fw-daemon

Commit Graph

Author	SHA1	Message	Date
Stephen Watt	32983deba4	Merged with latest commits to master.	7 years ago
Stephen Watt	0bda150abc	Various code cleanups (still buggy/WIP). Fixed lock/race condition in fw-prompt; consolidated redundant rule action code. Started fuller TLS implementation in TLSGuard; probably broke a lot of stuff in the process. Removal/reorganization of old/stale/unused code.	7 years ago
Stephen Watt	0d13c7bb9c	WORK IN PROGRESS: New file descriptor monitor thread removes prompt requests if associated socket closes/dies before user reacts. fw-prompt request entries are now properly tethered to their default rule scope included by SGFW. pendingConnection now operates on prompter instead of raw DBus object. Fixed prompter bug in cycling through pending connections. Fixed inadequacies in SGFW rules parsing/error handling. go fmt.	7 years ago
Stephen Watt	a8f61a2d4e	Re-sync to master.	7 years ago
dma	9ff74569f3	Add Sandbox to procsnitch Info struct	7 years ago
dma	d0e5a97a53	Fixing process identification for UDP packets (still WIP)	7 years ago
dma	e8f5001483	Updated procsnitch	7 years ago
User	14e1f99b03	Loosen match on UDP socket lookup (still WIP)	7 years ago
shw	8546f6c416	Working (but not intensively tested) IPv6 support!	8 years ago
shw	aba795fa97	Lots of work to establish basic support for approving/denying rules. Updated gotk3 vendor dependency (fixed some bug conditions).	8 years ago
shw	c3635093fa	Introduced per-process DNS cache segregation for all A records not returned by local resolver. Cached DNS name lookups now failover to global cache only populated by local resolver. Added proc-coroner module for detecting process deaths. procsnitch updated to handle multiple levels of "strictness" (necessary to lookup processes generating certain UDP data).	8 years ago
shw	51c181a881	Full support for multiple protocol types (UDP, ICMP). Cleared up awkward fw-settings/fwprompt GUI language caused by introduction of UDP/ICMP ("connection"-less) rules. fw-daemon automatically passes through all ICMP traffic sent to same address. Added (temporary) rule for passing through all UDP-based DNS server traffic. Updated developers' README documentation.	8 years ago
shw	f47e23e706	Support for firewall rule matching by uid/gid and/or user/group name value. fw-daemon prompt GUI and fw-settings now include user/uid and group/gid info. sgfw prompt GUI now displays username instead of real name. Fixed bug in parsing IP addresses as CIDR values. sgfw_rules entries can now be commented out. Upgraded bundled go-procsnitch API.	8 years ago
shw	7a1851419c	Added support for using fw-daemon on all processes system-wide. Added changes for fw-daemon to check sandboxed processes' oz-init /proc/[pid]/net/tcp with procsnitch. fw-daemon IPC accepts "register-init" command to register new oz-init process instance alerts. fw-daemon also checks for existing oz-init processes on startup. Updated vendor-bundled go-procsnitch to latest dev version that includes findTCPSocketAll().	8 years ago
xSmurf	3798b30a2c	Added toml dependency...	8 years ago
xSmurf	b8f3bb54f9	Update procsnitch to upstream version	8 years ago
Bruce Leidl	79741be8a1	Update procsnitch dependency	9 years ago
Bruce Leidl	9259438ae5	update dependency go-logging	9 years ago
Bruce Leidl	4208f93f94	gotk3 dependency update	9 years ago
Bruce Leidl	6a5a6f08e7	Updated dependency github.com/godbus/dbus	9 years ago
Bruce Leidl	3ac218f288	Migration from /Godeps to /vendor	9 years ago

21 Commits (shw_dev)