From c063bda70001a6db45ba621ddb10d53b75b738b5 Mon Sep 17 00:00:00 2001 From: Alexandr Stelnykovych Date: Fri, 24 Oct 2025 18:15:27 +0300 Subject: [PATCH 01/14] feat(WIP): add pause and resume functionality for Portmaster/SPN https://github.com/safing/portmaster/issues/2050 --- .../portmaster-api/src/lib/portapi.service.ts | 17 ++ service/compat/module.go | 21 +- service/control/api.go | 49 +++++ service/control/module.go | 74 +++++++ service/control/pause.go | 192 ++++++++++++++++++ .../interception/interception_linux.go | 5 + .../firewall/interception/introspection.go | 27 ++- service/firewall/interception/module.go | 22 +- service/instance.go | 7 + 9 files changed, 404 insertions(+), 10 deletions(-) create mode 100644 service/control/api.go create mode 100644 service/control/module.go create mode 100644 service/control/pause.go diff --git a/desktop/angular/projects/safing/portmaster-api/src/lib/portapi.service.ts b/desktop/angular/projects/safing/portmaster-api/src/lib/portapi.service.ts index a5676dd7..8c195e4f 100644 --- a/desktop/angular/projects/safing/portmaster-api/src/lib/portapi.service.ts +++ b/desktop/angular/projects/safing/portmaster-api/src/lib/portapi.service.ts @@ -167,6 +167,23 @@ export class PortapiService { }); } + /** Triggers a pause of the portmaster or SPN service + * @param duration The duration of the pause in seconds + * @param onlySPN Whether or not only the SPN should be paused + */ + pause(duration: number, onlySPN: boolean): Observable { + return this.http.post(`${this.httpEndpoint}/v1/control/pause`, { duration, onlySPN }, { + observe: 'response', + responseType: 'arraybuffer', + }); + } + /** Triggers a resume of the portmaster (and SPN) service */ + resume(): Observable { + return this.http.post(`${this.httpEndpoint}/v1/control/resume`, undefined, { + observe: 'response', + responseType: 'arraybuffer', + }); + } /** Force the portmaster to check for updates */ checkForUpdates(): Observable { return this.http.post(`${this.httpEndpoint}/v1/updates/check`, undefined, { diff --git a/service/compat/module.go b/service/compat/module.go index e6781c9b..a6fbfeb8 100644 --- a/service/compat/module.go +++ b/service/compat/module.go @@ -78,6 +78,8 @@ func prep() error { } func start() error { + isActive.Store(true) + startNotify() selfcheckNetworkChangedFlag.Refresh() @@ -92,13 +94,17 @@ func start() error { } func stop() error { - // selfcheckTask.Cancel() - // selfcheckTask = nil + isActive.Store(false) + resetSelfCheckState() return nil } func selfcheckTaskFunc(wc *mgr.WorkerCtx) error { + if !isActive.Load() { + return nil + } + // Create tracing logger. ctx, tracer := log.AddTracer(wc.Ctx()) defer tracer.Submit() @@ -138,12 +144,16 @@ func selfcheckTaskFunc(wc *mgr.WorkerCtx) error { } // Reset self-check state. + resetSelfCheckState() + + return nil +} + +func resetSelfCheckState() { selfcheckNetworkChangedFlag.Refresh() selfCheckIsFailing.UnSet() selfcheckFails = 0 resetSystemIssue() - - return nil } // SelfCheckIsFailing returns whether the self check is currently failing. @@ -156,6 +166,9 @@ func SelfCheckIsFailing() bool { var ( module *Compat shimLoaded atomic.Bool + // isActive is a simple shutdown flag to prevent self-check worker from executing during stop(). + // TODO: consider correct start/stop of the workers instead. + isActive atomic.Bool ) // New returns a new Compat module. diff --git a/service/control/api.go b/service/control/api.go new file mode 100644 index 00000000..a15ddb70 --- /dev/null +++ b/service/control/api.go @@ -0,0 +1,49 @@ +package control + +import ( + "net/http" + + "github.com/safing/portmaster/base/api" +) + +type pauseRequestParams struct { + Duration int `json:"duration"` // Duration in seconds + OnlySPN bool `json:"onlySPN"` // Whether to pause only the SPN service +} + +func (c *Control) registerAPIEndpoints() error { + + if err := api.RegisterEndpoint(api.Endpoint{ + Path: "control/pause", + Write: api.PermitAdmin, + ActionFunc: c.handlePause, + Name: "Pause Portmaster", + Description: "Pause the Portmaster Core Service.", + Parameters: []api.Parameter{ + { + Method: http.MethodPost, + Field: "duration", + Description: "Specify the duration to pause the service in seconds.", + }, + { + Method: http.MethodPost, + Field: "onlySPN", + Value: "false", + Description: "Specify whether to pause only the SPN service.", + }}, + }); err != nil { + return err + } + + if err := api.RegisterEndpoint(api.Endpoint{ + Path: "control/resume", + Write: api.PermitAdmin, + ActionFunc: c.handleResume, + Name: "Resume Portmaster", + Description: "Resume the Portmaster Core Service.", + }); err != nil { + return err + } + + return nil +} diff --git a/service/control/module.go b/service/control/module.go new file mode 100644 index 00000000..ce22d4a9 --- /dev/null +++ b/service/control/module.go @@ -0,0 +1,74 @@ +package control + +import ( + "fmt" + "sync" + "sync/atomic" + "time" + + "github.com/safing/portmaster/base/config" + "github.com/safing/portmaster/service/compat" + "github.com/safing/portmaster/service/firewall/interception" + "github.com/safing/portmaster/service/mgr" +) + +var logPrefix = "control: " + +type Control struct { + mgr *mgr.Manager + instance instance + + locker sync.Mutex + pauseWorker *mgr.WorkerMgr + isPaused bool + isPausedSPN bool + pauseStartTime time.Time + pauseDuration time.Duration +} + +type instance interface { + Config() *config.Config + Interception() *interception.Interception + Compat() *compat.Compat + SPNGroup() *mgr.ExtendedGroup +} + +var ( + singleton atomic.Bool +) + +func New(instance instance) (*Control, error) { + if !singleton.CompareAndSwap(false, true) { + return nil, fmt.Errorf("control: New failed: instance already created") + } + + mgr := mgr.New("Control") + module := &Control{ + mgr: mgr, + instance: instance, + } + if err := module.prep(); err != nil { + return nil, err + } + return module, nil +} + +func (c *Control) Manager() *mgr.Manager { + return c.mgr +} + +func (c *Control) Start() error { + return nil +} + +func (c *Control) Stop() error { + c.locker.Lock() + defer c.locker.Unlock() + c.stopResumeWorker() + + return nil +} + +func (c *Control) prep() error { + return c.registerAPIEndpoints() +} diff --git a/service/control/pause.go b/service/control/pause.go new file mode 100644 index 00000000..784f6be4 --- /dev/null +++ b/service/control/pause.go @@ -0,0 +1,192 @@ +package control + +import ( + "encoding/json" + "errors" + "fmt" + "time" + + "github.com/safing/portmaster/base/api" + "github.com/safing/portmaster/base/config" + "github.com/safing/portmaster/service/mgr" +) + +func (c *Control) handlePause(r *api.Request) (msg string, err error) { + params := pauseRequestParams{} + if r.InputData != nil { + if err := json.Unmarshal(r.InputData, ¶ms); err != nil { + return "Bad Request: invalid input data", err + } + } + + if params.OnlySPN { + c.mgr.Info(fmt.Sprintf("Received SPN PAUSE(%v) action request ", params.Duration)) + } else { + c.mgr.Info(fmt.Sprintf("Received PAUSE(%v) action request ", params.Duration)) + } + + if err := c.impl_pause(time.Duration(params.Duration)*time.Second, params.OnlySPN); err != nil { + return "Failed to pause", err + } + return "Pause initiated", nil +} + +func (c *Control) handleResume(_ *api.Request) (msg string, err error) { + c.mgr.Info("Received RESUME action request") + if err := c.impl_resume(); err != nil { + return "Failed to resume", err + } + return "Resume initiated", nil +} + +func (c *Control) impl_pause(duration time.Duration, onlySPN bool) (retErr error) { + c.locker.Lock() + defer c.locker.Unlock() + + if duration <= 0 { + return errors.New(logPrefix + "invalid pause duration") + } + + if onlySPN { + if c.isPaused { + return errors.New(logPrefix + "cannot pause SPN separately when core is paused") + } + if !c.isPausedSPN && !c.instance.SPNGroup().Ready() { + return errors.New(logPrefix + "cannot pause SPN when it is not running") + } + } + + c.stopResumeWorker() + defer func() { + if retErr == nil { + // start new resume worker (with new duration) if no error + c.startResumeWorker(duration) + } + }() + + if !c.isPausedSPN { + if c.instance.SPNGroup().Ready() { + + // TODO: the 'pause' state must not make permanent config changes. + // Consider possibility to not store permanent config changes. + // E.g. SPN enabled -> pause SPN -> restart PC/Portmaster -> SPN should be enabled again. + enabled := config.GetAsBool("spn/enable", false) + if enabled() { + config.SetConfigOption("spn/enable", false) + } + + // Alternatively, we could directly stop SPN here: + // if c.instance.IsShuttingDown() { + // c.mgr.Warn("Skipping pause during shutdown") + // return nil + // } + // err := c.instance.SPNGroup().Stop() + // if err != nil { + // return err + // } + // c.mgr.Info("SPN paused") + + c.isPausedSPN = true + } + } + + if onlySPN { + return nil + } + if c.isPaused { + return nil + } + + modulesToResume := []mgr.Module{ + c.instance.Compat(), + c.instance.Interception(), + } + for _, m := range modulesToResume { + if err := m.Stop(); err != nil { + return err + } + } + + c.mgr.Info("interception paused") + c.isPaused = true + + return nil +} + +func (c *Control) impl_resume() error { + c.locker.Lock() + defer c.locker.Unlock() + + c.stopResumeWorker() + + if c.isPausedSPN { + + // TODO: consider using event to handle "spn/enable" changes: + // module.instance.Config().EventConfigChange + enabled := config.GetAsBool("spn/enable", false) + if !enabled() { + config.SetConfigOption("spn/enable", true) + } + + // Alternatively, we could directly start SPN here: + // if c.instance.IsShuttingDown() { + // c.mgr.Warn("Skipping resume during shutdown") + // return nil + // } + // if !c.instance.SPNGroup().Ready() { + // err := c.instance.SPNGroup().Start() + // if err != nil { + // return err + // } + // c.mgr.Info("SPN resumed") + // } + + c.isPausedSPN = false + } + + if c.isPaused { + modulesToResume := []mgr.Module{ + c.instance.Interception(), + c.instance.Compat(), + } + + for _, m := range modulesToResume { + if err := m.Start(); err != nil { + return err + } + } + c.mgr.Info("interception resumed") + c.isPaused = false + } + + return nil +} + +// stopResumeWorker stops any existing resume worker. +// No thread safety, caller must hold c.locker. +func (c *Control) stopResumeWorker() { + c.pauseStartTime = time.Time{} + c.pauseDuration = 0 + + if c.pauseWorker != nil { + c.pauseWorker.Stop() + c.pauseWorker = nil + } +} + +// startResumeWorker starts a worker that will resume normal operation after the specified duration. +// No thread safety, caller must hold c.locker. +func (c *Control) startResumeWorker(duration time.Duration) { + c.pauseStartTime = time.Now() + c.pauseDuration = duration + + c.mgr.Info(fmt.Sprintf("Scheduling resume in %v", duration)) + + c.pauseWorker = c.mgr.NewWorkerMgr( + fmt.Sprintf("resume in %v", duration), + func(wc *mgr.WorkerCtx) error { + wc.Info("Resuming...") + return c.impl_resume() + }, + nil).Delay(duration) +} diff --git a/service/firewall/interception/interception_linux.go b/service/firewall/interception/interception_linux.go index 24109f48..1d71eb15 100644 --- a/service/firewall/interception/interception_linux.go +++ b/service/firewall/interception/interception_linux.go @@ -34,6 +34,11 @@ func startInterception(packets chan packet.Packet) error { // stop starts the interception. func stopInterception() error { + // TODO: stop ebpf workers gracefully + // E.g.: + // module.mgr.Cancel() + // <-m.Done() + return StopNfqueueInterception() } diff --git a/service/firewall/interception/introspection.go b/service/firewall/interception/introspection.go index 088a33c8..8f6fffe8 100644 --- a/service/firewall/interception/introspection.go +++ b/service/firewall/interception/introspection.go @@ -12,9 +12,7 @@ import ( var ( packetMetricsDestination string - metrics = &packetMetrics{ - done: make(chan struct{}), - } + metrics = &packetMetrics{} ) func init() { @@ -40,6 +38,10 @@ func (pm *packetMetrics) record(tp *tracedPacket, verdict string) { pm.l.Lock() defer pm.l.Unlock() + if pm.done == nil { + return + } + pm.records = append(pm.records, &performanceRecord{ start: start, duration: duration, @@ -48,6 +50,18 @@ func (pm *packetMetrics) record(tp *tracedPacket, verdict string) { }(tp.start.UnixNano(), time.Since(tp.start)) } +func (pm *packetMetrics) stop() { + pm.l.Lock() + defer pm.l.Unlock() + + if pm.done == nil { + return + } + + close(pm.done) + pm.done = nil +} + func (pm *packetMetrics) writeMetrics() { if packetMetricsDestination == "" { return @@ -62,9 +76,14 @@ func (pm *packetMetrics) writeMetrics() { _ = f.Close() }() + pm.l.Lock() + pm.done = make(chan struct{}) + done := pm.done + pm.l.Unlock() + for { select { - case <-pm.done: + case <-done: return case <-time.After(time.Second * 5): } diff --git a/service/firewall/interception/module.go b/service/firewall/interception/module.go index 63994c90..d05da9df 100644 --- a/service/firewall/interception/module.go +++ b/service/firewall/interception/module.go @@ -40,6 +40,7 @@ var ( BandwidthUpdates = make(chan *packet.BandwidthUpdate, 1000) disableInterception bool + isStarted atomic.Bool ) func init() { @@ -53,6 +54,10 @@ func start() error { return nil } + if !isStarted.CompareAndSwap(false, true) { + return nil // already running + } + inputPackets := Packets if packetMetricsDestination != "" { go metrics.writeMetrics() @@ -64,7 +69,16 @@ func start() error { }() } - return startInterception(inputPackets) + err := startInterception(inputPackets) + if err != nil { + log.Errorf("interception: failed to start module: %q", err) + log.Debug("interception: cleaning up after failed start...") + if e := stopInterception(); e != nil { + log.Debugf("interception: error cleaning up after failed start: %q", e.Error()) + } + isStarted.Store(false) + } + return err } // Stop starts the interception. @@ -73,7 +87,11 @@ func stop() error { return nil } - close(metrics.done) + if !isStarted.CompareAndSwap(true, false) { + return nil // not running + } + + metrics.stop() if err := stopInterception(); err != nil { log.Errorf("failed to stop interception module: %s", err) } diff --git a/service/instance.go b/service/instance.go index 5b148507..34e5609e 100644 --- a/service/instance.go +++ b/service/instance.go @@ -16,6 +16,7 @@ import ( "github.com/safing/portmaster/base/utils" "github.com/safing/portmaster/service/broadcasts" "github.com/safing/portmaster/service/compat" + "github.com/safing/portmaster/service/control" "github.com/safing/portmaster/service/core" "github.com/safing/portmaster/service/core/base" "github.com/safing/portmaster/service/firewall" @@ -95,6 +96,7 @@ type Instance struct { process *process.ProcessModule resolver *resolver.ResolverModule sync *sync.Sync + control *control.Control access *access.Access @@ -264,6 +266,10 @@ func New(svcCfg *ServiceConfig) (*Instance, error) { //nolint:maintidx if err != nil { return instance, fmt.Errorf("create sync module: %w", err) } + instance.control, err = control.New(instance) + if err != nil { + return instance, fmt.Errorf("create control module: %w", err) + } instance.access, err = access.New(instance) if err != nil { return instance, fmt.Errorf("create access module: %w", err) @@ -342,6 +348,7 @@ func New(svcCfg *ServiceConfig) (*Instance, error) { //nolint:maintidx instance.broadcasts, instance.sync, instance.ui, + instance.control, instance.access, ) From 7709a6600cf602918a54a283673e27b0680cc4df Mon Sep 17 00:00:00 2001 From: Alexandr Stelnykovych Date: Wed, 5 Nov 2025 18:36:52 +0200 Subject: [PATCH 02/14] feat: pause and resume functionality improvements + UI https://github.com/safing/portmaster/issues/2050 --- .../src/app/layout/navigation/navigation.html | 42 ++- .../src/app/layout/navigation/navigation.ts | 61 ++++- .../angular/src/app/services/status.types.ts | 68 ++++- .../app/shared/security-lock/security-lock.ts | 13 +- desktop/angular/src/i18n/helptexts.yaml | 8 + service/control/api.go | 41 ++- service/control/module.go | 28 +- service/control/pause.go | 249 ++++++++++-------- 8 files changed, 385 insertions(+), 125 deletions(-) diff --git a/desktop/angular/src/app/layout/navigation/navigation.html b/desktop/angular/src/app/layout/navigation/navigation.html index 0359b2dd..f18dc955 100644 --- a/desktop/angular/src/app/layout/navigation/navigation.html +++ b/desktop/angular/src/app/layout/navigation/navigation.html @@ -153,7 +153,7 @@
-
@@ -202,8 +202,46 @@ Cleanup Network History + +
+ + + + + + + + + +
+ +
+
+ + Paused: {{ pauseInfo }} + + + Auto-resume at: {{ pauseInfoTillTime }} + +
+
+
+ + Pause SPN for 3 minutes + Pause SPN for 15 minutes + Pause SPN for 1 hour +
+ Pause for 3 minutes + Pause for 15 minutes + Pause for 1 hour +
+ Resume + + -
diff --git a/desktop/angular/src/app/layout/navigation/navigation.ts b/desktop/angular/src/app/layout/navigation/navigation.ts index 4752301f..f5650456 100644 --- a/desktop/angular/src/app/layout/navigation/navigation.ts +++ b/desktop/angular/src/app/layout/navigation/navigation.ts @@ -4,7 +4,7 @@ import { ChangeDetectionStrategy, ChangeDetectorRef, Component, EventEmitter, In import { ConfigService, DebugAPI, PortapiService, SPNService, StringSetting } from '@safing/portmaster-api'; import { tap } from 'rxjs/operators'; import { AppComponent } from 'src/app/app.component'; -import { NotificationType, NotificationsService, StatusService, VersionStatus } from 'src/app/services'; +import { NotificationType, NotificationsService, StatusService, VersionStatus, GetModuleState, ControlPauseStateData } from 'src/app/services'; import { ActionIndicatorService } from 'src/app/shared/action-indicator'; import { fadeInAnimation, fadeOutAnimation } from 'src/app/shared/animations'; import { ExitService } from 'src/app/shared/exit-screen'; @@ -36,6 +36,24 @@ export class NavigationComponent implements OnInit { /** The color to use for the notifcation-available hint (dot) */ notificationColor: string = 'text-green-300'; + pauseState: ControlPauseStateData | null = null; + get isPaused(): boolean { return this.pauseState?.Interception===true || this.pauseState?.SPN===true; } + get isPausedInterception(): boolean { return this.pauseState?.Interception===true; } + get pauseInfo(): string { + if (this.pauseState?.Interception===true && this.pauseState?.SPN===true) + return 'Portmaster and SPN'; + else if (this.pauseState?.Interception===true) + return 'Portmaster'; + else if (this.pauseState?.SPN===true) + return 'SPN'; + return ''; + } + get pauseInfoTillTime(): string { + if (this.isPaused && this.pauseState?.TillTime) + return new Date(this.pauseState.TillTime).toLocaleTimeString(undefined, { hour12: false }); + return ''; + } + /** Whether or not we have new, unseen prompts */ hasNewPrompts = false; @@ -93,6 +111,10 @@ export class NavigationComponent implements OnInit { this.cdr.markForCheck(); }); + this.statusService.status$.subscribe(status => { + this.pauseState = GetModuleState(status, 'Control', 'control:paused')?.Data || null; + }); + this.configService.watch('filter/defaultAction') .subscribe(defaultAction => { this.globalPromptingEnabled = defaultAction === 'ask'; @@ -251,6 +273,43 @@ export class NavigationComponent implements OnInit { )) } + pause(event: Event, duration: number) { + // prevent default and stop-propagation to avoid + // expanding the accordion body. + event.preventDefault(); + event.stopPropagation(); + + this.portapi.pause(duration, false) + .subscribe(this.actionIndicator.httpObserver( + 'Pausing ...', + 'Failed to Pause', + )) + } + pauseSPN(event: Event, duration: number) { + // prevent default and stop-propagation to avoid + // expanding the accordion body. + event.preventDefault(); + event.stopPropagation(); + + this.portapi.pause(duration, true) + .subscribe(this.actionIndicator.httpObserver( + 'Pausing SPN...', + 'Failed to Pause SPN', + )) + } + resume(event: Event) { + // prevent default and stop-propagation to avoid + // expanding the accordion body. + event.preventDefault(); + event.stopPropagation(); + + this.portapi.resume() + .subscribe(this.actionIndicator.httpObserver( + 'Resuming ...', + 'Failed to Resume', + )) + } + /** * @private * Opens the data-directory of the portmaster installation. diff --git a/desktop/angular/src/app/services/status.types.ts b/desktop/angular/src/app/services/status.types.ts index 38bfa6fc..5dc96fc7 100644 --- a/desktop/angular/src/app/services/status.types.ts +++ b/desktop/angular/src/app/services/status.types.ts @@ -27,7 +27,7 @@ export function getOnlineStatusString(stat: OnlineStatus): string { export interface CoreStatus extends Record { OnlineStatus: OnlineStatus; CaptivePortal: CaptivePortal; - // Modules: []ModuleState; // TODO: Do we need all modules? + Modules: StateUpdate[]; // TODO: Do we need all modules? WorstState: { Module: string, ID: string, @@ -39,6 +39,20 @@ export interface CoreStatus extends Record { } } +export interface StateUpdate { + Module: string; + States: State[]; +} + +export interface State { + ID: string; // Program-unique identifier + Name: string; // State name (may serve as notification title) + Message?: string; // Detailed message about the state + Type?: ModuleStateType; // State type + Time?: Date; // Creation time + Data?: any; // Additional data for processing +} + export enum ModuleStateType { Undefined = "", Hint = "hint", @@ -110,3 +124,55 @@ export interface VersionStatus extends Record { [key: string]: Resource } } + +function getModuleStates(status: CoreStatus, moduleID: string): State[] { + const module = status.Modules?.find(m => m.Module === moduleID); + return module?.States || []; +} + +/** + * Retrieves a specific state from a module within the CoreStatus. + * @param status The CoreStatus object containing module states. + * @param moduleID The identifier of the module to search within. + * @param stateID The identifier of the state to retrieve. + * @returns The State object if found; otherwise, null. + * @example + * ```typescript + * const state = GetModuleState(status, 'Control', 'control:paused'); + * if (state) { + * console.log(`State found: ${state.Name}`); + * } else { + * console.log('State not found'); + * } + * ``` + */ +export function GetModuleState(status: CoreStatus, moduleID: string, stateID: string): State | null { + const states = getModuleStates(status, moduleID); + for (const state of states) { + if (state.ID === stateID) { + return state; + } + } + return null; +} + +/** + * Data structure for the 'control:paused' state from the 'Control' module. + * + * This interface defines the expected structure of the Data field when Portmaster + * or its components are temporarily paused by the user. + * + * @example + * ```typescript + * const pausedState = GetModuleState(status, 'Control', 'control:paused'); + * if (pausedState?.Data) { + * const pauseData = pausedState.Data as ControlPauseStateData; + * console.log(`SPN paused: ${pauseData.SPN}`); + * } + * ``` + */ +export interface ControlPauseStateData { + Interception: boolean; // Whether Portmaster interception is paused + SPN: boolean; // Whether SPN is paused + TillTime: string; // When the pause will end (JSON date as string, has to be converted to Date) +} diff --git a/desktop/angular/src/app/shared/security-lock/security-lock.ts b/desktop/angular/src/app/shared/security-lock/security-lock.ts index 1485cc11..a18e0f47 100644 --- a/desktop/angular/src/app/shared/security-lock/security-lock.ts +++ b/desktop/angular/src/app/shared/security-lock/security-lock.ts @@ -1,7 +1,7 @@ import { ChangeDetectionStrategy, ChangeDetectorRef, Component, DestroyRef, Input, OnInit, inject } from "@angular/core"; import { SecurityLevel } from "@safing/portmaster-api"; import { combineLatest } from "rxjs"; -import { StatusService, ModuleStateType } from "src/app/services"; +import { StatusService, ModuleStateType, GetModuleState, ControlPauseStateData } from "src/app/services"; import { fadeInAnimation, fadeOutAnimation } from "../animations"; interface SecurityOption { @@ -62,6 +62,17 @@ export class SecurityLockComponent implements OnInit { break; } + // Checking for Control:Paused state + const pausedState = GetModuleState(status, 'Control', 'control:paused'); + if (pausedState?.Data) { + const pauseData = pausedState.Data as ControlPauseStateData; + if (pauseData.Interception === true) { + this.lockLevel.displayText = 'Insecure: PAUSED'; + } else if (pauseData.SPN === true) { + this.lockLevel.displayText = 'Secure: SPN Paused'; + } + } + this.cdr.markForCheck(); }); } diff --git a/desktop/angular/src/i18n/helptexts.yaml b/desktop/angular/src/i18n/helptexts.yaml index e00b6023..5a1e62de 100644 --- a/desktop/angular/src/i18n/helptexts.yaml +++ b/desktop/angular/src/i18n/helptexts.yaml @@ -99,6 +99,14 @@ navTools: title: Version and Tools content: | View the Portmaster's version and use special actions and tools. + nextKey: navPause + +navPause: + title: Pause and Resume + content: | + Temporarily disable Portmaster's protection and network monitoring. + + Choose to pause SPN only or disable all protection completely. nextKey: navPower navPower: diff --git a/service/control/api.go b/service/control/api.go index a15ddb70..cf656419 100644 --- a/service/control/api.go +++ b/service/control/api.go @@ -1,11 +1,19 @@ package control import ( + "encoding/json" + "fmt" "net/http" + "time" "github.com/safing/portmaster/base/api" ) +const ( + APIEndpointPause = "control/pause" + APIEndpointResume = "control/resume" +) + type pauseRequestParams struct { Duration int `json:"duration"` // Duration in seconds OnlySPN bool `json:"onlySPN"` // Whether to pause only the SPN service @@ -14,7 +22,7 @@ type pauseRequestParams struct { func (c *Control) registerAPIEndpoints() error { if err := api.RegisterEndpoint(api.Endpoint{ - Path: "control/pause", + Path: APIEndpointPause, Write: api.PermitAdmin, ActionFunc: c.handlePause, Name: "Pause Portmaster", @@ -36,7 +44,7 @@ func (c *Control) registerAPIEndpoints() error { } if err := api.RegisterEndpoint(api.Endpoint{ - Path: "control/resume", + Path: APIEndpointResume, Write: api.PermitAdmin, ActionFunc: c.handleResume, Name: "Resume Portmaster", @@ -47,3 +55,32 @@ func (c *Control) registerAPIEndpoints() error { return nil } + +func (c *Control) handlePause(r *api.Request) (msg string, err error) { + params := pauseRequestParams{} + if r.InputData != nil { + if err := json.Unmarshal(r.InputData, ¶ms); err != nil { + return "Bad Request: invalid input data", err + } + } + + if params.OnlySPN { + c.mgr.Info(fmt.Sprintf("Received SPN Pause(%v) action request ", params.Duration)) + } else { + c.mgr.Info(fmt.Sprintf("Received Pause(%v) action request ", params.Duration)) + } + + if err := c.pause(time.Duration(params.Duration)*time.Second, params.OnlySPN); err != nil { + return "Failed to pause", err + } + return "Pause initiated", nil +} + +func (c *Control) handleResume(_ *api.Request) (msg string, err error) { + c.mgr.Info("Received Resume action request") + + if err := c.resume(); err != nil { + return "Failed to resume", err + } + return "Resume initiated", nil +} diff --git a/service/control/module.go b/service/control/module.go index ce22d4a9..30fa8130 100644 --- a/service/control/module.go +++ b/service/control/module.go @@ -7,23 +7,27 @@ import ( "time" "github.com/safing/portmaster/base/config" + "github.com/safing/portmaster/base/notifications" "github.com/safing/portmaster/service/compat" "github.com/safing/portmaster/service/firewall/interception" "github.com/safing/portmaster/service/mgr" ) -var logPrefix = "control: " +type PauseInfo struct { + Interception bool // Whether Portmaster interception is paused + SPN bool // Whether SPN is paused + TillTime time.Time // When the pause will end +} type Control struct { mgr *mgr.Manager instance instance + states *mgr.StateMgr - locker sync.Mutex - pauseWorker *mgr.WorkerMgr - isPaused bool - isPausedSPN bool - pauseStartTime time.Time - pauseDuration time.Duration + locker sync.Mutex + resumeWorker *mgr.WorkerMgr + pauseNotification *notifications.Notification + pauseInfo PauseInfo } type instance interface { @@ -31,6 +35,7 @@ type instance interface { Interception() *interception.Interception Compat() *compat.Compat SPNGroup() *mgr.ExtendedGroup + IsShuttingDown() bool } var ( @@ -42,10 +47,11 @@ func New(instance instance) (*Control, error) { return nil, fmt.Errorf("control: New failed: instance already created") } - mgr := mgr.New("Control") + m := mgr.New("Control") module := &Control{ - mgr: mgr, + mgr: m, instance: instance, + states: mgr.NewStateMgr(m), } if err := module.prep(); err != nil { return nil, err @@ -57,6 +63,10 @@ func (c *Control) Manager() *mgr.Manager { return c.mgr } +func (u *Control) States() *mgr.StateMgr { + return u.states +} + func (c *Control) Start() error { return nil } diff --git a/service/control/pause.go b/service/control/pause.go index 784f6be4..c872a71f 100644 --- a/service/control/pause.go +++ b/service/control/pause.go @@ -1,58 +1,43 @@ package control import ( - "encoding/json" "errors" "fmt" "time" - "github.com/safing/portmaster/base/api" "github.com/safing/portmaster/base/config" + "github.com/safing/portmaster/base/notifications" "github.com/safing/portmaster/service/mgr" ) -func (c *Control) handlePause(r *api.Request) (msg string, err error) { - params := pauseRequestParams{} - if r.InputData != nil { - if err := json.Unmarshal(r.InputData, ¶ms); err != nil { - return "Bad Request: invalid input data", err - } +func (c *Control) pause(duration time.Duration, onlySPN bool) (retErr error) { + if c.instance.IsShuttingDown() { + c.mgr.Debug("Cannot pause: system is shutting down") + return nil } - if params.OnlySPN { - c.mgr.Info(fmt.Sprintf("Received SPN PAUSE(%v) action request ", params.Duration)) - } else { - c.mgr.Info(fmt.Sprintf("Received PAUSE(%v) action request ", params.Duration)) - } - - if err := c.impl_pause(time.Duration(params.Duration)*time.Second, params.OnlySPN); err != nil { - return "Failed to pause", err - } - return "Pause initiated", nil -} - -func (c *Control) handleResume(_ *api.Request) (msg string, err error) { - c.mgr.Info("Received RESUME action request") - if err := c.impl_resume(); err != nil { - return "Failed to resume", err - } - return "Resume initiated", nil -} - -func (c *Control) impl_pause(duration time.Duration, onlySPN bool) (retErr error) { c.locker.Lock() defer c.locker.Unlock() + defer func() { + // update states after pause attempt + c.updateStatesAndNotify() + // log error if pause failed + if retErr != nil { + c.mgr.Error("Failed to pause: " + retErr.Error()) + } + }() + if duration <= 0 { - return errors.New(logPrefix + "invalid pause duration") + return errors.New("invalid pause duration") } if onlySPN { - if c.isPaused { - return errors.New(logPrefix + "cannot pause SPN separately when core is paused") + if c.pauseInfo.Interception { + return errors.New("cannot pause SPN separately when core is paused") } - if !c.isPausedSPN && !c.instance.SPNGroup().Ready() { - return errors.New(logPrefix + "cannot pause SPN when it is not running") + if !c.pauseInfo.SPN && !c.instance.SPNGroup().Ready() { + return errors.New("cannot pause SPN when it is not running") } } @@ -64,99 +49,83 @@ func (c *Control) impl_pause(duration time.Duration, onlySPN bool) (retErr error } }() - if !c.isPausedSPN { + if !c.pauseInfo.SPN { if c.instance.SPNGroup().Ready() { - - // TODO: the 'pause' state must not make permanent config changes. - // Consider possibility to not store permanent config changes. - // E.g. SPN enabled -> pause SPN -> restart PC/Portmaster -> SPN should be enabled again. enabled := config.GetAsBool("spn/enable", false) if enabled() { + // TODO: the 'pause' state must not make permanent config changes. + // Consider possibility to not store permanent config changes. + // E.g. SPN enabled -> pause SPN -> restart PC/Portmaster -> SPN should be enabled again. config.SetConfigOption("spn/enable", false) + c.mgr.Info("SPN paused") } - - // Alternatively, we could directly stop SPN here: - // if c.instance.IsShuttingDown() { - // c.mgr.Warn("Skipping pause during shutdown") - // return nil - // } - // err := c.instance.SPNGroup().Stop() - // if err != nil { - // return err - // } - // c.mgr.Info("SPN paused") - - c.isPausedSPN = true + c.pauseInfo.SPN = true } } if onlySPN { return nil } - if c.isPaused { - return nil - } - modulesToResume := []mgr.Module{ - c.instance.Compat(), - c.instance.Interception(), - } - for _, m := range modulesToResume { - if err := m.Stop(); err != nil { - return err + if !c.pauseInfo.Interception { + modulesToResume := []mgr.Module{ + c.instance.Compat(), + c.instance.Interception(), + } + for _, m := range modulesToResume { + if err := m.Stop(); err != nil { + return err + } } - } - c.mgr.Info("interception paused") - c.isPaused = true + c.mgr.Info("interception paused") + c.pauseInfo.Interception = true + } return nil } -func (c *Control) impl_resume() error { +func (c *Control) resume() (retErr error) { + if c.instance.IsShuttingDown() { + c.mgr.Debug("Cannot resume: system is shutting down") + return nil + } + c.locker.Lock() defer c.locker.Unlock() + defer func() { + // update states after resume attempt + c.updateStatesAndNotify() + // log error if resume failed + if retErr != nil { + c.mgr.Error("Failed to resume: " + retErr.Error()) + } + }() + c.stopResumeWorker() - if c.isPausedSPN { - - // TODO: consider using event to handle "spn/enable" changes: - // module.instance.Config().EventConfigChange - enabled := config.GetAsBool("spn/enable", false) - if !enabled() { - config.SetConfigOption("spn/enable", true) - } - - // Alternatively, we could directly start SPN here: - // if c.instance.IsShuttingDown() { - // c.mgr.Warn("Skipping resume during shutdown") - // return nil - // } - // if !c.instance.SPNGroup().Ready() { - // err := c.instance.SPNGroup().Start() - // if err != nil { - // return err - // } - // c.mgr.Info("SPN resumed") - // } - - c.isPausedSPN = false - } - - if c.isPaused { + if c.pauseInfo.Interception { modulesToResume := []mgr.Module{ c.instance.Interception(), c.instance.Compat(), } - for _, m := range modulesToResume { if err := m.Start(); err != nil { return err } } c.mgr.Info("interception resumed") - c.isPaused = false + c.pauseInfo.Interception = false + } + + if c.pauseInfo.SPN { + enabled := config.GetAsBool("spn/enable", false) + if !enabled() { + config.SetConfigOption("spn/enable", true) + c.mgr.Info("SPN resumed") + } + c.pauseInfo.SPN = false } return nil @@ -165,28 +134,90 @@ func (c *Control) impl_resume() error { // stopResumeWorker stops any existing resume worker. // No thread safety, caller must hold c.locker. func (c *Control) stopResumeWorker() { - c.pauseStartTime = time.Time{} - c.pauseDuration = 0 + c.pauseInfo.TillTime = time.Time{} - if c.pauseWorker != nil { - c.pauseWorker.Stop() - c.pauseWorker = nil + if c.resumeWorker != nil { + c.resumeWorker.Stop() + c.resumeWorker = nil } } // startResumeWorker starts a worker that will resume normal operation after the specified duration. // No thread safety, caller must hold c.locker. func (c *Control) startResumeWorker(duration time.Duration) { - c.pauseStartTime = time.Now() - c.pauseDuration = duration + c.pauseInfo.TillTime = time.Now().Add(duration) - c.mgr.Info(fmt.Sprintf("Scheduling resume in %v", duration)) + resumerWorkerFunc := func(wc *mgr.WorkerCtx) error { + wc.Info(fmt.Sprintf("Scheduling resume in %v", duration)) - c.pauseWorker = c.mgr.NewWorkerMgr( - fmt.Sprintf("resume in %v", duration), - func(wc *mgr.WorkerCtx) error { - wc.Info("Resuming...") - return c.impl_resume() - }, - nil).Delay(duration) + // Subscribe to config changes to detect SPN enable. + cfgChangeEvt := c.instance.Config().EventConfigChange.Subscribe("control: spn enable check", 10) + // Make sure to cancel subscription when worker stops. + defer cfgChangeEvt.Cancel() + + for { + select { + case <-wc.Ctx().Done(): + return nil + case <-cfgChangeEvt.Events(): + spnEnabled := config.GetAsBool("spn/enable", false) + if spnEnabled() { + wc.Info("SPN enabled by user, resuming...") + return c.resume() + } + case <-time.After(duration): + wc.Info("Resuming...") + return c.resume() + } + } + } + + c.resumeWorker = c.mgr.NewWorkerMgr("resumer", resumerWorkerFunc, nil) + c.resumeWorker.Go() +} + +// updateStatesAndNotify updates the paused states and sends notifications accordingly. +// No thread safety, caller must hold c.locker. +func (c *Control) updateStatesAndNotify() { + if !c.pauseInfo.Interception && !c.pauseInfo.SPN { + if c.pauseNotification != nil { + c.pauseNotification.Delete() + c.pauseNotification = nil + } + return + } + + title := "" + nType := notifications.Warning + if c.pauseInfo.Interception && c.pauseInfo.SPN { + title = "Portmaster and SPN paused" + } else if c.pauseInfo.Interception { + title = "Portmaster paused" + } else if c.pauseInfo.SPN { + title = "SPN paused" + nType = notifications.Info // less severe notification for SPN-only pause + } + message := fmt.Sprintf("%s till %v", title, c.pauseInfo.TillTime.Format(time.TimeOnly)) + + c.pauseNotification = ¬ifications.Notification{ + EventID: "control:paused", + Type: nType, + Title: title, + Message: message, + ShowOnSystem: true, + EventData: &c.pauseInfo, + AvailableActions: []*notifications.Action{ + { + Text: "Resume", + Type: notifications.ActionTypeWebhook, + Payload: ¬ifications.ActionTypeWebhookPayload{ + URL: APIEndpointResume, + ResultAction: "display", + }, + }, + }, + } + + notifications.Notify(c.pauseNotification) + c.pauseNotification.SyncWithState(c.states) } From 4d2d91972b952225da34f2d8d73940c3281d6bf4 Mon Sep 17 00:00:00 2001 From: Alexandr Stelnykovych Date: Thu, 6 Nov 2025 17:28:38 +0200 Subject: [PATCH 03/14] feat: refactor interception modules into pausable group - Add GroupModule to wrap interception, dnsmonitor, and compat modules - Simplify pause/resume operations by grouping related modules - Update worker info collection to handle nested module groups - Remove deprecated flags and improve module lifecycle management - Add proper atomic state tracking for nfqueue interception https://github.com/safing/portmaster/issues/2050 --- service/compat/module.go | 22 +++++-------- service/control/module.go | 5 +-- service/control/pause.go | 21 +++--------- service/debug.go | 16 +++++++++ .../interception/interception_linux.go | 5 --- .../firewall/interception/nfqueue_linux.go | 23 ++++++------- service/instance.go | 23 ++++++++++--- service/mgr/group_module.go | 33 +++++++++++++++++++ 8 files changed, 93 insertions(+), 55 deletions(-) create mode 100644 service/mgr/group_module.go diff --git a/service/compat/module.go b/service/compat/module.go index a6fbfeb8..28d67d48 100644 --- a/service/compat/module.go +++ b/service/compat/module.go @@ -78,14 +78,20 @@ func prep() error { } func start() error { - isActive.Store(true) + // Create fresh worker managers on Start() to enable clean restarts after Stop(). + // (after module.Manager().Stop() has been called, all workers are stopped and cannot be reused) + module.selfcheckWorkerMgr = module.Manager().NewWorkerMgr("compatibility self-check", selfcheckTaskFunc, nil) + module.cleanNotifyThresholdWorkerMgr = module.Manager().NewWorkerMgr("clean notify thresholds", cleanNotifyThreshold, nil) startNotify() selfcheckNetworkChangedFlag.Refresh() + + // Schedule periodic self-checks. module.selfcheckWorkerMgr.Repeat(5 * time.Minute).Delay(selfcheckTaskRetryAfter) module.cleanNotifyThresholdWorkerMgr.Repeat(1 * time.Hour) + // Add network change callback to trigger immediate self-check. module.instance.NetEnv().EventNetworkChange.AddCallback("trigger compat self-check", func(_ *mgr.WorkerCtx, _ struct{}) (bool, error) { module.selfcheckWorkerMgr.Delay(selfcheckTaskRetryAfter) return false, nil @@ -94,16 +100,11 @@ func start() error { } func stop() error { - isActive.Store(false) resetSelfCheckState() - return nil } func selfcheckTaskFunc(wc *mgr.WorkerCtx) error { - if !isActive.Load() { - return nil - } // Create tracing logger. ctx, tracer := log.AddTracer(wc.Ctx()) @@ -166,9 +167,6 @@ func SelfCheckIsFailing() bool { var ( module *Compat shimLoaded atomic.Bool - // isActive is a simple shutdown flag to prevent self-check worker from executing during stop(). - // TODO: consider correct start/stop of the workers instead. - isActive atomic.Bool ) // New returns a new Compat module. @@ -180,11 +178,7 @@ func New(instance instance) (*Compat, error) { module = &Compat{ mgr: m, instance: instance, - - selfcheckWorkerMgr: m.NewWorkerMgr("compatibility self-check", selfcheckTaskFunc, nil), - cleanNotifyThresholdWorkerMgr: m.NewWorkerMgr("clean notify thresholds", cleanNotifyThreshold, nil), - - states: mgr.NewStateMgr(m), + states: mgr.NewStateMgr(m), } if err := prep(); err != nil { return nil, err diff --git a/service/control/module.go b/service/control/module.go index 30fa8130..d04ff7e1 100644 --- a/service/control/module.go +++ b/service/control/module.go @@ -8,8 +8,6 @@ import ( "github.com/safing/portmaster/base/config" "github.com/safing/portmaster/base/notifications" - "github.com/safing/portmaster/service/compat" - "github.com/safing/portmaster/service/firewall/interception" "github.com/safing/portmaster/service/mgr" ) @@ -32,8 +30,7 @@ type Control struct { type instance interface { Config() *config.Config - Interception() *interception.Interception - Compat() *compat.Compat + InterceptionGroup() *mgr.GroupModule SPNGroup() *mgr.ExtendedGroup IsShuttingDown() bool } diff --git a/service/control/pause.go b/service/control/pause.go index c872a71f..79387d08 100644 --- a/service/control/pause.go +++ b/service/control/pause.go @@ -68,16 +68,9 @@ func (c *Control) pause(duration time.Duration, onlySPN bool) (retErr error) { } if !c.pauseInfo.Interception { - modulesToResume := []mgr.Module{ - c.instance.Compat(), - c.instance.Interception(), + if err := c.instance.InterceptionGroup().Stop(); err != nil { + return err } - for _, m := range modulesToResume { - if err := m.Stop(); err != nil { - return err - } - } - c.mgr.Info("interception paused") c.pauseInfo.Interception = true } @@ -106,14 +99,8 @@ func (c *Control) resume() (retErr error) { c.stopResumeWorker() if c.pauseInfo.Interception { - modulesToResume := []mgr.Module{ - c.instance.Interception(), - c.instance.Compat(), - } - for _, m := range modulesToResume { - if err := m.Start(); err != nil { - return err - } + if err := c.instance.InterceptionGroup().Start(); err != nil { + return err } c.mgr.Info("interception resumed") c.pauseInfo.Interception = false diff --git a/service/debug.go b/service/debug.go index 46a66421..f1a25c7b 100644 --- a/service/debug.go +++ b/service/debug.go @@ -24,10 +24,26 @@ func (i *Instance) GetWorkerInfo() (*mgr.WorkerInfo, error) { for _, m := range i.serviceGroup.Modules() { wi, _ := m.Manager().WorkerInfo(snapshot) // Does not fail when we provide a snapshot. infos = append(infos, wi) + + // Check if module is a nested modules group + if gm, ok := m.(*mgr.GroupModule); ok { + for _, sm := range gm.Modules() { + wi, _ := sm.Manager().WorkerInfo(snapshot) // Does not fail when we provide a snapshot. + infos = append(infos, wi) + } + } } for _, m := range i.SpnGroup.Modules() { wi, _ := m.Manager().WorkerInfo(snapshot) // Does not fail when we provide a snapshot. infos = append(infos, wi) + + // Check if module is a nested modules group + if gm, ok := m.(*mgr.GroupModule); ok { + for _, sm := range gm.Modules() { + wi, _ := sm.Manager().WorkerInfo(snapshot) // Does not fail when we provide a snapshot. + infos = append(infos, wi) + } + } } return mgr.MergeWorkerInfo(infos...), nil diff --git a/service/firewall/interception/interception_linux.go b/service/firewall/interception/interception_linux.go index 1d71eb15..24109f48 100644 --- a/service/firewall/interception/interception_linux.go +++ b/service/firewall/interception/interception_linux.go @@ -34,11 +34,6 @@ func startInterception(packets chan packet.Packet) error { // stop starts the interception. func stopInterception() error { - // TODO: stop ebpf workers gracefully - // E.g.: - // module.mgr.Cancel() - // <-m.Done() - return StopNfqueueInterception() } diff --git a/service/firewall/interception/nfqueue_linux.go b/service/firewall/interception/nfqueue_linux.go index 875509b6..d43629f7 100644 --- a/service/firewall/interception/nfqueue_linux.go +++ b/service/firewall/interception/nfqueue_linux.go @@ -1,10 +1,10 @@ package interception import ( - "flag" "fmt" "sort" "strings" + "sync/atomic" "github.com/coreos/go-iptables/iptables" "github.com/hashicorp/go-multierror" @@ -30,15 +30,10 @@ var ( out6Queue nfQueue in6Queue nfQueue + isRunning atomic.Bool shutdownSignal = make(chan struct{}) - - experimentalNfqueueBackend bool ) -func init() { - flag.BoolVar(&experimentalNfqueueBackend, "experimental-nfqueue", false, "(deprecated flag; always used)") -} - // nfQueue encapsulates nfQueue providers. type nfQueue interface { PacketChannel() <-chan packet.Packet @@ -262,12 +257,13 @@ func deactivateIPTables(protocol iptables.Protocol, rules, chains []string) erro // StartNfqueueInterception starts the nfqueue interception. func StartNfqueueInterception(packets chan<- packet.Packet) (err error) { - // @deprecated, remove in v1 - if experimentalNfqueueBackend { - log.Warningf("[DEPRECATED] --experimental-nfqueue has been deprecated as the backend is now used by default") - log.Warningf("[DEPRECATED] please remove the flag from your configuration!") + if !isRunning.CompareAndSwap(false, true) { + return nil // already running } + // Reset shutdown signal + shutdownSignal = make(chan struct{}) + err = activateNfqueueFirewall() if err != nil { return fmt.Errorf("could not initialize nfqueue: %w", err) @@ -305,6 +301,11 @@ func StartNfqueueInterception(packets chan<- packet.Packet) (err error) { // StopNfqueueInterception stops the nfqueue interception. func StopNfqueueInterception() error { + if !isRunning.CompareAndSwap(true, false) { + return nil // not running + } + + // Signal shutdown to packet handler defer close(shutdownSignal) if out4Queue != nil { diff --git a/service/instance.go b/service/instance.go index 34e5609e..5b3ab760 100644 --- a/service/instance.go +++ b/service/instance.go @@ -58,7 +58,8 @@ type Instance struct { shutdownCtx context.Context cancelShutdownCtx context.CancelFunc - serviceGroup *mgr.Group + serviceGroup *mgr.Group + serviceGroupInterception *mgr.GroupModule binDir string dataDir string @@ -313,6 +314,12 @@ func New(svcCfg *ServiceConfig) (*Instance, error) { //nolint:maintidx return instance, fmt.Errorf("create terminal module: %w", err) } + // Grouped interception modules that can be paused/resumed together. + instance.serviceGroupInterception = mgr.NewGroupModule("Interception Group", + instance.interception, + instance.dnsmonitor, + instance.compat) + // Add all modules to instance group. instance.serviceGroup = mgr.NewGroup( instance.base, @@ -340,10 +347,13 @@ func New(svcCfg *ServiceConfig) (*Instance, error) { //nolint:maintidx instance.resolver, instance.filterLists, instance.customlist, - instance.interception, - instance.dnsmonitor, - instance.compat, + // Grouped