Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(rust): rename ebpf portals -> privileged portals #8609

Merged
merged 2 commits into from
Nov 7, 2024
Merged

feat(rust): rename ebpf portals -> privileged portals #8609

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
494a306
feat(rust): rename ebpf portals -> privileged portals
SanjoDeundiak Nov 7, 2024
d9fbed4
feat(rust): improve output for privileged portals creation
SanjoDeundiak Nov 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions implementations/rust/ockam/ockam_api/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ repository = "https://github.com/ockam-network/ockam/implementations/rust/ockam/
description = "Ockam's request-response API"

[features]
default = ["std", "rust-crypto", "ebpf"]
default = ["std", "rust-crypto", "privileged_portals"]
test-utils = []
std = [
"either/use_std",
Expand All @@ -43,7 +43,7 @@ std = [
storage = ["ockam/storage"]
aws-lc = ["ockam_vault/aws-lc", "ockam_transport_tcp/aws-lc"]
rust-crypto = ["ockam_vault/rust-crypto", "ockam_transport_tcp/ring"]
ebpf = ["ockam_transport_tcp/ebpf"]
privileged_portals = ["ockam_transport_tcp/privileged_portals"]

[build-dependencies]
cfg_aliases = "0.2.1"
Expand Down
2 changes: 1 addition & 1 deletion implementations/rust/ockam/ockam_api/build.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,6 @@ fn hash() {
fn main() {
hash();
cfg_aliases! {
ebpf_alias: { all(target_os = "linux", feature = "ebpf") }
privileged_portals_support: { all(target_os = "linux", feature = "privileged_portals") }
}
}
8 changes: 4 additions & 4 deletions implementations/rust/ockam/ockam_api/src/influxdb/portal.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ impl NodeManagerWorker {
worker_addr,
reachable_from_default_secure_channel,
policy_expression,
ebpf,
privileged,
tls,
} = body.tcp_outlet;
let address = self
Expand Down Expand Up @@ -93,7 +93,7 @@ impl NodeManagerWorker {
Some(outlet_address),
reachable_from_default_secure_channel,
OutletAccessControl::WithPolicyExpression(policy_expression),
ebpf,
privileged,
)
.await
{
Expand All @@ -118,7 +118,7 @@ impl NodeManagerWorker {
secure_channel_identifier,
enable_udp_puncture,
disable_tcp_fallback,
ebpf,
privileged,
tls_certificate_provider,
} = body.tcp_inlet.clone();

Expand Down Expand Up @@ -192,7 +192,7 @@ impl NodeManagerWorker {
secure_channel_identifier,
enable_udp_puncture,
disable_tcp_fallback,
ebpf,
privileged,
tls_certificate_provider,
)
.await
Expand Down
16 changes: 8 additions & 8 deletions implementations/rust/ockam/ockam_api/src/nodes/models/portal.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ pub struct CreateInlet {
/// TCP won't be used to transfer data between the Inlet and the Outlet.
#[n(11)] pub(crate) disable_tcp_fallback: bool,
/// Use eBPF and RawSocket to access TCP packets instead of TCP data stream.
#[n(12)] pub(crate) ebpf: bool,
#[n(12)] pub(crate) privileged: bool,
/// TLS certificate provider route.
#[n(13)] pub(crate) tls_certificate_provider: Option<MultiAddr>,
}
Expand All @@ -68,7 +68,7 @@ impl CreateInlet {
wait_connection: bool,
enable_udp_puncture: bool,
disable_tcp_fallback: bool,
ebpf: bool,
privileged: bool,
) -> Self {
Self {
listen_addr: listen,
Expand All @@ -81,7 +81,7 @@ impl CreateInlet {
secure_channel_identifier: None,
enable_udp_puncture,
disable_tcp_fallback,
ebpf,
privileged,
tls_certificate_provider: None,
}
}
Expand All @@ -95,7 +95,7 @@ impl CreateInlet {
wait_connection: bool,
enable_udp_puncture: bool,
disable_tcp_fallback: bool,
ebpf: bool,
privileged: bool,
) -> Self {
Self {
listen_addr: listen,
Expand All @@ -108,7 +108,7 @@ impl CreateInlet {
secure_channel_identifier: None,
enable_udp_puncture,
disable_tcp_fallback,
ebpf,
privileged,
tls_certificate_provider: None,
}
}
Expand Down Expand Up @@ -169,7 +169,7 @@ pub struct CreateOutlet {
/// will be used.
#[n(5)] pub policy_expression: Option<PolicyExpression>,
/// Use eBPF and RawSocket to access TCP packets instead of TCP data stream.
#[n(6)] pub ebpf: bool
#[n(6)] pub privileged: bool
}

impl CreateOutlet {
Expand All @@ -178,15 +178,15 @@ impl CreateOutlet {
tls: bool,
worker_addr: Option<Address>,
reachable_from_default_secure_channel: bool,
ebpf: bool,
privileged: bool,
) -> Self {
Self {
hostname_port,
tls,
worker_addr,
reachable_from_default_secure_channel,
policy_expression: None,
ebpf,
privileged,
}
}

