diff --git a/implementations/rust/ockam/ockam_api/Cargo.toml b/implementations/rust/ockam/ockam_api/Cargo.toml index a58647b046a..44c796d47c5 100644 --- a/implementations/rust/ockam/ockam_api/Cargo.toml +++ b/implementations/rust/ockam/ockam_api/Cargo.toml @@ -24,7 +24,7 @@ repository = "https://github.com/ockam-network/ockam/implementations/rust/ockam/ description = "Ockam's request-response API" [features] -default = ["std", "rust-crypto", "ebpf"] +default = ["std", "rust-crypto", "privileged_portals"] test-utils = [] std = [ "either/use_std", @@ -43,7 +43,7 @@ std = [ storage = ["ockam/storage"] aws-lc = ["ockam_vault/aws-lc", "ockam_transport_tcp/aws-lc"] rust-crypto = ["ockam_vault/rust-crypto", "ockam_transport_tcp/ring"] -ebpf = ["ockam_transport_tcp/ebpf"] +privileged_portals = ["ockam_transport_tcp/privileged_portals"] [build-dependencies] cfg_aliases = "0.2.1" diff --git a/implementations/rust/ockam/ockam_api/build.rs b/implementations/rust/ockam/ockam_api/build.rs index 6a70b6f5d7e..e30584d8acd 100644 --- a/implementations/rust/ockam/ockam_api/build.rs +++ b/implementations/rust/ockam/ockam_api/build.rs @@ -13,6 +13,6 @@ fn hash() { fn main() { hash(); cfg_aliases! { - ebpf_alias: { all(target_os = "linux", feature = "ebpf") } + privileged_portals_support: { all(target_os = "linux", feature = "privileged_portals") } } } diff --git a/implementations/rust/ockam/ockam_api/src/influxdb/portal.rs b/implementations/rust/ockam/ockam_api/src/influxdb/portal.rs index 5f232f86fa3..a99b7757e89 100644 --- a/implementations/rust/ockam/ockam_api/src/influxdb/portal.rs +++ b/implementations/rust/ockam/ockam_api/src/influxdb/portal.rs @@ -35,7 +35,7 @@ impl NodeManagerWorker { worker_addr, reachable_from_default_secure_channel, policy_expression, - ebpf, + privileged, tls, } = body.tcp_outlet; let address = self @@ -93,7 +93,7 @@ impl NodeManagerWorker { Some(outlet_address), reachable_from_default_secure_channel, OutletAccessControl::WithPolicyExpression(policy_expression), - ebpf, + privileged, ) .await { @@ -118,7 +118,7 @@ impl NodeManagerWorker { secure_channel_identifier, enable_udp_puncture, disable_tcp_fallback, - ebpf, + privileged, tls_certificate_provider, } = body.tcp_inlet.clone(); @@ -192,7 +192,7 @@ impl NodeManagerWorker { secure_channel_identifier, enable_udp_puncture, disable_tcp_fallback, - ebpf, + privileged, tls_certificate_provider, ) .await diff --git a/implementations/rust/ockam/ockam_api/src/nodes/models/portal.rs b/implementations/rust/ockam/ockam_api/src/nodes/models/portal.rs index 1047a12771f..49ba9997965 100644 --- a/implementations/rust/ockam/ockam_api/src/nodes/models/portal.rs +++ b/implementations/rust/ockam/ockam_api/src/nodes/models/portal.rs @@ -54,7 +54,7 @@ pub struct CreateInlet { /// TCP won't be used to transfer data between the Inlet and the Outlet. #[n(11)] pub(crate) disable_tcp_fallback: bool, /// Use eBPF and RawSocket to access TCP packets instead of TCP data stream. - #[n(12)] pub(crate) ebpf: bool, + #[n(12)] pub(crate) privileged: bool, /// TLS certificate provider route. #[n(13)] pub(crate) tls_certificate_provider: Option, } @@ -68,7 +68,7 @@ impl CreateInlet { wait_connection: bool, enable_udp_puncture: bool, disable_tcp_fallback: bool, - ebpf: bool, + privileged: bool, ) -> Self { Self { listen_addr: listen, @@ -81,7 +81,7 @@ impl CreateInlet { secure_channel_identifier: None, enable_udp_puncture, disable_tcp_fallback, - ebpf, + privileged, tls_certificate_provider: None, } } @@ -95,7 +95,7 @@ impl CreateInlet { wait_connection: bool, enable_udp_puncture: bool, disable_tcp_fallback: bool, - ebpf: bool, + privileged: bool, ) -> Self { Self { listen_addr: listen, @@ -108,7 +108,7 @@ impl CreateInlet { secure_channel_identifier: None, enable_udp_puncture, disable_tcp_fallback, - ebpf, + privileged, tls_certificate_provider: None, } } @@ -169,7 +169,7 @@ pub struct CreateOutlet { /// will be used. #[n(5)] pub policy_expression: Option, /// Use eBPF and RawSocket to access TCP packets instead of TCP data stream. - #[n(6)] pub ebpf: bool + #[n(6)] pub privileged: bool } impl CreateOutlet { @@ -178,7 +178,7 @@ impl CreateOutlet { tls: bool, worker_addr: Option
, reachable_from_default_secure_channel: bool, - ebpf: bool, + privileged: bool, ) -> Self { Self { hostname_port, @@ -186,7 +186,7 @@ impl CreateOutlet { worker_addr, reachable_from_default_secure_channel, policy_expression: None, - ebpf, + privileged, } } diff --git a/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/background_node_client.rs b/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/background_node_client.rs index fc62f09eebf..c217aeb3f04 100644 --- a/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/background_node_client.rs +++ b/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/background_node_client.rs @@ -24,7 +24,7 @@ pub fn create_inlet_payload( secure_channel_identifier: &Option, enable_udp_puncture: bool, disable_tcp_fallback: bool, - ebpf: bool, + privileged: bool, tls_certificate_provider: &Option, ) -> CreateInlet { let via_project = outlet_addr.matches(0, &[ProjectProto::CODE.into()]); @@ -36,7 +36,7 @@ pub fn create_inlet_payload( wait_connection, enable_udp_puncture, disable_tcp_fallback, - ebpf, + privileged, ) } else { CreateInlet::to_node( @@ -47,7 +47,7 @@ pub fn create_inlet_payload( wait_connection, enable_udp_puncture, disable_tcp_fallback, - ebpf, + privileged, ) }; if let Some(e) = policy_expression.as_ref() { @@ -78,7 +78,7 @@ impl Inlets for BackgroundNodeClient { secure_channel_identifier: &Option, enable_udp_puncture: bool, disable_tcp_fallback: bool, - ebpf: bool, + privileged: bool, tls_certificate_provider: &Option, ) -> miette::Result> { let request = { @@ -93,7 +93,7 @@ impl Inlets for BackgroundNodeClient { secure_channel_identifier, enable_udp_puncture, disable_tcp_fallback, - ebpf, + privileged, tls_certificate_provider, ); Request::post("/node/inlet").body(payload) diff --git a/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/in_memory_node.rs b/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/in_memory_node.rs index a0e9c20afc0..d7df5111bd2 