interception modules: + // instance.interception, + // instance.dnsmonitor, + // instance.compat + instance.serviceGroupInterception, + instance.status, instance.broadcasts, instance.sync, @@ -549,6 +559,11 @@ func (i *Instance) Interception() *interception.Interception { return i.interception } +// InterceptionGroup returns the grouped interception modules that can be paused together. +func (i *Instance) InterceptionGroup() *mgr.GroupModule { + return i.serviceGroupInterception +} + // DNSMonitor returns the dns-listener module. func (i *Instance) DNSMonitor() *dnsmonitor.DNSMonitor { return i.dnsmonitor diff --git a/service/mgr/group_module.go b/service/mgr/group_module.go new file mode 100644 index 00000000..214b9fee --- /dev/null +++ b/service/mgr/group_module.go @@ -0,0 +1,33 @@ +package mgr + +// GroupModule is a module that wraps a group of modules, +// to allow nesting groups of modules in parent group. +type GroupModule struct { + mgr *Manager + group *Group +} + +func NewGroupModule(name string, modules ...Module) *GroupModule { + return &GroupModule{ + mgr: New(name), + group: NewGroup(modules...), + } +} + +func (gm *GroupModule) Manager() *Manager { + return gm.mgr +} + +func (gm *GroupModule) Start() error { + return gm.group.Start() +} + +func (gm *GroupModule) Stop() error { + return gm.group.Stop() +} + +// Modules returns the modules in the group wrapped by this group module. +// (mimics Group.Modules()) +func (gm *GroupModule) Modules() []Module { + return gm.group.Modules() +} From fecb42a6916f312ffb9f1cd7d41f162be0c45892 Mon Sep 17 00:00:00 2001 From: Alexandr Stelnykovych Date: Thu, 6 Nov 2025 18:42:24 +0200 Subject: [PATCH 04/14] UI: update SPN pause menu items and add spnEnabled state management https://github.com/safing/portmaster/issues/2050 --- .../src/app/layout/navigation/navigation.html | 12 ++++++------ .../angular/src/app/layout/navigation/navigation.ts | 11 ++++++++++- .../src/app/shared/security-lock/security-lock.ts | 2 +- 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/desktop/angular/src/app/layout/navigation/navigation.html b/desktop/angular/src/app/layout/navigation/navigation.html index f18dc955..57f7e516 100644 --- a/desktop/angular/src/app/layout/navigation/navigation.html +++ b/desktop/angular/src/app/layout/navigation/navigation.html @@ -229,13 +229,13 @@
- Pause SPN for 3 minutes - Pause SPN for 15 minutes - Pause SPN for 1 hour + Pause SPN for 3 minutes + Pause SPN for 15 minutes + Pause SPN for 1 hour
- Pause for 3 minutes - Pause for 15 minutes - Pause for 1 hour + Pause Portmaster for 3 minutes + Pause Portmaster for 15 minutes + Pause Portmaster for 1 hour
Resume diff --git a/desktop/angular/src/app/layout/navigation/navigation.ts b/desktop/angular/src/app/layout/navigation/navigation.ts index f5650456..bc7f4cd9 100644 --- a/desktop/angular/src/app/layout/navigation/navigation.ts +++ b/desktop/angular/src/app/layout/navigation/navigation.ts @@ -1,7 +1,7 @@ import { INTEGRATION_SERVICE, IntegrationService } from 'src/app/integration'; import { ConnectedPosition } from '@angular/cdk/overlay'; import { ChangeDetectionStrategy, ChangeDetectorRef, Component, EventEmitter, Inject, OnInit, Output, inject } from '@angular/core'; -import { ConfigService, DebugAPI, PortapiService, SPNService, StringSetting } from '@safing/portmaster-api'; +import { ConfigService, DebugAPI, PortapiService, SPNService, StringSetting, BoolSetting } from '@safing/portmaster-api'; import { tap } from 'rxjs/operators'; import { AppComponent } from 'src/app/app.component'; import { NotificationType, NotificationsService, StatusService, VersionStatus, GetModuleState, ControlPauseStateData } from 'src/app/services'; @@ -60,6 +60,9 @@ export class NavigationComponent implements OnInit { /** Whether or not prompting is globally enabled. */ globalPromptingEnabled = false; + /** Whether or not the SPN is currently enabled */ + spnEnabled = false; + @Output() sideDashChange = new EventEmitter<'collapsed' | 'expanded' | 'force-overlay'>(); @@ -120,6 +123,12 @@ export class NavigationComponent implements OnInit { this.globalPromptingEnabled = defaultAction === 'ask'; this.cdr.markForCheck(); }) + + this.configService.watch("spn/enable") + .subscribe(value => { + this.spnEnabled = value; + this.cdr.markForCheck(); + }); this.notificationService.new$ .subscribe(notif => { diff --git a/desktop/angular/src/app/shared/security-lock/security-lock.ts b/desktop/angular/src/app/shared/security-lock/security-lock.ts index a18e0f47..2172ebdb 100644 --- a/desktop/angular/src/app/shared/security-lock/security-lock.ts +++ b/desktop/angular/src/app/shared/security-lock/security-lock.ts @@ -69,7 +69,7 @@ export class SecurityLockComponent implements OnInit { if (pauseData.Interception === true) { this.lockLevel.displayText = 'Insecure: PAUSED'; } else if (pauseData.SPN === true) { - this.lockLevel.displayText = 'Secure: SPN Paused'; + this.lockLevel.displayText = 'Secure (SPN Paused)'; } } From b9cce3311384df236ad7f48e6679be5d22b65343 Mon Sep 17 00:00:00 2001 From: Alexandr Stelnykovych Date: Fri, 7 Nov 2025 16:50:18 +0200 Subject: [PATCH 05/14] UI: Removed sources for "runtime:subsystems/" status API calls It looks like they are not used anymore and replaced by "runtime:system/status" --- .../src/app/services/status.service.ts | 49 +------------------ 1 file changed, 1 insertion(+), 48 deletions(-) diff --git a/desktop/angular/src/app/services/status.service.ts b/desktop/angular/src/app/services/status.service.ts index c52b73c7..863d85d2 100644 --- a/desktop/angular/src/app/services/status.service.ts +++ b/desktop/angular/src/app/services/status.service.ts @@ -13,10 +13,7 @@ export class StatusService { */ static trackSubsystem: TrackByFunction = trackById; readonly trackSubsystem = StatusService.trackSubsystem; - - readonly statusPrefix = "runtime:" - readonly subsystemPrefix = this.statusPrefix + "subsystems/" - + /** * status$ watches the global core status. It's mutlicasted using a BehaviorSubject so new * subscribers will automatically get the latest version while only one subscription @@ -48,48 +45,4 @@ export class StatusService { SelectedSecurityLevel: securityLevel, }); } - - - /** - * Loads the current status of a subsystem. - * - * @param name The ID of the subsystem - */ - getSubsystemStatus(id: string): Observable { - return this.portapi.get(this.subsystemPrefix + id); - } - - /** - * Loads the current status of all subsystems matching idPrefix. - * If idPrefix is an empty string all subsystems are returned. - * - * @param idPrefix An optional ID prefix to limit the returned subsystems - */ - querySubsystem(idPrefix: string = ''): Observable { - return this.portapi.query(this.subsystemPrefix + idPrefix) - .pipe( - map(reply => reply.data), - toArray(), - ) - } - - /** - * Watch a subsystem for changes. Completes when the subsystem is - * deleted. See {@method PortAPI.watch} for more information. - * - * @param id The ID of the subsystem to watch. - * @param opts Additional options for portapi.watch(). - */ - watchSubsystem(id: string, opts?: WatchOpts): Observable { - return this.portapi.watch(this.subsystemPrefix + id, opts); - } - - /** - * Watch for subsystem changes - * - * @param opts Additional options for portapi.sub(). - */ - watchSubsystems(opts?: RetryableOpts): Observable { - return this.portapi.watchAll(this.subsystemPrefix, opts); - } } From 2c67b27b4af5b1b2d66080275d838aabc22d82ad Mon Sep 17 00:00:00 2001 From: Alexandr Stelnykovych Date: Fri, 7 Nov 2025 16:51:58 +0200 Subject: [PATCH 06/14] refactor: remove SPNGroup from 'control.instance' interface and update pause logic --- service/control/module.go | 1 - service/control/pause.go | 23 ++++++++++++----------- service/instance.go | 9 +++++++-- 3 files changed, 19 insertions(+), 14 deletions(-) diff --git a/service/control/module.go b/service/control/module.go index d04ff7e1..8efdf52c 100644 --- a/service/control/module.go +++ b/service/control/module.go @@ -31,7 +31,6 @@ type Control struct { type instance interface { Config() *config.Config InterceptionGroup() *mgr.GroupModule - SPNGroup() *mgr.ExtendedGroup IsShuttingDown() bool } diff --git a/service/control/pause.go b/service/control/pause.go index 79387d08..a33ddebc 100644 --- a/service/control/pause.go +++ b/service/control/pause.go @@ -32,15 +32,18 @@ func (c *Control) pause(duration time.Duration, onlySPN bool) (retErr error) { return errors.New("invalid pause duration") } + spn_enabled := config.GetAsBool("spn/enable", false) if onlySPN { if c.pauseInfo.Interception { return errors.New("cannot pause SPN separately when core is paused") } - if !c.pauseInfo.SPN && !c.instance.SPNGroup().Ready() { + // If SPN is not running and not already paused, cannot pause it or change pause duration. + if !spn_enabled() && !c.pauseInfo.SPN { return errors.New("cannot pause SPN when it is not running") } } + // Stop resume worker if running and start a new one later. c.stopResumeWorker() defer func() { if retErr == nil { @@ -49,18 +52,16 @@ func (c *Control) pause(duration time.Duration, onlySPN bool) (retErr error) { } }() + // Pause SPN if not already paused. if !c.pauseInfo.SPN { - if c.instance.SPNGroup().Ready() { - enabled := config.GetAsBool("spn/enable", false) - if enabled() { - // TODO: the 'pause' state must not make permanent config changes. - // Consider possibility to not store permanent config changes. - // E.g. SPN enabled -> pause SPN -> restart PC/Portmaster -> SPN should be enabled again. - config.SetConfigOption("spn/enable", false) - c.mgr.Info("SPN paused") - } - c.pauseInfo.SPN = true + if spn_enabled() { + // TODO: the 'pause' state must not make permanent config changes. + // Consider possibility to not store permanent config changes. + // E.g. SPN enabled -> pause SPN -> restart PC/Portmaster -> SPN should be enabled again. + config.SetConfigOption("spn/enable", false) + c.mgr.Info("SPN paused") } + c.pauseInfo.SPN = true } if onlySPN { diff --git a/service/instance.go b/service/instance.go index 5b3ab760..ebf53fd1 100644 --- a/service/instance.go +++ b/service/instance.go @@ -317,7 +317,11 @@ func New(svcCfg *ServiceConfig) (*Instance, error) { //nolint:maintidx // Grouped interception modules that can be paused/resumed together. instance.serviceGroupInterception = mgr.NewGroupModule("Interception Group", instance.interception, - instance.dnsmonitor, + + // TODO: The dnsmonitor is currently not part of this group, as it has inconsistent issue when stopping. + // Fix chars-issue of this module and re-add it here. + //instance.dnsmonitor, + instance.compat) // Add all modules to instance group. @@ -348,11 +352,12 @@ func New(svcCfg *ServiceConfig) (*Instance, error) { //nolint:maintidx instance.filterLists, instance.customlist, - // Grouped interception modules: + // Grouped pausable interception modules: // instance.interception, // instance.dnsmonitor, // instance.compat instance.serviceGroupInterception, + instance.dnsmonitor, // TODO: Remove when re-added to serviceGroupInterception group. instance.status, instance.broadcasts, From 4d58f68fde1dd5365e68d78fd8d2bd76016efdf7 Mon Sep 17 00:00:00 2001 From: Alexandr Stelnykovych Date: Fri, 7 Nov 2025 16:53:01 +0200 Subject: [PATCH 07/14] feat(UI): enhance SPN pause menu to allow time modification while paused --- .../src/app/layout/navigation/navigation.html | 15 ++++++++------- .../src/app/layout/navigation/navigation.ts | 1 + 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/desktop/angular/src/app/layout/navigation/navigation.html b/desktop/angular/src/app/layout/navigation/navigation.html index 57f7e516..09b8e5f9 100644 --- a/desktop/angular/src/app/layout/navigation/navigation.html +++ b/desktop/angular/src/app/layout/navigation/navigation.html @@ -229,15 +229,16 @@
