From e1ed7465520c2c8a0d6bdbcb75d8473f54393a7c Mon Sep 17 00:00:00 2001 From: Oleksandr Deundiak Date: Thu, 7 Nov 2024 19:14:41 +0100 Subject: [PATCH] feat(rust): rename ebpf portals -> privileged portals --- .../rust/ockam/ockam_api/Cargo.toml | 4 +- implementations/rust/ockam/ockam_api/build.rs | 2 +- .../service/tcp_inlets/session_replacer.rs | 4 +- .../src/nodes/service/tcp_outlets.rs | 4 +- .../rust/ockam/ockam_command/Cargo.toml | 4 +- .../rust/ockam/ockam_command/build.rs | 2 +- .../src/environment/static/env_info.txt | 2 +- .../rust/ockam/ockam_command/src/reset.rs | 2 +- .../ockam_command/src/tcp/inlet/create.rs | 4 +- .../ockam_command/src/tcp/outlet/create.rs | 8 +-- .../ockam/ockam_command/tests/bats/run.sh | 2 +- .../rust/ockam/ockam_ebpf/ubuntu_x86.yaml | 56 ------------------- .../rust/ockam/ockam_transport_tcp/Cargo.toml | 4 +- .../rust/ockam/ockam_transport_tcp/build.rs | 2 +- .../rust/ockam/ockam_transport_tcp/src/lib.rs | 4 +- .../src/portal/portal_message.rs | 2 +- .../ebpf_support.rs | 4 +- .../{ebpf_portal => privileged_portal}/mod.rs | 2 +- .../privileged_portals.rs} | 4 +- .../raw_socket/async_fd_packet_reader.rs | 6 +- .../raw_socket/async_fd_packet_writer.rs | 6 +- .../raw_socket/checksum.rs | 0 .../raw_socket/checksum_helpers.rs | 6 +- .../raw_socket/common.rs | 2 +- .../raw_socket/create_raw_socket.rs | 2 +- .../raw_socket/mod.rs | 0 .../raw_socket/packet.rs | 4 +- .../raw_socket/packet_binary.rs | 0 .../raw_socket/packet_reader_trait.rs | 2 +- .../raw_socket/packet_writer_trait.rs | 4 +- .../registry/inlet.rs | 4 +- .../registry/mod.rs | 0 .../registry/outlet.rs | 4 +- .../transport.rs | 2 +- .../workers/internal_processor.rs | 4 +- .../workers/mod.rs | 0 .../workers/raw_socket_processor.rs | 4 +- .../workers/remote_worker.rs | 4 +- .../ockam_transport_tcp/src/transport/mod.rs | 6 +- .../src/transport/portals.rs | 2 +- .../ockam_transport_tcp/tests/ebpf_portal.rs | 2 +- 41 files changed, 62 insertions(+), 118 deletions(-) delete mode 100644 implementations/rust/ockam/ockam_ebpf/ubuntu_x86.yaml rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal => privileged_portal}/ebpf_support.rs (99%) rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal => privileged_portal}/mod.rs (87%) rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal/portals.rs => privileged_portal/privileged_portals.rs} (98%) rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal => privileged_portal}/raw_socket/async_fd_packet_reader.rs (96%) rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal => privileged_portal}/raw_socket/async_fd_packet_writer.rs (94%) rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal => privileged_portal}/raw_socket/checksum.rs (100%) rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal => privileged_portal}/raw_socket/checksum_helpers.rs (90%) rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal => privileged_portal}/raw_socket/common.rs (96%) rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal => privileged_portal}/raw_socket/create_raw_socket.rs (98%) rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal => privileged_portal}/raw_socket/mod.rs (100%) rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal => privileged_portal}/raw_socket/packet.rs (97%) rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal => privileged_portal}/raw_socket/packet_binary.rs (100%) rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal => privileged_portal}/raw_socket/packet_reader_trait.rs (82%) rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal => privileged_portal}/raw_socket/packet_writer_trait.rs (80%) rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal => privileged_portal}/registry/inlet.rs (97%) rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal => privileged_portal}/registry/mod.rs (100%) rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal => privileged_portal}/registry/outlet.rs (97%) rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal => privileged_portal}/transport.rs (98%) rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal => privileged_portal}/workers/internal_processor.rs (97%) rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal => privileged_portal}/workers/mod.rs (100%) rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal => privileged_portal}/workers/raw_socket_processor.rs (98%) rename implementations/rust/ockam/ockam_transport_tcp/src/{ebpf_portal => privileged_portal}/workers/remote_worker.rs (98%) diff --git a/implementations/rust/ockam/ockam_api/Cargo.toml b/implementations/rust/ockam/ockam_api/Cargo.toml index a58647b046a..44c796d47c5 100644 --- a/implementations/rust/ockam/ockam_api/Cargo.toml +++ b/implementations/rust/ockam/ockam_api/Cargo.toml @@ -24,7 +24,7 @@ repository = "https://github.com/ockam-network/ockam/implementations/rust/ockam/ description = "Ockam's request-response API" [features] -default = ["std", "rust-crypto", "ebpf"] +default = ["std", "rust-crypto", "privileged_portals"] test-utils = [] std = [ "either/use_std", @@ -43,7 +43,7 @@ std = [ storage = ["ockam/storage"] aws-lc = ["ockam_vault/aws-lc", "ockam_transport_tcp/aws-lc"] rust-crypto = ["ockam_vault/rust-crypto", "ockam_transport_tcp/ring"] -ebpf = ["ockam_transport_tcp/ebpf"] +privileged_portals = ["ockam_transport_tcp/privileged_portals"] [build-dependencies] cfg_aliases = "0.2.1" diff --git a/implementations/rust/ockam/ockam_api/build.rs b/implementations/rust/ockam/ockam_api/build.rs index 6a70b6f5d7e..a1d09e93fe5 100644 --- a/implementations/rust/ockam/ockam_api/build.rs +++ b/implementations/rust/ockam/ockam_api/build.rs @@ -13,6 +13,6 @@ fn hash() { fn main() { hash(); cfg_aliases! { - ebpf_alias: { all(target_os = "linux", feature = "ebpf") } + privileged_portals_support: { all(target_os = "linux", feature = "ebpf") } } } diff --git a/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/session_replacer.rs b/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/session_replacer.rs index 226424ccd2a..110f5fedbbd 100644 --- a/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/session_replacer.rs +++ b/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/session_replacer.rs @@ -167,7 +167,7 @@ impl InletSessionReplacer { None => { let options = self.inlet_options(node_manager).await?; let inlet = if self.ebpf { - #[cfg(ebpf_alias)] + #[cfg(privileged_portals_support)] { node_manager .tcp_transport @@ -178,7 +178,7 @@ impl InletSessionReplacer { ) .await? } - #[cfg(not(ebpf_alias))] + #[cfg(not(privileged_portals_support))] { return Err(ockam_core::Error::new( Origin::Node, diff --git a/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_outlets.rs b/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_outlets.rs index b6e3135590d..356ffe41768 100644 --- a/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_outlets.rs +++ b/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_outlets.rs @@ -163,13 +163,13 @@ impl NodeManager { }; let res = if ebpf { - #[cfg(ebpf_alias)] + #[cfg(privileged_portals_support)] { self.tcp_transport .create_raw_outlet(worker_addr.clone(), to.clone(), options) .await } - #[cfg(not(ebpf_alias))] + #[cfg(not(privileged_portals_support))] { Err(ockam_core::Error::new( Origin::Node, diff --git a/implementations/rust/ockam/ockam_command/Cargo.toml b/implementations/rust/ockam/ockam_command/Cargo.toml index 1dd2308baac..25df7c6add5 100644 --- a/implementations/rust/ockam/ockam_command/Cargo.toml +++ b/implementations/rust/ockam/ockam_command/Cargo.toml @@ -113,8 +113,8 @@ tempfile = "3.10.1" time = { version = "0.3", default-features = false, features = ["std", "local-offset"] } [features] -default = ["orchestrator", "rust-crypto", "ebpf"] -ebpf = ["ockam_api/ebpf"] +default = ["orchestrator", "rust-crypto", "privileged_portals"] +privileged_portals = ["ockam_api/privileged_portals"] orchestrator = [] aws-lc = ["ockam_vault/aws-lc", "ockam_api/aws-lc", "rustls/aws-lc-rs"] rust-crypto = ["ockam_vault/rust-crypto", "ockam_api/rust-crypto", "rustls/ring"] diff --git a/implementations/rust/ockam/ockam_command/build.rs b/implementations/rust/ockam/ockam_command/build.rs index 6a70b6f5d7e..a1d09e93fe5 100644 --- a/implementations/rust/ockam/ockam_command/build.rs +++ b/implementations/rust/ockam/ockam_command/build.rs @@ -13,6 +13,6 @@ fn hash() { fn main() { hash(); cfg_aliases! { - ebpf_alias: { all(target_os = "linux", feature = "ebpf") } + privileged_portals_support: { all(target_os = "linux", feature = "ebpf") } } } diff --git a/implementations/rust/ockam/ockam_command/src/environment/static/env_info.txt b/implementations/rust/ockam/ockam_command/src/environment/static/env_info.txt index 9bb2c7a7e9c..92f1334b05b 100644 --- a/implementations/rust/ockam/ockam_command/src/environment/static/env_info.txt +++ b/implementations/rust/ockam/ockam_command/src/environment/static/env_info.txt @@ -56,7 +56,7 @@ UDP Puncture - OCKAM_RENDEZVOUS_SERVER: