From 0cd0edeceb384e7524e181115108730e62211b17 Mon Sep 17 00:00:00 2001 From: Badr Date: Mon, 14 Oct 2024 18:14:20 +0200 Subject: [PATCH] refactor --- oryx-tui/src/app.rs | 8 ++--- oryx-tui/src/ebpf.rs | 65 ++++++++++++++++++++++++++--------------- oryx-tui/src/filter.rs | 14 ++++----- oryx-tui/src/section.rs | 4 +-- 4 files changed, 54 insertions(+), 37 deletions(-) diff --git a/oryx-tui/src/app.rs b/oryx-tui/src/app.rs index 32965b7..c1c528b 100644 --- a/oryx-tui/src/app.rs +++ b/oryx-tui/src/app.rs @@ -11,7 +11,7 @@ use std::{ }; use crate::{filter::Filter, help::Help}; -use crate::{filter::IoChans, notification::Notification}; +use crate::{filter::IoChannels, notification::Notification}; use crate::{packet::AppPacket, section::Section}; pub type AppResult = std::result::Result>; @@ -58,7 +58,7 @@ impl App { let (sender, receiver) = kanal::unbounded(); - let firewall_chans = IoChans::new(); + let firewall_channels = IoChannels::new(); thread::spawn({ let packets = packets.clone(); move || loop { @@ -76,11 +76,11 @@ impl App { Self { running: true, help: Help::new(), - filter: Filter::new(firewall_chans.clone()), + filter: Filter::new(firewall_channels.clone()), start_sniffing: false, packets: packets.clone(), notifications: Vec::new(), - section: Section::new(packets.clone(), firewall_chans.clone()), + section: Section::new(packets.clone(), firewall_channels.clone()), data_channel_sender: sender, is_editing: false, active_popup: None, diff --git a/oryx-tui/src/ebpf.rs b/oryx-tui/src/ebpf.rs index e33c9f7..a02826b 100644 --- a/oryx-tui/src/ebpf.rs +++ b/oryx-tui/src/ebpf.rs @@ -13,6 +13,7 @@ use aya::{ programs::{tc, SchedClassifier, TcAttachType}, Ebpf, EbpfLoader, }; +use log::error; use oryx_common::{protocols::Protocol, RawPacket, MAX_RULES_PORT}; use crate::{ @@ -150,7 +151,6 @@ fn update_ipv6_blocklist( .insert(addr.to_bits(), blocked_ports, 0) .unwrap(); } else { - //TODO: unreachable!(); // list is full } } else { @@ -199,6 +199,11 @@ fn update_ipv6_blocklist( } } +enum EbpfTrafficDirection { + Ingress = -1, + Egress = 1, +} + pub fn load_ingress( iface: String, notification_sender: kanal::Sender, @@ -219,16 +224,19 @@ pub fn load_ingress( unsafe { libc::setrlimit(libc::RLIMIT_MEMLOCK, &rlim) }; + let traffic_direction = EbpfTrafficDirection::Ingress as i32; + #[cfg(debug_assertions)] let mut bpf = match EbpfLoader::new() - .set_global("TRAFFIC_DIRECTION", &-1i32, true) + .set_global("TRAFFIC_DIRECTION", &traffic_direction, true) .load(include_bytes_aligned!( "../../target/bpfel-unknown-none/debug/oryx" )) { Ok(v) => v, Err(e) => { + error!("Failed to load the ingress eBPF bytecode. {}", e); Notification::send( - format!("Failed to load the ingress eBPF bytecode\n {}", e), + "Failed to load the ingress eBPF bytecode", NotificationLevel::Error, notification_sender, ) @@ -239,14 +247,15 @@ pub fn load_ingress( #[cfg(not(debug_assertions))] let mut bpf = match EbpfLoader::new() - .set_global("TRAFFIC_DIRECTION", &-1i32, true) + .set_global("TRAFFIC_DIRECTION", &traffic_direction, true) .load(include_bytes_aligned!( - "../../target/bpfel-unknown-none/release/oryx" + "../../target/bpfel-unknown-none/debug/oryx" )) { Ok(v) => v, Err(e) => { + error!("Failed to load the ingress eBPF bytecode. {}", e); Notification::send( - format!("Failed to load the ingress eBPF bytecode\n {}", e), + "Failed to load the ingress eBPF bytecode", NotificationLevel::Error, notification_sender, ) @@ -261,11 +270,12 @@ pub fn load_ingress( bpf.program_mut("oryx").unwrap().try_into().unwrap(); if let Err(e) = program.load() { + error!( + "Failed to load the ingress eBPF program to the kernel. {}", + e + ); Notification::send( - format!( - "Failed to load the ingress eBPF program to the kernel\n{}", - e - ), + "Failed to load the ingress eBPF program to the kernel", NotificationLevel::Error, notification_sender, ) @@ -274,11 +284,12 @@ pub fn load_ingress( }; if let Err(e) = program.attach(&iface, TcAttachType::Ingress) { + error!( + "Failed to attach the ingress eBPF program to the interface. {}", + e + ); Notification::send( - format!