Closed Ph0rk0z closed 1 year ago
Hi @Ph0rk0z ,
The daemon should run regardless if the ebpf modules work or not. If they don't work, the daemon should fallback to "proc" and keep working.
Could you restart the daemon, and post the output of journalctl -ar
? -> service opensnitchd stop
-> service opensnitchd start
Post also please the log file /var/log/opensnitchd.log
There should be errors on why the daemon is not running.
The daemon is running. I am using it now and getting a lot of alerts on port 0. Just the UI can't save settings for the daemon.
The log has nothing of note in it, only UI connecting and new rules being created. EBPF is even working when manually set via the systemd file.
I'll check the journal.
Nothing but it starting in journal. opensnitch.log in case it help: https://pastebin.com/zJjiQTmg
I had the same issue a while ago after changing the address of /tmp/osui.sock and then upgrading. I fixed it by deleting ~/.config/opensnitch/settings.conf and restarting opensnitch. Can you try that?
I tried and it still does the same thing.
ok, the daemon is running.
Please, change the LogLevel value to 0 in /etc/opensnitchd/default-config.json
, and restart the daemon (service ... stop; service ... start; don't use service ... restart)
On the other hand, close the GUI, and launch it from a terminal to see if there's any errors dumped to stdout: $ opensnitch-ui
In the log file /var/log/opensnitchd.log
there should be a line like this one:
INF Connected to the UI service on /run/user/1000/opensnitch//osui.sock
It's only printed with LogLevel to 1, so with 0 it should be printed out.
And when launching the GUI from a terminal, you should see a message like this one:
Using server address: unix:///run/user/1000/opensnitch//osui.sock
Also, please, post the value of the "Address" field of your /etc/opensnitchd/default-config.json.
opensnitchd]$ opensnitch-ui
~ OpenSnitch GUI - 1.6.0-rc5 ~
protobuf: 4.21.12 - grpc: 1.52.1
--------------------------------------------------
Using server address: unix:///tmp/osui.sock
is new file, or IN MEMORY, setting initial schema version
setting schema version to: 2
setting schema version to: 2
schema version: 2
db schema is up to date
Loading translations: /usr/lib/python3.10/site-packages/opensnitch/utils/../i18n locale: en_US
using IPASN DB: /usr/lib/python3.10/site-packages/pyasn/data/ipasn_20140513_v12.dat.gz
exception loading ipasn db: [Errno 2] No such file or directory: '/usr/lib/python3.10/site-packages/pyasn/data/ipasn_20140513_v12.dat.gz'
Install python3-pyasn to display IP's network name.
new node connected, listening for client responses... /local
{
"Server":
{
"Address":"unix:///tmp/osui.sock",
"LogFile":"/var/log/opensnitchd.log"
},
"DefaultAction": "allow",
"DefaultDuration": "once",
"InterceptUnknown": true,
"ProcMonitorMethod": "ebpf",
"LogLevel": 1,
"Firewall": "nftables",
"Stats": {
"MaxEvents": 150,
"MaxStats": 25,
"Workers": 6
}
}
[2023-03-21 22:38:38] IMP Got signal: terminated
[2023-03-21 22:38:38] INF Cleaning up ...
[2023-03-21 22:38:38] INF exit checking firewall rules
[2023-03-21 22:38:39] INF Client.poller() exit, Done()
[2023-03-21 22:38:39] INF uiClient exit
[2023-03-21 22:38:44] WAR queue stuck, closing by timeout
[2023-03-21 22:38:44] WAR Queue.destroy(), nfq_close() not closed: -1
[2023-03-21 22:38:44] IMP Start writing logs to /var/log/opensnitchd.log
[2023-03-21 22:38:44] INF [eBPF] module loaded: /usr/lib/opensnitchd/ebpf/opensnitch.o
[2023-03-21 22:38:44] INF [eBPF] module loaded: /usr/lib/opensnitchd/ebpf/opensnitch-procs.o
[2023-03-21 22:38:44] INF Process monitor method ebpf
[2023-03-21 22:38:44] INF Stats, max events: 25, max stats: 150, max workers: 6
[2023-03-21 22:38:44] INF nftables config changed, reloading
[2023-03-21 22:38:44] INF fw configuration loaded
[2023-03-21 22:38:44] INF Using nftables firewall
[2023-03-21 22:38:44] WAR Unable to use systemd-resolved monitor: /run/systemd/resolve/io.systemd.Resolve.Monitor doesn't exist
[2023-03-21 22:38:44] INF Running on netfilter queue #0 ...