Expand Down
10 changes: 5 additions & 5 deletions implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/background_node_client.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ pub fn create_inlet_payload(
secure_channel_identifier: &Option<Identifier>,
enable_udp_puncture: bool,
disable_tcp_fallback: bool,
ebpf: bool,
privileged: bool,
tls_certificate_provider: &Option<MultiAddr>,
) -> CreateInlet {
let via_project = outlet_addr.matches(0, &[ProjectProto::CODE.into()]);
Expand All @@ -36,7 +36,7 @@ pub fn create_inlet_payload(
wait_connection,
enable_udp_puncture,
disable_tcp_fallback,
ebpf,
privileged,
)
} else {
CreateInlet::to_node(
Expand All @@ -47,7 +47,7 @@ pub fn create_inlet_payload(
wait_connection,
enable_udp_puncture,
disable_tcp_fallback,
ebpf,
privileged,
)
};
if let Some(e) = policy_expression.as_ref() {
Expand Down Expand Up @@ -78,7 +78,7 @@ impl Inlets for BackgroundNodeClient {
secure_channel_identifier: &Option<Identifier>,
enable_udp_puncture: bool,
disable_tcp_fallback: bool,
ebpf: bool,
privileged: bool,
tls_certificate_provider: &Option<MultiAddr>,
) -> miette::Result<Reply<InletStatus>> {
let request = {
Expand All @@ -93,7 +93,7 @@ impl Inlets for BackgroundNodeClient {
secure_channel_identifier,
enable_udp_puncture,
disable_tcp_fallback,
ebpf,
privileged,
tls_certificate_provider,
);
Request::post("/node/inlet").body(payload)
Expand Down
4 changes: 2 additions & 2 deletions implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/in_memory_node.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ impl InMemoryNode {
secure_channel_identifier: Option<Identifier>,
enable_udp_puncture: bool,
disable_tcp_fallback: bool,
ebpf: bool,
privileged: bool,
tls_certificate_provider: Option<MultiAddr>,
) -> Result<InletStatus> {
self.node_manager
Expand All @@ -46,7 +46,7 @@ impl InMemoryNode {
secure_channel_identifier,
enable_udp_puncture,
disable_tcp_fallback,
ebpf,
privileged,
tls_certificate_provider,
)
.await
Expand Down
2 changes: 1 addition & 1 deletion implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/inlets_trait.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ pub trait Inlets {
secure_channel_identifier: &Option<Identifier>,
enable_udp_puncture: bool,
disable_tcp_fallback: bool,
ebpf: bool,
privileged: bool,
tls_certificate_provider: &Option<MultiAddr>,
) -> miette::Result<Reply<InletStatus>>;

Expand Down
4 changes: 2 additions & 2 deletions implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/node_manager.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ impl NodeManager {
enable_udp_puncture: bool,
// TODO: Introduce mode enum
disable_tcp_fallback: bool,
ebpf: bool,
privileged: bool,
tls_certificate_provider: Option<MultiAddr>,
) -> Result<InletStatus> {
info!("Handling request to create inlet portal");
Expand Down Expand Up @@ -127,7 +127,7 @@ impl NodeManager {
additional_secure_channel: None,
udp_puncture: None,
additional_route: None,
ebpf,
privileged,
};

let replacer = Arc::new(Mutex::new(replacer));
Expand Down
4 changes: 2 additions & 2 deletions implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/node_manager_worker.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ impl NodeManagerWorker {
secure_channel_identifier,
enable_udp_puncture,
disable_tcp_fallback,
ebpf,
privileged,
tls_certificate_provider,
} = create_inlet;
match self
Expand All @@ -47,7 +47,7 @@ impl NodeManagerWorker {
secure_channel_identifier,
enable_udp_puncture,
disable_tcp_fallback,
ebpf,
privileged,
tls_certificate_provider,
)
.await
Expand Down
10 changes: 5 additions & 5 deletions implementations/rust/ockam/ockam_api/src/nodes/service/tcp_inlets/session_replacer.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ pub(super) struct InletSessionReplacer {
pub(super) additional_secure_channel: Option<SecureChannel>,
pub(super) udp_puncture: Option<UdpPuncture>,
pub(super) additional_route: Option<Route>,
pub(super) ebpf: bool,
pub(super) privileged: bool,
}