set this variable to the hostname and port of the Rendezvous service TCP Portals -- OCKAM_EBPF: if variable is set, all TCP Inlets/Outlets will be eBPF Inlets/Outlets (overrides `--ebpf` argument for `ockam tcp-inlet create` and `ockam tcp-outlet create`). +- OCKAM_PRIVILEGED: if variable is set, all TCP Inlets/Outlets will use eBPF (overrides `--privileged` argument for `ockam tcp-inlet create` and `ockam tcp-outlet create`). Devs Usage - OCKAM: a `string` that defines the path to the ockam binary to use. diff --git a/implementations/rust/ockam/ockam_command/src/reset.rs b/implementations/rust/ockam/ockam_command/src/reset.rs index 2b22c0035ad..1b4dc6291ee 100644 --- a/implementations/rust/ockam/ockam_command/src/reset.rs +++ b/implementations/rust/ockam/ockam_command/src/reset.rs @@ -81,7 +81,7 @@ impl ResetCommand { opts.state.reset().await?; } - #[cfg(ebpf_alias)] + #[cfg(privileged_portals_support)] ockam::tcp::TcpTransport::detach_all_ockam_ebpfs_globally(); opts.terminal diff --git a/implementations/rust/ockam/ockam_command/src/tcp/inlet/create.rs b/implementations/rust/ockam/ockam_command/src/tcp/inlet/create.rs index 971729376de..7f6ab59dbe0 100644 --- a/implementations/rust/ockam/ockam_command/src/tcp/inlet/create.rs +++ b/implementations/rust/ockam/ockam_command/src/tcp/inlet/create.rs @@ -133,8 +133,8 @@ pub struct CreateCommand { pub no_tcp_fallback: bool, /// Use eBPF and RawSocket to access TCP packets instead of TCP data stream. - /// If `OCKAM_EBPF` env variable is set to 1, this argument will be `true`. - #[arg(long, env = "OCKAM_EBPF", value_parser = FalseyValueParser::default(), hide = true)] + /// If `OCKAM_PRIVILEGED` env variable is set to 1, this argument will be `true`. + #[arg(long, env = "OCKAM_PRIVILEGED", value_parser = FalseyValueParser::default(), hide = true)] pub ebpf: bool, #[arg(long, value_name = "BOOL", default_value_t = false, hide = true)] diff --git a/implementations/rust/ockam/ockam_command/src/tcp/outlet/create.rs b/implementations/rust/ockam/ockam_command/src/tcp/outlet/create.rs index 7faaa71e37e..3ca71ee28da 100644 --- a/implementations/rust/ockam/ockam_command/src/tcp/outlet/create.rs +++ b/implementations/rust/ockam/ockam_command/src/tcp/outlet/create.rs @@ -69,9 +69,9 @@ pub struct CreateCommand { pub allow: Option, /// Use eBPF and RawSocket to access TCP packets instead of TCP data stream. - /// If `OCKAM_EBPF` env variable is set to 1, this argument will be `true`. - #[arg(long, env = "OCKAM_EBPF", value_parser = FalseyValueParser::default(), hide = true)] - pub ebpf: bool, + /// If `OCKAM_PRIVILEGED` env variable is set to 1, this argument will be `true`. + #[arg(long, env = "OCKAM_PRIVILEGED", value_parser = FalseyValueParser::default(), hide = true)] + pub privileged: bool, } #[async_trait] @@ -97,7 +97,7 @@ impl Command for CreateCommand { self.tls, self.from.clone().map(Address::from).as_ref(), self.allow.clone(), - self.ebpf, + self.privileged, ) .await? }; diff --git a/implementations/rust/ockam/ockam_command/tests/bats/run.sh b/implementations/rust/ockam/ockam_command/tests/bats/run.sh index 7c1ac8719d5..7f4166a2af0 100755 --- a/implementations/rust/ockam/ockam_command/tests/bats/run.sh +++ b/implementations/rust/ockam/ockam_command/tests/bats/run.sh @@ -52,7 +52,7 @@ fi if [ "$local_as_root_suite" = true ]; then echo "Running local root suite..." - OCKAM_EBPF=1 bats "$current_directory/local/portals.bats" --timing -j 3 + OCKAM_PRIVILEGED=1 bats "$current_directory/local/portals.bats" --timing -j 3 fi if [ -z "${ORCHESTRATOR_TESTS}" ]; then diff --git a/implementations/rust/ockam/ockam_ebpf/ubuntu_x86.yaml b/implementations/rust/ockam/ockam_ebpf/ubuntu_x86.yaml deleted file mode 100644 index 55abd8b01c4..00000000000 --- a/implementations/rust/ockam/ockam_ebpf/ubuntu_x86.yaml +++ /dev/null @@ -1,56 +0,0 @@ -arch: "x86_64" - -images: - # Try to use release-yyyyMMdd image if available. Note that release-yyyyMMdd will be removed after several months. - - location: "https://cloud-images.ubuntu.com/releases/22.04/release-20230518/ubuntu-22.04-server-cloudimg-amd64.img" - arch: "x86_64" - digest: "sha256:afb820a9260217fd4c5c5aacfbca74aa7cd2418e830dc64ca2e0642b94aab161" - - location: "https://cloud-images.ubuntu.com/releases/22.04/release-20230518/ubuntu-22.04-server-cloudimg-arm64.img" - arch: "aarch64" - digest: "sha256:b47f8be40b5f91c37874817c3324a72cea1982a5fdad031d9b648c9623c3b4e2" - # Fallback to the latest release image. - - location: "https://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-amd64.img" - arch: "x86_64" - - location: "https://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-arm64.img" - arch: "aarch64" - -memory: "12GiB" -cpus: 12 -disk: "48GiB" -ssh: - # You can choose any port or omit this. Specifying a value ensures same port bindings after restarts - # Forwarded to port 22 of the guest. - localPort: 3333 -# We are going to install all the necessary packages for our development environment. -# These include Python 3 and the bpfcc tools package. -provision: - - mode: system - script: | - #!