100644 --- a/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/in_memory_node.rs +++ b/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/in_memory_node.rs @@ -28,7 +28,7 @@ impl InMemoryNode { secure_channel_identifier: Option, enable_udp_puncture: bool, disable_tcp_fallback: bool, - ebpf: bool, + privileged: bool, tls_certificate_provider: Option, ) -> Result { self.node_manager @@ -46,7 +46,7 @@ impl InMemoryNode { secure_channel_identifier, enable_udp_puncture, disable_tcp_fallback, - ebpf, + privileged, tls_certificate_provider, ) .await diff --git a/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/inlets_trait.rs b/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/inlets_trait.rs index 9fa1067070e..439160f1b71 100644 --- a/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/inlets_trait.rs +++ b/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/inlets_trait.rs @@ -25,7 +25,7 @@ pub trait Inlets { secure_channel_identifier: &Option, enable_udp_puncture: bool, disable_tcp_fallback: bool, - ebpf: bool, + privileged: bool, tls_certificate_provider: &Option, ) -> miette::Result>; diff --git a/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/node_manager.rs b/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/node_manager.rs index f0c0bba3ecf..88a520fce89 100644 --- a/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/node_manager.rs +++ b/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/node_manager.rs @@ -39,7 +39,7 @@ impl NodeManager { enable_udp_puncture: bool, // TODO: Introduce mode enum disable_tcp_fallback: bool, - ebpf: bool, + privileged: bool, tls_certificate_provider: Option, ) -> Result { info!("Handling request to create inlet portal"); @@ -127,7 +127,7 @@ impl NodeManager { additional_secure_channel: None, udp_puncture: None, additional_route: None, - ebpf, + privileged, }; let replacer = Arc::new(Mutex::new(replacer)); diff --git a/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/node_manager_worker.rs b/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/node_manager_worker.rs index 2a14ad4ca8f..5aa912a5e4c 100644 --- a/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/node_manager_worker.rs +++ b/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/node_manager_worker.rs @@ -28,7 +28,7 @@ impl NodeManagerWorker { secure_channel_identifier, enable_udp_puncture, disable_tcp_fallback, - ebpf, + privileged, tls_certificate_provider, } = create_inlet; match self @@ -47,7 +47,7 @@ impl NodeManagerWorker { secure_channel_identifier, enable_udp_puncture, disable_tcp_fallback, - ebpf, + privileged, tls_certificate_provider, ) .await diff --git a/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/session_replacer.rs b/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/session_replacer.rs index 226424ccd2a..25b46522d34 100644 --- a/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/session_replacer.rs +++ b/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/session_replacer.rs @@ -52,7 +52,7 @@ pub(super) struct InletSessionReplacer { pub(super) additional_secure_channel: Option, pub(super) udp_puncture: Option, pub(super) additional_route: Option, - pub(super) ebpf: bool, + pub(super) privileged: bool, } impl InletSessionReplacer { @@ -166,8 +166,8 @@ impl InletSessionReplacer { } None => { let options = self.inlet_options(node_manager).await?; - let inlet = if self.ebpf { - #[cfg(ebpf_alias)] + let inlet = if self.privileged { + #[cfg(privileged_portals_support)] { node_manager .tcp_transport @@ -178,12 +178,12 @@ impl InletSessionReplacer { ) .await? } - #[cfg(not(ebpf_alias))] + #[cfg(not(privileged_portals_support))] { return Err(ockam_core::Error::new( Origin::Node, Kind::Internal, - "eBPF support is not enabled", + "Privileged Portals support is not enabled", )); } } else { diff --git a/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_outlets.rs b/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_outlets.rs index b6e3135590d..d0e13601665 100644 --- a/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_outlets.rs +++ b/implementations/rust/ockam/ockam_api/src/nodes/service/tcp_outlets.rs @@ -27,7 +27,7 @@ impl NodeManagerWorker { reachable_from_default_secure_channel, policy_expression, tls, - ebpf, + privileged, } = create_outlet; match self @@ -39,7 +39,7 @@ impl NodeManagerWorker { worker_addr, reachable_from_default_secure_channel, OutletAccessControl::WithPolicyExpression(policy_expression), - ebpf, + privileged, ) .await { @@ -98,7 +98,7 @@ impl NodeManager { worker_addr: Option
, reachable_from_default_secure_channel: bool, access_control: OutletAccessControl, - ebpf: bool, + privileged: bool, ) -> Result { let worker_addr = self .registry @@ -162,19 +162,19 @@ impl NodeManager { } }; - let res = if ebpf { - #[cfg(ebpf_alias)] + let res = if privileged { + #[cfg(privileged_portals_support)] { self.tcp_transport .create_raw_outlet(worker_addr.clone(), to.clone(), options) .await } - #[cfg(not(ebpf_alias))] + #[cfg(not(privileged_portals_support))] { Err(ockam_core::Error::new( Origin::Node, Kind::Internal, - "eBPF support is not enabled", + "Privileged Portals support is not enabled", )) } } else { @@ -262,7 +262,7 @@ pub trait Outlets { tls: bool, from: Option<&Address>, policy_expression: Option, - ebpf: bool, + privileged: bool, ) -> miette::Result; } @@ -276,9 +276,9 @@ impl Outlets for BackgroundNodeClient { tls: bool, from: Option<&Address>, policy_expression: Option, - ebpf: bool, + privileged: bool, ) -> miette::Result { - let mut payload = CreateOutlet::new(to, tls, from.cloned(), true, ebpf); + let mut payload = CreateOutlet::new(to, tls, from.cloned(), true, privileged); if let Some(policy_expression) = policy_expression { payload.set_policy_expression(policy_expression); } diff --git a/implementations/rust/ockam/ockam_command/Cargo.toml b/implementations/rust/ockam/ockam_command/Cargo.toml index 1dd2308baac..25df7c6add5 100644 --- a/implementations/rust/ockam/ockam_command/Cargo.toml +++ b/implementations/rust/ockam/ockam_command/Cargo.toml @@ -113,8 +113,8 @@ tempfile = "3.10.1" time = { version = "0.3", default-features = false, features = ["std", "local-offset"] } [features] -default = ["orchestrator", "rust-crypto", "ebpf"] -ebpf = ["ockam_api/ebpf"] +default = ["orchestrator", "rust-crypto", "privileged_portals"] +privileged_portals = ["ockam_api/privileged_portals"] orchestrator = [] aws-lc = ["ockam_vault/aws-lc", "ockam_api/aws-lc", "rustls/aws-lc-rs"] rust-crypto = ["ockam_vault/rust-crypto", "ockam_api/rust-crypto", "rustls/ring"] diff --git a/implementations/rust/ockam/ockam_command/build.rs b/implementations/rust/ockam/ockam_command/build.rs index 6a70b6f5d7e..e30584d8acd 100644 --- a/implementations/rust/ockam/ockam_command/build.rs +++ b/implementations/rust/ockam/ockam_command/build.rs @@ -13,6 +13,6 @@ fn hash() { fn main() { hash(); cfg_aliases! { - ebpf_alias: { all(target_os = "linux", feature = "ebpf") } + privileged_portals_support: { all(target_os = "linux", feature = "privileged_portals") } } } diff --git a/implementations/rust/ockam/ockam_command/src/environment/static/env_info.txt b/implementations/rust/ockam/ockam_command/src/environment/static/env_info.txt index 9bb2c7a7e9c..92f1334b05b 100644 --- a/implementations/rust/ockam/ockam_command/src/environment/static/env_info.txt +++ b/implementations/rust/ockam/ockam_command/src/environment/static/env_info.txt @@ -56,7 +56,7 @@ UDP Puncture - OCKAM_RENDEZVOUS_SERVER: set this variable to the hostname and port of the Rendezvous service TCP Portals -- OCKAM_EBPF: if variable is set, all TCP Inlets/Outlets will be eBPF Inlets/Outlets (overrides `--ebpf` argument for `ockam tcp-inlet create` and `ockam tcp-outlet create`). +- OCKAM_PRIVILEGED: if variable is set, all TCP Inlets/Outlets will use eBPF (overrides `--privileged` argument for `ockam tcp-inlet create` and `ockam tcp-outlet create`). Devs Usage - OCKAM: a `string` that defines the path to the ockam binary to use. diff --git a/implementations/rust/ockam/ockam_command/src/reset.rs b/implementations/rust/ockam/ockam_command/src/reset.rs index 2b22c0035ad..1b4dc6291ee 100644 --- a/implementations/rust/ockam/ockam_command/src/reset.rs +++ b/implementations/rust/ockam/ockam_command/src/reset.rs @@ -81,7 +81,7 @@ impl ResetCommand { opts.state.reset().await?; } - #[cfg(ebpf_alias)] + #[cfg(privileged_portals_support)] ockam::tcp::TcpTransport::detach_all_ockam_ebpfs_globally(); opts.terminal diff --git a/implementations/rust/ockam/ockam_command/src/tcp/inlet/create.rs b/implementations/rust/ockam/ockam_command/src/tcp/inlet/create.rs index 971729376de..35fd93087ab 100644 --- a/implementations/rust/ockam/ockam_command/src/tcp/inlet/create.rs +++ b/implementations/rust/ockam/ockam_command/src/tcp/inlet/create.rs @@ -23,7 +23,7 @@ use ockam_api::cli_state::journeys::{ TCP_INLET_FROM, TCP_INLET_TO, }; use ockam_api::cli_state::{random_name, CliState}; -use ockam_api::colors::color_primary; +use ockam_api::colors::{color_primary, color_primary_alt}; use ockam_api::nodes::models::portal::InletStatus; use ockam_api::nodes::service::tcp_inlets::Inlets; use ockam_api::nodes::BackgroundNodeClient; @@ -133,9 +133,9 @@ pub struct CreateCommand { pub no_tcp_fallback: bool, /// Use eBPF and RawSocket to access TCP packets instead of TCP data stream. - /// If `OCKAM_EBPF` env variable is set to 1, this argument will be `true`. - #[arg(long, env = "OCKAM_EBPF", value_parser = FalseyValueParser::default(), hide = true)] - pub ebpf: bool, + /// If `OCKAM_PRIVILEGED` env variable is set to 1, this argument will be `true`. + #[arg(long, env = "OCKAM_PRIVILEGED", value_parser = FalseyValueParser::default(), hide = true)] + pub privileged: bool, #[arg(long, value_name = "BOOL", default_value_t = false, hide = true)] /// Enable TLS for the TCP Inlet. @@ -166,6 +166,12 @@ impl Command for CreateCommand { async fn async_run(self, ctx: &Context, opts: CommandGlobalOpts) -> crate::Result<()> { initialize_default_node(ctx, &opts).await?; + let (inlet_str, outlet_str) = if self.privileged { + ("Privileged TCP Inlet", "Privileged TCP Outlet") + } else { + ("TCP Inlet", "TCP Outlet") + }; + let cmd = self.parse_args(&opts).await?; let mut node = BackgroundNodeClient::create(ctx, &opts.state, &cmd.at).await?; @@ -175,7 +181,8 @@ impl Command for CreateCommand { let pb = opts.terminal.progress_bar(); if let Some(pb) = pb.as_ref() { pb.set_message(format!( - "Creating TCP Inlet at {}...\n", + "Creating {} at {}...\n", + color_primary_alt(inlet_str), color_primary(cmd.from.to_string()) )); } @@ -194,7 +201,7 @@ impl Command for CreateCommand { &cmd.secure_channel_identifier(&opts.state).await?, cmd.udp, cmd.no_tcp_fallback, - cmd.ebpf, + cmd.privileged, &cmd.tls_certificate_provider, ) .await?; @@ -217,7 +224,8 @@ impl Command for CreateCommand { if let Some(pb) = pb.as_ref() { pb.set_message(format!( - "Waiting for TCP Inlet {} to be available... Retrying momentarily\n", + "Waiting for {} {} to be available... Retrying momentarily\n", + color_primary_alt(inlet_str), color_primary(&cmd.to) )); } @@ -232,26 +240,33 @@ impl Command for CreateCommand { .await?; let created_message = fmt_ok!( - "Created a new TCP Inlet in the Node {} bound to {}\n", + "Created a new {} in the Node {} bound to {}\n", + color_primary_alt(inlet_str), color_primary(&node_name), color_primary(cmd.from.to_string()) ); let plain = if cmd.no_connection_wait { - created_message + &fmt_log!("It will automatically connect to the TCP Outlet at {} as soon as it is available", - color_primary(&cmd.to) - ) + created_message + + &fmt_log!( + "It will automatically connect to the {} at {} as soon as it is available", + color_primary_alt(outlet_str), + color_primary(&cmd.to) + ) } else if inlet_status.status == ConnectionStatus::Up { created_message + &fmt_log!( - "sending traffic to the TCP Outlet at {}", + "sending traffic to the {} at {}", + color_primary_alt(outlet_str), color_primary(&cmd.to) ) } else { fmt_warn!( - "A TCP Inlet was created in the Node {} bound to {} but failed to connect to the TCP Outlet at {}\n", + "A {} was created in the Node {} bound to {} but failed to connect to the {} at {}\n", + color_primary_alt(inlet_str), color_primary(&node_name), - color_primary(cmd.from.to_string()), + color_primary(cmd.from.to_string()), + color_primary_alt(outlet_str), color_primary(&cmd.to) ) + &fmt_info!