[peterwwillis]

Why C++? The backend only has to read ftrace events, and Python should be fast enough for that.... And why root? Can't you just create a dbus connection, open your fd to the ftrace pipe, and then drop privs to a nonroot user?

[evilsocket]

OpenSnitch is not only about ftrace, check the NFQUEUE handling, moving to native will improve performances and stability. Also, it requires root because that's the only way it can install the iptable rules it needs in order to function properly.

[peterwwillis]

The iptables rules are static though, aren't they? And they have bypass enabled, so you should be able to load them once at system boot time and leave them there to default to allow.

As far as nfqueue, I googled around but I wasn't able to find out what perms you need in order to communicate with netlink. I assumed you could open an fd and drop perms but it looks like it might not allow that. I agree that eventually you'd need a pretty robust multithreaded app to handle large packet flows without adding too much latency... it seems like quite a big burden just to authorize specific applications to make specific network connections.

[evilsocket]

as long as i know, you definitely need root to communicate with netlink .... i don't think there're gonna be large packet flows, only first connection packets tnx to conntrack, it's doable :)