Skip to content

Commit

Permalink
feat(rust): rename ebpf portals -> privileged portals
Browse files Browse the repository at this point in the history
  • Loading branch information
@SanjoDeundiak
SanjoDeundiak committed Nov 7, 2024
1 parent c84c401 commit 3ccca36
Show file tree
Hide file tree
Showing 50 changed files with 131 additions and 187 deletions.
4 changes: 2 additions & 2 deletions implementations/rust/ockam/ockam_api/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ repository = "https://github.com/ockam-network/ockam/implementations/rust/ockam/
description = "Ockam's request-response API"

[features]
default = ["std", "rust-crypto", "ebpf"]
default = ["std", "rust-crypto", "privileged_portals"]
test-utils = []
std = [
"either/use_std",
Expand All @@ -43,7 +43,7 @@ std = [
storage = ["ockam/storage"]
aws-lc = ["ockam_vault/aws-lc", "ockam_transport_tcp/aws-lc"]
rust-crypto = ["ockam_vault/rust-crypto", "ockam_transport_tcp/ring"]
ebpf = ["ockam_transport_tcp/ebpf"]
privileged_portals = ["ockam_transport_tcp/privileged_portals"]

[build-dependencies]
cfg_aliases = "0.2.1"
Expand Down
2 changes: 1 addition & 1 deletion implementations/rust/ockam/ockam_api/build.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,6 @@ fn hash() {
fn main() {
hash();
cfg_aliases! {
ebpf_alias: { all(target_os = "linux", feature = "ebpf") }
privileged_portals_support: { all(target_os = "linux", feature = "privileged_portals") }
}
}
8 changes: 4 additions & 4 deletions implementations/rust/ockam/ockam_api/src/influxdb/portal.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ impl NodeManagerWorker {
worker_addr,
reachable_from_default_secure_channel,
policy_expression,
ebpf,
privileged,
tls,
} = body.tcp_outlet;
let address = self
Expand Down Expand Up @@ -93,7 +93,7 @@ impl NodeManagerWorker {
Some(outlet_address),
reachable_from_default_secure_channel,
OutletAccessControl::WithPolicyExpression(policy_expression),
ebpf,
privileged,
)
.await
{
Expand All @@ -118,7 +118,7 @@ impl NodeManagerWorker {
secure_channel_identifier,
enable_udp_puncture,
disable_tcp_fallback,
ebpf,
privileged,
tls_certificate_provider,
} = body.tcp_inlet.clone();

Expand Down Expand Up @@ -192,7 +192,7 @@ impl NodeManagerWorker {
secure_channel_identifier,
enable_udp_puncture,
disable_tcp_fallback,
ebpf,
privileged,
tls_certificate_provider,
)
.await
Expand Down
16 changes: 8 additions & 8 deletions implementations/rust/ockam/ockam_api/src/nodes/models/portal.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ pub struct CreateInlet {
/// TCP won't be used to transfer data between the Inlet and the Outlet.
#[n(11)] pub(crate) disable_tcp_fallback: bool,
/// Use eBPF and RawSocket to access TCP packets instead of TCP data stream.
#[n(12)] pub(crate) ebpf: bool,
#[n(12)] pub(crate) privileged: bool,
/// TLS certificate provider route.
#[n(13)] pub(crate) tls_certificate_provider: Option<MultiAddr>,
}
Expand All @@ -68,7 +68,7 @@ impl CreateInlet {
wait_connection: bool,
enable_udp_puncture: bool,
disable_tcp_fallback: bool,
ebpf: bool,
privileged: bool,
) -> Self {
Self {
listen_addr: listen,
Expand All @@ -81,7 +81,7 @@ impl CreateInlet {
secure_channel_identifier: None,
enable_udp_puncture,
disable_tcp_fallback,
ebpf,
privileged,
tls_certificate_provider: None,
}
}
Expand All @@ -95,7 +95,7 @@ impl CreateInlet {
wait_connection: bool,
enable_udp_puncture: bool,
disable_tcp_fallback: bool,
ebpf: bool,
privileged: bool,
) -> Self {
Self {
listen_addr: listen,
Expand All @@ -108,7 +108,7 @@ impl CreateInlet {
secure_channel_identifier: None,
enable_udp_puncture,
disable_tcp_fallback,
ebpf,
privileged,
tls_certificate_provider: None,
}
}
Expand Down Expand Up @@ -169,7 +169,7 @@ pub struct CreateOutlet {
/// will be used.
#[n(5)] pub policy_expression: Option<PolicyExpression>,
/// Use eBPF and RawSocket to access TCP packets instead of TCP data stream.
#[n(6)] pub ebpf: bool
#[n(6)] pub privileged: bool
}

impl CreateOutlet {
Expand All @@ -178,15 +178,15 @@ impl CreateOutlet {
tls: bool,
worker_addr: Option<Address>,
reachable_from_default_secure_channel: bool,
ebpf: bool,
privileged: bool,
) -> Self {
Self {
hostname_port,
tls,
worker_addr,
reachable_from_default_secure_channel,
policy_expression: None,
ebpf,
privileged,
}
}

