firewalla / firewalla Goto Github PK

I'd suggest updating the device list when user hit refresh button on the top right. Because the wrong mapping between ip and name is very annoying. -george

instead it should use local ISP DNS

Although after rebooting the device, IOS app still show "try later or reboot the device" .

Reenable bit bridge 6 for ipv6 support. Only in master branch please.

6 seconds may not be enough for locations such as China.

Color and the bar

"The biggest problem I see so far is false alarm. One of the device is offline and the ip is released, new device picks up the ip, but your app still uses the old device name for the new device. It also causes the same name has two up addresses when the old one comes online again." From George.

blocked site need to be organized under the device view. this is easier for people to look and search.

When blocked an site/ip address in an alert and go back to main window, it's not appear in the "Blocked Sites" section. Need close the app and reopen it to see the site/ip address in the "Blocked Sites"

@MelvinTo

Not seen porn notification any more with the next-gen notification code. testing this feature is fun for sure #

current debugging is pretty much setup via code. Problem of this, it is hard to setup a dev debugging vs production debugging. Need something like a json file to describe the debug levels of the systems

This password should be dynamically set by firewalla owner once connected. And can be reset by the app

current solution is always offer 5 min of 'rejoin' time. to have phone having opporutnity to bind to firewalla.

this is to fix the problem where people change phones ...

will need to look at this at later stage, there may be evil people:

1. already connect to the wifi network
2. near firewalla
3. during reboot ...

going to limit scans only /24

looking at DNScript and see if we make it into a feature in the future. (Customer request)

if there are multiple devices in the same subnet, all the later devices (except the first one) will fail to send broadcast messages. Because all of them use the same service name, bonjour lib will throw exception if the service name is already used on the network.

in file brotab

0 0/20 * 1/1 * ? * /home/pi/firewalla/etc/bro-cron2 >/dev/null 2>&1
0 0 4 1/2 * ? * sudo /sbin/shutdown -r +5
0 0 0/12 1/1 * ? * /home/pi/firewalla/scripts/clean-log

The shutdown statement is not working. seems the cron time is not correct (or standard). Need to fix this. the shutdown and reboot will help to clean things ... in case something bad happens

+ sudo cd /etc/openvpn/easy-rsa
sudo: cd: command not found
+ sudo source ./vars
sudo: source: command not found

@jerrchen

alpha testers's environment, firewalla may change ip address (very frequently), and some devices as well. need to ensure firewalla vpn will rebuild using upnp, if no upnp ... warn the user.

future need ability to bind firewalla to a specific ip

[ OK ] Started Update UTMP about System Runlevel Changes.
[ OK ] Unmounted /var/log.hdd.
[ OK ] Stopped target Local File Systems.
Starting Unattended Upgrades Shutdown...

Also hangs here

[ OK ] Stopped Create Volatile Files and Directories.
Stopping Load/Save Random Seed...
[ OK ] Deactivated swap /var/swap.
[ OK ] Stopped Load/Save Random Seed.

More
[ OK ] Stopped Restore / save the current clock.
[ OK ] Stopped Load/Save Random Seed.
[ OK ] Deactivated swap /var/swap.

More
[ OK ] Stopped target Remote File Systems.
[ OK ] Stopped target Remote File Systems (Pre).

More: With new image latest, having problems still reboot. (running 4 stress sessions)
[ OK ] Stopped /etc/rc.local Compatibility.
[ OK ] Stopped target Network is Online.
[ OK ] Stopped Network Manager Wait Online.
[ OK ] Stopped Session 7631 of user pi.

result in NaN

2016-10-18T19:46:37.136Z - info: Flowgraph:Action: clean [{"id":0,"app":{"firewalla":[[1476791123,1476819945,7157768,8776136]],"apple":[[1476811092,1476819289,928998,3136936]],"linkedin":[[1476814256,1476819177,425518,311017]],"wechat":[[1476800807,1476819206,92462,77245]],"facebook":[[1476814343,1476818880,103503,1293882]],"youtube":[[1476814294,1476815110,14708,1296694],[1476813058,1476814294,760533,193977069]]},"activity":{"games":[[1476814357,1476814365,1642,5726],[1476814345,1476814355,1584,5713]]}}]
2016-10-18T19:46:37.136Z - debug: Removing self and apple
2016-10-18T19:46:37.136Z - debug: Removing self and apple
2016-10-18T19:46:37.136Z - info: Flowgraph:Parse:App:linkedin TimeFrame 4921 data 736535 flowcount NaN ratio NaN rate 149.67181467181467

currently, the switch style below is not so straight forward which may confuse user whether it's on or not:

