Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support TCP socket qrexec services #9037

Closed
3 tasks
marmarek opened this issue Mar 16, 2024 · 3 comments
Closed
3 tasks

Support TCP socket qrexec services #9037

marmarek opened this issue Mar 16, 2024 · 3 comments
Assignees
@DemiMarie
Labels
C: core C: doc C: networking C: tests P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.

Comments

@marmarek
Copy link
Member

How to file a helpful issue

The problem you're addressing (if any)

When using existing service via qrexec, some do not support UNIX sockets, only TCP. One example is qubes.UpdatesProxy, which uses socat right now. This approach mostly works (but sometimes cause issues, like when socat update changes it behavior), but has significant connection overhead.

The solution you'd like

Currently, service files in /etc/qubes-rpc can either be executable (or a symlink to an executable), or an UNIX socket (or a symlink to a UNIX socket). TCP target can be configured with a symlink too, using bash-inspired syntax /dev/tcp/host/port. Qrexec would readlink the file and if it points at the special /dev/tcp/... target, parse it as host + port and open a TCP connection. Then, proceed similar to the existing socket service.

The value to a user, and who that user might be

Together with #9036, it will allow services like qubes.UpdatesProxy work without extra process in the middle. This would avoid issues like #9025
@marmarek marmarek added T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality. C: core P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. labels Mar 16, 2024
@marmarek marmarek moved this to Done in Current team tasks Mar 16, 2024
@marmarek marmarek moved this from Done to Ready in Current team tasks Mar 16, 2024
@DemiMarie
Copy link

If the host and port are omitted, could they be taken from the service arguments?

@marmarek
Copy link
Member Author

That's a very good question. It would allow socat-less qubes.ConnectTCP. So, maybe yes?

@DemiMarie
Copy link

I think that is a good idea.

@DemiMarie DemiMarie self-assigned this Mar 24, 2024
@DemiMarie DemiMarie mentioned this issue Apr 2, 2024
Open
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 7, 2024
@DemiMarie
Implement connections to TCP-based services
96192f7 
Both IPv4 and IPv6 are supported.  The port or both host and port can be
taken from the service argument instead of the symbolic link name.

Fixes: QubesOS/qubes-issues#9037
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 7, 2024
@DemiMarie
Implement connections to TCP-based services
3c0c27f 
Both IPv4 and IPv6 are supported.  The port or both host and port can be
taken from the service argument instead of the symbolic link name.

Fixes: QubesOS/qubes-issues#9037
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 9, 2024
@DemiMarie
Implement connections to TCP-based services
84dc0f4 
Both IPv4 and IPv6 are supported.  The port or both host and port can be
taken from the service argument instead of the symbolic link name.  Of
course, there are full unit tests.

Fixes: QubesOS/qubes-issues#9037
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 9, 2024
@DemiMarie
Implement connections to TCP-based services
2a715f7 
Both IPv4 and IPv6 are supported.  The port or both host and port can be
taken from the service argument instead of the symbolic link name.  Of
course, there are full unit tests.

Fixes: QubesOS/qubes-issues#9037
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 12, 2024
@DemiMarie
Implement connections to TCP-based services
0315251 
Both IPv4 and IPv6 are supported.  The port or both host and port can be
taken from the service argument instead of the symbolic link name.  Of
course, there are full unit tests.

Fixes: QubesOS/qubes-issues#9037
@marmarek marmarek moved this from Ready to In progress in Current team tasks Apr 14, 2024
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 17, 2024
@DemiMarie
Implement connections to TCP-based services
83e6358 
Both IPv4 and IPv6 are supported.  The port or both host and port can be
taken from the service argument instead of the symbolic link name.  Of
course, there are full unit tests.

Fixes: QubesOS/qubes-issues#9037
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 18, 2024
@DemiMarie
Implement connections to TCP-based services
b1039b8 
Both IPv4 and IPv6 are supported.  The port or both host and port can be
taken from the service argument instead of the symbolic link name.  Of
course, there are full unit tests.

