Awesome Privacy

Recent Commits

• Gustavo Iñiguez Goia (28 Apr 24)

  ebpf: performance improvement for opensnitch-procs We were sending to userspace unnecessary exit events, consuming unnecessary CPU cycles. We only intercept execve and execveat, but sched_process_exit is invoked by more functions (sched_process_exit, clone, ...), so we were receiving on the daemon events that we did nothing with them, apart from consuming CPU cycles. On some scenarios like on servers running saltstack (as salt-master), this caused to consume more CPU than needed. cherry picked from 15fcf6753516a1e22add87cb2b4f5de4a14540ec

• Gustavo Iñiguez Goia (27 Apr 24)

  added more kernel config paths for checking system requirements On Fedora Silverblue the kernel config of the current kernel is under /usr/lib/modules/<kernel>/config Closes: #1117

• Gustavo Iñiguez Goia (27 Apr 24)

  ui: allow to configure screen/themes scale factor Added new options to the Preferences dialog, to configure screens/themes scale factor. If the UI is using the System theme (default), configure Qt scale options (needs UI restart): QT_AUTO_SCREEN_SCALE_FACTOR (default True) QT_SCREEN_SCALE_FACTORS (If auto scale is False, use this value(s)) The user can configure different scale factors for multiple screens, by separating values with ; (1;1.5, etc...) https://doc.qt.io/qt-5/highdpi.html#high-dpi-support-in-qt If the UI is using a qt-material theme, you can configure the "density" scale of the theme: https://github.com/UN-GCPDS/qt-material?tab=readme-ov-file#density-scale https://github.com/evilsocket/opensnitch/wiki/GUI-known-problems#gui-size-problems-on-4k-monitors Closes: #1102

• Gustavo Iñiguez Goia (11 Feb 24)

  ui: fixed deleting rules with list limits Fixed deleting rules when the GUI is configured to display a maximum number of rules.

• Gustavo Iñiguez Goia (08 Feb 24)

  pop-ups: filter by absolute path+cmdline on some cases If the pop-ups' target is to filter by cmdline, but the typed/launched command is not absolute or it starts with /proc, also filter by the absolute path to the binary.

• Gustavo Iñiguez Goia (05 Feb 24)

  Updated ebpf compilation instructions kudos to @planetoryd for reporting it (#1080).

• Gustavo Iñiguez Goia (05 Feb 24)

  updated ebpf makefile - Added -fno-stack-protector: https://lore.kernel.org/bpf/[email protected]/ https://reviews.llvm.org/D142046 - Added -Wno-unused-value, -Wunused to warn on unitialized/not used variables. kudos to @planetoryd for reporting this (#1080).

• Gustavo Iñiguez Goia (02 Feb 24)

  pkgs: improved rpm upgrades We were not handling configuration upgrades properly on rpm based systems. Now local changes to default-config.json and system-fw.json are kept, and if the distributed files changes in the future, new files will be created with the extension .rpmnew

• Gustavo Iñiguez Goia (28 Jan 24)

  clean dns ebpf hooks on exit We were not reacting to common exit signals, only to kill/interrupt signals, so the DNS uprobes were never properly removed. Each uprobe has the PID of the daemon in the identifier, so in theory, there shouldn't be conflicts, but better clean our probes on exit. previous to this commit with the daemon running (and lot of starts/stops): ~ # cat /sys/kernel/debug/tracing/uprobe_events |wc -l 367 after stopping the daemon: ~ # cat /sys/kernel/debug/tracing/uprobe_events |wc -l 364 ~ # > /sys/kernel/debug/tracing/uprobe_events ~ # cat /sys/kernel/debug/tracing/uprobe_events |wc -l 0 ~ # cp opensnitchd-new /usr/bin/opensnitchd ; service opensnitchd start ~ # cat /sys/kernel/debug/tracing/uprobe_events |wc -l 3 ~ # service opensnitchd stop ~ # cat /sys/kernel/debug/tracing/uprobe_events |wc -l 0

• Gustavo Iñiguez Goia (26 Jan 24)

  on aarch64 send exec events directly to userspace On 68c2c8ae1aeb7356f9d90e88e2129465c472e646 we excluded failed execve* calls from being delivered to userspace, in order to get the binary that was executed and avoid errors/confusion. But on aarch64, it seems that we fail to save the exec event to a map, so the event is never delivered to userspace. So for the time being, send the exec events as soon as they arrive on aarch64, without checking if the call failed.

• Gustavo Iñiguez Goia (26 Jan 24)

  ebpf,dns: initialized structs On the previus commit we just disabled dns uprobes for armhf/i386 to avoid loading errors. A better fix is to initialized the structs used. On armhf still fails after loading it, when attaching to the uprobes (offsets?), and on i386 it doesn't seem to send anything to userspace (more analysis needed). - Increased the number of IPs associated with a domain that are delivered to userspace. (getfedora.org returns 30 ipv4+ipv6). - Fixed getting the aliases of a domain when using gethostbyname().

