Restructure modules (#1572)

* Move portbase into monorepo * Add new simple module mgr * [WIP] Switch to new simple module mgr * Add StateMgr and more worker variants * [WIP] Switch more modules * [WIP] Switch more modules * [WIP] swtich more modules * [WIP] switch all SPN modules * [WIP] switch all service modules * [WIP] Convert all workers to the new module system * [WIP] add new task system to module manager * [WIP] Add second take for scheduling workers * [WIP] Add FIXME for bugs in new scheduler * [WIP] Add minor improvements to scheduler * [WIP] Add new worker scheduler * [WIP] Fix more bug related to new module system * [WIP] Fix start handing of the new module system * [WIP] Improve startup process * [WIP] Fix minor issues * [WIP] Fix missing subsystem in settings * [WIP] Initialize managers in constructor * [WIP] Move module event initialization to constrictors * [WIP] Fix setting for enabling and disabling the SPN module * [WIP] Move API registeration into module construction * [WIP] Update states mgr for all modules * [WIP] Add CmdLine operation support * Add state helper methods to module group and instance * Add notification and module status handling to status package * Fix starting issues * Remove pilot widget and update security lock to new status data * Remove debug logs * Improve http server shutdown * Add workaround for cleanly shutting down firewall+netquery * Improve logging * Add syncing states with notifications for new module system * Improve starting, stopping, shutdown; resolve FIXMEs/TODOs * [WIP] Fix most unit tests * Review new module system and fix minor issues * Push shutdown and restart events again via API * Set sleep mode via interface * Update example/template module * [WIP] Fix spn/cabin unit test * Remove deprecated UI elements * Make log output more similar for the logging transition phase * Switch spn hub and observer cmds to new module system * Fix log sources * Make worker mgr less error prone * Fix tests and minor issues * Fix observation hub * Improve shutdown and restart handling * Split up big connection.go source file * Move varint and dsd packages to structures repo * Improve expansion test * Fix linter warnings * Fix interception module on windows * Fix linter errors --------- Co-authored-by: Vladimir Stoilov <vladimir@safing.io>
2024-08-09 17:15:48 +02:00
parent 10a77498f4
commit 80664d1a27
647 changed files with 37690 additions and 3366 deletions
--- a/service/firewall/module.go
+++ b/service/firewall/module.go
@@ -1,17 +1,19 @@
 package firewall

 import (
-	"context"
+	"errors"
 	"flag"
 	"fmt"
 	"path/filepath"
 	"strings"
+	"sync/atomic"
+	"time"

-	"github.com/safing/portbase/config"
-	"github.com/safing/portbase/log"
-	"github.com/safing/portbase/modules"
-	"github.com/safing/portbase/modules/subsystems"
+	"github.com/safing/portmaster/base/config"
+	"github.com/safing/portmaster/base/log"
 	_ "github.com/safing/portmaster/service/core"
+	"github.com/safing/portmaster/service/mgr"
+	"github.com/safing/portmaster/service/netquery"
 	"github.com/safing/portmaster/service/network"
 	"github.com/safing/portmaster/service/profile"
 	"github.com/safing/portmaster/spn/access"
@@ -29,132 +31,97 @@ func (ss *stringSliceFlag) Set(value string) error {
 	return nil
 }

-var (
-	module         *modules.Module
-	allowedClients stringSliceFlag
-)
+var allowedClients stringSliceFlag
+
+type Firewall struct {
+	mgr *mgr.Manager
+
+	instance instance
+}

 func init() {
-	module = modules.Register("filter", prep, start, stop, "core", "interception", "intel", "netquery")
-	subsystems.Register(
-		"filter",
-		"Privacy Filter",
-		"DNS and Network Filter",
-		module,
-		"config:filter/",
-		nil,
-	)
-
 	flag.Var(&allowedClients, "allowed-clients", "A list of binaries that are allowed to connect to the Portmaster API")
 }

+func (f *Firewall) Manager() *mgr.Manager {
+	return f.mgr
+}
+
+func (f *Firewall) Start() error {
+	if err := prep(); err != nil {
+		log.Errorf("Failed to prepare firewall module %q", err)
+		return err
+	}
+
+	return start()
+}
+
+func (f *Firewall) Stop() error {
+	// Cancel all workers and give them a little time.
+	// The bandwidth updater can crash the sqlite DB for some reason.
+	// TODO: Investigate.
+	f.mgr.Cancel()
+	time.Sleep(100 * time.Millisecond)
+
+	return stop()
+}
+
 func prep() error {
 	network.SetDefaultFirewallHandler(defaultFirewallHandler)

 	// Reset connections every time configuration changes
 	// this will be triggered on spn enable/disable
-	err := module.RegisterEventHook(
-		"config",
-		config.ChangeEvent,
-		"reset connection verdicts after global config change",
-		func(ctx context.Context, _ interface{}) error {
-			resetAllConnectionVerdicts()
-			return nil
-		},
-	)
-	if err != nil {
-		log.Errorf("filter: failed to register event hook: %s", err)
-	}
+	module.instance.Config().EventConfigChange.AddCallback("reset connection verdicts after global config change", func(w *mgr.WorkerCtx, _ struct{}) (bool, error) {
+		resetAllConnectionVerdicts()
+		return false, nil
+	})

