changed ui/client/configuration tests

In order to test ebpf<->proc changes we'll need to have access to a valid ebpf module.
evilsocket · May 5, 2024 · 7d08b2b · 7d08b2b
1 parent bde5d34
commit 7d08b2b
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 20 deletions.
diff --git a/daemon/procmon/parse.go b/daemon/procmon/parse.go
@@ -81,7 +81,7 @@ func GetPIDFromINode(inode int, inodeKey string) int {
 			return aPid
 		}
 	}
-	if found == -1 || methodIsProc() {
+	if found == -1 || MethodIsProc() {
 		found = lookupPidInProc("/proc/", expect, inodeKey, inode)
 	}
 	log.Debug("new pid lookup took (%d): %v", found, time.Since(start))

diff --git a/daemon/procmon/process.go b/daemon/procmon/process.go
@@ -256,7 +256,7 @@ func MethodIsAudit() bool {
 	return monitorMethod == MethodAudit
 }
 
-func methodIsProc() bool {
+func MethodIsProc() bool {
 	lock.RLock()
 	defer lock.RUnlock()
 

diff --git a/daemon/ui/client_test.go b/daemon/ui/client_test.go
@@ -17,13 +17,12 @@ import (
 
 var (
 	defaultConfig = &config.Config{
-		ProcMonitorMethod: procmon.MethodEbpf,
+		ProcMonitorMethod: procmon.MethodProc,
 		DefaultAction:     "allow",
 		DefaultDuration:   "once",
 		InterceptUnknown:  false,
 		Firewall:          "nftables",
 	}
-	reloadConfig = *defaultConfig
 )
 
 func restoreConfigFile(t *testing.T) {
@@ -39,8 +38,8 @@ func restoreConfigFile(t *testing.T) {
 }
 
 func validateConfig(t *testing.T, uiClient *Client, cfg *config.Config) {
-	if uiClient.ProcMonitorMethod() != cfg.ProcMonitorMethod {
-		t.Errorf("not expected ProcMonitorMethod value: %s, expected: %s", uiClient.ProcMonitorMethod(), cfg.ProcMonitorMethod)
+	if uiClient.ProcMonitorMethod() != cfg.ProcMonitorMethod || procmon.GetMonitorMethod() != uiClient.ProcMonitorMethod() {
+		t.Errorf("not expected ProcMonitorMethod value: %s, expected: %s, procmon.MonitorMethod: %s", uiClient.ProcMonitorMethod(), cfg.ProcMonitorMethod, procmon.GetMonitorMethod())
 	}
 	if uiClient.GetFirewallType() != cfg.Firewall {
 		t.Errorf("not expected FirewallType value: %s, expected: %s", uiClient.GetFirewallType(), cfg.Firewall)
@@ -53,7 +52,7 @@ func validateConfig(t *testing.T, uiClient *Client, cfg *config.Config) {
 	}
 }
 
-func TestClientConfig(t *testing.T) {
+func TestClientConfigReloading(t *testing.T) {
 	restoreConfigFile(t)
 	cfgFile := "./testdata/default-config.json"
 
@@ -71,7 +70,8 @@ func TestClientConfig(t *testing.T) {
 	})
 
 	t.Run("validate-reload-config", func(t *testing.T) {
-		reloadConfig.ProcMonitorMethod = procmon.MethodProc
+		reloadConfig := *defaultConfig
+		//reloadConfig.ProcMonitorMethod = procmon.MethodProc
 		reloadConfig.DefaultAction = string(rule.Deny)
 		reloadConfig.InterceptUnknown = true
 		reloadConfig.Firewall = iptables.Name

diff --git a/daemon/ui/config_utils.go b/daemon/ui/config_utils.go
@@ -121,7 +121,7 @@ func (c *Client) reloadConfiguration(reload bool, newConfig config.Config) *moni
 	}
 
 	if reconnect {
-		log.Debug("[config] config.server.address.* changed, reconnecting")
+		log.Debug("[config] config.server.address.* changed, reconnecting to %s", c.socketPath)
 		c.disconnect()
 	}
 
@@ -189,14 +189,8 @@ func (c *Client) reloadConfiguration(reload bool, newConfig config.Config) *moni
 		log.Debug("[config] config.Ebpf.ModulesPath not changed")
 	}
 	if reloadProc {
-		monitor.End()
-		procmon.SetMonitorMethod(newConfig.ProcMonitorMethod)
-		clientConfig.ProcMonitorMethod = newConfig.ProcMonitorMethod
-		err := monitor.Init(newConfig.Ebpf.ModulesPath)
-		if err.What > monitor.NoError {
-			log.Error("[config] config.procmon error: %s", err.Msg)
-			procmon.SetMonitorMethod(clientConfig.ProcMonitorMethod)
-			monitor.Init(clientConfig.Ebpf.ModulesPath)
+		err := monitor.ReconfigureMonitorMethod(newConfig.ProcMonitorMethod, newConfig.Ebpf.ModulesPath)
+		if err != nil && err.What > monitor.NoError {
 			return err
 		}
 	} else {

diff --git a/daemon/ui/testdata/default-config.json.orig b/daemon/ui/testdata/default-config.json.orig
@@ -2,16 +2,42 @@
     "Server":
     {
         "Address":"unix:///tmp/osui.sock",
-        "LogFile":"/var/log/opensnitchd.log"
+        "LogFile":"/dev/stdout",
+        "Authentication": {
+            "Type": "tls-mutual",
+            "TLSOptions": {
+                "CACert": "/tmp/opensnitch/certs/unix-socket/ca-cert.pem",
+                "ServerCert": "/tmp/opensnitch/certs/unix-socket/server-cert.pem",
+                "ClientCert": "/tmp/opensnitch/certs/unix-socket/client-abstract-cert.pem",
+                "ClientKey": "/tmp/opensnitch/certs/unix-socket/client-key.pem",
+                "SkipVerify": false,
+                "ClientAuthType": "req-and-verify-cert"
+            }
+        }
     },
     "DefaultAction": "allow",
     "DefaultDuration": "once",
     "InterceptUnknown": false,
-    "ProcMonitorMethod": "ebpf",
-    "LogLevel": 2,
+    "ProcMonitorMethod": "proc",
+    "LogLevel": 0,
     "LogUTC": true,
     "LogMicro": false,
     "Firewall": "nftables",
+    "FwOptions": {
+        "ConfigPath": "/etc/opensnitchd/system-fw.json",
+        "MonitorInterval": "25s",
+        "ActionOnOverflow": "drop"
+    },
+    "Rules": {
+        "Path": "",
+        "EnableChecksums": true
+    },
+    "Ebpf": {
+        "ModulesPath": "/usr/lib/opensnitchd/ebpf"
+    },
+    "Internal": {
+        "GCPercent": 75
+    },
     "Stats": {
         "MaxEvents": 150,
         "MaxStats": 25,