("It will retry to connect automatically") }; diff --git a/implementations/rust/ockam/ockam_command/src/tcp/outlet/create.rs b/implementations/rust/ockam/ockam_command/src/tcp/outlet/create.rs index 7faaa71e37e..68bf36aa713 100644 --- a/implementations/rust/ockam/ockam_command/src/tcp/outlet/create.rs +++ b/implementations/rust/ockam/ockam_command/src/tcp/outlet/create.rs @@ -17,7 +17,7 @@ use ockam_api::address::extract_address_value; use ockam_api::cli_state::journeys::{ JourneyEvent, NODE_NAME, TCP_OUTLET_AT, TCP_OUTLET_FROM, TCP_OUTLET_TO, }; -use ockam_api::colors::color_primary; +use ockam_api::colors::{color_primary, color_primary_alt}; use ockam_api::fmt_ok; use ockam_api::nodes::models::portal::OutletStatus; use ockam_api::nodes::service::tcp_outlets::Outlets; @@ -69,9 +69,9 @@ pub struct CreateCommand { pub allow: Option, /// Use eBPF and RawSocket to access TCP packets instead of TCP data stream. - /// If `OCKAM_EBPF` env variable is set to 1, this argument will be `true`. - #[arg(long, env = "OCKAM_EBPF", value_parser = FalseyValueParser::default(), hide = true)] - pub ebpf: bool, + /// If `OCKAM_PRIVILEGED` env variable is set to 1, this argument will be `true`. + #[arg(long, env = "OCKAM_PRIVILEGED", value_parser = FalseyValueParser::default(), hide = true)] + pub privileged: bool, } #[async_trait] @@ -81,13 +81,20 @@ impl Command for CreateCommand { async fn async_run(self, ctx: &Context, opts: CommandGlobalOpts) -> crate::Result<()> { initialize_default_node(ctx, &opts).await?; + let outlet_str = if self.privileged { + "Privileged TCP Outlet" + } else { + "TCP Outlet" + }; + let node = BackgroundNodeClient::create(ctx, &opts.state, &self.at).await?; let node_name = node.node_name(); let outlet_status = { let pb = opts.terminal.progress_bar(); if let Some(pb) = pb.as_ref() { pb.set_message(format!( - "Creating a new TCP Outlet to {}...\n", + "Creating a new {} to {}...\n", + color_primary_alt(outlet_str), color_primary(self.to.to_string()) )); } @@ -97,7 +104,7 @@ impl Command for CreateCommand { self.tls, self.from.clone().map(Address::from).as_ref(), self.allow.clone(), - self.ebpf, + self.privileged, ) .await? }; @@ -109,7 +116,8 @@ impl Command for CreateCommand { opts.terminal .stdout() .plain(fmt_ok!( - "Created a new TCP Outlet in the Node {} at {} bound to {}\n\n", + "Created a new {} in the Node {} at {} bound to {}\n\n", + color_primary_alt(outlet_str), color_primary(&node_name), color_primary(worker_route.to_string()), color_primary(self.to.to_string()) diff --git a/implementations/rust/ockam/ockam_command/tests/bats/run.sh b/implementations/rust/ockam/ockam_command/tests/bats/run.sh index 7c1ac8719d5..7f4166a2af0 100755 --- a/implementations/rust/ockam/ockam_command/tests/bats/run.sh +++ b/implementations/rust/ockam/ockam_command/tests/bats/run.sh @@ -52,7 +52,7 @@ fi if [ "$local_as_root_suite" = true ]; then echo "Running local root suite..." - OCKAM_EBPF=1 bats "$current_directory/local/portals.bats" --timing -j 3 + OCKAM_PRIVILEGED=1 bats "$current_directory/local/portals.bats" --timing -j 3 fi if [ -z "${ORCHESTRATOR_TESTS}" ]; then diff --git a/implementations/rust/ockam/ockam_transport_core/src/error.rs b/implementations/rust/ockam/ockam_transport_core/src/error.rs index 4a183021038..079363160ce 100644 --- a/implementations/rust/ockam/ockam_transport_core/src/error.rs +++ b/implementations/rust/ockam/ockam_transport_core/src/error.rs @@ -74,8 +74,8 @@ pub enum TransportError { RemovingOutletPort(String), /// Couldn't read capabilities ReadCaps(String), - /// eBPF prerequisites check failed - EbpfPrerequisitesCheckFailed(String), + /// Privileged Portals prerequisites check failed + PrivilegedPortalsPrerequisitesCheckFailed(String), /// The Identifier of the other side of the portal has changed when updating the route IdentifierChanged, /// Invalid OckamPortalPacket @@ -122,8 +122,8 @@ impl core::fmt::Display for TransportError { Self::RemovingInletPort(e) => write!(f, "error removing inlet port {}", e), Self::RemovingOutletPort(e) => write!(f, "error removing outlet port {}", e), Self::ReadCaps(e) => write!(f, "error reading effective capabilities {}", e), - Self::EbpfPrerequisitesCheckFailed(e) => { - write!(f, "eBPF prerequisites check failed: {}", e) + Self::PrivilegedPortalsPrerequisitesCheckFailed(e) => { + write!(f, "Privileged Portals prerequisites check failed: {}", e) } Self::IdentifierChanged => write!( f, @@ -168,7 +168,7 @@ impl From for Error { | RemovingInletPort(_) | RemovingOutletPort(_) => Kind::Io, ReadCaps(_) => Kind::Io, - EbpfPrerequisitesCheckFailed(_) => Kind::Misuse, + PrivilegedPortalsPrerequisitesCheckFailed(_) => Kind::Misuse, IdentifierChanged => Kind::Conflict, InvalidOckamPortalPacket(_) => Kind::Invalid, }; diff --git a/implementations/rust/ockam/ockam_transport_tcp/Cargo.toml b/implementations/rust/ockam/ockam_transport_tcp/Cargo.toml index 864b6f3b19a..9c6cd56e9e9 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/Cargo.toml +++ b/implementations/rust/ockam/ockam_transport_tcp/Cargo.toml @@ -23,13 +23,13 @@ TCP Transport for the Ockam Routing Protocol. """ [features] -default = ["std", "ring", "ebpf"] +default = ["std", "ring", "privileged_portals"] std = ["ockam_macros/std", "ockam_transport_core/std", "opentelemetry", "binary-layout?/std"] no_std = ["ockam_macros/no_std", "ockam_transport_core/no_std"] alloc = [] aws-lc = ["tokio-rustls/aws-lc-rs"] ring = ["tokio-rustls/ring"] -ebpf = ["aya", "aya-log", "binary-layout", "caps", "nix"] +privileged_portals = ["aya", "aya-log", "binary-layout", "caps", "nix"] [build-dependencies] cfg_aliases = "0.2.1" diff --git a/implementations/rust/ockam/ockam_transport_tcp/build.rs b/implementations/rust/ockam/ockam_transport_tcp/build.rs index f53df3ae53e..7b8224b4567 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/build.