Develop the new client

[vikman90]

Parent issue:

• https://github.com/wazuh/wazuh/issues/22677

Description

Following the completion of the spike on agent-manager communication, the next step is to implement a functional client for this new protocol. This client will establish a fully functional communication and handshake with the server, transmit queue information, and leave the interface open for the addition of other modules.

Functional requirements

1. Connect to the server.
2. Register and obtain a UUID.
3. Authenticate and acquire a token.
4. Send data using that token. Let such data persist in the agent until it receives a 200 code from the server. a. Stateful. b. Stateless.
5. Query commands that the server needs to send to the agent.
6. Resilience: reconnect to the server if the connection is lost.
7. Multitasking: support multiple concurrent connections.
8. Read options from a configuration file.
9. Work alongside the queue system.

Implementation restrictions

1. We will adhere to the restrictions declared in issue #1.
2. The configuration will be in TOML format.
3. The configuration will be parsed in a separate component, such as ConfigParser.
4. Support for multiple communications will preferably be implemented without multithreading, using coroutines or similar.
5. If possible, use C++20.

Plan

1. Start from the PoC developed in issue #1.
2. Agree on the queue interface: #2.
3. Agree on the command manager interface: #4.
4. Investigate if all target platforms support C++20 with GCC and Clang.
5. Design and implement a configuration manager.
6. Integrate with the migration of the Inventory module (MVP at https://github.com/wazuh/wazuh/issues/22887).
7. If necessary, implement a "Dummy" module for testing purposes.

Subtasks

• https://github.com/wazuh/wazuh-agent/issues/24
• https://github.com/wazuh/wazuh-agent/issues/25
• https://github.com/wazuh/wazuh-agent/issues/26

[aritosteles]

Compatibility with gcc 10

The following OS have been tested and they either have a package for gcc10 or gcc10 has been built successfully.

• Debian 10
• Ubuntu 16.04
• Amazon Linux 1
• openSUSE 15
• SUSE 15 - there are packages for gcc12 and gcc13
• MacOS 14
• AlmaLinux 8
• Rocky Linux 8
• RHEL 6
• CentOS 6

[vikman90]

C++20 concepts vs inheritance

I've conducted a trial to model a module pool in C++, aiming to create a class capable of managing references to all modules, starting them, and facilitating communication.

To achieve this, I explored two approaches:

• Inheritance: Introducing an IRunnable interface where modules inherit and implement it.
• Concepts: Utilizing a Runnable concept, with the pool restricting parameters to this concept.

Initially, conceptual constraints seemed preferable over inheritance to ensure each module remains independent of the "Module" definition. However, I noted that using a std::vector<std::any> container — akin to the classic void*[] in C — introduces excessive generality. This approach necessitates runtime type inference for each module access operation, thereby:

• Missing compile-time error detection.
• Incurring slight runtime overhead for type inference, contrary to our aim of avoiding vtables from inheritance.

Moreover, relying on concepts does not entirely decouple modules from the Agent component, as they still need to interact via the Pool if inter-module communication is desired.

Code

inheritance.cpp

```cpp #include #include #include class IRunnable { public: virtual void run() = 0; virtual ~IRunnable() = default; }; class LogCollector : public IRunnable { public: void run() override { std::cout << "LogCollector is running" << std::endl; } }; class FIM : public IRunnable { public: void run() override { std::cout << "FIM is running" << std::endl; } }; class Pool { public: void addRunnable(std::shared_ptr runnable) { runnables.push_back(runnable); } void executeAll() { for (auto& runnable : runnables) { runnable->run(); } } private: std::vector> runnables; }; int main() { auto logcollector = std::make_shared(); auto fim = std::make_shared(); Pool pool; pool.addRunnable(logcollector); pool.addRunnable(fim); pool.executeAll(); return 0; } ```

concept.cpp

```cpp #include #include #include #include #include template concept Runnable = requires(T t) { { t.run() } -> std::same_as; }; class LogCollector { public: void run() { std::cout << "LogCollector is running" << std::endl; } }; class FIM { public: void run() { std::cout << "FIM is running" << std::endl; } }; class Pool { public: template void addRunnable(T obj) { runnables.push_back(std::make_any(std::move(obj))); } void executeAll() { for (auto& a : runnables) { try { if (a.type() == typeid(LogCollector)) { std::any_cast(a).run(); } else if (a.type() == typeid(FIM)) { std::any_cast(a).run(); } else { std::cerr << "ERROR: Incompatible element." << std::endl; } } catch (const std::bad_any_cast&) { std::cerr << "ERROR: Incompatible element." << std::endl; } } } private: std::vector runnables; }; int main() { Pool pool; LogCollector logcollector; FIM fim; pool.addRunnable(logcollector); pool.addRunnable(fim); pool.executeAll(); return 0; } ```

Conclusion

Inheritance	Concepts
Pros	Simpler container setup. Agent independence from individual module definitions.	Module definition detached from Agent during instantiation.
Cons	Each module inherits Module, causing vtable overhead. Dependency of Agent on each module.	Agent dependency on each module persists.

If my analysis holds true, IMHO, I'm inclined towards using inheritance.

[jr0me]

Update: Compatibility with gcc 10

• Fedora 40 :green_circle:

The process to compile gcc10 on Fedora 40 was not straight forward, gcc 10.5 worked but not previous versions. It was necessary to compile GCC with options --enable-version-specific-runtime-libs. Then the example code with coroutines also needed the additional option -static-libgcc as the linker stage failed to find libgcc.

GCC14 is available out of the box nonetheless.

[vikman90]

C++20 concepts vs inheritance (update)

I have further developed a new proposal for the approach using concepts: I introduced wrappers for each module. The addModule() function, which creates the wrappers, is a template function that uses concepts. This way, we achieve decoupling each module class from the module definition.

However, in this proposal, each module must receive a Configuration object to establish its configuration. This object must be created by some configuration parser.

Code

Below, I present the two updated approaches with exactly the same behavior:

inheritance.cpp using an abstract base class

```cpp #include #include

wrapper.cpp using a wrapper and concepts

```cpp #include #include #include

Conclusion

In conclusion, here is the updated table of pros and cons:

Inheritance	Wrapper (concepts)
Pros	The agent can transparently receive modules.	Modules are developed independently from the module pool.
Cons	Dependency on the base class. Slight runtime overhead due to vtable usage.	The pool must maintain each module. Slight compilation overhead due to templates, and increased binary size.

Tremendous thanks to @gdiazlo and @dwordcito for their collaboration in this research.

[jr0me]

Update on implementation restriction no. 4

After investigating the implementation restriction of supporting multiple communications without multithreading, I explored the use of coroutines. Coroutines allow for non-blocking operations by suspending and resuming execution, which can efficiently manage asynchronous tasks. However, achieving true multitasking and supporting multiple concurrent connections may still require an underlying mechanism, such as an event loop or a thread pool, to effectively handle these connections concurrently.

Here's a test using cppcoro (https://github.com/lewissbaker/cppcoro): https://github.com/wazuh/wazuh-agent/commit/726a2997840a88eb32fdba752a17650153e39d3a which implements a task pool using coroutines and threads.