Update probed function sys_execve to do_execve

daemon/conman/connection.go

@@ -71,7 +71,7 @@ func NewConnection(nfp *netfilter.Packet, ip *layers.IPv4) (c *Connection, err e
 	c = &Connection{
 		SrcIP:   ip.SrcIP,
 		DstIP:   ip.DstIP,
-		DstHost: dns.HostOr(ip.DstIP, ""),
+		DstHost: dns.HostOr(ip.DstIP, ip.DstIP.String()),
 		pkt:     nfp,
 	}
 

daemon/dns/track.go

@@ -12,7 +12,7 @@ import (
 
 var (
 	responses = make(map[string]string, 0)
-	lock      = sync.Mutex{}
+	lock      = sync.RWMutex{}
 )
 
 func TrackAnswers(packet gopacket.Packet) bool {
@@ -41,37 +41,50 @@ func TrackAnswers(packet gopacket.Packet) bool {
 	}
 
 	for _, ans := range dnsAns.Answers {
-		if ans.Name != nil && ans.IP != nil {
-			Track(ans.IP, string(ans.Name))
+		if ans.Name != nil {
+			if ans.IP != nil {
+				Track(ans.IP.String(), string(ans.Name))
+			} else if ans.CNAME != nil {
+				Track(string(ans.CNAME), string(ans.Name))
+			}
 		}
 	}
 
 	return true
 }
 
-func Track(ip net.IP, hostname string) {
-	address := ip.String()
-
+func Track(resolved string, hostname string) {
 	lock.Lock()
 	defer lock.Unlock()
 
-	responses[address] = hostname
+	responses[resolved] = hostname
 
-	log.Debug("New DNS record: %s -> %s", address, hostname)
+	log.Debug("New DNS record: %s -> %s", resolved, hostname)
 }
 
-func Host(ip net.IP) (host string, found bool) {
-	address := ip.String()
+func Host(resolved string) (host string, found bool) {
+	lock.RLock()
+	defer lock.RUnlock()
 
-	lock.Lock()
-	defer lock.Unlock()
-
-	host, found = responses[address]
+	host, found = responses[resolved]
 	return
 }
 
 func HostOr(ip net.IP, or string) string {
-	if host, found := Host(ip); found == true {
+	if host, found := Host(ip.String()); found == true {
+		// host might have been CNAME; go back until we reach the "root"
+		seen := make(map[string]bool) // prevent possibility of loops
+		for {
+			orig, had := Host(host)
+			if seen[orig] {
+				break
+			}
+			if !had {
+				break
+			}
+			seen[orig] = true
+			host = orig
+		}
 		return host
 	}
 	return or

daemon/firewall/rules.go

@@ -32,6 +32,27 @@ func RunRule(enable bool, rule []string) (err error) {
 
 // INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
 func QueueDNSResponses(enable bool, queueNum int) (err error) {
+	// If enable, we're going to insert as #1, not append
+	if enable {
+		// FIXME: this is basically copy/paste of RunRule() above b/c we can't
+		// shoehorn "-I" with the boolean 'enable' switch
+		rule := []string{
+			"-I",
+			"INPUT",
+			"1",
+			"--protocol", "udp",
+			"--sport", "53",
+			"-j", "NFQUEUE",
+			"--queue-num", fmt.Sprintf("%d", queueNum),
+			"--queue-bypass",
+		}
+		lock.Lock()
+		defer lock.Unlock()
+		_, err := core.Exec("iptables", rule)
+		return err
+	}
+
+	// Otherwise, it's going to be disable
 	return RunRule(enable, []string{
 		"INPUT",
 		"--protocol", "udp",

daemon/procmon/watcher.go

@@ -10,7 +10,7 @@ import (
 
 const (
 	probeName   = "opensnitch_exec_probe"
-	syscallName = "sys_execve"
+	syscallName = "do_execve"
 )
 
 type procData struct {

ui/opensnitch/dialogs/stats.py

@@ -201,7 +201,12 @@ def _on_update_triggered(self):
             by_users = {}
             if self._address is None:
                 for uid, hits in self._stats.by_uid.items():
-                    by_users["%s (%s)" % (pwd.getpwuid(int(uid)).pw_name, uid)] = hits
+                    try:
+                        pw_name = pwd.getpwall(int(uid)).pw_name
+                    except KeyError:
+                        pw_name = "(UID error)"
+                    finally:
+                        by_users["%s (%s)" % (pw_name, uid)] = hits
             else:
                 by_users = self._stats.by_uid