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/build.rs @@ -2,6 +2,6 @@ use cfg_aliases::cfg_aliases; fn main() { cfg_aliases! { - ebpf_alias: { all(target_os = "linux", feature = "ebpf") } + privileged_portals_support: { all(target_os = "linux", feature = "privileged_portals") } } } diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/lib.rs b/implementations/rust/ockam/ockam_transport_tcp/src/lib.rs index a163930a9d6..43dffb09877 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/lib.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/lib.rs @@ -37,9 +37,9 @@ pub use protocol_version::*; pub use registry::*; pub use transport::*; -#[cfg(ebpf_alias)] +#[cfg(privileged_portals_support)] /// eBPF backed TCP portals that works on TCP level rather than on top of TCP -pub mod ebpf_portal; +pub mod privileged_portal; pub(crate) const CLUSTER_NAME: &str = "_internals.transport.tcp"; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/portal/addresses.rs b/implementations/rust/ockam/ockam_transport_tcp/src/portal/addresses.rs index 7dcad1755a3..cbb8c9aa637 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/portal/addresses.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/portal/addresses.rs @@ -6,23 +6,23 @@ pub(crate) enum PortalType { Inlet, Outlet, #[allow(unused)] - EbpfInlet, + PrivilegedInlet, #[allow(unused)] - EbpfOutlet, + PrivilegedOutlet, } impl PortalType { pub fn str(&self) -> &'static str { match self { - PortalType::Inlet | PortalType::EbpfInlet => "inlet", - PortalType::Outlet | PortalType::EbpfOutlet => "outlet", + PortalType::Inlet | PortalType::PrivilegedInlet => "inlet", + PortalType::Outlet | PortalType::PrivilegedOutlet => "outlet", } } - pub fn is_ebpf(&self) -> bool { + pub fn is_privileged(&self) -> bool { match self { PortalType::Inlet | PortalType::Outlet => false, - PortalType::EbpfInlet | PortalType::EbpfOutlet => true, + PortalType::PrivilegedInlet | PortalType::PrivilegedOutlet => true, } } } @@ -42,26 +42,26 @@ pub(crate) struct Addresses { impl Addresses { pub(crate) fn generate(portal_type: PortalType) -> Self { let type_name = portal_type.str(); - let ebpf_str = if portal_type.is_ebpf() { - "ebpf" + let privileged_str = if portal_type.is_privileged() { + "privileged" } else { - "non_ebpf" + "non_privileged" }; let sender_internal = Address::random_tagged(&format!( "TcpPortalWorker.{}.{}.sender_internal", - ebpf_str, type_name + privileged_str, type_name )); let sender_remote = Address::random_tagged(&format!( "TcpPortalWorker.{}.{}.sender_remote", - ebpf_str, type_name + privileged_str, type_name )); let receiver_internal = Address::random_tagged(&format!( "TcpPortalRecvProcessor.{}.{}.receiver_internal", - ebpf_str, type_name + privileged_str, type_name )); let receiver_remote = Address::random_tagged(&format!( "TcpPortalRecvProcessor.{}.{}.receiver_remote", - ebpf_str, type_name + privileged_str, type_name )); Self { diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/portal/portal_message.rs b/implementations/rust/ockam/ockam_transport_tcp/src/portal/portal_message.rs index e8efcd1314f..6c2ba0fb5b0 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/portal/portal_message.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/portal/portal_message.rs @@ -14,7 +14,7 @@ pub enum PortalMessage<'de> { /// or from the target to the Inlet was dropped Disconnect, /// Message with binary payload and packet counter - // TODO: Add route_index. May not be as important as for eBPF portals, as regular portals + // TODO: Add route_index. May not be as important as for privileged portals, as regular portals // require reliable channel anyways. And if PortalMessage is sent over a channel that // guarantees ordering, we don't need route_index Payload(&'de [u8], Option), diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/ebpf_support.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/ebpf_support.rs similarity index 99% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/ebpf_support.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/ebpf_support.rs index 87c59942bff..14f7337a025 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/ebpf_support.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/ebpf_support.rs @@ -1,6 +1,6 @@ #![allow(unsafe_code)] -use crate::ebpf_portal::{ +use crate::privileged_portal::{ Iface, InletRegistry, OutletRegistry, Port, Proto, RawSocketProcessor, TcpPacketWriter, }; use aya::maps::{MapData, MapError}; @@ -344,7 +344,7 @@ fn map_map_error(map_error: MapError) -> Error { #[cfg(test)] // requires root to run mod tests { - use crate::ebpf_portal::TcpTransportEbpfSupport; + use crate::privileged_portal::TcpTransportEbpfSupport; use ockam_core::Result; use ockam_node::Context; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/mod.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/mod.rs similarity index 87% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/mod.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/mod.rs index 9a60ce0921d..69b3aac406c 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/mod.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/mod.rs @@ -1,5 +1,5 @@ mod ebpf_support; -mod portals; +mod privileged_portals; mod raw_socket; mod registry; mod transport; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/portals.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/privileged_portals.rs similarity index 97% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/portals.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/privileged_portals.rs index 0857df94afd..fa57aefd5db 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/portals.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/privileged_portals.rs @@ -1,5 +1,5 @@ -use crate::ebpf_portal::{InternalProcessor, Port, RemoteWorker}; use crate::portal::InletSharedState; +use crate::privileged_portal::{InternalProcessor, Port, RemoteWorker}; use crate::{TcpInlet, TcpInletOptions, TcpOutletOptions, TcpTransport}; use caps::Capability::{CAP_BPF, CAP_NET_ADMIN, CAP_NET_RAW, CAP_SYS_ADMIN}; use caps::{CapSet, Capability}; @@ -17,7 +17,7 @@ use tokio::sync::mpsc::channel; use tracing::instrument; impl TcpTransport { - /// Check if eBPF portals can be run with current permissions + /// Check if privileged portals can be run with current permissions pub fn check_capabilities() -> Result<()> { let caps = caps::read(None, CapSet::Effective) .map_err(|e| TransportError::ReadCaps(e.to_string()))?; @@ -43,7 +43,7 @@ impl TcpTransport { if !check_result { error!