Commit Graph

44 Commits (6a6f3b75e5156577ac3252cef3f8350c68ca36b2)

Author SHA1 Message Date
dma 6a6f3b75e5 Experimental changes for use in citadel
6 years ago
Stephen Watt 85d7d60d76 Added new SGFW DBus method RunDebugCmd() for retrieving firewall state debugging information.
7 years ago
Stephen Watt d7df165517 Support for securely logging unredacted messages to sublogmon via new com.subgraph.sublogmon.Logger DBus method.
7 years ago
Stephen Watt 0666e9c3c7 Added firewall testing framework.
7 years ago
Stephen Watt 32983deba4 Merged with latest commits to master.
7 years ago
Stephen Watt 35e7b07e43 Proper locking to fix OzInitPids-related crash conditions.
7 years ago
Stephen Watt 62713d74f0 AddRuleAsync DBus calls now include reference guid for proper application of "once" rules.
7 years ago
Stephen Watt ff8be65566 Added connection timestamps to firewall prompting.
7 years ago
Stephen Watt 0bda150abc Various code cleanups (still buggy/WIP).
7 years ago
Stephen Watt 0d13c7bb9c *WORK IN PROGRESS*: New file descriptor monitor thread removes prompt requests if associated socket closes/dies before user reacts.
7 years ago
Stephen Watt 2eac4c7dc5 *Very experimental*/under-dev release of new fully asynchronous multi-prompter.
7 years ago
Stephen Watt 2f5e10d53d Merge newest branch changes with latest changes to master.
7 years ago
Stephen Watt 2fc7525cc7 Added new RemovePrompt DBus call to complement RequestPrompt (GUID-based prompt removal).
7 years ago
Stephen Watt a8f61a2d4e Re-sync to master.
7 years ago
dma dafec55bc7 Fixed bug with prompt rule / saved rule mismatch on SOCKS connects
7 years ago
dma 7b5a0ed980 Bug fixes, cleanup, improvement
7 years ago
dma f3f5414fd4 Support for TLSGuard in prompter
7 years ago
User 14e1f99b03 Loosen match on UDP socket lookup (still WIP)
7 years ago
shw 27d0a4809d Updated SOCKS5 connection lookup code now correctly identifies originating process.
8 years ago
shw acf62b63d1 Changed SOCKS/Tor credential randomization so it only occurs if username and password are empty.
8 years ago
shw 515c4eb3ee Squashed (some) noisy debug output.
8 years ago
shw 0f2b2413ea Added per-process (ephemeral) rule support.
8 years ago
shw 8546f6c416 Working (but not intensively tested) IPv6 support!
8 years ago
shw 5f5042fed4 Very noisy, experimental support for asynchronous multi-rule firewall prompting.
8 years ago
shw c3635093fa Introduced per-process DNS cache segregation for all A records not returned by local resolver.
8 years ago
shw 51c181a881 Full support for multiple protocol types (UDP, ICMP).
8 years ago
shw f47e23e706 Support for firewall rule matching by uid/gid and/or user/group name value.
8 years ago
shw 0708f9127c Proper logging of all connections denied by firewall.
8 years ago
shw e895f204a7 Fixed bug so that system-wide firewall settings match all traffic except sandboxed traffic.
8 years ago
shw b567e5ce54 oz-init pid mappings are now properly destroyed as these processes exit.
8 years ago
shw a930fbbce0 Sandboxed process entries in GUI now include sandbox name/ID in display.
8 years ago
shw ba35abfb46 Name of sandboxed exe returned by procsnitch is now resolved to absolute pathname.
8 years ago
shw b4ed11261f Added extra display info for "Sandboxed application" in fw-prompt gnome shell GUI.
8 years ago
shw 7a1851419c Added support for using fw-daemon on all processes system-wide.
8 years ago
shw 9069c91606 Garbage dump commit of current progress.
8 years ago
shw 08266cca76 Support for handling network traffic that can't be uncovered with procsnitch.
8 years ago
shw cadb859dce Added ephemeral oz sandbox/fw-daemon rules that can be updated via IPC connection.
8 years ago
shw 942b0a0c01 Bug fix.
8 years ago
shw 8fe02202de Very dirty/experimental replacement of nfqueue with native github.com/subgraph/go-nfnetlink package.
8 years ago
xSmurf 02155c44ed Golint...
8 years ago
xSmurf 2e6f98e410 FMT...
8 years ago
xSmurf 5d4b38c5b4 Refactor...
8 years ago
xSmurf 4b632fb6f2 Moved fw-daemon to command/lib
8 years ago
xSmurf 9c8f5895ca Moved all to sgfw
8 years ago