feat(rust): rename ebpf portals -> privileged portals

implementations/rust/ockam/ockam_api/Cargo.toml

@@ -24,7 +24,7 @@ repository = "https://github.com/ockam-network/ockam/implementations/rust/ockam/
 description = "Ockam's request-response API"
 
 [features]
-default = ["std", "rust-crypto", "ebpf"]
+default = ["std", "rust-crypto", "privileged_portals"]
 test-utils = []
 std = [
   "either/use_std",
@@ -43,7 +43,7 @@ std = [
 storage = ["ockam/storage"]
 aws-lc = ["ockam_vault/aws-lc", "ockam_transport_tcp/aws-lc"]
 rust-crypto = ["ockam_vault/rust-crypto", "ockam_transport_tcp/ring"]
-ebpf = ["ockam_transport_tcp/ebpf"]
+privileged_portals = ["ockam_transport_tcp/privileged_portals"]
 
 [build-dependencies]
 cfg_aliases = "0.2.1"

implementations/rust/ockam/ockam_api/build.rs

@@ -13,6 +13,6 @@ fn hash() {
 fn main() {
     hash();
     cfg_aliases! {
-        ebpf_alias: { all(target_os = "linux", feature = "ebpf") }
+        privileged_portals_support: { all(target_os = "linux", feature = "ebpf") }
     }
 }

implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/session_replacer.rs

@@ -167,7 +167,7 @@ impl InletSessionReplacer {
             None => {
                 let options = self.inlet_options(node_manager).await?;
                 let inlet = if self.ebpf {
-                    #[cfg(ebpf_alias)]
+                    #[cfg(privileged_portals_support)]
                     {
                         node_manager
                             .tcp_transport
@@ -178,7 +178,7 @@ impl InletSessionReplacer {
                             )
                             .await?
                     }
-                    #[cfg(not(ebpf_alias))]
+                    #[cfg(not(privileged_portals_support))]
                     {
                         return Err(ockam_core::Error::new(
                             Origin::Node,

implementations/rust/ockam/ockam_api/src/nodes/service/tcp_outlets.rs

@@ -163,13 +163,13 @@ impl NodeManager {
         };
 
         let res = if ebpf {
-            #[cfg(ebpf_alias)]
+            #[cfg(privileged_portals_support)]
             {
                 self.tcp_transport
                     .create_raw_outlet(worker_addr.clone(), to.clone(), options)
                     .await
             }
-            #[cfg(not(ebpf_alias))]
+            #[cfg(not(privileged_portals_support))]
             {
                 Err(ockam_core::Error::new(
                     Origin::Node,

implementations/rust/ockam/ockam_command/Cargo.toml

@@ -113,8 +113,8 @@ tempfile = "3.10.1"
 time = { version = "0.3", default-features = false, features = ["std", "local-offset"] }
 
 [features]
-default = ["orchestrator", "rust-crypto", "ebpf"]
-ebpf = ["ockam_api/ebpf"]
+default = ["orchestrator", "rust-crypto", "privileged_portals"]
+privileged_portals = ["ockam_api/privileged_portals"]
 orchestrator = []
 aws-lc = ["ockam_vault/aws-lc", "ockam_api/aws-lc", "rustls/aws-lc-rs"]
 rust-crypto = ["ockam_vault/rust-crypto", "ockam_api/rust-crypto", "rustls/ring"]

implementations/rust/ockam/ockam_command/build.rs

@@ -13,6 +13,6 @@ fn hash() {
 fn main() {
     hash();
     cfg_aliases! {
-        ebpf_alias: { all(target_os = "linux", feature = "ebpf") }
+        privileged_portals_support: { all(target_os = "linux", feature = "ebpf") }
     }
 }

implementations/rust/ockam/ockam_command/src/environment/static/env_info.txt

@@ -56,7 +56,7 @@ UDP Puncture
 - OCKAM_RENDEZVOUS_SERVER: set this variable to the hostname and port of the Rendezvous service
 
 TCP Portals
-- OCKAM_EBPF: if variable is set, all TCP Inlets/Outlets will be eBPF Inlets/Outlets (overrides `--ebpf` argument for `ockam tcp-inlet create` and `ockam tcp-outlet create`).
+- OCKAM_PRIVILEGED: if variable is set, all TCP Inlets/Outlets will use eBPF (overrides `--privileged` argument for `ockam tcp-inlet create` and `ockam tcp-outlet create`).
 