("Capabilities: {:?}", caps); - return Err(TransportError::EbpfPrerequisitesCheckFailed( + return Err(TransportError::PrivilegedPortalsPrerequisitesCheckFailed( error_description, ))?; } @@ -151,7 +151,7 @@ impl TcpTransport { .start(self.ctx()) .await?; - Ok(TcpInlet::new_ebpf( + Ok(TcpInlet::new_privileged( local_address, remote_worker_address, // FIXME inlet_shared_state, diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/async_fd_packet_reader.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/async_fd_packet_reader.rs similarity index 96% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/async_fd_packet_reader.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/async_fd_packet_reader.rs index 1b0622f17be..0f5b9412ac0 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/async_fd_packet_reader.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/async_fd_packet_reader.rs @@ -1,8 +1,8 @@ -use crate::ebpf_portal::packet::{ +use crate::privileged_portal::packet::{ Ipv4Info, RawSocketReadResult, TcpInfo, TcpStrippedHeaderAndPayload, }; -use crate::ebpf_portal::packet_binary::{ipv4_header, tcp_header}; -use crate::ebpf_portal::TcpPacketReader; +use crate::privileged_portal::packet_binary::{ipv4_header, tcp_header}; +use crate::privileged_portal::TcpPacketReader; use async_trait::async_trait; use log::{error, trace}; use nix::sys::socket::MsgFlags; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/async_fd_packet_writer.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/async_fd_packet_writer.rs similarity index 94% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/async_fd_packet_writer.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/async_fd_packet_writer.rs index c251760c2d0..e3dc4671fab 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/async_fd_packet_writer.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/async_fd_packet_writer.rs @@ -1,6 +1,6 @@ -use crate::ebpf_portal::packet::TcpStrippedHeaderAndPayload; -use crate::ebpf_portal::packet_binary::tcp_header_ports; -use crate::ebpf_portal::{tcp_set_checksum, Port, TcpPacketWriter}; +use crate::privileged_portal::packet::TcpStrippedHeaderAndPayload; +use crate::privileged_portal::packet_binary::tcp_header_ports; +use crate::privileged_portal::{tcp_set_checksum, Port, TcpPacketWriter}; use async_trait::async_trait; use log::{debug, error}; use nix::sys::socket::{MsgFlags, SockaddrIn}; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/checksum.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/checksum.rs similarity index 100% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/checksum.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/checksum.rs diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/checksum_helpers.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/checksum_helpers.rs similarity index 90% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/checksum_helpers.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/checksum_helpers.rs index 125ce9cdb0a..d11cdb23bf6 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/checksum_helpers.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/checksum_helpers.rs @@ -1,5 +1,5 @@ -use crate::ebpf_portal::packet_binary::tcp_header; -use crate::ebpf_portal::ChecksumAccumulator; +use crate::privileged_portal::packet_binary::tcp_header; +use crate::privileged_portal::ChecksumAccumulator; use std::net::Ipv4Addr; /// Calculate and set checksum for a TCP packet @@ -33,7 +33,7 @@ fn tcp_checksum(source_ip: Ipv4Addr, destination_ip: Ipv4Addr, packet: &[u8]) -> #[cfg(test)] mod tests { - use crate::ebpf_portal::raw_socket::checksum_helpers::tcp_checksum; + use crate::privileged_portal::raw_socket::checksum_helpers::tcp_checksum; use std::net::Ipv4Addr; #[test] diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/common.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/common.rs similarity index 96% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/common.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/common.rs index 3b65f755417..5c5bd418fab 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/common.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/common.rs @@ -1,4 +1,4 @@ -use crate::ebpf_portal::packet::TcpStrippedHeaderAndPayload; +use crate::privileged_portal::packet::TcpStrippedHeaderAndPayload; use minicbor::{Decode, Encode}; use rand::distributions::{Distribution, Standard}; use rand::Rng; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/create_raw_socket.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/create_raw_socket.rs similarity index 98% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/create_raw_socket.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/create_raw_socket.rs index 30c0bce1dc2..b000c24f4d4 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/create_raw_socket.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/create_raw_socket.rs @@ -1,4 +1,4 @@ -use crate::ebpf_portal::{ +use crate::privileged_portal::{ AsyncFdPacketReader, AsyncFdPacketWriter, Proto, TcpPacketReader, TcpPacketWriter, }; use nix::errno::Errno; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/mod.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/mod.rs similarity index 100% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/mod.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/mod.rs diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet.rs similarity index 97% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet.rs index e308dfd210c..848aebece90 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet.rs @@ -1,5 +1,5 @@ -use crate::ebpf_portal::packet_binary::{ipv4_header, stripped_tcp_header, tcp_header}; -use crate::ebpf_portal::Port; +use crate::privileged_portal::packet_binary::{ipv4_header, stripped_tcp_header, tcp_header}; +use crate::privileged_portal::Port; use std::net::Ipv4Addr; /// Result of reading packet from RawSocket diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet_binary.