stats are deleted based on the preferences options.

2023-10-09

rules: improved operator list parsing and conversion Previously when creating a new rule we followed these steps: - Create a new protobuf Rule object from the ruleseditor or the pop-ups. - If the rule contained more than one operator, we converted the list of operators to a JSON string. - This JSON string was sent back to the daemon, and saved to the DB. - The list of operators were never expanded on the GUI, i.e., they were not saved as a list of protobuf Operator objects. - Once received in the daemon, the JSON string was parsed and converted to a protobuf Operator list of objects. Both, the JSON string and the list of protobuf Operator objects were saved to disk, but the JSON string was ignored when loading the rules. Saving the list of operators as a JSON string was a problem if you wanted to create or modify rules without the GUI. Now when creating or modifying rules from the GUI, the list of operators is no longer converted to JSON string. Instead the list is sent to the daemon as a list of protobuf Operators, and saved as JSON objects. Notes: - The JSON string is no longer saved to disk as part of the rules. - The list of operators is still saved as JSON string to the DB. - About not enabled rules: Previously, not enabled rules only had the list of operators as JSON string, with the field list:[] empty. Now the list of operators is saved as JSON objects, but if the rule is not enabled, it won't be parsed/loaded. Closes #1047

2023-09-30

obtain process's parent hierarchy, checksums improvements - Obtain the process's parent hierarchy. - Display the hierarchy on the pop-ups and the process dialog. - [pop-ups] Added a Detailed view with all the metadata of the process. - [cache-events] Improved the cache of processes. - [ruleseditor] Fixed enabling md5 checksum widget. Related: #413, #406

2023-09-21

allow to filter connections by process checksum Now you can create rules to filter processes by checksum. Only md5 is available at the moment. There's a global configuration option that you can use to enable or disable this feature, from the config file or from the Preferences dialog. As part of this feature there have been more changes: - New proc monitor method (PROCESS CONNECTOR) that listens for exec/exit events from the kernel. This feature depends on CONFIG_PROC_EVENTS kernel option. - Only one cache of active processes for ebpf and proc monitor methods. More info and details: #413.

2023-07-30

added Created column to the rules list Closes #683

2022-10-12

new feature: send alerts to the server/UI Up until now some error and warning messages were only logged out to the system, not allowing the user know what was happening under the hood. Now the following events are notified: - eBPF related errors. - netfilter queue errors. - configuration errors. WIP, we'll keep improving it and build new features on top of this one.

2022-07-04

ui,rules: added option to exclude connection events New option to exclude connections from being logged. Closes #691

2022-05-12

ui, rules: added description field - Added ability to add a description to the rules. - Display the description field on the Rules view, and remove the internal fields (operator, operator_data, etc). - Added DB migrations. - Improved rules' executable path field tooltip (#661). Closes #652 #466

2022-05-03

Allow to configure firewall rules from the GUI (#660) * Allow to configure firewall rules from the GUI (WIP) New features: - Configure and list system firewall rules from the GUI (nftables). - Configure chains' policies. - Add simple rules to allow incoming ports. - Add simple rules to exclude apps (ports) from being intercepted. This feature is only available for nftables. iptables is still supported, you can add rules to the configuration file and they'll be loaded, but you can't configure them from the GUI. More information: #592

2021-03-28

Support more recent protoc-gen-go When building the project with protoc-gen-go version 1.5.1, it fails with the following: ``` protoc -I. ui.proto --go_out=plugins=grpc:../daemon/ui/protocol/ protoc-gen-go: unable to determine Go import path for "ui.proto" Please specify either: • a "go_package" option in the .proto source file, or • a "M" argument on the command line. See https://developers.google.com/protocol-buffers/docs/reference/go-generated#package for more information. --go_out: protoc-gen-go: Plugin failed with status code 1. ``` This can be fixed by adding the full go package as an option in the proto file. To make sure the code is generated to the correct path, we also have to add add the `paths=source_relative` option to the protoc plugin. After this, the code is generated correctly, but the generated code references classes like grpc.ClientConnInterface which were introduced in 1.27.0.

2020-12-22

Use daemon's event timestamp in UI. Use the timestamp instead of the event object when iterating over the last events. ~15x speed increase. Increase event buffer to 100. On my machine I routinely hit the ceiling of 50 events under some multitasking workloads. Small buffer results in connection attempts not being logged. Fix Makefile to rebuild when ui.proto changes

2020-11-16

added dialog to inspect details of a process in realtime (procfs) New dialog added to display details of a process in realtime, gathered from ProcFS. Process tab -> double click on an app -> click on the button with the search icon. We have also improved the discovery of apps icons and names. It should work better on systems where the DE is not properly configured. Tested, but not bulletproof, still in beta.

2020-10-22

added option to set priority on the rules If a rule has the priority flag set, no others rules will be checked. So if you name the rule as 000-allow-xx and set the priority flag, the rule wil lbe the only one that will be checked if it matches a connection. See #36 to know more on this feature.

2020-06-03

send on new connection CWD and envrionment vars of the process CWD allow us to know from where was a process executed. The environment variables allows to know more about a process execution.

2020-05-10

Added logic to handle changes/notifications from the GUI. - Allow to perform the following actions from the GUI: * Load/unload firewall (i.e.: interception) * Change daemon default configuration. * Enable/disable rules. * Delete rules. * Change/Add rules. * Change log level.

2020-04-19

Allow to change settings from the UI (1/2) We start receiving notifications from the UI, which allow us to change configurations and perform actions on the daemon. The concept of Node has also been introduced, which identifies every daemon (client) connected to the UI (server). These options has been added: - Enable/Disable firewall interception (for all nodes) - Change daemons (clients) configuration. globally or per node. - Change prompt dialog options. We have fixed some bugs along the way: - Close audit client connection gracefully. - Exclude our own connections from being intercepted. - Better handling of client connection status with the UI. We probably has also introduced some other bugs (not listed here).

2018-04-08

added the number of loaded rules in the statistics

when the thc kicks in and you find a better logic, better naming, better design and new ideas

2018-04-07

support rules with type=regexp (closes #127)

2018-04-06

better protocol file manag.

misc: small fix or general refactoring i did not bother commenting

2018-04-05

misc: small fix or general refactoring i did not bother commenting

misc: small fix or general refactoring i did not bother commenting

misc: small fix or general refactoring i did not bother commenting

misc: small fix or general refactoring i did not bother commenting

misc: small fix or general refactoring i did not bother commenting

python ui server

2018-04-02

added ui ping/pong

started working on ui gRPC protocol