[2023-03-21 22:38:44] INF [eBPF] module loaded: /usr/lib/opensnitchd/ebpf/opensnitch-dns.o
[2023-03-21 22:38:45] INF Connected to the UI service on /tmp/osui.sock
[2023-03-21 22:38:45] IMP UI connected, dispathing queued alerts: 0
[2023-03-21 22:38:45] INF Start receiving notifications
[2023-03-21 22:43:43] DBG eBPF error in dumping TCPv6 sockets via netlink: Warning, no message nor error from netlink, or no connections found
cat: /run/user/1000/opensitch/osui.sock: No such file or directory
But there is empty opensnitch folder. and osui.sock remain in /tmp
Also notifications must be set to system and don't clear.
Thank you for the logs @Ph0rk0z . This problem is what @pizzadude mentioned:
"new node connected, listening for client responses... /local"
For some reason, the library gRPC reports the address of the daemon as "/local" instead of "/tmp/osui.sock". I thought this was cause by old grpc libs, and that it was already fixed https://github.com/evilsocket/opensnitch/blob/816496ae72764912aa40ac78192877e3da73de45/ui/opensnitch/nodes.py#L190-L193
But according to the logs, everything seems to be working. So.. hmm, is the opensnitch-ui process consuming 100% of the CPU?
CPU usage seems to be fine. I already regenerated a new settings like he did and didn't help.
Using local didn't work.
ok, issue reproduced installing grpcio 1.52.0. But the daemon shows up on the GUI and I can save settings from the GUI:
Can you install grpcio 1.44.0 as your regular user and launch the GUI again?:
$ pip3 install --user grpcio==1.44.0
$ opensnitch-ui
what AUR package did you use by the way?
Also be sure that there's only one opensnitch-ui
binary installed: $ whereis opensnitch-ui
I used : https://aur.archlinux.org/packages/opensnitch-git and https://aur.archlinux.org/packages/opensnitch-ebpf-module-git
Downgraded grcpio and grcpio-tools to 1.44 but no change :(
edit: only one opensnitch-ui pops up
~Sorry @Ph0rk0z , just to be clear: do you see connections on the GUI and pop-ups to allow/deny connections? On the tab Nodes is there any node connected? or nothing at all, "Status: not running" and that's all.~
~I ask it because I have reproduced it again on another system, but everything seems to work fine except that unix:/local
, the address of the daemon does not appear on the Preferences dialog, so they cant be saved.~
Nevermind, it's caused by another reason.
Yup popups work just fine.. everything except saving.
hmmmmm, see if this combobox is empty or not (it should be unix:/local in your case):
If it's empty, please, reinstall again opensnitch-git aur package, I added a change to solve that problem.
Yea.. that one is empty. I will try it next.
Ok.. I have tried the new fix and it works again. Thank you!
hello @gustavo-iniguez-goya i have the same problem on arch. i found that i'm on "proc" to "ebpf" and when switching to ebpf i get bellow msg
i'm on
opensnitch-ebpf-module 1.6.5-2 https://aur.archlinux.org/packages/opensnitch-ebpf-module opensnitch-git 1.6.0rc5.r84.e1afd24-2 https://aur.archlinux.org/packages/opensnitch-git
Describe the bug After updating arch, the opensnitch UI would not start. I decided to build from AUR.
I have kernel 6.2 so at first I get incompatible kernel error about the k-module on boot. Switched to 6.1 LTS and that went away.
Unfortunately now I see
there's no nodes connected
when hitting apply. I see rules and everything else. but it appears to have stayed fallen back to /proc. Changing the logging level doesn't apply either. I can hit save in the UI but then when I restart it, the same settings are back.Manually editing the settings in /etc may have done something or not because the log looks normal and doesn't mention the module.
To Reproduce Compile EPBF arch package and opensnitch from AUR.
Go to settings -> nodes and try to hit apply.
Expected behavior (optional)
Nodes page saves and is persistent.
Edit: I am able to get epbf to work when I manually add monitoring method to the systemd file. So my module is fine.