impl InletSessionReplacer {
Expand Down Expand Up @@ -166,8 +166,8 @@ impl InletSessionReplacer {
}
None => {
let options = self.inlet_options(node_manager).await?;
let inlet = if self.ebpf {
#[cfg(ebpf_alias)]
let inlet = if self.privileged {
#[cfg(privileged_portals_support)]
{
node_manager
.tcp_transport
Expand All @@ -178,12 +178,12 @@ impl InletSessionReplacer {
)
.await?
}
#[cfg(not(ebpf_alias))]
#[cfg(not(privileged_portals_support))]
{
return Err(ockam_core::Error::new(
Origin::Node,
Kind::Internal,
"eBPF support is not enabled",
"Privileged Portals support is not enabled",
));
}
} else {
Expand Down
20 changes: 10 additions & 10 deletions implementations/rust/ockam/ockam_api/src/nodes/service/tcp_outlets.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ impl NodeManagerWorker {
reachable_from_default_secure_channel,
policy_expression,
tls,
ebpf,
privileged,
} = create_outlet;

match self
Expand All @@ -39,7 +39,7 @@ impl NodeManagerWorker {
worker_addr,
reachable_from_default_secure_channel,
OutletAccessControl::WithPolicyExpression(policy_expression),
ebpf,
privileged,
)
.await
{
Expand Down Expand Up @@ -98,7 +98,7 @@ impl NodeManager {
worker_addr: Option<Address>,
reachable_from_default_secure_channel: bool,
access_control: OutletAccessControl,
ebpf: bool,
privileged: bool,
) -> Result<OutletStatus> {
let worker_addr = self
.registry
Expand Down Expand Up @@ -162,19 +162,19 @@ impl NodeManager {
}
};

let res = if ebpf {
#[cfg(ebpf_alias)]
let res = if privileged {
#[cfg(privileged_portals_support)]
{
self.tcp_transport
.create_raw_outlet(worker_addr.clone(), to.clone(), options)
.await
}
#[cfg(not(ebpf_alias))]
#[cfg(not(privileged_portals_support))]
{
Err(ockam_core::Error::new(
Origin::Node,
Kind::Internal,
"eBPF support is not enabled",
"Privileged Portals support is not enabled",
))
}
} else {
Expand Down Expand Up @@ -262,7 +262,7 @@ pub trait Outlets {
tls: bool,
from: Option<&Address>,
policy_expression: Option<PolicyExpression>,
ebpf: bool,
privileged: bool,
) -> miette::Result<OutletStatus>;
}

Expand All @@ -276,9 +276,9 @@ impl Outlets for BackgroundNodeClient {
tls: bool,
from: Option<&Address>,
policy_expression: Option<PolicyExpression>,
ebpf: bool,
privileged: bool,
) -> miette::Result<OutletStatus> {
let mut payload = CreateOutlet::new(to, tls, from.cloned(), true, ebpf);
let mut payload = CreateOutlet::new(to, tls, from.cloned(), true, privileged);
if let Some(policy_expression) = policy_expression {
payload.set_policy_expression(policy_expression);
}
Expand Down
4 changes: 2 additions & 2 deletions implementations/rust/ockam/ockam_command/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,8 +113,8 @@ tempfile = "3.10.1"
time = { version = "0.3", default-features = false, features = ["std", "local-offset"] }

[features]
default = ["orchestrator", "rust-crypto", "ebpf"]
ebpf = ["ockam_api/ebpf"]
default = ["orchestrator", "rust-crypto", "privileged_portals"]
privileged_portals = ["ockam_api/privileged_portals"]
orchestrator = []
aws-lc = ["ockam_vault/aws-lc", "ockam_api/aws-lc", "rustls/aws-lc-rs"]
rust-crypto = ["ockam_vault/rust-crypto", "ockam_api/rust-crypto", "rustls/ring"]
2 changes: 1 addition & 1 deletion implementations/rust/ockam/ockam_command/build.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,6 @@ fn hash() {
fn main() {
hash();
cfg_aliases! {
ebpf_alias: { all(target_os = "linux", feature = "ebpf") }
privileged_portals_support: { all(target_os = "linux", feature = "privileged_portals") }
}
}
2 changes: 1 addition & 1 deletion implementations/rust/ockam/ockam_command/src/environment/static/env_info.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ UDP Puncture
- OCKAM_RENDEZVOUS_SERVER: set this variable to the hostname and port of the Rendezvous service

TCP Portals
- OCKAM_EBPF: if variable is set, all TCP Inlets/Outlets will be eBPF Inlets/Outlets (overrides `--ebpf` argument for `ockam tcp-inlet create` and `ockam tcp-outlet create`).
- OCKAM_PRIVILEGED: if variable is set, all TCP Inlets/Outlets will use eBPF (overrides `--privileged` argument for `ockam tcp-inlet create` and `ockam tcp-outlet create`).

Devs Usage
- OCKAM: a `string` that defines the path to the ockam binary to use.
Expand Down
2 changes: 1 addition & 1 deletion implementations/rust/ockam/ockam_command/src/reset.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ impl ResetCommand {
opts.state.reset().await?;
}

#[cfg(ebpf_alias)]
#[cfg(privileged_portals_support)]
ockam::tcp::TcpTransport::detach_all_ockam_ebpfs_globally();

opts.terminal
Expand Down
Loading
Loading