• Gustavo Iñiguez Goia (26 Jan 24)

  added more debug info to the dns ebpf hook Added the path to the libc as well as the calculated offset for the uprobe. Don't return on the first error found loading a uprobe, instead try all the uprobes and return if the loaded uprobes are 0.

• Gustavo Iñiguez Goia (26 Jan 24)

  fixed dns ebpf module for i386/arm architecture The opensnitch-dns module was not loading on i386/arm architectures. With the following changes it loads and some uprobes are attached. for-loops unrolling doesn't still work though on i386/armhf (help needed). And on armhf the perf_output channel fails to load for some uprobes.

• Gustavo Iñiguez Goia (25 Jan 24)

  fixed debug msg printing resolved IP

• Gustavo Iñiguez Goia (22 Jan 24)

  ui:use appimages pattern as default target if found If the path of a process starts with /tmp/.mount_*, which is the common path for appimages, use it as the default target on the popups. Previously it was only added to the list of targets, but preselecting it will help users to create rules for appimages.

• Gustavo Iñiguez Goia (20 Jan 24)

  on errors stop established conns monitor There's a long running task that monitors established connections every ~2s. When a connection is not found via ebpf or proc, sometimes it's found there so we can use the inode to search for the process. However on some systems the netlink call to dump the sockets may fail continuously, wasting resources. It'll also fail if you block connections to port 0 (common case for ICMP packets). So if there're too many errors dumpng the sockets, stop this task for these cases.

• Gustavo Iñiguez Goia (18 Jan 24)

  process tree improvements - When discovering the hierarchy of a process, reuse components of the tree if they're already on cache, to improve speed and reduce mem allocs. - When building the tree of a proces, rebuild the tree if the first component doesn't have pid 1. Otherwise reuse the tree.

• Gustavo Iñiguez Goia (18 Jan 24)

  minor improvement/refactoring Move queues setup to its own func. Don't declare some dns vars inside for loops.

• Gustavo Iñiguez Goia (18 Jan 24)

  removed not used functions part of the previous commit.

• Gustavo Iñiguez Goia (18 Jan 24)

  ebpf cached improvements Simplify the cache of connections by storing only the PID of a process, instead of the Process object. We can obtain the Process object from the cache of processes by PID.

• Gustavo Iñiguez Goia (17 Jan 24)

  allow to configure GC percentage Added config option to set how often the garbage collector runs. For example: "Internal": { "GCPercent": 75 }, If this option is not specified in the config file, or the value is 0, then the GC percentage is not configured. More info: https://pkg.go.dev/runtime/debug#SetGCPercent

• Gustavo Iñiguez Goia (17 Jan 24)

  added more options to debug the daemon - Improved -mem-profile icli option for writing memory statistics. - Added -trace-file cli option for writing trace events. https://github.com/google/pprof/blob/main/doc/README.md https://go.dev/blog/pprof

• Gustavo Iñiguez Goia (15 Jan 24)

  strings concatenation improvements Use strings.Join() to concatenate strings, instead of Sprint*(), for better performance.

• Gustavo Iñiguez Goia (15 Jan 24)

  fixed typo

• Gustavo Iñiguez Goia (14 Jan 24)

  structs fields reorganized Structs' fields reorganized based on fieldalignment tool output

• Gustavo Iñiguez Goia (08 Jan 24)

  ebpf: delete pid from exec maps if it exists We track new processes execution by intercepting the enter and exit of the functions, but sometimes the exit hook is not called, so the corresponding entry was not being removed from the map. In this situation the map becomes full and accepts no new entries. Now the entry is deleted from the map once the process exits, if it still exists in the map.

• Gustavo Iñiguez Goia (07 Jan 24)

  sys-fw: load default config path if non supplied By default load the system fw config file from /etc/opensnitchd/system-fw.json. There're these options to specify the file to load: - via cli option with -fw-config-file - writing it in the default-config.json file: "FwOptions": { "ConfigPath": "..." } If both options are empty, then the default one is used. FIXME: When the cli option is used to load the fw configuration, and the main preferences are saved, the fw is reloaded but the path to the fw config is lost.

• Gustavo Iñiguez Goia (05 Jan 24)

  updated TestProcIOStats test On this test we assumed that there would always be reading stats for our own process /proc/self, but on restricted environments that might not alwys be the case. Anyway, a value of 0 is not an error in itself. Closes #1075

• Gustavo Iñiguez Goia (05 Jan 24)

  ebpf: fixed dns uprobes We were not deleting DNS entries from the hash map, so when it reached the maximum capacity (12k entries), we couldn't allocate new entries, resulting in events not being sent to userspace.

• Gustavo Iñiguez Goia (04 Jan 24)

  ui: display alert details by double-clicking on it