changed ui/client/configuration tests

In order to test ebpf<->proc changes we'll need to have access to a valid ebpf module.
2025-03-04 08:34:40 +01:00 · 2024-05-06 00:10:00 +02:00 · 2024-05-06 00:10:00 +02:00 · 7d08b2b4a0
commit 7d08b2b4a0
parent bde5d34deb
5 changed files with 40 additions and 20 deletions
--- a/daemon/procmon/parse.go
+++ b/daemon/procmon/parse.go
@ -81,7 +81,7 @@ func GetPIDFromINode(inode int, inodeKey string) int {
 			return aPid
 		}
 	}
-	if found == -1 || methodIsProc() {
+	if found == -1 || MethodIsProc() {
 		found = lookupPidInProc("/proc/", expect, inodeKey, inode)
 	}
 	log.Debug("new pid lookup took (%d): %v", found, time.Since(start))
--- a/daemon/procmon/process.go
+++ b/daemon/procmon/process.go
@ -256,7 +256,7 @@ func MethodIsAudit() bool {
 	return monitorMethod == MethodAudit
 }

-func methodIsProc() bool {
+func MethodIsProc() bool {
 	lock.RLock()
 	defer lock.RUnlock()

--- a/daemon/ui/client_test.go
+++ b/daemon/ui/client_test.go
@ -17,13 +17,12 @@ import (

 var (
 	defaultConfig = &config.Config{
-		ProcMonitorMethod: procmon.MethodEbpf,
+		ProcMonitorMethod: procmon.MethodProc,
 		DefaultAction:     "allow",
 		DefaultDuration:   "once",
 		InterceptUnknown:  false,
 		Firewall:          "nftables",
 	}
-	reloadConfig = *defaultConfig
 )

 func restoreConfigFile(t *testing.T) {
@ -39,8 +38,8 @@ func restoreConfigFile(t *testing.T) {
 }

 func validateConfig(t *testing.T, uiClient *Client, cfg *config.Config) {
-	if uiClient.ProcMonitorMethod() != cfg.ProcMonitorMethod {
-		t.Errorf("not expected ProcMonitorMethod value: %s, expected: %s", uiClient.ProcMonitorMethod(), cfg.ProcMonitorMethod)
+	if uiClient.ProcMonitorMethod() != cfg.ProcMonitorMethod || procmon.GetMonitorMethod() != uiClient.ProcMonitorMethod() {
+		t.Errorf("not expected ProcMonitorMethod value: %s, expected: %s, procmon.MonitorMethod: %s", uiClient.ProcMonitorMethod(), cfg.ProcMonitorMethod, procmon.GetMonitorMethod())
 	}
 	if uiClient.GetFirewallType() != cfg.Firewall {
 		t.Errorf("not expected FirewallType value: %s, expected: %s", uiClient.GetFirewallType(), cfg.Firewall)
@ -53,7 +52,7 @@ func validateConfig(t *testing.T, uiClient *Client, cfg *config.Config) {
 	}
 }

-func TestClientConfig(t *testing.T) {
+func TestClientConfigReloading(t *testing.T) {
 	restoreConfigFile(t)
 	cfgFile := "./testdata/default-config.json"

@ -71,7 +70,8 @@ func TestClientConfig(t *testing.T) {
 	})

 	t.Run("validate-reload-config", func(t *testing.T) {
-		reloadConfig.ProcMonitorMethod = procmon.MethodProc
+		reloadConfig := *defaultConfig
+		//reloadConfig.ProcMonitorMethod = procmon.MethodProc
 		reloadConfig.DefaultAction = string(rule.Deny)
 		reloadConfig.InterceptUnknown = true
 		reloadConfig.Firewall = iptables.Name
--- a/daemon/ui/config_utils.go
+++ b/daemon/ui/config_utils.go
@ -121,7 +121,7 @@ func (c *Client) reloadConfiguration(reload bool, newConfig config.Config) *moni
 	}

 	if reconnect {
-		log.Debug("[config] config.server.address.* changed, reconnecting")
+		log.Debug("[config] config.server.address.* changed, reconnecting to %s", c.socketPath)
 		c.disconnect()
 	}

@ -189,14 +189,8 @@ func (c *Client) reloadConfiguration(reload bool, newConfig config.Config) *moni
 		log.Debug("[config] config.Ebpf.ModulesPath not changed")
 	}
 	if reloadProc {
-		monitor.End()
-		procmon.SetMonitorMethod(newConfig.ProcMonitorMethod)
-		clientConfig.ProcMonitorMethod = newConfig.ProcMonitorMethod
-		err := monitor.Init(newConfig.Ebpf.ModulesPath)
-		if err.What > monitor.NoError {
-			log.Error("[config] config.procmon error: %s", err.Msg)
-			procmon.SetMonitorMethod(clientConfig.ProcMonitorMethod)
-			monitor.Init(clientConfig.Ebpf.ModulesPath)
+		err := monitor.ReconfigureMonitorMethod(newConfig.ProcMonitorMethod, newConfig.Ebpf.ModulesPath)
+		if err != nil && err.What > monitor.NoError {
 			return err
 		}
 	} else {
--- a/daemon/ui/testdata/default-config.json.orig
+++ b/daemon/ui/testdata/default-config.json.orig
@ -2,16 +2,42 @@
    "Server":
    {
        "Address":"unix:///tmp/osui.sock",
-        "LogFile":"/var/log/opensnitchd.log"
+        "LogFile":"/dev/stdout",
+        "Authentication": {
+            "Type": "tls-mutual",
+            "TLSOptions": {
+                "CACert": "/tmp/opensnitch/certs/unix-socket/ca-cert.pem",
+                "ServerCert": "/tmp/opensnitch/certs/unix-socket/server-cert.pem",
+                "ClientCert": "/tmp/opensnitch/certs/unix-socket/client-abstract-cert.pem",
+                "ClientKey": "/tmp/opensnitch/certs/unix-socket/client-key.pem",
+                "SkipVerify": false,
+                "ClientAuthType": "req-and-verify-cert"
+            }
+        }
    },
    "DefaultAction": "allow",
    "DefaultDuration": "once",
    "InterceptUnknown": false,
-    "ProcMonitorMethod": "ebpf",
-    "LogLevel": 2,
+    "ProcMonitorMethod": "proc",
+    "LogLevel": 0,
    "LogUTC": true,
    "LogMicro": false,
    "Firewall": "nftables",
+    "FwOptions": {
+        "ConfigPath": "/etc/opensnitchd/system-fw.json",
+        "MonitorInterval": "25s",
+        "ActionOnOverflow": "drop"
+    },
+    "Rules": {
+        "Path": "",
+        "EnableChecksums": true
+    },
+    "Ebpf": {
+        "ModulesPath": "/usr/lib/opensnitchd/ebpf"
+    },
+    "Internal": {
+        "GCPercent": 75
+    },
    "Stats": {
        "MaxEvents": 150,
        "MaxStats": 25,