/bin/bash - set -eux -o pipefail - export DEBIAN_FRONTEND=noninteractive - apt-get update - apt-get install --yes vim python3 python3-pip - apt-get install --yes apt-transport-https ca-certificates curl clang llvm jq - apt-get install --yes libelf-dev libpcap-dev libbfd-dev binutils-dev build-essential make - apt-get install --yes bsdutils - apt-get install --yes build-essential - apt-get install --yes pkgconf - apt-get install --yes zlib1g-dev libelf-dev - apt-get install --yes protobuf-compiler - apt-get install --yes libssl-dev - apt-get install --yes net-tools - - apt-get install --yes bpfcc-tools bpftrace - apt-get install --yes linux-tools-common linux-tools-generic - apt-get install --yes linux-headers-$(uname -r) linux-tools-$(uname -r) - - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y - /root/.cargo/bin/rustup toolchain install nightly --component rust-src - /root/.cargo/bin/cargo install bpf-linker - - - mode: user - script: | - #!/bin/bash - set -eux -o pipefail - sudo cp /home/$(whoami).linux/.ssh/authorized_keys /root/.ssh/authorized_keys diff --git a/implementations/rust/ockam/ockam_transport_tcp/Cargo.toml b/implementations/rust/ockam/ockam_transport_tcp/Cargo.toml index 864b6f3b19a..9c6cd56e9e9 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/Cargo.toml +++ b/implementations/rust/ockam/ockam_transport_tcp/Cargo.toml @@ -23,13 +23,13 @@ TCP Transport for the Ockam Routing Protocol. """ [features] -default = ["std", "ring", "ebpf"] +default = ["std", "ring", "privileged_portals"] std = ["ockam_macros/std", "ockam_transport_core/std", "opentelemetry", "binary-layout?/std"] no_std = ["ockam_macros/no_std", "ockam_transport_core/no_std"] alloc = [] aws-lc = ["tokio-rustls/aws-lc-rs"] ring = ["tokio-rustls/ring"] -ebpf = ["aya", "aya-log", "binary-layout", "caps", "nix"] +privileged_portals = ["aya", "aya-log", "binary-layout", "caps", "nix"] [build-dependencies] cfg_aliases = "0.2.1" diff --git a/implementations/rust/ockam/ockam_transport_tcp/build.rs b/implementations/rust/ockam/ockam_transport_tcp/build.rs index f53df3ae53e..7b8224b4567 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/build.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/build.rs @@ -2,6 +2,6 @@ use cfg_aliases::cfg_aliases; fn main() { cfg_aliases! { - ebpf_alias: { all(target_os = "linux", feature = "ebpf") } + privileged_portals_support: { all(target_os = "linux", feature = "privileged_portals") } } } diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/lib.rs b/implementations/rust/ockam/ockam_transport_tcp/src/lib.rs index a163930a9d6..43dffb09877 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/lib.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/lib.rs @@ -37,9 +37,9 @@ pub use protocol_version::*; pub use registry::*; pub use transport::*; -#[cfg(ebpf_alias)] +#[cfg(privileged_portals_support)] /// eBPF backed TCP portals that works on TCP level rather than on top of TCP -pub mod ebpf_portal; +pub mod privileged_portal; pub(crate) const CLUSTER_NAME: &str = "_internals.transport.tcp"; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/portal/portal_message.rs b/implementations/rust/ockam/ockam_transport_tcp/src/portal/portal_message.rs index e8efcd1314f..6c2ba0fb5b0 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/portal/portal_message.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/portal/portal_message.rs @@ -14,7 +14,7 @@ pub enum PortalMessage<'de> { /// or from the target to the Inlet was dropped Disconnect, /// Message with binary payload and packet counter - // TODO: Add route_index. May not be as important as for eBPF portals, as regular portals + // TODO: Add route_index. May not be as important as for privileged portals, as regular portals // require reliable channel anyways. And if PortalMessage is sent over a channel that // guarantees ordering, we don't need route_index Payload(&'de [u8], Option), diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/ebpf_support.