( - "Failed to attach the ingress eBPF program to the interface\n{}", - e - ), + "Failed to attach the ingress eBPF program to the interface", NotificationLevel::Error, notification_sender, ) @@ -423,16 +434,19 @@ pub fn load_egress( unsafe { libc::setrlimit(libc::RLIMIT_MEMLOCK, &rlim) }; + let traffic_direction = EbpfTrafficDirection::Egress as i32; + #[cfg(debug_assertions)] let mut bpf = match EbpfLoader::new() - .set_global("TRAFFIC_DIRECTION", &1i32, true) + .set_global("TRAFFIC_DIRECTION", &traffic_direction, true) .load(include_bytes_aligned!( "../../target/bpfel-unknown-none/debug/oryx" )) { Ok(v) => v, Err(e) => { + error!("Fail to load the egress eBPF bytecode. {}", e); Notification::send( - format!("Fail to load the egress eBPF bytecode\n {}", e), + "Fail to load the egress eBPF bytecode", NotificationLevel::Error, notification_sender, ) @@ -443,14 +457,15 @@ pub fn load_egress( #[cfg(not(debug_assertions))] let mut bpf = match EbpfLoader::new() - .set_global("TRAFFIC_DIRECTION", &1i32, true) + .set_global("TRAFFIC_DIRECTION", &traffic_direction, true) .load(include_bytes_aligned!( - "../../target/bpfel-unknown-none/release/oryx" + "../../target/bpfel-unknown-none/debug/oryx" )) { Ok(v) => v, Err(e) => { + error!("Fail to load the egress eBPF bytecode. {}", e); Notification::send( - format!("Failed to load the egress eBPF bytecode\n {}", e), + "Fail to load the egress eBPF bytecode", NotificationLevel::Error, notification_sender, ) @@ -464,8 +479,9 @@ pub fn load_egress( bpf.program_mut("oryx").unwrap().try_into().unwrap(); if let Err(e) = program.load() { + error!("Fail to load the egress eBPF program to the kernel. {}", e); Notification::send( - format!("Fail to load the egress eBPF program to the kernel\n{}", e), + "Fail to load the egress eBPF program to the kernel", NotificationLevel::Error, notification_sender, ) @@ -474,11 +490,12 @@ pub fn load_egress( }; if let Err(e) = program.attach(&iface, TcAttachType::Egress) { + error!( + "Failed to attach the egress eBPF program to the interface.{}", + e + ); Notification::send( - format!( - "Failed to attach the egress eBPF program to the interface\n{}", - e - ), + "Failed to attach the egress eBPF program to the interface", NotificationLevel::Error, notification_sender, ) diff --git a/oryx-tui/src/filter.rs b/oryx-tui/src/filter.rs index d788197..a8410ef 100644 --- a/oryx-tui/src/filter.rs +++ b/oryx-tui/src/filter.rs @@ -47,7 +47,7 @@ pub struct Channels { } #[derive(Debug, Clone)] -pub struct IoChans { +pub struct IoChannels { pub ingress: Channels, pub egress: Channels, } @@ -59,7 +59,7 @@ impl Channels { } } -impl IoChans { +impl IoChannels { pub fn new() -> Self { Self { ingress: Channels::new(), @@ -74,7 +74,7 @@ impl Default for Channels { } } -impl Default for IoChans { +impl Default for IoChannels { fn default() -> Self { Self::new() } @@ -97,20 +97,20 @@ pub struct Filter { pub transport: TransportFilter, pub link: LinkFilter, pub traffic_direction: TrafficDirectionFilter, - pub filter_chans: IoChans, - pub firewall_chans: IoChans, + pub filter_chans: IoChannels, + pub firewall_chans: IoChannels, pub focused_block: FocusedBlock, } impl Filter { - pub fn new(firewall_chans: IoChans) -> Self { + pub fn new(firewall_chans: IoChannels) -> Self { Self { interface: Interface::new(), network: NetworkFilter::new(), transport: TransportFilter::new(), link: LinkFilter::new(), traffic_direction: TrafficDirectionFilter::new(), - filter_chans: IoChans::new(), + filter_chans: IoChannels::new(), firewall_chans, focused_block: FocusedBlock::Interface, } diff --git a/oryx-tui/src/section.rs b/oryx-tui/src/section.rs index 8c18fa5..6c64432 100644 --- a/oryx-tui/src/section.rs +++ b/oryx-tui/src/section.rs @@ -22,7 +22,7 @@ use stats::Stats; use crate::{ app::{ActivePopup, AppResult}, event::Event, - filter::IoChans, + filter::IoChannels, packet::AppPacket, }; @@ -46,7 +46,7 @@ pub struct Section { impl Section { pub fn new( packets: Arc>>, - firewall_chans: IoChans, + firewall_chans: IoChannels, ) -> Self { Self { focused_section: FocusedSection::Inspection,