Expand Down
10 changes: 5 additions & 5 deletions implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/background_node_client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ pub fn create_inlet_payload(
secure_channel_identifier: &Option<Identifier>,
enable_udp_puncture: bool,
disable_tcp_fallback: bool,
ebpf: bool,
privileged: bool,
tls_certificate_provider: &Option<MultiAddr>,
) -> CreateInlet {
let via_project = outlet_addr.matches(0, &[ProjectProto::CODE.into()]);
Expand All @@ -36,7 +36,7 @@ pub fn create_inlet_payload(
wait_connection,
enable_udp_puncture,
disable_tcp_fallback,
ebpf,
privileged,
)
} else {
CreateInlet::to_node(
Expand All @@ -47,7 +47,7 @@ pub fn create_inlet_payload(
wait_connection,
enable_udp_puncture,
disable_tcp_fallback,
ebpf,
privileged,
)
};
if let Some(e) = policy_expression.as_ref() {
Expand Down Expand Up @@ -78,7 +78,7 @@ impl Inlets for BackgroundNodeClient {
secure_channel_identifier: &Option<Identifier>,
enable_udp_puncture: bool,
disable_tcp_fallback: bool,
ebpf: bool,
privileged: bool,
tls_certificate_provider: &Option<MultiAddr>,
) -> miette::Result<Reply<InletStatus>> {
let request = {
Expand All @@ -93,7 +93,7 @@ impl Inlets for BackgroundNodeClient {
secure_channel_identifier,
enable_udp_puncture,
disable_tcp_fallback,
ebpf,
privileged,
tls_certificate_provider,
);
Request::post("/node/inlet").body(payload)
Expand Down
4 changes: 2 additions & 2 deletions implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/in_memory_node.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ impl InMemoryNode {
secure_channel_identifier: Option<Identifier>,
enable_udp_puncture: bool,
disable_tcp_fallback: bool,
ebpf: bool,
privileged: bool,
tls_certificate_provider: Option<MultiAddr>,
) -> Result<InletStatus> {
self.node_manager
Expand All @@ -46,7 +46,7 @@ impl InMemoryNode {
secure_channel_identifier,
enable_udp_puncture,
disable_tcp_fallback,
ebpf,
privileged,
tls_certificate_provider,
)
.await
Expand Down
2 changes: 1 addition & 1 deletion implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/inlets_trait.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ pub trait Inlets {
secure_channel_identifier: &Option<Identifier>,
enable_udp_puncture: bool,
disable_tcp_fallback: bool,
ebpf: bool,
privileged: bool,
tls_certificate_provider: &Option<MultiAddr>,
) -> miette::Result<Reply<InletStatus>>;

Expand Down
4 changes: 2 additions & 2 deletions implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/node_manager.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ impl NodeManager {
enable_udp_puncture: bool,
// TODO: Introduce mode enum
disable_tcp_fallback: bool,
ebpf: bool,
privileged: bool,
tls_certificate_provider: Option<MultiAddr>,
) -> Result<InletStatus> {
info!("Handling request to create inlet portal");
Expand Down Expand Up @@ -127,7 +127,7 @@ impl NodeManager {
additional_secure_channel: None,
udp_puncture: None,
additional_route: None,
ebpf,
privileged: privileged,
};

let replacer = Arc::new(Mutex::new(replacer));
Expand Down
4 changes: 2 additions & 2 deletions implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/node_manager_worker.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ impl NodeManagerWorker {
secure_channel_identifier,
enable_udp_puncture,
disable_tcp_fallback,
ebpf,
privileged,
tls_certificate_provider,
} = create_inlet;
match self
Expand All @@ -47,7 +47,7 @@ impl NodeManagerWorker {
secure_channel_identifier,
enable_udp_puncture,
disable_tcp_fallback,
ebpf,
privileged,
tls_certificate_provider,
)
.await
Expand Down
10 changes: 5 additions & 5 deletions implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/session_replacer.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ pub(super) struct InletSessionReplacer {
pub(super) additional_secure_channel: Option<SecureChannel>,
pub(super) udp_puncture: Option<UdpPuncture>,
pub(super) additional_route: Option<Route>,
pub(super) ebpf: bool,
pub(super) privileged: bool,
}