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/ebpf_support.rs similarity index 99% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/ebpf_support.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/ebpf_support.rs index 87c59942bff..14f7337a025 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/ebpf_support.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/ebpf_support.rs @@ -1,6 +1,6 @@ #![allow(unsafe_code)] -use crate::ebpf_portal::{ +use crate::privileged_portal::{ Iface, InletRegistry, OutletRegistry, Port, Proto, RawSocketProcessor, TcpPacketWriter, }; use aya::maps::{MapData, MapError}; @@ -344,7 +344,7 @@ fn map_map_error(map_error: MapError) -> Error { #[cfg(test)] // requires root to run mod tests { - use crate::ebpf_portal::TcpTransportEbpfSupport; + use crate::privileged_portal::TcpTransportEbpfSupport; use ockam_core::Result; use ockam_node::Context; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/mod.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/mod.rs similarity index 87% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/mod.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/mod.rs index 9a60ce0921d..69b3aac406c 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/mod.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/mod.rs @@ -1,5 +1,5 @@ mod ebpf_support; -mod portals; +mod privileged_portals; mod raw_socket; mod registry; mod transport; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/portals.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/privileged_portals.rs similarity index 98% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/portals.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/privileged_portals.rs index 0857df94afd..226c91b599b 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/portals.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/privileged_portals.rs @@ -1,5 +1,5 @@ -use crate::ebpf_portal::{InternalProcessor, Port, RemoteWorker}; use crate::portal::InletSharedState; +use crate::privileged_portal::{InternalProcessor, Port, RemoteWorker}; use crate::{TcpInlet, TcpInletOptions, TcpOutletOptions, TcpTransport}; use caps::Capability::{CAP_BPF, CAP_NET_ADMIN, CAP_NET_RAW, CAP_SYS_ADMIN}; use caps::{CapSet, Capability}; @@ -17,7 +17,7 @@ use tokio::sync::mpsc::channel; use tracing::instrument; impl TcpTransport { - /// Check if eBPF portals can be run with current permissions + /// Check if privileged portals can be run with current permissions pub fn check_capabilities() -> Result<()> { let caps = caps::read(None, CapSet::Effective) .map_err(|e| TransportError::ReadCaps(e.to_string()))?; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/async_fd_packet_reader.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/async_fd_packet_reader.rs similarity index 96% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/async_fd_packet_reader.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/async_fd_packet_reader.rs index 1b0622f17be..0f5b9412ac0 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/async_fd_packet_reader.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/async_fd_packet_reader.rs @@ -1,8 +1,8 @@ -use crate::ebpf_portal::packet::{ +use crate::privileged_portal::packet::{ Ipv4Info, RawSocketReadResult, TcpInfo, TcpStrippedHeaderAndPayload, }; -use crate::ebpf_portal::packet_binary::{ipv4_header, tcp_header}; -use crate::ebpf_portal::TcpPacketReader; +use crate::privileged_portal::packet_binary::{ipv4_header, tcp_header}; +use crate::privileged_portal::TcpPacketReader; use async_trait::async_trait; use log::{error, trace}; use nix::sys::socket::MsgFlags; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/async_fd_packet_writer.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/async_fd_packet_writer.rs similarity index 94% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/async_fd_packet_writer.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/async_fd_packet_writer.rs index c251760c2d0..e3dc4671fab 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/async_fd_packet_writer.