- Pause SPN for 3 minutes - Pause SPN for 15 minutes - Pause SPN for 1 hour + + Pause SPN for 5 minutes + Pause SPN for 15 minutes + Pause SPN for 1 hour
- Pause Portmaster for 3 minutes - Pause Portmaster for 15 minutes - Pause Portmaster for 1 hour + Pause for 5 minutes + Pause for 15 minutes + Pause for 1 hour
- Resume + Resume now diff --git a/desktop/angular/src/app/layout/navigation/navigation.ts b/desktop/angular/src/app/layout/navigation/navigation.ts index bc7f4cd9..48195e5d 100644 --- a/desktop/angular/src/app/layout/navigation/navigation.ts +++ b/desktop/angular/src/app/layout/navigation/navigation.ts @@ -39,6 +39,7 @@ export class NavigationComponent implements OnInit { pauseState: ControlPauseStateData | null = null; get isPaused(): boolean { return this.pauseState?.Interception===true || this.pauseState?.SPN===true; } get isPausedInterception(): boolean { return this.pauseState?.Interception===true; } + get isPausedSPN(): boolean { return this.pauseState?.SPN===true; } get pauseInfo(): string { if (this.pauseState?.Interception===true && this.pauseState?.SPN===true) return 'Portmaster and SPN'; From 997f95698be608ad0ab45a7d050c5c082e5f3aaf Mon Sep 17 00:00:00 2001 From: Alexandr Stelnykovych Date: Fri, 7 Nov 2025 16:58:42 +0200 Subject: [PATCH 08/14] UI(system tray menu): added pause/resume menu items + replaced subscription to obsolete "runtime:subsystems" by "runtime:system/status" --- .../tauri/src-tauri/src/portapi/models/mod.rs | 2 +- .../src-tauri/src/portapi/models/subsystem.rs | 45 ------ .../src/portapi/models/system_status_types.rs | 57 ++++++++ desktop/tauri/src-tauri/src/portmaster/mod.rs | 41 ++++++ desktop/tauri/src-tauri/src/traymenu.rs | 130 ++++++++++++------ 5 files changed, 188 insertions(+), 87 deletions(-) delete mode 100644 desktop/tauri/src-tauri/src/portapi/models/subsystem.rs create mode 100644 desktop/tauri/src-tauri/src/portapi/models/system_status_types.rs diff --git a/desktop/tauri/src-tauri/src/portapi/models/mod.rs b/desktop/tauri/src-tauri/src/portapi/models/mod.rs index 91336dd0..08f5e555 100644 --- a/desktop/tauri/src-tauri/src/portapi/models/mod.rs +++ b/desktop/tauri/src-tauri/src/portapi/models/mod.rs @@ -1,4 +1,4 @@ pub mod config; pub mod spn; pub mod notification; -pub mod subsystem; \ No newline at end of file +pub mod system_status_types; \ No newline at end of file diff --git a/desktop/tauri/src-tauri/src/portapi/models/subsystem.rs b/desktop/tauri/src-tauri/src/portapi/models/subsystem.rs deleted file mode 100644 index c8b0ea27..00000000 --- a/desktop/tauri/src-tauri/src/portapi/models/subsystem.rs +++ /dev/null @@ -1,45 +0,0 @@ -#![allow(dead_code)] -use serde::*; - -#[derive(Serialize, Deserialize, Debug, PartialEq, Clone)] -pub struct ModuleStatus { - #[serde(rename = "Name")] - pub name: String, - - #[serde(rename = "Enabled")] - pub enabled: bool, - - #[serde(rename = "Status")] - pub status: u8, - - #[serde(rename = "FailureStatus")] - pub failure_status: u8, - - #[serde(rename = "FailureID")] - pub failure_id: String, - - #[serde(rename = "FailureMsg")] - pub failure_msg: String, -} - -#[derive(Serialize, Deserialize, Debug, PartialEq, Clone)] -pub struct Subsystem { - #[serde(rename = "ID")] - pub id: String, - - #[serde(rename = "Name")] - pub name: String, - - #[serde(rename = "Description")] - pub description: String, - - #[serde(rename = "Modules")] - pub module_status: Vec, - - #[serde(rename = "FailureStatus")] - pub failure_status: u8, -} -pub const FAILURE_NONE: u8 = 0; -pub const FAILURE_HINT: u8 = 1; -pub const FAILURE_WARNING: u8 = 2; -pub const FAILURE_ERROR: u8 = 3; diff --git a/desktop/tauri/src-tauri/src/portapi/models/system_status_types.rs b/desktop/tauri/src-tauri/src/portapi/models/system_status_types.rs new file mode 100644 index 00000000..afb24337 --- /dev/null +++ b/desktop/tauri/src-tauri/src/portapi/models/system_status_types.rs @@ -0,0 +1,57 @@ +use serde::{Deserialize, Serialize}; + +#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)] +#[serde(rename_all = "lowercase")] +pub enum StateType { + #[serde(rename = "")] + Undefined, + #[serde(rename = "hint")] + Hint, + #[serde(rename = "warning")] + Warning, + #[serde(rename = "error")] + Error, +} + +#[derive(Debug, Clone, Serialize, Deserialize)] +pub struct State { + #[serde(rename = "ID")] + pub id: String, + #[serde(rename = "Name")] + pub name: String, + #[serde(rename = "Message")] + pub message: Option, + #[serde(rename = "Type")] + pub state_type: Option, + #[serde(rename = "Time")] + pub time: Option, // time.Time serialized by GoLang + #[serde(rename = "Data")] + pub data: Option, // any type +} + +#[derive(Debug, Clone, Serialize, Deserialize)] +pub struct StateUpdate { + #[serde(rename = "Module")] + pub module: String, + #[serde(rename = "States")] + pub states: Option>, +} + +#[derive(Debug, Clone, Serialize, Deserialize)] +pub struct WorstState { + #[serde(rename = "Module")] + pub module: String, + #[serde(flatten)] + pub state: State, +} + +#[derive(Debug, Clone, Serialize, Deserialize)] +pub struct SystemStatus { + #[serde(rename = "Modules")] + pub modules: Vec, + #[serde(rename = "WorstState")] + pub worst_state: Option, + + // add more fields when needed + // ... +} \ No newline at end of file diff --git a/desktop/tauri/src-tauri/src/portmaster/mod.rs b/desktop/tauri/src-tauri/src/portmaster/mod.rs index 0941f306..19c33d7a 100644 --- a/desktop/tauri/src-tauri/src/portmaster/mod.rs +++ b/desktop/tauri/src-tauri/src/portmaster/mod.rs @@ -217,6 +217,47 @@ impl PortmasterInterface { }); } + pub fn set_resume(&self) { + tauri::async_runtime::spawn(async move { + let client = reqwest::Client::new(); + match client + .post(format!("{}control/resume", PORTMASTER_BASE_URL)) + .send() + .await + { + Ok(v) => { + debug!("resume request sent {:?}", v); + } + Err(err) => { + error!("failed to send resume request {}", err); + } + } + }); + } + + + pub fn set_pause(&self, duration_seconds: u64, spn_only: bool) { + tauri::async_runtime::spawn(async move { + let client = reqwest::Client::new(); + match client + .post(format!("{}control/pause", PORTMASTER_BASE_URL)) + .json(&serde_json::json!({ + "duration": duration_seconds, + "onlySPN": spn_only + })) + .send() + .await + { + Ok(v) => { + debug!("pause request sent {:?}", v); + } + Err(err) => { + error!("failed to send pause request {}", err); + } + } + }); + } + //// Internal functions fn start_notification_handler(&self) { if let Some(api) = self.get_api() { diff --git a/desktop/tauri/src-tauri/src/traymenu.rs b/desktop/tauri/src-tauri/src/traymenu.rs index 197bdabc..106793bf 100644 --- a/desktop/tauri/src-tauri/src/traymenu.rs +++ b/desktop/tauri/src-tauri/src/traymenu.rs @@ -1,7 +1,7 @@ use std::ops::Deref; use std::sync::atomic::AtomicBool; use std::sync::RwLock; -use std::{collections::HashMap, sync::atomic::Ordering}; +use std::{sync::atomic::Ordering}; use log::{debug, error}; use tauri::{ @@ -16,11 +16,11 @@ use crate::config; use crate::{ portapi::{ client::PortAPI, - message::ParseError, + message::{ParseError}, models::{ config::BooleanValue, spn::SPNStatus, - subsystem::{self, Subsystem}, + system_status_types::{self, SystemStatus}, }, types::{Request, Response}, }, @@ -59,6 +59,14 @@ const FORCE_SHOW_KEY: &str = "force-show"; const PM_TRAY_ICON_ID: &str = "pm_icon"; const PM_TRAY_MENU_ID: &str = "pm_tray_menu"; +const PAUSE_SPN_5_KEY: &str = "pause_spn_5"; +const PAUSE_SPN_15_KEY: &str = "pause_spn_15"; +const PAUSE_SPN_60_KEY: &str = "pause_spn_60"; +const PAUSE_PM_5_KEY: &str = "pause_pm_5"; +const PAUSE_PM_15_KEY: &str = "pause_pm_15"; +const PAUSE_PM_60_KEY: &str = "pause_pm_60"; +const RESUME_KEY: &str = "resume_all"; + // Icons fn get_theme_mode() -> dark_light::Mode { @@ -142,7 +150,7 @@ fn build_tray_menu( .enabled(false) .build(app) .unwrap(); - + // Setup SPN button let spn_button_text = match spn_status_text { "disabled" => "Enable SPN", @@ -152,6 +160,7 @@ fn build_tray_menu( .build(app) .unwrap(); + // Setup Icon theme submenu let system_theme = MenuItemBuilder::with_id(SYSTEM_THEME_KEY, "System") .build(app) .unwrap(); @@ -165,11 +174,38 @@ fn build_tray_menu( .items(&[&system_theme, &light_theme, &dark_theme]) .build()?; + + // Setup Pause/Resume menu items + let disabled_spn = spn_status_text == "disabled"; + let pause_spn_5min_item = MenuItemBuilder::with_id(PAUSE_SPN_5_KEY, "Pause SPN for 5 minutes").enabled(!disabled_spn).build(app)?; + let pause_spn_15min_item = MenuItemBuilder::with_id(PAUSE_SPN_15_KEY, "Pause SPN for 15 minutes").enabled(!disabled_spn).build(app)?; + let pause_spn_1hour_item = MenuItemBuilder::with_id(PAUSE_SPN_60_KEY, "Pause SPN for 1 hour").enabled(!disabled_spn).build(app)?; + + let pause_pm_5min_item = MenuItemBuilder::with_id(PAUSE_PM_5_KEY, "Pause for 5 minutes").build(app)?; + let pause_pm_15min_item = MenuItemBuilder::with_id(PAUSE_PM_15_KEY, "Pause for 15 minutes").build(app)?; + let pause_pm_1hour_item = MenuItemBuilder::with_id(PAUSE_PM_60_KEY, "Pause for 1 hour").build(app)?; + + let pause_menu = SubmenuBuilder::new(app, "Pause") + .items(&[ + &pause_spn_5min_item, + &pause_spn_15min_item, + &pause_spn_1hour_item, + &PredefinedMenuItem::separator(app)?, + &pause_pm_5min_item, + &pause_pm_15min_item, + &pause_pm_1hour_item, + ]) + .build()?; + + let resume_item = MenuItemBuilder::with_id(RESUME_KEY, "Resume now").build(app)?; + + /* DEV MENU let force_show_window = MenuItemBuilder::with_id(FORCE_SHOW_KEY, "Force Show UI").build(app)?; let reload_btn = MenuItemBuilder::with_id(RELOAD_KEY, "Reload User Interface").build(app)?; let developer_menu = SubmenuBuilder::new(app, "Developer") .items(&[&reload_btn, &force_show_window]) .build()?; + */ let menu = MenuBuilder::with_id(app, PM_TRAY_MENU_ID) .items(&[ @@ -177,6 +213,9 @@ fn build_tray_menu( &PredefinedMenuItem::separator(app)?, &global_status, &PredefinedMenuItem::separator(app)?, + &pause_menu, + &resume_item, + &PredefinedMenuItem::separator(app)?, &spn_status, &spn_button, &PredefinedMenuItem::separator(app)?, @@ -184,7 +223,7 @@ fn build_tray_menu( &PredefinedMenuItem::separator(app)?, &exit_ui_btn, &shutdown_btn, - &developer_menu, + //&developer_menu, ]) .build()?; @@ -250,6 +289,15 @@ pub fn setup_tray_menu( SYSTEM_THEME_KEY => update_icon_theme(app, dark_light::Mode::Default), DARK_THEME_KEY => update_icon_theme(app, dark_light::Mode::Dark), LIGHT_THEME_KEY => update_icon_theme(app, dark_light::Mode::Light), + + PAUSE_SPN_5_KEY => app.portmaster().set_pause(60*5, true), + PAUSE_SPN_15_KEY => app.portmaster().set_pause(60*15, true), + PAUSE_SPN_60_KEY => app.portmaster().set_pause(60*60, true), + PAUSE_PM_5_KEY => app.portmaster().set_pause(60*5, false), + PAUSE_PM_15_KEY => app.portmaster().set_pause(60*15, false), + PAUSE_PM_60_KEY => app.portmaster().set_pause(60*60, false), + RESUME_KEY => app.portmaster().set_resume(), + other => { error!