impl InletSessionReplacer {
Expand Down Expand Up @@ -166,8 +166,8 @@ impl InletSessionReplacer {
}
None => {
let options = self.inlet_options(node_manager).await?;
let inlet = if self.ebpf {
#[cfg(ebpf_alias)]
let inlet = if self.privileged {
#[cfg(privileged_portals_support)]
{
node_manager
.tcp_transport
Expand All @@ -178,12 +178,12 @@ impl InletSessionReplacer {
)
.await?
}
#[cfg(not(ebpf_alias))]
#[cfg(not(privileged_portals_support))]
{
return Err(ockam_core::Error::new(
Origin::Node,
Kind::Internal,
"eBPF support is not enabled",
"Privileged Portals support is not enabled",
));
}
} else {
Expand Down
20 changes: 10 additions & 10 deletions implementations/rust/ockam/ockam_api/src/nodes/service/tcp_outlets.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ impl NodeManagerWorker {
reachable_from_default_secure_channel,
policy_expression,
tls,
ebpf,
privileged,
} = create_outlet;

match self
Expand All @@ -39,7 +39,7 @@ impl NodeManagerWorker {
worker_addr,
reachable_from_default_secure_channel,
OutletAccessControl::WithPolicyExpression(policy_expression),
ebpf,
privileged,
)
.await
{
Expand Down Expand Up @@ -98,7 +98,7 @@ impl NodeManager {
worker_addr: Option<Address>,
reachable_from_default_secure_channel: bool,
access_control: OutletAccessControl,
ebpf: bool,
privileged: bool,
) -> Result<OutletStatus> {
let worker_addr = self
.registry
Expand Down Expand Up @@ -162,19 +162,19 @@ impl NodeManager {
}
};

let res = if ebpf {
#[cfg(ebpf_alias)]
let res = if privileged {
#[cfg(privileged_portals_support)]
{
self.tcp_transport
.create_raw_outlet(worker_addr.clone(), to.clone(), options)
.await
}
#[cfg(not(ebpf_alias))]
#[cfg(not(privileged_portals_support))]
{
Err(ockam_core::Error::new(
Origin::Node,
Kind::Internal,
"eBPF support is not enabled",
"Privileged Portals support is not enabled",
))
}
} else {
Expand Down Expand Up @@ -262,7 +262,7 @@ pub trait Outlets {
tls: bool,
from: Option<&Address>,
policy_expression: Option<PolicyExpression>,
ebpf: bool,
privileged: bool,
) -> miette::Result<OutletStatus>;
}

Expand All @@ -276,9 +276,9 @@ impl Outlets for BackgroundNodeClient {
tls: bool,
from: Option<&Address>,
policy_expression: Option<PolicyExpression>,
ebpf: bool,
privileged: bool,
) -> miette::Result<OutletStatus> {
let mut payload = CreateOutlet::new(to, tls, from.cloned(), true, ebpf);
let mut payload = CreateOutlet::new(to, tls, from.cloned(), true, privileged);
if let Some(policy_expression) = policy_expression {
payload.set_policy_expression(policy_expression);
}
Expand Down
4 changes: 2 additions & 2 deletions implementations/rust/ockam/ockam_command/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,8 +113,8 @@ tempfile = "3.10.1"
time = { version = "0.3", default-features = false, features = ["std", "local-offset"] }

[features]
default = ["orchestrator", "rust-crypto", "ebpf"]
ebpf = ["ockam_api/ebpf"]
default = ["orchestrator", "rust-crypto", "privileged_portals"]
privileged_portals = ["ockam_api/privileged_portals"]
orchestrator = []
aws-lc = ["ockam_vault/aws-lc", "ockam_api/aws-lc", "rustls/aws-lc-rs"]
rust-crypto = ["ockam_vault/rust-crypto", "ockam_api/rust-crypto", "rustls/ring"]
2 changes: 1 addition & 1 deletion implementations/rust/ockam/ockam_command/build.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,6 @@ fn hash() {
fn main() {
hash();
cfg_aliases! {
ebpf_alias: { all(target_os = "linux", feature = "ebpf") }
privileged_portals_support: { all(target_os = "linux", feature = "privileged_portals") }
}
}
2 changes: 1 addition & 1 deletion implementations/rust/ockam/ockam_command/src/environment/static/env_info.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ UDP Puncture
- OCKAM_RENDEZVOUS_SERVER: set this variable to the hostname and port of the Rendezvous service

TCP Portals
- OCKAM_EBPF: if variable is set, all TCP Inlets/Outlets will be eBPF Inlets/Outlets (overrides `--ebpf` argument for `ockam tcp-inlet create` and `ockam tcp-outlet create`).
- OCKAM_PRIVILEGED: if variable is set, all TCP Inlets/Outlets will use eBPF (overrides `--privileged` argument for `ockam tcp-inlet create` and `ockam tcp-outlet create`).

Devs Usage
- OCKAM: a `string` that defines the path to the ockam binary to use.
Expand Down
2 changes: 1 addition & 1 deletion implementations/rust/ockam/ockam_command/src/reset.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ impl ResetCommand {
opts.state.reset().await?;
}

#[cfg(ebpf_alias)]
#[cfg(privileged_portals_support)]
ockam::tcp::TcpTransport::detach_all_ockam_ebpfs_globally();

opts.terminal
Expand Down
Loading

0 comments on commit 3ccca36

Please sign in to comment.