 Devs Usage
 - OCKAM: a `string` that defines the path to the ockam binary to use.

implementations/rust/ockam/ockam_command/src/reset.rs

@@ -81,7 +81,7 @@ impl ResetCommand {
             opts.state.reset().await?;
         }
 
-        #[cfg(ebpf_alias)]
+        #[cfg(privileged_portals_support)]
         ockam::tcp::TcpTransport::detach_all_ockam_ebpfs_globally();
 
         opts.terminal

implementations/rust/ockam/ockam_command/src/tcp/inlet/create.rs

@@ -133,8 +133,8 @@ pub struct CreateCommand {
     pub no_tcp_fallback: bool,
 
     /// Use eBPF and RawSocket to access TCP packets instead of TCP data stream.
-    /// If `OCKAM_EBPF` env variable is set to 1, this argument will be `true`.
-    #[arg(long, env = "OCKAM_EBPF", value_parser = FalseyValueParser::default(), hide = true)]
+    /// If `OCKAM_PRIVILEGED` env variable is set to 1, this argument will be `true`.
+    #[arg(long, env = "OCKAM_PRIVILEGED", value_parser = FalseyValueParser::default(), hide = true)]
     pub ebpf: bool,
 
     #[arg(long, value_name = "BOOL", default_value_t = false, hide = true)]

implementations/rust/ockam/ockam_command/src/tcp/outlet/create.rs

@@ -69,9 +69,9 @@ pub struct CreateCommand {
     pub allow: Option<PolicyExpression>,
 
     /// Use eBPF and RawSocket to access TCP packets instead of TCP data stream.
-    /// If `OCKAM_EBPF` env variable is set to 1, this argument will be `true`.
-    #[arg(long, env = "OCKAM_EBPF", value_parser = FalseyValueParser::default(), hide = true)]
-    pub ebpf: bool,
+    /// If `OCKAM_PRIVILEGED` env variable is set to 1, this argument will be `true`.
+    #[arg(long, env = "OCKAM_PRIVILEGED", value_parser = FalseyValueParser::default(), hide = true)]
+    pub privileged: bool,
 }
 
 #[async_trait]
@@ -97,7 +97,7 @@ impl Command for CreateCommand {
                 self.tls,
                 self.from.clone().map(Address::from).as_ref(),
                 self.allow.clone(),
-                self.ebpf,
+                self.privileged,
             )
             .await?
         };

implementations/rust/ockam/ockam_command/tests/bats/run.sh

@@ -52,7 +52,7 @@ fi
 
 if [ "$local_as_root_suite" = true ]; then
   echo "Running local root suite..."
-  OCKAM_EBPF=1 bats "$current_directory/local/portals.bats" --timing -j 3
+  OCKAM_PRIVILEGED=1 bats "$current_directory/local/portals.bats" --timing -j 3
 fi
 
 if [ -z "${ORCHESTRATOR_TESTS}" ]; then

implementations/rust/ockam/ockam_transport_tcp/Cargo.toml

@@ -23,13 +23,13 @@ TCP Transport for the Ockam Routing Protocol.
 """
 
 [features]
-default = ["std", "ring", "ebpf"]
+default = ["std", "ring", "privileged_portals"]
 std = ["ockam_macros/std", "ockam_transport_core/std", "opentelemetry", "binary-layout?/std"]
 no_std = ["ockam_macros/no_std", "ockam_transport_core/no_std"]
 alloc = []
 aws-lc = ["tokio-rustls/aws-lc-rs"]
 ring = ["tokio-rustls/ring"]
-ebpf = ["aya", "aya-log", "binary-layout", "caps", "nix"]
+privileged_portals = ["aya", "aya-log", "binary-layout", "caps", "nix"]
 
 [build-dependencies]
 cfg_aliases = "0.2.1"

implementations/rust/ockam/ockam_transport_tcp/build.rs

@@ -2,6 +2,6 @@ use cfg_aliases::cfg_aliases;
 
 fn main() {
     cfg_aliases! {
-        ebpf_alias: { all(target_os = "linux", feature = "ebpf") }
+        privileged_portals_support: { all(target_os = "linux", feature = "privileged_portals") }
     }
 }

implementations/rust/ockam/ockam_transport_tcp/src/lib.rs

@@ -37,9 +37,9 @@ pub use protocol_version::*;
 pub use registry::*;
 pub use transport::*;
 
-#[cfg(ebpf_alias)]
+#[cfg(privileged_portals_support)]
 /// eBPF backed TCP portals that works on TCP level rather than on top of TCP
-pub mod ebpf_portal;
+pub mod privileged_portal;
 
 pub(crate) const CLUSTER_NAME: &str = "_internals.transport.tcp";
 

implementations/rust/ockam/ockam_transport_tcp/src/portal/portal_message.rs

@@ -14,7 +14,7 @@ pub enum PortalMessage<'de> {
     /// or from the target to the Inlet was dropped
     Disconnect,
     /// Message with binary payload and packet counter
-    // TODO: Add route_index. May not be as important as for eBPF portals, as regular portals
+    // TODO: Add route_index. May not be as important as for privileged portals, as regular portals
     //  require reliable channel anyways. And if PortalMessage is sent over a channel that
     //  guarantees ordering, we don't need route_index
     Payload(&'de [u8], Option<u16>),

implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/ebpf_support.rs → implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/ebpf_support.rs