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet_binary.rs similarity index 100% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet_binary.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet_binary.rs diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet_reader_trait.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet_reader_trait.rs similarity index 82% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet_reader_trait.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet_reader_trait.rs index fd31e73f2b1..29b47f835aa 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet_reader_trait.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet_reader_trait.rs @@ -1,4 +1,4 @@ -use crate::ebpf_portal::packet::RawSocketReadResult; +use crate::privileged_portal::packet::RawSocketReadResult; use async_trait::async_trait; use ockam_core::Result; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet_writer_trait.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet_writer_trait.rs similarity index 80% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet_writer_trait.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet_writer_trait.rs index e594abaeed1..1473805119e 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/raw_socket/packet_writer_trait.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/raw_socket/packet_writer_trait.rs @@ -1,5 +1,5 @@ -use crate::ebpf_portal::packet::TcpStrippedHeaderAndPayload; -use crate::ebpf_portal::Port; +use crate::privileged_portal::packet::TcpStrippedHeaderAndPayload; +use crate::privileged_portal::Port; use async_trait::async_trait; use ockam_core::Result; use std::net::Ipv4Addr; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/registry/inlet.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/registry/inlet.rs similarity index 97% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/registry/inlet.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/registry/inlet.rs index 32a83f72f73..628c4edfbfe 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/registry/inlet.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/registry/inlet.rs @@ -1,6 +1,6 @@ -use crate::ebpf_portal::packet::RawSocketReadResult; -use crate::ebpf_portal::{ConnectionIdentifier, Port}; use crate::portal::InletSharedState; +use crate::privileged_portal::packet::RawSocketReadResult; +use crate::privileged_portal::{ConnectionIdentifier, Port}; use ockam_core::compat::sync::Arc; use ockam_core::compat::sync::RwLock as SyncRwLock; use ockam_core::{Address, LocalInfoIdentifier}; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/registry/mod.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/registry/mod.rs similarity index 100% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/registry/mod.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/registry/mod.rs diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/registry/outlet.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/registry/outlet.rs similarity index 97% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/registry/outlet.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/registry/outlet.rs index 2e733a6471d..511239ae5c1 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/registry/outlet.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/registry/outlet.rs @@ -1,5 +1,5 @@ -use crate::ebpf_portal::packet::RawSocketReadResult; -use crate::ebpf_portal::{ConnectionIdentifier, Port}; +use crate::privileged_portal::packet::RawSocketReadResult; +use crate::privileged_portal::{ConnectionIdentifier, Port}; use ockam_core::{Address, LocalInfoIdentifier, Route}; use std::collections::HashMap; use std::net::Ipv4Addr; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/transport.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/transport.rs similarity index 98% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/transport.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/transport.rs index 69d9b4da708..6bfae909b2f 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/transport.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/transport.rs @@ -1,4 +1,4 @@ -use crate::ebpf_portal::{Iface, TcpPacketWriter}; +use crate::privileged_portal::{Iface, TcpPacketWriter}; use crate::TcpTransport; use aya::programs::tc::{qdisc_detach_program, TcAttachType}; use log::{error, info, warn}; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/internal_processor.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/internal_processor.rs similarity index 97% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/internal_processor.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/internal_processor.rs index 912985eeca3..a10d01dac0c 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/internal_processor.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/internal_processor.rs @@ -1,5 +1,5 @@ -use crate::ebpf_portal::packet::RawSocketReadResult; -use crate::ebpf_portal::{Inlet, InletConnection, OckamPortalPacket, Outlet, PortalMode}; +use crate::privileged_portal::packet::RawSocketReadResult; +use crate::privileged_portal::{Inlet, InletConnection, OckamPortalPacket, Outlet, PortalMode}; use log::{debug, trace, warn}; use ockam_core::{async_trait, route, LocalInfoIdentifier, LocalMessage, Processor, Result}; use ockam_node::Context; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/mod.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/mod.rs similarity index 100% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/mod.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/mod.rs diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/raw_socket_processor.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/raw_socket_processor.rs similarity index 98% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/raw_socket_processor.