added support for a tcp listener (closes #119)

2025-03-04 00:24:40 +01:00 · 2018-04-07 01:52:43 +02:00 · 2018-04-07 01:52:43 +02:00 · e920e85f97
commit e920e85f97
parent e2c68f1423
5 changed files with 42 additions and 27 deletions
--- a/4
+++ b/4
@ -21,5 +21,5 @@ test:
 	mkdir rules
 	make 
 	clear
-	python ui/main.py --socket /tmp/osui.sock &
-	sudo ./daemon/daemon -ui-socket-path /tmp/osui.sock
+	python ui/main.py --socket unix:///tmp/osui.sock &
+	sudo ./daemon/daemon -ui-socket unix:///tmp/osui.sock
--- a/README.md
+++ b/README.md
@ -37,11 +37,14 @@ First, you need to decide in which folder opensnitch rules will be saved, it is

 Now run the daemon:

-    sudo /path/to/daemon -ui-socket-path /tmp/osui.sock -rules-path ~/.opensnitch/rules
+    sudo /path/to/daemon -ui-socket unix:///tmp/osui.sock -rules-path ~/.opensnitch/rules

 And the UI service as your user:

-    python /path/to/ui/main.py --socket /tmp/osui.sock
+    python /path/to/ui/main.py --socket unix:///tmp/osui.sock
+
+You can also use `--socket "[::]:50051"` to have the UI use TCP instead of a unix socket and run the daemon on another
+computer with `-ui-socket "x.x.x.x:50051"` (where `x.x.x.x` is the IP of the computer running the UI service).

 ### FAQ

@ -51,6 +54,6 @@ I tried, but for very fast updates it failed bad on my configuration (failed bad

 ##### Why gRPC and not DBUS?

-At some point the UI service will also be able to use a TCP listener, at that point the UI itself can be executed on any 
+The UI service is able to use a TCP listener instead of a UNIX socket, that means the UI service itself can be executed on any 
 operating system, while receiving messages from a single local daemon instance or multiple instances from remote computers in the network,
 therefore DBUS would have made the protocol and logic uselessly GNU/Linux specific.
--- a/daemon/main.go
+++ b/daemon/main.go
@ -27,8 +27,8 @@ var (
 	workers   = 16
 	debug     = false

-	uiSocketPath = "opensnitch-ui.sock"
-	uiClient     = (*ui.Client)(nil)
+	uiSocket = "unix:///tmp/osui.sock"
+	uiClient = (*ui.Client)(nil)

 	err     = (error)(nil)
 	rules   = rule.NewLoader()
@ -40,7 +40,7 @@ var (
 )

 func init() {
-	flag.StringVar(&uiSocketPath, "ui-socket-path", uiSocketPath, "UNIX socket of the UI gRPC service.")
+	flag.StringVar(&uiSocket, "ui-socket", uiSocket, "Path the UI gRPC service listener (https://github.com/grpc/grpc/blob/master/doc/naming.md).")
 	flag.StringVar(&rulesPath, "rules-path", rulesPath, "Path to load JSON rules from.")
 	flag.IntVar(&queueNum, "queue-num", queueNum, "Netfilter queue number.")
 	flag.IntVar(&workers, "workers", workers, "Number of concurrent workers.")
@ -197,11 +197,6 @@ func main() {
 		log.Fatal("%s", err)
 	}

-	uiSocketPath, err = core.ExpandPath(uiSocketPath)
-	if err != nil {
-		log.Fatal("%s", err)
-	}
-
 	setupSignals()
 	setupWorkers()

@ -225,7 +220,7 @@ func main() {
 	if err := rules.Load(rulesPath); err != nil {
 		log.Fatal("%s", err)
 	}
-	uiClient = ui.NewClient(uiSocketPath, stats)
+	uiClient = ui.NewClient(uiSocket, stats)

 	log.Info("Running on netfilter queue #%d ...", queueNum)
 	for true {
--- a/daemon/ui/client.go
+++ b/daemon/ui/client.go
@ -3,6 +3,7 @@ package ui
 import (
 	"fmt"
 	"net"
+	"strings"
 	"sync"
 	"time"

@ -30,17 +31,24 @@ var clientErrorRule = rule.Create("ui.client.error", rule.Allow, rule.Once, rule
 type Client struct {
 	sync.Mutex

-	stats      *statistics.Statistics
-	socketPath string
-	con        *grpc.ClientConn
-	client     protocol.UIClient
+	stats        *statistics.Statistics
+	socketPath   string
+	isUnixSocket bool
+	con          *grpc.ClientConn
+	client       protocol.UIClient
 }

 func NewClient(path string, stats *statistics.Statistics) *Client {
 	c := &Client{
-		socketPath: path,
-		stats:      stats,
+		socketPath:   path,
+		stats:        stats,
+		isUnixSocket: false,
 	}
+	if strings.HasPrefix(c.socketPath, "unix://") == true {
+		c.isUnixSocket = true
+		c.socketPath = c.socketPath[7:]
+	}
+
 	go c.poller()
 	return c
 }
@ -91,10 +99,15 @@ func (c *Client) connect() (err error) {
 		return
 	}

-	c.con, err = grpc.Dial(c.socketPath, grpc.WithInsecure(),
-		grpc.WithDialer(func(addr string, timeout time.Duration) (net.Conn, error) {
-			return net.DialTimeout("unix", addr, timeout)
-		}))
+	if c.isUnixSocket {
+		c.con, err = grpc.Dial(c.socketPath, grpc.WithInsecure(),
+			grpc.WithDialer(func(addr string, timeout time.Duration) (net.Conn, error) {
+				return net.DialTimeout("unix", addr, timeout)
+			}))
+	} else {
+		c.con, err = grpc.Dial(c.socketPath, grpc.WithInsecure())
+	}
+
 	if err != nil {
 		c.con = nil
 		return err
--- a/ui/main.py
+++ b/ui/main.py
@ -25,7 +25,7 @@ def on_exit():

 if __name__ == '__main__':
    parser = argparse.ArgumentParser(description='OpenSnitch UI service.')
-    parser.add_argument("--socket", dest="socket", default="opensnitch-ui.sock", help="Path of the unix socket for the gRPC service.", metavar="FILE")
+    parser.add_argument("--socket", dest="socket", default="unix:///tmp/osui.sock", help="Path of the unix socket for the gRPC service (https://github.com/grpc/grpc/blob/master/doc/naming.md).", metavar="FILE")

    args = parser.parse_args()

@ -36,8 +36,12 @@ if __name__ == '__main__':

    ui_pb2_grpc.add_UIServicer_to_server(service, server)
    
-    socket = os.path.abspath(args.socket)
-    server.add_insecure_port("unix:%s" % socket)
+    if args.socket.startswith("unix://"):
+        socket = args.socket[7:]
+        socket = os.path.abspath(socket)
+        server.add_insecure_port("unix:%s" % socket)
+    else:
+        server.add_insecure_port(args.socket)

    # https://stackoverflow.com/questions/5160577/ctrl-c-doesnt-work-with-pyqt
    signal.signal(signal.SIGINT, signal.SIG_DFL)