("unknown menu event id: {}", other); } @@ -275,33 +323,29 @@ pub fn setup_tray_menu( Ok(icon) } -pub fn update_icon(icon: AppIcon, subsystems: HashMap, spn_status: String) { - // iterate over the subsystems and check if there's a module failure - let failure = subsystems.values().map(|s| &s.module_status).fold( - (subsystem::FAILURE_NONE, "".to_string()), - |mut acc, s| { - for m in s { - if m.failure_status > acc.0 { - acc = (m.failure_status, m.failure_msg.clone()) - } +pub fn update_icon(icon: AppIcon, system_status: SystemStatus, spn_status: String) { + // Extract the worst state type + let worst_state_type = match system_status.worst_state { + Some(ws) => { + match ws.state.state_type { + Some(s) => s, + None => system_status_types::StateType::Undefined } - acc - }, - ); + } + None => system_status_types::StateType::Undefined + }; - let mut status = "Secured".to_owned(); - - if failure.0 != subsystem::FAILURE_NONE { - status = failure.1; - } - - let icon_color = match failure.0 { - subsystem::FAILURE_WARNING => IconColor::Yellow, - subsystem::FAILURE_ERROR => IconColor::Red, - _ => match spn_status.as_str() { - "connected" | "connecting" => IconColor::Blue, - _ => IconColor::Green, - }, + // Determine status and icon color in a single match expression + let (status, icon_color) = match worst_state_type { + system_status_types::StateType::Error => ("Insecure", IconColor::Red), + system_status_types::StateType::Warning => ("Insecure", IconColor::Yellow), + _ => { + let color = match spn_status.as_str() { + "connected" | "connecting" => IconColor::Blue, + _ => IconColor::Green, + }; + ("Secured", color) + } }; if let Ok(menu) = build_tray_menu(icon.app_handle(), status.as_ref(), spn_status.as_str()) { @@ -322,9 +366,9 @@ pub async fn tray_handler(cli: PortAPI, app: tauri::AppHandle) { } }; - let mut subsystem_subscription = match cli + let mut system_status_subscription = match cli .request(Request::QuerySubscribe( - "query runtime:subsystems/".to_string(), + "query runtime:system/status".to_string(), )) .await { @@ -388,12 +432,16 @@ pub async fn tray_handler(cli: PortAPI, app: tauri::AppHandle) { update_icon_color(&icon, IconColor::Blue); - let mut subsystems: HashMap = HashMap::new(); + let mut system_status = SystemStatus { + modules: Vec::new(), + worst_state: None, + }; + let mut spn_status: String = "".to_string(); loop { tokio::select! { - msg = subsystem_subscription.recv() => { + msg = system_status_subscription.recv() => { let msg = match msg { Some(m) => m, None => { break } @@ -407,17 +455,17 @@ pub async fn tray_handler(cli: PortAPI, app: tauri::AppHandle) { }; if let Some((_, payload)) = res { - match payload.parse::() { - Ok(n) => { - subsystems.insert(n.id.clone(), n); - update_icon(icon.clone(), subsystems.clone(), spn_status.clone()); + match payload.parse::() { + Ok(system_status_update) => { + system_status.clone_from(&system_status_update); + update_icon(icon.clone(), system_status.clone(), spn_status.clone()); }, Err(err) => match err { ParseError::Json(err) => { - error!("failed to parse subsystem: {}", err); + error!("failed to parse SystemStatus: {}", err); } _ => { - error!("unknown error when parsing notifications payload"); + error!("unknown error when parsing SystemStatus payload"); } }, } @@ -441,7 +489,7 @@ pub async fn tray_handler(cli: PortAPI, app: tauri::AppHandle) { Ok(value) => { debug!("SPN status update: {}", value.status); spn_status.clone_from(&value.status); - update_icon(icon.clone(), subsystems.clone(), spn_status.clone()); + update_icon(icon.clone(), system_status.clone(), spn_status.clone()); }, Err(err) => match err { ParseError::Json(err) => { From 139610b99d0a793485efe0d82c3e49d749b82eb2 Mon Sep 17 00:00:00 2001 From: Alexandr Stelnykovych Date: Mon, 10 Nov 2025 15:14:20 +0200 Subject: [PATCH 09/14] feat(UI): enhance pause info display in system tray menu and reorganize menu item positions https://github.com/safing/portmaster/issues/2050 --- .../src/app/layout/navigation/navigation.html | 4 +- .../src/app/layout/navigation/navigation.ts | 6 +- desktop/tauri/src-tauri/Cargo.lock | 3 + desktop/tauri/src-tauri/Cargo.toml | 1 + .../src/portapi/models/system_status_types.rs | 26 +++- desktop/tauri/src-tauri/src/traymenu.rs | 138 ++++++++++++------ 6 files changed, 125 insertions(+), 53 deletions(-) diff --git a/desktop/angular/src/app/layout/navigation/navigation.html b/desktop/angular/src/app/layout/navigation/navigation.html index 09b8e5f9..ae961f6c 100644 --- a/desktop/angular/src/app/layout/navigation/navigation.html +++ b/desktop/angular/src/app/layout/navigation/navigation.html @@ -220,10 +220,10 @@
- Paused: {{ pauseInfo }} + {{ pauseInfo }} - Auto-resume at: {{ pauseInfoTillTime }} + Auto-resume at {{ pauseInfoTillTime }}
diff --git a/desktop/angular/src/app/layout/navigation/navigation.ts b/desktop/angular/src/app/layout/navigation/navigation.ts index 48195e5d..1cff5acb 100644 --- a/desktop/angular/src/app/layout/navigation/navigation.ts +++ b/desktop/angular/src/app/layout/navigation/navigation.ts @@ -42,11 +42,11 @@ export class NavigationComponent implements OnInit { get isPausedSPN(): boolean { return this.pauseState?.SPN===true; } get pauseInfo(): string { if (this.pauseState?.Interception===true && this.pauseState?.SPN===true) - return 'Portmaster and SPN'; + return 'Portmaster and SPN are paused'; else if (this.pauseState?.Interception===true) - return 'Portmaster'; + return 'Portmaster is paused'; else if (this.pauseState?.SPN===true) - return 'SPN'; + return 'SPN is paused'; return ''; } get pauseInfoTillTime(): string { diff --git a/desktop/tauri/src-tauri/Cargo.lock b/desktop/tauri/src-tauri/Cargo.lock index 2f5e7e06..6d1c7727 100644 --- a/desktop/tauri/src-tauri/Cargo.lock +++ b/desktop/tauri/src-tauri/Cargo.lock @@ -859,8 +859,10 @@ checksum = "1a7964611d71df112cb1730f2ee67324fcf4d0fc6606acbbe9bfe06df124637c" dependencies = [ "android-tzdata", "iana-time-zone", + "js-sys", "num-traits", "serde", + "wasm-bindgen", "windows-link", ] @@ -3949,6 +3951,7 @@ version = "2.0.25" dependencies = [ "assert_matches", "cached", + "chrono", "clap_lex", "ctor", "dark-light", diff --git a/desktop/tauri/src-tauri/Cargo.toml b/desktop/tauri/src-tauri/Cargo.toml index fb562e22..b7e9a6d6 100644 --- a/desktop/tauri/src-tauri/Cargo.toml +++ b/desktop/tauri/src-tauri/Cargo.toml @@ -52,6 +52,7 @@ reqwest = { version = "0.12", features = ["cookies", "json"] } rfd = { version = "*", default-features = false, features = [ "tokio", "gtk3", "common-controls-v6" ] } open = "5.1.3" +chrono = { version = "0.4", features = ["serde"] } dark-light = { path = "../rust-dark-light" } diff --git a/desktop/tauri/src-tauri/src/portapi/models/system_status_types.rs b/desktop/tauri/src-tauri/src/portapi/models/system_status_types.rs index afb24337..c4e0a47a 100644 --- a/desktop/tauri/src-tauri/src/portapi/models/system_status_types.rs +++ b/desktop/tauri/src-tauri/src/portapi/models/system_status_types.rs @@ -45,7 +45,7 @@ pub struct WorstState { pub state: State, } -#[derive(Debug, Clone, Serialize, Deserialize)] +#[derive(Debug, Clone, Serialize, Deserialize, Default)] pub struct SystemStatus { #[serde(rename = "Modules")] pub modules: Vec, @@ -54,4 +54,28 @@ pub struct SystemStatus { // add more fields when needed // ... +} + +// PauseInfo represents pause status data from "control:paused" state in Control module +#[derive(Debug, Clone, Serialize, Deserialize, Default)] +pub struct PauseInfo { + #[serde(rename = "Interception")] + pub interception: bool, + #[serde(rename = "SPN")] + pub spn: bool, + #[serde(rename = "TillTime")] + pub till_time: String, // time.Time serialized as string by GoLang +} + + +impl SystemStatus { + pub fn get_module_state(&self, module_name: &str, state_id: &str) -> Option<&State> { + if let Some(module) = self.modules.iter().find(|m| m.module == module_name) { + if let Some(states) = &module.states { + return states.iter().find(|s| s.id == state_id); + } + } + None + } + } \ No newline at end of file diff --git a/desktop/tauri/src-tauri/src/traymenu.rs b/desktop/tauri/src-tauri/src/traymenu.rs index 106793bf..1d7a88b7 100644 --- a/desktop/tauri/src-tauri/src/traymenu.rs +++ b/desktop/tauri/src-tauri/src/traymenu.rs @@ -2,6 +2,7 @@ use std::ops::Deref; use std::sync::atomic::AtomicBool; use std::sync::RwLock; use std::{sync::atomic::Ordering}; +use chrono::{DateTime}; use log::{debug, error}; use tauri::{ @@ -66,6 +67,8 @@ const PAUSE_PM_5_KEY: &str = "pause_pm_5"; const PAUSE_PM_15_KEY: &str = "pause_pm_15"; const PAUSE_PM_60_KEY: &str = "pause_pm_60"; const RESUME_KEY: &str = "resume_all"; +const PAUSE_INFO_KEY: &str = "pause_info"; +const PAUSE_INFO_TIME_KEY: &str = "pause_info_time"; // Icons @@ -133,6 +136,7 @@ fn build_tray_menu( app: &tauri::AppHandle, status: &str, spn_status_text: &str, + pause_info: &system_status_types::PauseInfo, ) -> core::result::Result> { load_theme(app); @@ -140,22 +144,46 @@ fn build_tray_menu( let exit_ui_btn = MenuItemBuilder::with_id(EXIT_UI_KEY, "Exit UI").build(app)?; let shutdown_btn = MenuItemBuilder::with_id(SHUTDOWN_KEY, "Shut Down Portmaster").build(app)?; - let global_status = MenuItemBuilder::with_id(GLOBAL_STATUS_KEY, format!("Status: {}", status)) + // Global status + let global_status_text = if pause_info.interception { + format!("Status: {} (PAUSED)", status) + } else { + format!("Status: {}", status) + }; + let global_status = MenuItemBuilder::with_id(GLOBAL_STATUS_KEY, global_status_text) .enabled(false) .build(app) .unwrap(); - // Setup SPN status - let spn_status = MenuItemBuilder::with_id(SPN_STATUS_KEY, format!("SPN: {}", spn_status_text)) - .enabled(false) - .build(app) - .unwrap(); - + // Pause items + let (pause_status_item, pause_status_time_item, resume_item) = if pause_info.interception || pause_info.spn { + let status_text = match (pause_info.interception, pause_info.spn) { + (true, true) => "Portmaster and SPN are paused", + (true, false) => "Portmaster is paused", + (false, true) => "SPN is paused", + _ => unreachable!(), // We already checked at least one is true + }; + let status_item = MenuItemBuilder::with_id(PAUSE_INFO_KEY, status_text).enabled(false).build(app)?; + + let formatted_time = DateTime::parse_from_rfc3339(&pause_info.till_time) + .map(|dt| dt.with_timezone(&chrono::Local).format("%H:%M:%S").to_string()) + .unwrap_or_else(|_| pause_info.till_time.clone()); + let time_item = MenuItemBuilder::with_id(PAUSE_INFO_TIME_KEY, format!("Auto-resume at {}", formatted_time)).enabled(false).build(app)?; + let resume_item = MenuItemBuilder::with_id(RESUME_KEY, "Resume now").build(app)?; + (Some(status_item), Some(time_item), Some(resume_item)) + } else { + (None, None, None) + }; + // Setup SPN button let spn_button_text = match spn_status_text { "disabled" => "Enable SPN", _ => "Disable SPN", - }; + }; + let spn_status = MenuItemBuilder::with_id(SPN_STATUS_KEY, format!("SPN: {}", spn_status_text)) + .enabled(false) + .build(app) + .unwrap(); let spn_button = MenuItemBuilder::with_id(SPN_BUTTON_KEY, spn_button_text) .build(app) .unwrap(); @@ -176,10 +204,10 @@ fn build_tray_menu( // Setup Pause/Resume menu items - let disabled_spn = spn_status_text == "disabled"; - let pause_spn_5min_item = MenuItemBuilder::with_id(PAUSE_SPN_5_KEY, "Pause SPN for 5 minutes").enabled(!disabled_spn).build(app)?; - let pause_spn_15min_item = MenuItemBuilder::with_id(PAUSE_SPN_15_KEY, "Pause SPN for 15 minutes").enabled(!disabled_spn).build(app)?; - let pause_spn_1hour_item = MenuItemBuilder::with_id(PAUSE_SPN_60_KEY, "Pause SPN for 1 hour").enabled(!disabled_spn).build(app)?; + let disabled_spn_pause = (spn_status_text == "disabled" && !pause_info.spn) || pause_info.interception; + let pause_spn_5min_item = MenuItemBuilder::with_id(PAUSE_SPN_5_KEY, "Pause SPN for 5 minutes").enabled(!disabled_spn_pause).build(app)?; + let pause_spn_15min_item = MenuItemBuilder::with_id(PAUSE_SPN_15_KEY, "Pause SPN for 15 minutes").enabled(!disabled_spn_pause).build(app)?; + let pause_spn_1hour_item = MenuItemBuilder::with_id(PAUSE_SPN_60_KEY, "Pause SPN for 1 hour").enabled(!disabled_spn_pause).build(app)?; let pause_pm_5min_item = MenuItemBuilder::with_id(PAUSE_PM_5_KEY, "Pause for 5 minutes").build(app)?; let pause_pm_15min_item = MenuItemBuilder::with_id(PAUSE_PM_15_KEY, "Pause for 15 minutes").build(app)?; @@ -197,8 +225,6 @@ fn build_tray_menu( ]) .build()?; - let resume_item = MenuItemBuilder::with_id(RESUME_KEY, "Resume now").build(app)?; - /* DEV MENU let force_show_window = MenuItemBuilder::with_id(FORCE_SHOW_KEY, "Force Show UI").build(app)?; let reload_btn = MenuItemBuilder::with_id(RELOAD_KEY, "Reload User Interface").build(app)?; @@ -206,25 +232,44 @@ fn