There're no nodes connected, can't save settings.

Ph0rk0z commented 1 year ago

Describe the bug After updating arch, the opensnitch UI would not start. I decided to build from AUR.

I have kernel 6.2 so at first I get incompatible kernel error about the k-module on boot. Switched to 6.1 LTS and that went away.

Unfortunately now I see there's no nodes connected when hitting apply. I see rules and everything else. but it appears to have stayed fallen back to /proc. Changing the logging level doesn't apply either. I can hit save in the UI but then when I restart it, the same settings are back.

Manually editing the settings in /etc may have done something or not because the log looks normal and doesn't mention the module.

To Reproduce Compile EPBF arch package and opensnitch from AUR.

Go to settings -> nodes and try to hit apply.

Expected behavior (optional)

Nodes page saves and is persistent.

Edit: I am able to get epbf to work when I manually add monitoring method to the systemd file. So my module is fine.

gustavo-iniguez-goya commented 1 year ago

Hi @Ph0rk0z ,

The daemon should run regardless if the ebpf modules work or not. If they don't work, the daemon should fallback to "proc" and keep working.

Could you restart the daemon, and post the output of journalctl -ar? -> service opensnitchd stop -> service opensnitchd start Post also please the log file /var/log/opensnitchd.log

There should be errors on why the daemon is not running.

Ph0rk0z commented 1 year ago

The daemon is running. I am using it now and getting a lot of alerts on port 0. Just the UI can't save settings for the daemon.

The log has nothing of note in it, only UI connecting and new rules being created. EBPF is even working when manually set via the systemd file.

I'll check the journal.

Nothing but it starting in journal. opensnitch.log in case it help: https://pastebin.com/zJjiQTmg

pizzadude commented 1 year ago

I had the same issue a while ago after changing the address of /tmp/osui.sock and then upgrading. I fixed it by deleting ~/.config/opensnitch/settings.conf and restarting opensnitch. Can you try that?

Ph0rk0z commented 1 year ago

I tried and it still does the same thing.

gustavo-iniguez-goya commented 1 year ago

ok, the daemon is running.

Please, change the LogLevel value to 0 in /etc/opensnitchd/default-config.json, and restart the daemon (service ... stop; service ... start; don't use service ... restart)

On the other hand, close the GUI, and launch it from a terminal to see if there's any errors dumped to stdout: $ opensnitch-ui

gustavo-iniguez-goya commented 1 year ago

In the log file /var/log/opensnitchd.log there should be a line like this one:

INF Connected to the UI service on /run/user/1000/opensnitch//osui.sock

It's only printed with LogLevel to 1, so with 0 it should be printed out.

And when launching the GUI from a terminal, you should see a message like this one:

Using server address: unix:///run/user/1000/opensnitch//osui.sock

Also, please, post the value of the "Address" field of your /etc/opensnitchd/default-config.json.

Ph0rk0z commented 1 year ago

opensnitchd]$ opensnitch-ui
         ~ OpenSnitch GUI - 1.6.0-rc5 ~
        protobuf: 4.21.12 - grpc: 1.52.1
-------------------------------------------------- 

Using server address: unix:///tmp/osui.sock
is new file, or IN MEMORY, setting initial schema version
setting schema version to: 2
setting schema version to: 2
schema version: 2
db schema is up to date
Loading translations: /usr/lib/python3.10/site-packages/opensnitch/utils/../i18n locale: en_US
using IPASN DB: /usr/lib/python3.10/site-packages/pyasn/data/ipasn_20140513_v12.dat.gz
exception loading ipasn db: [Errno 2] No such file or directory: '/usr/lib/python3.10/site-packages/pyasn/data/ipasn_20140513_v12.dat.gz'
Install python3-pyasn to display IP's network name.
new node connected, listening for client responses... /local

{
    "Server":
    {
        "Address":"unix:///tmp/osui.sock",
        "LogFile":"/var/log/opensnitchd.log"
    },
    "DefaultAction": "allow",
    "DefaultDuration": "once",
    "InterceptUnknown": true,
    "ProcMonitorMethod": "ebpf",
    "LogLevel": 1,
    "Firewall": "nftables",
    "Stats": {
        "MaxEvents": 150,
        "MaxStats": 25,
        "Workers": 6
    }
}