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/async_fd_packet_writer.rs @@ -1,6 +1,6 @@ -use crate::ebpf_portal::packet::TcpStrippedHeaderAndPayload; -use crate::ebpf_portal::packet_binary::tcp_header_ports; -use crate::ebpf_portal::{tcp_set_checksum, Port, TcpPacketWriter}; +use crate::privileged_portal::packet::TcpStrippedHeaderAndPayload; +use crate::privileged_portal::packet_binary::tcp_header_ports; +use crate::privileged_portal::{tcp_set_checksum, Port, TcpPacketWriter}; use async_trait::async_trait; use log::{debug, error}; use nix::sys::socket::{MsgFlags, SockaddrIn}; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/checksum.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/checksum.rs similarity index 100% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/checksum.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/checksum.rs diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/checksum_helpers.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/checksum_helpers.rs similarity index 90% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/checksum_helpers.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/checksum_helpers.rs index 125ce9cdb0a..d11cdb23bf6 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/checksum_helpers.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/checksum_helpers.rs @@ -1,5 +1,5 @@ -use crate::ebpf_portal::packet_binary::tcp_header; -use crate::ebpf_portal::ChecksumAccumulator; +use crate::privileged_portal::packet_binary::tcp_header; +use crate::privileged_portal::ChecksumAccumulator; use std::net::Ipv4Addr; /// Calculate and set checksum for a TCP packet @@ -33,7 +33,7 @@ fn tcp_checksum(source_ip: Ipv4Addr, destination_ip: Ipv4Addr, packet: &[u8]) -> #[cfg(test)] mod tests { - use crate::ebpf_portal::raw_socket::checksum_helpers::tcp_checksum; + use crate::privileged_portal::raw_socket::checksum_helpers::tcp_checksum; use std::net::Ipv4Addr; #[test] diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/common.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/common.rs similarity index 96% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/common.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/common.rs index 3b65f755417..5c5bd418fab 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/common.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/common.rs @@ -1,4 +1,4 @@ -use crate::ebpf_portal::packet::TcpStrippedHeaderAndPayload; +use crate::privileged_portal::packet::TcpStrippedHeaderAndPayload; use minicbor::{Decode, Encode}; use rand::distributions::{Distribution, Standard}; use rand::Rng; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/create_raw_socket.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/create_raw_socket.rs similarity index 98% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/create_raw_socket.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/create_raw_socket.rs index 30c0bce1dc2..b000c24f4d4 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/create_raw_socket.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/create_raw_socket.rs @@ -1,4 +1,4 @@ -use crate::ebpf_portal::{ +use crate::privileged_portal::{ AsyncFdPacketReader, AsyncFdPacketWriter, Proto, TcpPacketReader, TcpPacketWriter, }; use nix::errno::Errno; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/mod.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/mod.rs similarity index 100% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/mod.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/mod.rs diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet.rs similarity index 97% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet.rs index e308dfd210c..848aebece90 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet.rs @@ -1,5 +1,5 @@ -use crate::ebpf_portal::packet_binary::{ipv4_header, stripped_tcp_header, tcp_header}; -use crate::ebpf_portal::Port; +use crate::privileged_portal::packet_binary::{ipv4_header, stripped_tcp_header, tcp_header}; +use crate::privileged_portal::Port; use std::net::Ipv4Addr; /// Result of reading packet from RawSocket diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet_binary.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet_binary.rs similarity index 100% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet_binary.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet_binary.rs diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet_reader_trait.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet_reader_trait.rs similarity index 82% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet_reader_trait.