Something like below may be more straight forward

Add watchdog feature to blow up firewalla if network is dead

have user visit firewalla box and define the name of the device that the visit is from.

http://192.168.2.100/iam/JerryIPhone
or
http://firewalla.local/iam/JerryIPhone
or
http://firewalla.local/iam
// above will update name of the device visiting from to "just visited"

When sorting upload and download, the are the same result in the device screen

Better discovery is needed. We are discovering device names much less accurate than a router would do. Need to tap into dhcp packet and see if we can do something quicker. Comment source: George

	"from": "Unamed"
},
"mtype": "msg"

}
================= request body end =================
Received jsondata { mtype: 'init',
id: 'E390D0DA-DF19-407A-8864-CB0EF77F11E1',
data: { get: '0.0.0.0' },
type: 'jsonmsg',
target: '0.0.0.0' }
Process Init load event
POST /v1/encipher/message/76025c0d-c418-4417-a2e4-f3aa96cb4f87 500 420.893 ms - 678
Error: Cannot find module 'character-parser'
at Function.Module._resolveFilename (module.js:325:15)
at Function.Module._load (module.js:276:25)
at Module.require (module.js:353:17)
at require (internal/module.js:12:17)
at Object. (/home/pi/.node_modules/jade/lib/lexer.js:4:23)
at Module._compile (module.js:409:26)
at Object.Module._extensions..js (module.js:416:10)
at Module.load (module.js:343:32)
at Function.Module._load (module.js:300:12)
at Module.require (module.js:353:17)
SOCKET newMsg From Group indicator
Received jsondata { mtype: 'init',
id: 'E390D0DA-DF19-407A-8864-CB0EF77F11E1',
data: { get: '0.0.0.0' },
type: 'jsonmsg',
target: '0.0.0.0' }
Process Init load event
TypeError: Cannot read property 'monitoringInterface' of undefined
at toJson (/home/pi/firewalla/net2/HostManager.js:1129:63)
at netBot.msgHandler (/home/pi/firewalla/controllers/netbot.js:953:38)
at /home/pi/firewalla/lib/ControllerBot.js:103:34
at /home/pi/firewalla/encipher/lib/encipherio.js:746:26
at Request._callback (/home/pi/firewalla/encipher/lib/encipherio.js:717:17)
at Request.self.callback (/home/pi/.node_modules/request/request.js:187:22)
at emitTwo (events.js:87:13)
at Request.emit (events.js:172:7)
at Request. (/home/pi/.node_modules/request/request.js:1044:10)
at emitOne (events.js:77:13)
xxxx
setAppHandler is deprecated! Pass it to the constructor instead.

Flows Send to the user pretty much is 'everything'. even if the flow is like a ping, or grab something simple. (such as wechat notification).

If flow time frame or byte is small, should just drop it as insignificant when send back to UI. (This should be done in flowmanager, and only after detection of bad things).