[2023-03-21 22:38:38]  IMP  Got signal: terminated
[2023-03-21 22:38:38]  INF  Cleaning up ...
[2023-03-21 22:38:38]  INF  exit checking firewall rules
[2023-03-21 22:38:39]  INF  Client.poller() exit, Done()
[2023-03-21 22:38:39]  INF  uiClient exit
[2023-03-21 22:38:44]  WAR  queue stuck, closing by timeout
[2023-03-21 22:38:44]  WAR  Queue.destroy(), nfq_close() not closed: -1
[2023-03-21 22:38:44]  IMP  Start writing logs to /var/log/opensnitchd.log
[2023-03-21 22:38:44]  INF  [eBPF] module loaded: /usr/lib/opensnitchd/ebpf/opensnitch.o
[2023-03-21 22:38:44]  INF  [eBPF] module loaded: /usr/lib/opensnitchd/ebpf/opensnitch-procs.o
[2023-03-21 22:38:44]  INF  Process monitor method ebpf
[2023-03-21 22:38:44]  INF  Stats, max events: 25, max stats: 150, max workers: 6
[2023-03-21 22:38:44]  INF  nftables config changed, reloading
[2023-03-21 22:38:44]  INF  fw configuration loaded
[2023-03-21 22:38:44]  INF  Using nftables firewall
[2023-03-21 22:38:44]  WAR  Unable to use systemd-resolved monitor: /run/systemd/resolve/io.systemd.Resolve.Monitor doesn't exist
[2023-03-21 22:38:44]  INF  Running on netfilter queue #0 ...
[2023-03-21 22:38:44]  INF  [eBPF] module loaded: /usr/lib/opensnitchd/ebpf/opensnitch-dns.o
[2023-03-21 22:38:45]  INF  Connected to the UI service on /tmp/osui.sock
[2023-03-21 22:38:45]  IMP  UI connected, dispathing queued alerts: 0
[2023-03-21 22:38:45]  INF  Start receiving notifications

[2023-03-21 22:43:43]  DBG  eBPF error in dumping TCPv6 sockets via netlink: Warning, no message nor error from netlink, or no connections found

cat: /run/user/1000/opensitch/osui.sock: No such file or directory

But there is empty opensnitch folder. and osui.sock remain in /tmp

Also notifications must be set to system and don't clear.

gustavo-iniguez-goya commented 1 year ago

Thank you for the logs @Ph0rk0z . This problem is what @pizzadude mentioned:

"new node connected, listening for client responses... /local"

For some reason, the library gRPC reports the address of the daemon as "/local" instead of "/tmp/osui.sock". I thought this was cause by old grpc libs, and that it was already fixed https://github.com/evilsocket/opensnitch/blob/816496ae72764912aa40ac78192877e3da73de45/ui/opensnitch/nodes.py#L190-L193

But according to the logs, everything seems to be working. So.. hmm, is the opensnitch-ui process consuming 100% of the CPU?

Ph0rk0z commented 1 year ago

CPU usage seems to be fine. I already regenerated a new settings like he did and didn't help.

Using local didn't work.

gustavo-iniguez-goya commented 1 year ago

ok, issue reproduced installing grpcio 1.52.0. But the daemon shows up on the GUI and I can save settings from the GUI:

Can you install grpcio 1.44.0 as your regular user and launch the GUI again?:

$ pip3 install --user grpcio==1.44.0
$ opensnitch-ui

what AUR package did you use by the way?

Also be sure that there's only one opensnitch-ui binary installed: $ whereis opensnitch-ui

Ph0rk0z commented 1 year ago

I used : https://aur.archlinux.org/packages/opensnitch-git and https://aur.archlinux.org/packages/opensnitch-ebpf-module-git

Downgraded grcpio and grcpio-tools to 1.44 but no change :(

edit: only one opensnitch-ui pops up

gustavo-iniguez-goya commented 1 year ago

~Sorry @Ph0rk0z , just to be clear: do you see connections on the GUI and pop-ups to allow/deny connections? On the tab Nodes is there any node connected? or nothing at all, "Status: not running" and that's all.~

~I ask it because I have reproduced it again on another system, but everything seems to work fine except that unix:/local, the address of the daemon does not appear on the Preferences dialog, so they cant be saved.~

Nevermind, it's caused by another reason.

Ph0rk0z commented 1 year ago

Yup popups work just fine.. everything except saving.

gustavo-iniguez-goya commented 1 year ago

hmmmmm, see if this combobox is empty or not (it should be unix:/local in your case):