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet_reader_trait.rs index fd31e73f2b1..29b47f835aa 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet_reader_trait.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet_reader_trait.rs @@ -1,4 +1,4 @@ -use crate::ebpf_portal::packet::RawSocketReadResult; +use crate::privileged_portal::packet::RawSocketReadResult; use async_trait::async_trait; use ockam_core::Result; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet_writer_trait.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet_writer_trait.rs similarity index 80% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet_writer_trait.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet_writer_trait.rs index e594abaeed1..1473805119e 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet_writer_trait.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet_writer_trait.rs @@ -1,5 +1,5 @@ -use crate::ebpf_portal::packet::TcpStrippedHeaderAndPayload; -use crate::ebpf_portal::Port; +use crate::privileged_portal::packet::TcpStrippedHeaderAndPayload; +use crate::privileged_portal::Port; use async_trait::async_trait; use ockam_core::Result; use std::net::Ipv4Addr; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/registry/inlet.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/registry/inlet.rs similarity index 97% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/registry/inlet.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/registry/inlet.rs index 32a83f72f73..628c4edfbfe 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/registry/inlet.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/registry/inlet.rs @@ -1,6 +1,6 @@ -use crate::ebpf_portal::packet::RawSocketReadResult; -use crate::ebpf_portal::{ConnectionIdentifier, Port}; use crate::portal::InletSharedState; +use crate::privileged_portal::packet::RawSocketReadResult; +use crate::privileged_portal::{ConnectionIdentifier, Port}; use ockam_core::compat::sync::Arc; use ockam_core::compat::sync::RwLock as SyncRwLock; use ockam_core::{Address, LocalInfoIdentifier}; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/registry/mod.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/registry/mod.rs similarity index 100% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/registry/mod.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/registry/mod.rs diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/registry/outlet.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/registry/outlet.rs similarity index 97% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/registry/outlet.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/registry/outlet.rs index 2e733a6471d..511239ae5c1 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/registry/outlet.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/registry/outlet.rs @@ -1,5 +1,5 @@ -use crate::ebpf_portal::packet::RawSocketReadResult; -use crate::ebpf_portal::{ConnectionIdentifier, Port}; +use crate::privileged_portal::packet::RawSocketReadResult; +use crate::privileged_portal::{ConnectionIdentifier, Port}; use ockam_core::{Address, LocalInfoIdentifier, Route}; use std::collections::HashMap; use std::net::Ipv4Addr; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/transport.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/transport.rs similarity index 98% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/transport.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/transport.rs index 69d9b4da708..6bfae909b2f 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/transport.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/transport.rs @@ -1,4 +1,4 @@ -use crate::ebpf_portal::{Iface, TcpPacketWriter}; +use crate::privileged_portal::{Iface, TcpPacketWriter}; use crate::TcpTransport; use aya::programs::tc::{qdisc_detach_program, TcAttachType}; use log::{error, info, warn}; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/internal_processor.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/internal_processor.rs similarity index 97% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/internal_processor.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/internal_processor.rs index 912985eeca3..a10d01dac0c 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/internal_processor.