build_tray_menu( .items(&[&reload_btn, &force_show_window]) .build()?; */ + + // Assemble menu items + let s = PredefinedMenuItem::separator(app)?; + let mut items: Vec<&dyn tauri::menu::IsMenuItem> = Vec::new(); + + + items.push(&global_status); + items.push(&s); + + if let Some(ref pause_status_item) = pause_status_item { + items.push(pause_status_item); + } + if let Some(ref pause_status_time_item) = pause_status_time_item { + items.push(pause_status_time_item); + } + if let Some(ref resume_item) = resume_item { + items.push(resume_item); + } + items.push(&pause_menu); + items.push(&s); + + items.push(&spn_status); + items.push(&spn_button); + items.push(&s); + + items.push(&theme_menu); + items.push(&s); + + items.push(&open_btn); + items.push(&s); + + items.push(&exit_ui_btn); + items.push(&shutdown_btn); + //items.push(&developer_menu); + let menu = MenuBuilder::with_id(app, PM_TRAY_MENU_ID) - .items(&[ - &open_btn, - &PredefinedMenuItem::separator(app)?, - &global_status, - &PredefinedMenuItem::separator(app)?, - &pause_menu, - &resume_item, - &PredefinedMenuItem::separator(app)?, - &spn_status, - &spn_button, - &PredefinedMenuItem::separator(app)?, - &theme_menu, - &PredefinedMenuItem::separator(app)?, - &exit_ui_btn, - &shutdown_btn, - //&developer_menu, - ]) + .items(&items) .build()?; return Ok(menu); @@ -233,7 +278,7 @@ fn build_tray_menu( pub fn setup_tray_menu( app: &mut tauri::App, ) -> core::result::Result> { - let menu = build_tray_menu(app.handle(), "Secured", "disabled")?; + let menu = build_tray_menu(app.handle(), "Secured", "disabled", &system_status_types::PauseInfo::default())?; let icon = TrayIconBuilder::with_id(PM_TRAY_ICON_ID) .icon(Image::from_bytes(get_red_icon()).unwrap()) @@ -325,15 +370,10 @@ pub fn setup_tray_menu( pub fn update_icon(icon: AppIcon, system_status: SystemStatus, spn_status: String) { // Extract the worst state type - let worst_state_type = match system_status.worst_state { - Some(ws) => { - match ws.state.state_type { - Some(s) => s, - None => system_status_types::StateType::Undefined - } - } - None => system_status_types::StateType::Undefined - }; + let worst_state_type = system_status.worst_state + .as_ref() + .and_then(|ws| ws.state.state_type.clone()) + .unwrap_or(system_status_types::StateType::Undefined); // Determine status and icon color in a single match expression let (status, icon_color) = match worst_state_type { @@ -348,7 +388,15 @@ pub fn update_icon(icon: AppIcon, system_status: SystemStatus, spn_status: Strin } }; - if let Ok(menu) = build_tray_menu(icon.app_handle(), status.as_ref(), spn_status.as_str()) { + // Extract pause info from system status + let pause_info = system_status + .get_module_state("Control", "control:paused") + .and_then(|state| state.data.as_ref()) + .and_then(|data| serde_json::from_value::(data.clone()).ok()) + .unwrap_or_default(); + + // Rebuild and set the tray menu + if let Ok(menu) = build_tray_menu(icon.app_handle(), status, spn_status.as_str(), &pause_info) { if let Err(err) = icon.set_menu(Some(menu)) { error!("failed to set menu on tray icon: {}", err.to_string()); } @@ -432,11 +480,7 @@ pub async fn tray_handler(cli: PortAPI, app: tauri::AppHandle) { update_icon_color(&icon, IconColor::Blue); - let mut system_status = SystemStatus { - modules: Vec::new(), - worst_state: None, - }; - + let mut system_status = SystemStatus::default(); let mut spn_status: String = "".to_string(); loop { From 3aaa5ab1615d68b38499747130d7cced21efb3bf Mon Sep 17 00:00:00 2001 From: Alexandr Stelnykovych Date: Mon, 10 Nov 2025 18:20:34 +0200 Subject: [PATCH 10/14] fix(control): adjust pause logic to ensure correct state updates and notification behavior fix(traymenu): update tray menu label from "Secured" to "unknown" fix(notifications): log error when notification is clicked without an associated action --- desktop/tauri/src-tauri/src/portmaster/notifications.rs | 4 +++- desktop/tauri/src-tauri/src/traymenu.rs | 2 +- service/control/pause.go | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/desktop/tauri/src-tauri/src/portmaster/notifications.rs b/desktop/tauri/src-tauri/src/portmaster/notifications.rs index f1bc9dff..c27189a2 100644 --- a/desktop/tauri/src-tauri/src/portmaster/notifications.rs +++ b/desktop/tauri/src-tauri/src/portmaster/notifications.rs @@ -134,8 +134,10 @@ pub async fn show_notification(cli: &PortAPI, key: String, n: Notification) { )) .await; }); + } else { + error!("Notification clicked but no action associated."); + // TODO(vladimir): If Action is None, the user clicked on the notification. Focus on the UI. } - // TODO(vladimir): If Action is None, the user clicked on the notification. Focus on the UI. Ok(()) }); } diff --git a/desktop/tauri/src-tauri/src/traymenu.rs b/desktop/tauri/src-tauri/src/traymenu.rs index 1d7a88b7..20a19e37 100644 --- a/desktop/tauri/src-tauri/src/traymenu.rs +++ b/desktop/tauri/src-tauri/src/traymenu.rs @@ -278,7 +278,7 @@ fn build_tray_menu( pub fn setup_tray_menu( app: &mut tauri::App, ) -> core::result::Result> { - let menu = build_tray_menu(app.handle(), "Secured", "disabled", &system_status_types::PauseInfo::default())?; + let menu = build_tray_menu(app.handle(), "unknown", "disabled", &system_status_types::PauseInfo::default())?; let icon = TrayIconBuilder::with_id(PM_TRAY_ICON_ID) .icon(Image::from_bytes(get_red_icon()).unwrap()) diff --git a/service/control/pause.go b/service/control/pause.go index a33ddebc..73b69f31 100644 --- a/service/control/pause.go +++ b/service/control/pause.go @@ -60,8 +60,8 @@ func (c *Control) pause(duration time.Duration, onlySPN bool) (retErr error) { // E.g. SPN enabled -> pause SPN -> restart PC/Portmaster -> SPN should be enabled again. config.SetConfigOption("spn/enable", false) c.mgr.Info("SPN paused") + c.pauseInfo.SPN = true } - c.pauseInfo.SPN = true } if onlySPN { @@ -192,7 +192,7 @@ func (c *Control) updateStatesAndNotify() { Type: nType, Title: title, Message: message, - ShowOnSystem: true, + ShowOnSystem: false, // TODO: Before enabling, ensure that UI client (Tauri implementation) supports ActionTypeWebhook. EventData: &c.pauseInfo, AvailableActions: []*notifications.Action{ { From 3406017754b4da48bb6bb6d6caf7f01fd45da339 Mon Sep 17 00:00:00 2001 From: Alexandr Stelnykovych Date: Tue, 11 Nov 2025 17:17:26 +0200 Subject: [PATCH 11/14] Refactor status module initialization: register runtime privider as soon as possible --- service/status/module.go | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/service/status/module.go b/service/status/module.go index 77ec6716..1d94d19d 100644 --- a/service/status/module.go +++ b/service/status/module.go @@ -35,10 +35,6 @@ func (s *Status) Manager() *mgr.Manager { // Start starts the module. func (s *Status) Start() error { - if err := s.setupRuntimeProvider(); err != nil { - return err - } - s.mgr.Go("status publisher", s.statusPublisher) s.instance.NetEnv().EventOnlineStatusChange.AddCallback("update online status in system status", @@ -67,6 +63,14 @@ func (s *Status) Stop() error { return nil } +func (s *Status) prep() error { + // register status provider as soon as possible + if err := s.setupRuntimeProvider(); err != nil { + return err + } + return nil +} + // AddToDebugInfo adds the system status to the given debug.Info. func AddToDebugInfo(di *debug.Info) { di.AddSection( @@ -96,6 +100,10 @@ func New(instance instance) (*Status, error) { notifications: make(map[string]map[string]*notifications.Notification), } + if err := module.prep(); err != nil { + return nil, err + } + return module, nil } From 3abb2b3c699f023d189401307390bab7c189b3b6 Mon Sep 17 00:00:00 2001 From: Alexandr Stelnykovych Date: Tue, 11 Nov 2025 17:18:58 +0200 Subject: [PATCH 12/14] feat(control): add notification for automatic resume from pause state --- desktop/tauri/src-tauri/src/traymenu.rs | 13 ++++++++++++- service/control/pause.go | 21 ++++++++++++++++++++- 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/desktop/tauri/src-tauri/src/traymenu.rs b/desktop/tauri/src-tauri/src/traymenu.rs index 20a19e37..c26d104e 100644 --- a/desktop/tauri/src-tauri/src/traymenu.rs +++ b/desktop/tauri/src-tauri/src/traymenu.rs @@ -423,7 +423,7 @@ pub async fn tray_handler(cli: PortAPI, app: tauri::AppHandle) { Ok(rx) => rx, Err(err) => { error!( - "cancel try_handler: failed to subscribe to 'runtime:subsystems': {}", + "cancel try_handler: failed to subscribe to 'runtime:system/status': {}", err ); return; @@ -594,7 +594,18 @@ pub async fn tray_handler(cli: PortAPI, app: tauri::AppHandle) { } } } + + update_icon_nostate(icon.clone()); +} + +pub fn update_icon_nostate(icon: AppIcon) { update_icon_color(&icon, IconColor::Red); + + if let Ok(menu) = build_tray_menu(icon.app_handle(), "unknown", "unknown", &system_status_types::PauseInfo::default()) { + if let Err(err) = icon.set_menu(Some(menu)) { + error!("failed to set menu on tray icon: {}", err.to_string()); + } + } } fn update_icon_color(icon: &AppIcon, new_color: IconColor) { diff --git a/service/control/pause.go b/service/control/pause.go index 73b69f31..b3aa3480 100644 --- a/service/control/pause.go +++ b/service/control/pause.go @@ -155,7 +155,26 @@ func (c *Control) startResumeWorker(duration time.Duration) { } case <-time.After(duration): wc.Info("Resuming...") - return c.resume() + + err := c.resume() + if err == nil { + n := ¬ifications.Notification{ + EventID: "control:resumed", + Type: notifications.Info, + Title: "Resumed", + Message: "Automatically resumed from pause state", + ShowOnSystem: true, + Expires: time.Now().Add(15 * time.Second).Unix(), + AvailableActions: []*notifications.Action{ + { + ID: "ack", + Text: "OK", + }, + }, + } + notifications.Notify(n) + } + return err } } } From 14be84d2d0fb325df2218fbee946cc7798b92b4b Mon Sep 17 00:00:00 2001 From: Alexandr Stelnykovych Date: Tue, 11 Nov 2025 18:20:10 +0200 Subject: [PATCH 13/14] fix(instance): re-add dnsmonitor to serviceGroupInterception module --- service/instance.go | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/service/instance.go b/service/instance.go index ebf53fd1..746dfb54 100644 --- a/service/instance.go +++ b/service/instance.go @@ -317,11 +317,7 @@ func New(svcCfg *ServiceConfig) (*Instance, error) { //nolint:maintidx // Grouped interception modules that can be paused/resumed together. instance.serviceGroupInterception = mgr.NewGroupModule("Interception Group", instance.interception, - - // TODO: The dnsmonitor is currently not part of this group, as it has inconsistent issue when stopping. - // Fix chars-issue of this module and re-add it here. - //instance.dnsmonitor, - + instance.dnsmonitor, instance.compat) // Add all modules to instance group. @@ -357,7 +353,6 @@ func New(svcCfg *ServiceConfig) (*Instance, error) { //nolint:maintidx // instance.dnsmonitor, // instance.compat instance.serviceGroupInterception, - instance.dnsmonitor, // TODO: Remove when re-added to serviceGroupInterception group. instance.status, instance.broadcasts, From 063fa7f115228d954a866b048ae673f8843ffdc3 Mon Sep 17 00:00:00 2001 From: Alexandr Stelnykovych Date: Wed, 12 Nov 2025 14:24:24 +0200 Subject: [PATCH 14/14] fix(interception): ensure metrics are stopped on failed module start --- service/firewall/interception/module.go | 1 + 1 file changed, 1 insertion(+) diff --git a/service/firewall/interception/module.go b/service/firewall/interception/module.go index d05da9df..e29b32bb 100644 --- a/service/firewall/interception/module.go +++ b/service/firewall/interception/module.go @@ -73,6 +73,7 @@ func start() error { if err != nil { log.Errorf("interception: failed to start module: %q", err) log.Debug("interception: cleaning up after failed start...") + metrics.stop() if e := stopInterception(); e != nil { log.Debugf("interception: error cleaning up after failed start: %q", e.Error()) }