@@ -1,6 +1,6 @@
 #![allow(unsafe_code)]
 
-use crate::ebpf_portal::{
+use crate::privileged_portal::{
     Iface, InletRegistry, OutletRegistry, Port, Proto, RawSocketProcessor, TcpPacketWriter,
 };
 use aya::maps::{MapData, MapError};
@@ -344,7 +344,7 @@ fn map_map_error(map_error: MapError) -> Error {
 #[cfg(test)]
 // requires root to run
 mod tests {
-    use crate::ebpf_portal::TcpTransportEbpfSupport;
+    use crate::privileged_portal::TcpTransportEbpfSupport;
     use ockam_core::Result;
     use ockam_node::Context;
 

implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/mod.rs → implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/mod.rs

@@ -1,5 +1,5 @@
 mod ebpf_support;
-mod portals;
+mod privileged_portals;
 mod raw_socket;
 mod registry;
 mod transport;

implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/portals.rs → implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/privileged_portals.rs

@@ -1,5 +1,5 @@
-use crate::ebpf_portal::{InternalProcessor, Port, RemoteWorker};
 use crate::portal::InletSharedState;
+use crate::privileged_portal::{InternalProcessor, Port, RemoteWorker};
 use crate::{TcpInlet, TcpInletOptions, TcpOutletOptions, TcpTransport};
 use caps::Capability::{CAP_BPF, CAP_NET_ADMIN, CAP_NET_RAW, CAP_SYS_ADMIN};
 use caps::{CapSet, Capability};
@@ -17,7 +17,7 @@ use tokio::sync::mpsc::channel;
 use tracing::instrument;
 
 impl TcpTransport {
-    /// Check if eBPF portals can be run with current permissions
+    /// Check if privileged portals can be run with current permissions
     pub fn check_capabilities() -> Result<()> {
         let caps = caps::read(None, CapSet::Effective)
             .map_err(|e| TransportError::ReadCaps(e.to_string()))?;

implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/async_fd_packet_reader.rs → implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/async_fd_packet_reader.rs

@@ -1,8 +1,8 @@
-use crate::ebpf_portal::packet::{
+use crate::privileged_portal::packet::{
     Ipv4Info, RawSocketReadResult, TcpInfo, TcpStrippedHeaderAndPayload,
 };
-use crate::ebpf_portal::packet_binary::{ipv4_header, tcp_header};
-use crate::ebpf_portal::TcpPacketReader;
+use crate::privileged_portal::packet_binary::{ipv4_header, tcp_header};
+use crate::privileged_portal::TcpPacketReader;
 use async_trait::async_trait;
 use log::{error, trace};
 use nix::sys::socket::MsgFlags;

implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/async_fd_packet_writer.rs → implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/async_fd_packet_writer.rs

@@ -1,6 +1,6 @@
-use crate::ebpf_portal::packet::TcpStrippedHeaderAndPayload;
-use crate::ebpf_portal::packet_binary::tcp_header_ports;
-use crate::ebpf_portal::{tcp_set_checksum, Port, TcpPacketWriter};
+use crate::privileged_portal::packet::TcpStrippedHeaderAndPayload;
+use crate::privileged_portal::packet_binary::tcp_header_ports;
+use crate::privileged_portal::{tcp_set_checksum, Port, TcpPacketWriter};
 use async_trait::async_trait;
 use log::{debug, error};
 use nix::sys::socket::{MsgFlags, SockaddrIn};

implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/checksum_helpers.rs → implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/checksum_helpers.rs

@@ -1,5 +1,5 @@
-use crate::ebpf_portal::packet_binary::tcp_header;
-use crate::ebpf_portal::ChecksumAccumulator;
+use crate::privileged_portal::packet_binary::tcp_header;
+use crate::privileged_portal::ChecksumAccumulator;
 use std::net::Ipv4Addr;
 
 /// Calculate and set checksum for a TCP packet
@@ -33,7 +33,7 @@ fn tcp_checksum(source_ip: Ipv4Addr, destination_ip: Ipv4Addr, packet: &[u8]) ->
 
 #[cfg(test)]
 mod tests {
-    use crate::ebpf_portal::raw_socket::checksum_helpers::tcp_checksum;
+    use crate::privileged_portal::raw_socket::checksum_helpers::tcp_checksum;
     use std::net::Ipv4Addr;
 