Fixes: QubesOS/qubes-issues#9037
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 18, 2024
@DemiMarie
Implement connections to TCP-based services
4189827 
Both IPv4 and IPv6 are supported.  The port or both host and port can be
taken from the service argument instead of the symbolic link name.  Of
course, there are full unit tests.

Fixes: QubesOS/qubes-issues#9037
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 18, 2024
@DemiMarie
Implement connections to TCP-based services
f1dc238 
Both IPv4 and IPv6 are supported.  The port or both host and port can be
taken from the service argument instead of the symbolic link name.  Of
course, there are full unit tests.

Fixes: QubesOS/qubes-issues#9037
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 23, 2024
@DemiMarie
Implement connections to TCP-based services
38cad98 
Both IPv4 and IPv6 are supported.  The port or both host and port can be
taken from the service argument instead of the symbolic link name.  Of
course, there are full unit tests.

Fixes: QubesOS/qubes-issues#9037
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 23, 2024
@DemiMarie
Implement connections to TCP-based services
dd3a931 
Both IPv4 and IPv6 are supported.  The port or both host and port can be
taken from the service argument instead of the symbolic link name.  Of
course, there are full unit tests.

Fixes: QubesOS/qubes-issues#9037
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 23, 2024
@DemiMarie
Implement connections to TCP-based services
281017b 
Both IPv4 and IPv6 are supported.  The port or both host and port can be
taken from the service argument instead of the symbolic link name.  Of
course, there are full unit tests.

Fixes: QubesOS/qubes-issues#9037
@github-project-automation github-project-automation bot moved this from In progress to Done in Current team tasks Apr 25, 2024
marmarek added a commit to marmarek/qubes-core-agent-linux that referenced this issue Apr 26, 2024
@marmarek
Use new built-in TCP support in qrexec for qubes.ConnectTCP
23bec0c 
QubesOS/qubes-issues#9037
marmarek added a commit to marmarek/qubes-core-agent-linux that referenced this issue Apr 26, 2024
@marmarek
Use new built-in TCP support in qrexec for qubes.UpdatesProxy
068492a 
QubesOS/qubes-issues#9037
This was referenced Apr 26, 2024
Merged
Closed
marmarek added a commit to marmarek/qubes-core-agent-linux that referenced this issue May 4, 2024
@marmarek
Use new built-in TCP support in qrexec for qubes.ConnectTCP
ee3c857 
Enable exit-on-stdout-eof feature, since that is what socat did.

QubesOS/qubes-issues#9037
marmarek added a commit to marmarek/qubes-core-agent-linux that referenced this issue May 4, 2024
@marmarek
Use new built-in TCP support in qrexec for qubes.UpdatesProxy
0d2d42e 
Enable exit-on-stdout-eof feature, since that is what socat did.

QubesOS/qubes-issues#9037
marmarek added a commit to marmarek/qubes-core-agent-linux that referenced this issue May 6, 2024
@marmarek
Use new built-in TCP support in qrexec for qubes.ConnectTCP
3ba3709 
Enable exit-on-service-eof feature, since that is what socat did.

QubesOS/qubes-issues#9037
marmarek added a commit to marmarek/qubes-core-agent-linux that referenced this issue May 6, 2024
@marmarek
Use new built-in TCP support in qrexec for qubes.UpdatesProxy
110064b 
Enable exit-on-service-eof feature, since that is what socat did.

QubesOS/qubes-issues#9037
Closed
marmarek added a commit to marmarek/qubes-core-agent-linux that referenced this issue May 9, 2024
@marmarek
Require qrexec >= 4.2.19 for built-in TCP support
efa37e4 
qubes.UpdatesProxy and qubes.ConnecTCP are converted to use the built-in
TCP support in qrexec.

QubesOS/qubes-issues#9037
This was referenced May 9, 2024
Closed
Closed
Closed
@qubesos-bot qubesos-bot mentioned this issue May 9, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DemiMarie DemiMarie

Labels
C: core C: doc C: networking C: tests P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
Projects
Current team tasks
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@marmarek @DemiMarie @andrewdavidwong