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/raw_socket_processor.rs index 6e85c075748..1418fbdcd18 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/raw_socket_processor.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/raw_socket_processor.rs @@ -1,5 +1,5 @@ -use crate::ebpf_portal::packet::RawSocketReadResult; -use crate::ebpf_portal::{ +use crate::privileged_portal::packet::RawSocketReadResult; +use crate::privileged_portal::{ create_async_fd_raw_socket, Inlet, InletRegistry, Outlet, OutletRegistry, TcpPacketReader, TcpPacketWriter, }; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/remote_worker.rs b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/remote_worker.rs similarity index 98% rename from implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/remote_worker.rs rename to implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/remote_worker.rs index f5d044516e3..fdd3abf809e 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/workers/remote_worker.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/privileged_portal/workers/remote_worker.rs @@ -1,5 +1,5 @@ -use crate::ebpf_portal::packet::TcpStrippedHeaderAndPayload; -use crate::ebpf_portal::{ +use crate::privileged_portal::packet::TcpStrippedHeaderAndPayload; +use crate::privileged_portal::{ ConnectionIdentifier, Inlet, InletConnection, OckamPortalPacket, Outlet, OutletConnection, OutletConnectionReturnRoute, Port, TcpPacketWriter, TcpTransportEbpfSupport, }; diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/transport/mod.rs b/implementations/rust/ockam/ockam_transport_tcp/src/transport/mod.rs index 2055fb1c5a3..d87485c8fd7 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/transport/mod.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/transport/mod.rs @@ -59,8 +59,8 @@ pub struct TcpTransport { ctx: Arc, registry: TcpRegistry, - #[cfg(ebpf_alias)] - pub(crate) ebpf_support: crate::ebpf_portal::TcpTransportEbpfSupport, + #[cfg(privileged_portals_support)] + pub(crate) ebpf_support: crate::privileged_portal::TcpTransportEbpfSupport, } impl TcpTransport { @@ -69,7 +69,7 @@ impl TcpTransport { Self { ctx: Arc::new(ctx), registry: TcpRegistry::default(), - #[cfg(ebpf_alias)] + #[cfg(privileged_portals_support)] ebpf_support: Default::default(), } } diff --git a/implementations/rust/ockam/ockam_transport_tcp/src/transport/portals.rs b/implementations/rust/ockam/ockam_transport_tcp/src/transport/portals.rs index 6465368d4dd..9c0e29dcb9b 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/src/transport/portals.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/src/transport/portals.rs @@ -137,19 +137,19 @@ pub struct TcpInlet { #[derive(Clone, Debug)] enum TcpInletState { - Ebpf { portal_worker_address: Address }, + Privileged { portal_worker_address: Address }, Regular { processor_address: Address }, } impl fmt::Display for TcpInlet { fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { match &self.state { - TcpInletState::Ebpf { + TcpInletState::Privileged { portal_worker_address, } => { write!( f, - "Socket: {}. Worker address: {}. eBPF", + "Socket: {}. Worker address: {}. Privileged", self.socket_address, portal_worker_address ) } @@ -179,7 +179,7 @@ impl TcpInlet { } /// Constructor - pub fn new_ebpf( + pub fn new_privileged( socket_address: SocketAddr, portal_worker_address: Address, inlet_shared_state: Arc>, @@ -187,15 +187,15 @@ impl TcpInlet { Self { socket_address, inlet_shared_state, - state: TcpInletState::Ebpf { + state: TcpInletState::Privileged { portal_worker_address, }, } } - /// Returns true if the Inlet is eBPF - pub fn is_ebpf(&self) -> bool { - matches!(self.state, TcpInletState::Ebpf { .. }) + /// Returns true if the Inlet is privileged + pub fn is_privileged(&self) -> bool { + matches!(self.state, TcpInletState::Privileged { .. }) } /// Socket Address @@ -206,7 +206,7 @@ impl TcpInlet { /// Processor address pub fn processor_address(&self) -> Option<&Address> { match &self.state { - TcpInletState::Ebpf { .. } => None, + TcpInletState::Privileged { .. } => None, TcpInletState::Regular { processor_address } => Some(processor_address), } } @@ -221,7 +221,7 @@ impl TcpInlet { /// reachable, or if we want to switch transport, e.g., from relayed to UDP NAT puncture. /// NOTE: For regular Portals existing TCP connections will still use the old route, /// only newly accepted connections will use the new route. - /// For eBPF Portals old connections can continue work in case the Identifier of the + /// For privileged Portals old connections can continue work in case the Identifier of the /// Outlet node didn't change pub async fn update_outlet_node_route(&self, ctx: &Context, new_route: Route) -> Result<()> { let mut inlet_shared_state = self.inlet_shared_state.write().await; @@ -244,7 +244,7 @@ impl TcpInlet { fn update_flow_controls(&self, flow_controls: &FlowControls, next: Address) { match &self.state { - TcpInletState::Ebpf { + TcpInletState::Privileged { portal_worker_address, } => { TcpInletOptions::setup_flow_control_for_address( @@ -275,7 +275,7 @@ impl TcpInlet { /// Stop the Inlet pub async fn stop(&self, ctx: &Context) -> Result<()> { match &self.state { - TcpInletState::Ebpf { .. } => { + TcpInletState::Privileged { .. } => { // TODO: eBPF } TcpInletState::Regular { processor_address } => { diff --git a/implementations/rust/ockam/ockam_transport_tcp/tests/ebpf_portal.rs b/implementations/rust/ockam/ockam_transport_tcp/tests/ebpf_portal.rs index a41302a10e6..19589b2216f 100644 --- a/implementations/rust/ockam/ockam_transport_tcp/tests/ebpf_portal.rs +++ b/implementations/rust/ockam/ockam_transport_tcp/tests/ebpf_portal.rs @@ -1,4 +1,4 @@ -#[cfg(ebpf_alias)] +#[cfg(privileged_portals_support)] mod tests { use log::info; use std::time::Duration; @@ -56,7 +56,7 @@ mod tests { #[allow(non_snake_case)] #[ockam_macros::test(timeout = 5000)] #[ignore] // Requires root and capabilities - async fn ebpf_portal__standard_flow__should_succeed(ctx: &mut Context) -> Result<()> { + async fn privileged_portal__standard_flow__should_succeed(ctx: &mut Context) -> Result<()> { let tcp = TcpTransport::create(ctx).await?; let payload1 = generate_binary();