Counters are not updated

2017-04-15 20:00:53.993675 Encipher[367:207496] Firewalla Request URL: http://192.168.2.226:8833/v1/encipher/message/6d097b32-3e9f-4fc3-a71c-6e6231466f83
2017-04-15 20:00:53.995750 Encipher[367:207496] [Firewalla] Channels LAN,CLOUD are selected
2017-04-15 20:00:53.995846 Encipher[367:207496] Trying to send message via LAN
2017-04-15 20:00:53.996090 Encipher[367:207496] Start sending direct message to url http://192.168.2.226:8833/v1/encipher/message/6d097b32-3e9f-4fc3-a71c-6e6231466f83
2017-04-15 20:00:53.997131 Encipher[367:207496] Firewalla Request URL: http://192.168.2.226:8833/v1/encipher/message/6d097b32-3e9f-4fc3-a71c-6e6231466f83
2017-04-15 20:00:56.706352 Encipher[367:207496] ===reloading successfully===
2017-04-15 20:00:56.706877 Encipher[367:207496] fboxInitialized called
2017-04-15 20:00:56.710564 Encipher[367:207496] fboxInitialized called
2017-04-15 20:00:59.059184 Encipher[367:207496] ===reloading successfully===
2017-04-15 20:00:59.059519 Encipher[367:207496] fboxInitialized called
2017-04-15 20:00:59.065932 Encipher[367:207496] fboxInitialized called
2017-04-15 20:01:17.426008 Encipher[367:207496] Looking at service cameraffbe22
2017-04-15 20:01:27.246737 Encipher[367:207496] Dismiss loading dialog due to timeout
2017-04-15 20:01:46.931084 Encipher[367:207496] [Firewalla] Channels LAN are selected
2017-04-15 20:01:46.931194 Encipher[367:207496] Trying to send message via LAN
2017-04-15 20:01:46.931367 Encipher[367:207496] Start sending direct message to url http://192.168.2.226:8833/v1/encipher/message/6d097b32-3e9f-4fc3-a71c-6e6231466f83
2017-04-15 20:01:46.932226 Encipher[367:207496] Firewalla Request URL: http://192.168.2.226:8833/v1/encipher/message/6d097b32-3e9f-4fc3-a71c-6e6231466f83
2017-04-15 20:01:46.940176 Encipher[367:207496] [Firewalla] Channels LAN are selected
2017-04-15 20:01:46.940317 Encipher[367:207496] Trying to send message via LAN
2017-04-15 20:01:46.940512 Encipher[367:207496] Start sending direct message to url http://192.168.2.226:8833/v1/encipher/message/6d097b32-3e9f-4fc3-a71c-6e6231466f83
2017-04-15 20:01:46.941209 Encipher[367:207496] Firewalla Request URL: http://192.168.2.226:8833/v1/encipher/message/6d097b32-3e9f-4fc3-a71c-6e6231466f83

need to change icon or redefine it. Feedback from George

bone api some times will fail due to

2016-09-19T18:31:08.038Z - info: FlowManager:FlowSummary not enough flows
Error while requesting { [Error: connect ENETUNREACH 10.10.10.10:443]
code: 'ENETUNREACH',
errno: 'ENETUNREACH',
syscall: 'connect',
address: '10.10.10.10',
port: 443 } Error
at Request._callback (/home/pi/firewalla/lib/Bone.js:209:25)
at self.callback (/home/pi/firewalla/node_modules/request/request.js:187:22)
at emitOne (events.js:77:13)
at Request.emit (events.js:169:7)
at Request.onRequestError (/home/pi/firewalla/node_modules/request/request.js:813:8)
at emitOne (events.js:77:13)
at ClientRequest.emit (events.js:169:7)
at TLSSocket.socketErrorListener (_http_client.js:269:9)
at emitOne (events.js:77:13)
at TLSSocket.emit (events.js:169:7)

the ip_address might be null if the cable is not plugged in, need to double check before accessing it

IPv6 bitbridge was turned off due to some issues with pulling traffic via neighbor discovery protocol. Need to debug this and deploy

This might be caused by the arp hole, or the blocked traffic is still recorded by the kernel. The traffic may leak couple.

sd card is slow thus it is very slow to copy log file to last_ log file

this might be a bug in systemd, even when bro crashed (the pid file is deleted). Systemd still thinks bro is up. which causes the system to pretty much dead.

Need a small cron script to double check bro. or look at brofish.service and see why it is not detecting the crash.

In "activating" status for a very very long time. (over 5 mins)

pi@Firewalla:~/.forever$ sudo systemctl status firewalla
● firewalla.service - firewalla
   Loaded: loaded (/etc/systemd/system/firewalla.service; enabled; vendor preset: enabled)
   Active: activating (start) since Wed 2017-04-19 13:58:35 UTC; 6min ago
 Main PID: 1399 (main-run)
   CGroup: /system.slice/firewalla.service
           ├─1399 /bin/bash - /home/pi/firewalla/scripts/main-run
           ├─1465 sudo systemctl start ntp
           └─1467 systemctl start ntp

Apr 19 13:58:35 Firewalla systemd[1]: Starting firewalla...
Apr 19 13:58:35 Firewalla pi[1401]: Wed Apr 19 13:58:35 UTC 2017
Apr 19 13:58:38 Firewalla main-run[1399]: sudo: ntpdate: command not found
Apr 19 13:58:38 Firewalla sudo[1465]:       pi : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/systemctl s
Apr 19 13:58:38 Firewalla sudo[1465]: pam_unix(sudo:session): session opened for user root by (uid=0)

host ip address will move. acl need to know when hosts that might change ip and move the acl to a different place.

Date.now() at left or Date.now() at right. Comment from George.

for events, no need to show map display. map should only be there to show people that their data is far away @MelvinTo

Buildraw needs to be more flexible, reliable and use local mirrors to boost the process.

Always gets two notifications with same content.