-	// Reset connections every time profile changes
-	err = module.RegisterEventHook(
-		"profiles",
-		profile.ConfigChangeEvent,
-		"reset connection verdicts after profile config change",
-		func(ctx context.Context, eventData interface{}) error {
+	module.instance.Profile().EventConfigChange.AddCallback("reset connection verdicts after profile config change",
+		func(m *mgr.WorkerCtx, profileID string) (bool, error) {
 			// Expected event data: scoped profile ID.
-			profileID, ok := eventData.(string)
-			if !ok {
-				return fmt.Errorf("event data is not a string: %v", eventData)
-			}
 			profileSource, profileID, ok := strings.Cut(profileID, "/")
 			if !ok {
-				return fmt.Errorf("event data does not seem to be a scoped profile ID: %v", eventData)
+				return false, fmt.Errorf("event data does not seem to be a scoped profile ID: %v", profileID)
 			}

 			resetProfileConnectionVerdict(profileSource, profileID)
-			return nil
+			return false, nil
 		},
 	)
-	if err != nil {
-		log.Errorf("filter: failed to register event hook: %s", err)
-	}

 	// Reset connections when spn is connected
 	// connect and disconnecting is triggered on config change event but connecting takеs more time
-	err = module.RegisterEventHook(
-		"captain",
-		captain.SPNConnectedEvent,
-		"reset connection verdicts on SPN connect",
-		func(ctx context.Context, _ interface{}) error {
-			resetAllConnectionVerdicts()
-			return nil
-		},
-	)
-	if err != nil {
-		log.Errorf("filter: failed to register event hook: %s", err)
-	}
+	module.instance.Captain().EventSPNConnected.AddCallback("reset connection verdicts on SPN connect", func(wc *mgr.WorkerCtx, s struct{}) (cancel bool, err error) {
+		resetAllConnectionVerdicts()
+		return false, err
+	})

 	// Reset connections when account is updated.
 	// This will not change verdicts, but will update the feature flags on connections.
-	err = module.RegisterEventHook(
-		"access",
-		access.AccountUpdateEvent,
-		"update connection feature flags after account update",
-		func(ctx context.Context, _ interface{}) error {
-			resetAllConnectionVerdicts()
-			return nil
-		},
-	)
-	if err != nil {
-		log.Errorf("filter: failed to register event hook: %s", err)
-	}
+	module.instance.Access().EventAccountUpdate.AddCallback("update connection feature flags after account update", func(wc *mgr.WorkerCtx, s struct{}) (cancel bool, err error) {
+		resetAllConnectionVerdicts()
+		return false, err
+	})

-	err = module.RegisterEventHook(
-		"network",
-		network.ConnectionReattributedEvent,
-		"reset verdict of re-attributed connection",
-		func(ctx context.Context, eventData interface{}) error {
-			// Expected event data: connection ID.
-			connID, ok := eventData.(string)
-			if !ok {
-				return fmt.Errorf("event data is not a string: %v", eventData)
-			}
-			resetSingleConnectionVerdict(connID)
-			return nil
-		},
-	)
-	if err != nil {
-		log.Errorf("filter: failed to register event hook: %s", err)
-	}
+	module.instance.Network().EventConnectionReattributed.AddCallback("reset connection verdicts after connection re-attribution", func(wc *mgr.WorkerCtx, connID string) (cancel bool, err error) {
+		// Expected event data: connection ID.
+		resetSingleConnectionVerdict(connID)
+		return false, err
+	})

-	if err := registerConfig(); err != nil {
-		return err
-	}
-
-	return prepAPIAuth()
+	return nil
 }

 func start() error {
 	getConfig()
 	startAPIAuth()

-	module.StartServiceWorker("packet handler", 0, packetHandler)
-	module.StartServiceWorker("bandwidth update handler", 0, bandwidthUpdateHandler)
+	module.mgr.Go("packet handler", packetHandler)
+	module.mgr.Go("bandwidth update handler", bandwidthUpdateHandler)

 	// Start stat logger if logging is set to trace.
 	if log.GetLogLevel() == log.TraceLevel {
-		module.StartServiceWorker("stat logger", 0, statLogger)
+		module.mgr.Go("stat logger", statLogger)
 	}

 	return nil
@@ -163,3 +130,39 @@ func start() error {
 func stop() error {
 	return nil
 }
+
+var (
+	module     *Firewall
+	shimLoaded atomic.Bool
+)
+
+func New(instance instance) (*Firewall, error) {
+	if !shimLoaded.CompareAndSwap(false, true) {
+		return nil, errors.New("only one instance allowed")
+	}
+
+	m := mgr.New("Firewall")
+	module = &Firewall{
+		mgr:      m,
+		instance: instance,
+	}
+
+	if err := prepAPIAuth(); err != nil {
+		return nil, err
+	}
+
+	if err := registerConfig(); err != nil {
+		return nil, err
+	}
+
+	return module, nil
+}
+
+type instance interface {
+	Config() *config.Config
+	Profile() *profile.ProfileModule
+	Captain() *captain.Captain
+	Access() *access.Access
+	Network() *network.Network
+	NetQuery() *netquery.NetQuery
+}