fw-daemon

Commit Graph

Author	SHA1	Message	Date
Stephen Watt	f616f54b2c	Fix TLSGuard handshake timeout issue by breaking total timeout period into one second polling intervals.	7 years ago
Stephen Watt	85d7d60d76	Added new SGFW DBus method RunDebugCmd() for retrieving firewall state debugging information. Eliminated heavy SGFW CPU usage due to long loop condition. Implemented much more helpful print() method for pendingSocksConnection interface. testfw program updated to show use of new debugging interface. Removed lots of noisy debug print statements (and moved many to new debugging facility).	7 years ago
Stephen Watt	d7df165517	Support for securely logging unredacted messages to sublogmon via new com.subgraph.sublogmon.Logger DBus method.	7 years ago
Stephen Watt	792726545e	Small changes necessary to make fw-prompt a DBus autostart service.	7 years ago
Stephen Watt	0666e9c3c7	Added firewall testing framework. Fixed simple bug in fw-prompt that accidentally disabled process scope option.	7 years ago
Stephen Watt	32983deba4	Merged with latest commits to master.	7 years ago
Stephen Watt	35e7b07e43	Proper locking to fix OzInitPids-related crash conditions.	7 years ago
Stephen Watt	62713d74f0	AddRuleAsync DBus calls now include reference guid for proper application of "once" rules. Deletes of fw-prompt entries at root of tree now fold up the first child entry into the deleted parent entry. Fixed fw-prompt bug resulting in return of improper scope. Application name is no longer editable in fw-prompt. Icon mapping properly supported for symlinked application paths. Removed spurious warnings for valid fw-prompt removal requests. Awful hacked up fix to make icons for non-existent applications properly blank and remove GTK warnings. Removed old/deprecated Oz firewall rules routines.	7 years ago
Stephen Watt	b9c2e03afd	Overhaul of GetPendingRequests DBus method to call AddRuleAsync multiple times instead of returning a string array. TLSGuard now handles multiple expected client and server message types.	7 years ago
Stephen Watt	bdca5d330d	Disabled TLSGuard handshake rewrites and passed through resumed encrypted sessions.	7 years ago
Stephen Watt	5ba55a2d96	Removed old/deprecated decision code.	7 years ago
Stephen Watt	819edd1962	Consolidated code for creating new entries in fw-prompt.	7 years ago
Stephen Watt	4f685222e1	Added application icons to fw-prompt treeview. Code cleanup (removal of lots of hardcoded values)	7 years ago
Stephen Watt	2fb872d8ad	Duplicate entries in fw-prompt are now displayed nested by changing GTK ListStore -> TreeStore Fixed bad scope returned with new rules by fw-prompt	7 years ago
Stephen Watt	ae1f6f12d0	Added (untested) fix for possibly spurious IPC crash condition.	7 years ago
Stephen Watt	96f6e3bbe5	A bunch of "fixes" to TLSGuard that are pointless because this is a dead end. Fix of possible fw-prompt crash.	7 years ago
Stephen Watt	4c816b2392	Solved done channel notification by creating one for both client and server connections.	7 years ago
Stephen Watt	7279b46310	Fixed TLS extension parsing routines. Added lots of constant values to TLSGuard; general code cleanup.	7 years ago
Stephen Watt	71ee1964f4	Very messy experimental extensions to TLSGuard to strip out sessions and TLS extensions in the handshake protocol.	7 years ago
Stephen Watt	ff8be65566	Added connection timestamps to firewall prompting. Disabled old synchronous RequestPrompt Dbus method in fw-prompt. fw-prompt GUI now (as originally) remains above other windows when there are pending decisions. Fixed improper traversal of pending connections in fw-prompt GUI. Consolidated redundant code blocks in fw-prompt GUI.	7 years ago
Stephen Watt	0bda150abc	Various code cleanups (still buggy/WIP). Fixed lock/race condition in fw-prompt; consolidated redundant rule action code. Started fuller TLS implementation in TLSGuard; probably broke a lot of stuff in the process. Removal/reorganization of old/stale/unused code.	7 years ago