     #[test]

implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/common.rs → implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/common.rs

@@ -1,4 +1,4 @@
-use crate::ebpf_portal::packet::TcpStrippedHeaderAndPayload;
+use crate::privileged_portal::packet::TcpStrippedHeaderAndPayload;
 use minicbor::{Decode, Encode};
 use rand::distributions::{Distribution, Standard};
 use rand::Rng;

implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/create_raw_socket.rs → implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/create_raw_socket.rs

@@ -1,4 +1,4 @@
-use crate::ebpf_portal::{
+use crate::privileged_portal::{
     AsyncFdPacketReader, AsyncFdPacketWriter, Proto, TcpPacketReader, TcpPacketWriter,
 };
 use nix::errno::Errno;

implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet.rs → implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet.rs

@@ -1,5 +1,5 @@
-use crate::ebpf_portal::packet_binary::{ipv4_header, stripped_tcp_header, tcp_header};
-use crate::ebpf_portal::Port;
+use crate::privileged_portal::packet_binary::{ipv4_header, stripped_tcp_header, tcp_header};
+use crate::privileged_portal::Port;
 use std::net::Ipv4Addr;
 
 /// Result of reading packet from RawSocket

implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet_reader_trait.rs → implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet_reader_trait.rs

@@ -1,4 +1,4 @@
-use crate::ebpf_portal::packet::RawSocketReadResult;
+use crate::privileged_portal::packet::RawSocketReadResult;
 use async_trait::async_trait;
 use ockam_core::Result;
 

implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet_writer_trait.rs → implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet_writer_trait.rs

@@ -1,5 +1,5 @@
-use crate::ebpf_portal::packet::TcpStrippedHeaderAndPayload;
-use crate::ebpf_portal::Port;
+use crate::privileged_portal::packet::TcpStrippedHeaderAndPayload;
+use crate::privileged_portal::Port;
 use async_trait::async_trait;
 use ockam_core::Result;
 use std::net::Ipv4Addr;

implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/registry/inlet.rs → implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/registry/inlet.rs

@@ -1,6 +1,6 @@
-use crate::ebpf_portal::packet::RawSocketReadResult;
-use crate::ebpf_portal::{ConnectionIdentifier, Port};
 use crate::portal::InletSharedState;
+use crate::privileged_portal::packet::RawSocketReadResult;
+use crate::privileged_portal::{ConnectionIdentifier, Port};
 use ockam_core::compat::sync::Arc;
 use ockam_core::compat::sync::RwLock as SyncRwLock;
 use ockam_core::{Address, LocalInfoIdentifier};

implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/registry/outlet.rs → implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/registry/outlet.rs

@@ -1,5 +1,5 @@
-use crate::ebpf_portal::packet::RawSocketReadResult;
-use crate::ebpf_portal::{ConnectionIdentifier, Port};
+use crate::privileged_portal::packet::RawSocketReadResult;
+use crate::privileged_portal::{ConnectionIdentifier, Port};
 use ockam_core::{Address, LocalInfoIdentifier, Route};
 use std::collections::HashMap;
 use std::net::Ipv4Addr;

implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/transport.rs → implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/transport.rs

@@ -1,4 +1,4 @@
-use crate::ebpf_portal::{Iface, TcpPacketWriter};
+use crate::privileged_portal::{Iface, TcpPacketWriter};
 use crate::TcpTransport;
 use aya::programs::tc::{qdisc_detach_program, TcAttachType};
 use log::{error, info, warn};

implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/internal_processor.rs → implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/internal_processor.rs

@@ -1,5 +1,5 @@
-use crate::ebpf_portal::packet::RawSocketReadResult;
-use crate::ebpf_portal::{Inlet, InletConnection, OckamPortalPacket, Outlet, PortalMode};
+use crate::privileged_portal::packet::RawSocketReadResult;
+use crate::privileged_portal::{Inlet, InletConnection, OckamPortalPacket, Outlet, PortalMode};
 use log::{debug, trace, warn};
 use ockam_core::{async_trait, route, LocalInfoIdentifier, LocalMessage, Processor, Result};
 use ockam_node::Context;

implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/raw_socket_processor.rs → implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/raw_socket_processor.rs

@@ -1,5 +1,5 @@
-use crate::ebpf_portal::packet::RawSocketReadResult;
-use crate::ebpf_portal::{
+use crate::privileged_portal::packet::RawSocketReadResult;
+use crate::privileged_portal::{
     create_async_fd_raw_socket, Inlet, InletRegistry, Outlet, OutletRegistry, TcpPacketReader,
     TcpPacketWriter,
 };