Go to file

kharonsec 4ed961c91b Add Little Snitch-style network map view

- Add GeoCoordinates to NetworkEvent with lat/long support
- Update GeoIP resolver to extract coordinates and city from MaxMindDB
- Create map_view.rs with Cairo-rendered world map visualization
- Add curved connection lines from user location to destinations
- Add app list sidebar with bandwidth tracking
- Add details panel showing connection info
- Integrate map view as new tab in main application
- Add CSS styles for map components

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-16 12:24:47 +01:00

.claude

Add Little Snitch-style network map view

2026-01-16 12:24:47 +01:00

common

Add Little Snitch-style network map view

2026-01-16 12:24:47 +01:00

daemon

Add Little Snitch-style network map view

2026-01-16 12:24:47 +01:00

gui

Add Little Snitch-style network map view

2026-01-16 12:24:47 +01:00

kernel/bpf

finishing features

2026-01-16 11:59:34 +01:00

packaging

first commit

2026-01-16 11:29:02 +01:00

.gitignore

first commit

2026-01-16 11:29:02 +01:00

Cargo.lock

first commit

2026-01-16 11:29:02 +01:00

Cargo.toml

first commit

2026-01-16 11:29:02 +01:00

network-monitor-main@2x.png

Add Little Snitch-style network map view

2026-01-16 12:24:47 +01:00

README.md

first commit

2026-01-16 11:29:02 +01:00

README.md

beSnitch

A Little-Snitch-like network monitor and per-application firewall for Linux.

Features

Real-time Network Monitoring: Track all inbound/outbound connections with process identification
Per-Application Firewall: Create rules to allow or block specific applications
Alert Mode: Get prompted when new applications attempt to connect
nftables Integration: Actual connection blocking using the Linux firewall
Modern GTK4 GUI: Beautiful Adwaita-styled interface with system tray support

Components

daemon/ — Background service for network monitoring (Rust, eBPF)
gui/ — GTK4/Adwaita graphical interface (Rust)
common/ — Shared types and IPC protocol
kernel/bpf/ — eBPF programs (future: compiled probes)
packaging/ — Systemd service and installation scripts

Requirements

Linux kernel 5.8+ (for eBPF CO-RE support)
Rust 1.70+
GTK4 and libadwaita development libraries
nftables

Ubuntu/Debian

sudo apt install libgtk-4-dev libadwaita-1-dev nftables

Fedora

sudo dnf install gtk4-devel libadwaita-devel nftables

Arch Linux

sudo pacman -S gtk4 libadwaita nftables

Building

cargo build --release

Installation

sudo ./packaging/install.sh

Usage

Start the daemon (requires root)

sudo be_snitch_daemon --mode alert

Modes:

silent - Monitor only, don't block or prompt
alert - Prompt for new connections (default)
block - Block unknown connections by default

Start the GUI

be_snitch_gui

Systemd Service

sudo systemctl start besnitch
sudo systemctl enable besnitch  # Start at boot

Configuration

Rules are stored in ~/.config/besnitch/rules.json

Architecture

┌─────────────────┐     ┌─────────────────┐
│   GTK4 GUI      │────▶│  Unix Socket    │
│  (user space)   │◀────│  IPC Protocol   │
└─────────────────┘     └────────┬────────┘
                                 │
                        ┌────────▼────────┐
                        │     Daemon      │
                        │  Rule Engine    │
                        │  Event Handler  │
                        └────────┬────────┘
                                 │
              ┌──────────────────┼──────────────────┐
              │                  │                  │
     ┌────────▼────────┐ ┌───────▼───────┐ ┌───────▼───────┐
     │  eBPF Probes    │ │   nftables    │ │  /proc/net    │
     │  (connect/      │ │   Firewall    │ │  (fallback)   │
     │   accept)       │ │   Rules       │ │               │
     └─────────────────┘ └───────────────┘ └───────────────┘

License

GPL-3.0