Stephen Watt	0d13c7bb9c	WORK IN PROGRESS: New file descriptor monitor thread removes prompt requests if associated socket closes/dies before user reacts. fw-prompt request entries are now properly tethered to their default rule scope included by SGFW. pendingConnection now operates on prompter instead of raw DBus object. Fixed prompter bug in cycling through pending connections. Fixed inadequacies in SGFW rules parsing/error handling. go fmt.	7 years ago
Stephen Watt	2eac4c7dc5	Very experimental/under-dev release of new fully asynchronous multi-prompter. New Dbus method "RequestPromptAsync" to handle "return-less" prompter invocations in fw-prompt. Proper GUI locking in fw-prompt eliminates old race/crash conditions. New DBus method "GetPendingRequests" in SGFW allows prompter to retrieve pending connections. Policies now maintain rulesPending list of unapplied asynchronously submitted FW rules from the prompter. Fixed reentrance/crash bug in UID and GID to name lookups.	7 years ago
Stephen Watt	2f5e10d53d	Merge newest branch changes with latest changes to master.	7 years ago
Stephen Watt	2fc7525cc7	Added new RemovePrompt DBus call to complement RequestPrompt (GUID-based prompt removal). The addition of a rule matching multiple pending connections in fw-prompt now removes all of them. fw-prompter now increments ref# column for identical prompt requests. Fixed/cleaned up/updated TLSGuard code. Added TLSGuard toggle option to fw-prompt GUI (default for SOCKS connections). fw-prompt now displays icon of filtered application. DBus RequestPrompt() now "works" asynchronously. TLSGuard fixed under certain conditions but still very buggy. Fixed some fw-prompt crash conditions with treeview mutex locking. Fixed SOCKS connection panic condition linked to closed channel. Cleanup of unused data structures/values.	7 years ago
Stephen Watt	a8f61a2d4e	Re-sync to master.	7 years ago
dma	e1f48ced94	move	7 years ago
dma	6d6c3c26ff	move sgfw socks config location	7 years ago
dma	ee82803633	move socks config	7 years ago
dma	17e1acc69d	socks config	7 years ago
dma	dafec55bc7	Fixed bug with prompt rule / saved rule mismatch on SOCKS connects	7 years ago
dma	58b7a4f6a9	Update systemd unit file to install /var/run/fw-daemon/ on start	7 years ago
dma	5a755a04e8	Change path of oz socket	7 years ago
dma	7b5a0ed980	Bug fixes, cleanup, improvement	7 years ago
dma	d2ff760197	Patch up IPC	7 years ago
dma	a65c268dbf	Change default for non-sandboxed connections.	7 years ago
dma	f3f5414fd4	Support for TLSGuard in prompter	7 years ago
dma	9ff74569f3	Add Sandbox to procsnitch Info struct	7 years ago
dma	ae8f6d96ba	Fix rule evaluation of outgoing connections emerging from sandbox proxy ports	7 years ago
dma	d0e5a97a53	Fixing process identification for UDP packets (still WIP)	7 years ago
dma	a89f8118bf	Fix rule parsing, still working on this	7 years ago
dma	e8f5001483	Updated procsnitch	7 years ago
dma	6cdb400d32	Fix bugs related to parsing rules file and saving rules file	7 years ago
User	14e1f99b03	Loosen match on UDP socket lookup (still WIP)	7 years ago
shw	2e7b7debeb	Incorporated TLSGuard and turned it on by default for all outbound SOCKS5 connections. Fixed display of nil IPs (when only hostname is passed via SOCKS5 connect).	7 years ago
shw	f945481c2e	Should solve a (newly introduced) intermittent crash issue with fw-settings.	7 years ago
shw	27d0a4809d	Updated SOCKS5 connection lookup code now correctly identifies originating process. Includes code to read internal proxy state information from (updated) oz-daemon.	7 years ago
shw	acf62b63d1	Changed SOCKS/Tor credential randomization so it only occurs if username and password are empty.	7 years ago
shw	de4f6ac206	SOCKS/Tor credential randomization to force new circuits with each outbound connection.	7 years ago
shw	604c157a7b	Fixed Firewall prompt popup dialog width problem.	7 years ago

1 2 3 4

185 Commits (shw_dev) All Branches Search

185 Commits (shw_dev)

All Branches