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/internal_processor.rs @@ -1,5 +1,5 @@ -use crate::ebpf_portal::packet::RawSocketReadResult; -use crate::ebpf_portal::{Inlet, InletConnection, OckamPortalPacket, Outlet, PortalMode}; +use crate::privileged_portal::packet::RawSocketReadResult; +use crate::privileged_portal::{Inlet, InletConnection, OckamPortalPacket, Outlet, PortalMode}; use log::{debug, trace, warn}; use ockam_core::{async_trait, route, LocalInfoIdentifier, LocalMessage, Processor, Result}; use ockam_node::Context; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/mod.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/mod.rs similarity index 100% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/mod.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/mod.rs diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/raw_socket_processor.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/raw_socket_processor.rs similarity index 98% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/raw_socket_processor.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/raw_socket_processor.rs index 6e85c075748..1418fbdcd18 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/raw_socket_processor.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/raw_socket_processor.rs @@ -1,5 +1,5 @@ -use crate::ebpf_portal::packet::RawSocketReadResult; -use crate::ebpf_portal::{ +use crate::privileged_portal::packet::RawSocketReadResult; +use crate::privileged_portal::{ create_async_fd_raw_socket, Inlet, InletRegistry, Outlet, OutletRegistry, TcpPacketReader, TcpPacketWriter, }; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/remote_worker.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/remote_worker.rs similarity index 98% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/remote_worker.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/remote_worker.rs index f5d044516e3..fdd3abf809e 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/remote_worker.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/remote_worker.rs @@ -1,5 +1,5 @@ -use crate::ebpf_portal::packet::TcpStrippedHeaderAndPayload; -use crate::ebpf_portal::{ +use crate::privileged_portal::packet::TcpStrippedHeaderAndPayload; +use crate::privileged_portal::{ ConnectionIdentifier, Inlet, InletConnection, OckamPortalPacket, Outlet, OutletConnection, OutletConnectionReturnRoute, Port, TcpPacketWriter, TcpTransportEbpfSupport, }; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/transport/mod.rs b/implementations/rust/ockam/ockam_transport_tcp/src/transport/mod.rs index 2055fb1c5a3..d87485c8fd7 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/transport/mod.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/transport/mod.rs @@ -59,8 +59,8 @@ pub struct TcpTransport { ctx: Arc, registry: TcpRegistry, - #[cfg(ebpf_alias)] - pub(crate) ebpf_support: crate::ebpf_portal::TcpTransportEbpfSupport, + #[cfg(privileged_portals_support)] + pub(crate) ebpf_support: crate::privileged_portal::TcpTransportEbpfSupport, } impl TcpTransport { @@ -69,7 +69,7 @@ impl TcpTransport { Self { ctx: Arc::new(ctx), registry: TcpRegistry::default(), - #[cfg(ebpf_alias)] + #[cfg(privileged_portals_support)] ebpf_support: Default::default(), } } diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/transport/portals.rs b/implementations/rust/ockam/ockam_transport_tcp/src/transport/portals.rs index 6465368d4dd..559326ca9d6 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/transport/portals.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/transport/portals.rs @@ -221,7 +221,7 @@ impl TcpInlet { /// reachable, or if we want to switch transport, e.g., from relayed to UDP NAT puncture. /// NOTE: For regular Portals existing TCP connections will still use the old route, /// only newly accepted connections will use the new route. - /// For eBPF Portals old connections can continue work in case the Identifier of the + /// For privileged Portals old connections can continue work in case the Identifier of the /// Outlet node didn't change pub async fn update_outlet_node_route(&self, ctx: &Context, new_route: Route) -> Result<()> { let mut inlet_shared_state = self.inlet_shared_state.write().await; diff --git a/implementations/rust/ockam/ockam_transport_tcp/tests/ebpf_portal.rs b/implementations/rust/ockam/ockam_transport_tcp/tests/ebpf_portal.rs index a41302a10e6..5c2a3b1e6eb 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/tests/ebpf_portal.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/tests/ebpf_portal.rs @@ -1,4 +1,4 @@ -#[cfg(ebpf_alias)] +#[cfg(privileged_portals_support)] mod tests { use log::info; use std::time::Duration;