From 9736f44b14aedf17886b3a1a6b70b322d6365288 Mon Sep 17 00:00:00 2001 From: Badr Date: Thu, 10 Oct 2024 14:57:05 +0200 Subject: [PATCH] bump aya version --- Cargo.lock | 88 ++---- oryx-tui/Cargo.toml | 2 +- oryx-tui/src/ebpf.rs | 628 ++++++++++++++++++++--------------------- oryx-tui/src/filter.rs | 13 +- 4 files changed, 351 insertions(+), 380 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 183fe81..bd96721 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2,18 +2,6 @@ # It is not intended for manual editing. version = 3 -[[package]] -name = "ahash" -version = "0.8.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011" -dependencies = [ - "cfg-if", - "once_cell", - "version_check", - "zerocopy", -] - [[package]] name = "aho-corasick" version = "1.1.3" @@ -98,30 +86,30 @@ checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" [[package]] name = "aya" -version = "0.12.0" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90eea657cc8028447cbda5068f4e10c4fadba0131624f4f7dd1a9c46ffc8d81f" +checksum = "7127cbe933572dfabb7a87d2c740f5b720c3e19b4d2b8c99a262ffa35c8761ff" dependencies = [ "assert_matches", "aya-obj", "bitflags", "bytes", - "lazy_static", "libc", "log", "object", + "once_cell", "thiserror", ] [[package]] name = "aya-obj" -version = "0.1.0" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c02024a307161cf3d1f052161958fd13b1a33e3e038083e58082c0700fdab85" +checksum = "56e133d505de14d5948a312060b8b12752c22a965632cc57da12f5db653de4c0" dependencies = [ "bytes", "core-error", - "hashbrown 0.14.5", + "hashbrown", "log", "object", "thiserror", @@ -238,6 +226,15 @@ dependencies = [ "version_check", ] +[[package]] +name = "crc32fast" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a97769d94ddab943e4510d138150169a2758b5ef3eb191a9ee688de3e23ef7b3" +dependencies = [ + "cfg-if", +] + [[package]] name = "crossterm" version = "0.28.1" @@ -442,16 +439,6 @@ dependencies = [ "wasi", ] -[[package]] -name = "hashbrown" -version = "0.14.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" -dependencies = [ - "ahash", - "allocator-api2", -] - [[package]] name = "hashbrown" version = "0.15.0" @@ -487,6 +474,16 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" +[[package]] +name = "indexmap" +version = "2.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "707907fe3c25f5424cce2cb7e1cbcafee6bdbe735ca90ef77c29e84591e5b9da" +dependencies = [ + "equivalent", + "hashbrown", +] + [[package]] name = "instability" version = "0.3.2" @@ -528,12 +525,6 @@ dependencies = [ "lock_api", ] -[[package]] -name = "lazy_static" -version = "1.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" - [[package]] name = "libc" version = "0.2.159" @@ -588,7 +579,7 @@ version = "0.12.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "234cf4f4a04dc1f57e24b96cc0cd600cf2af460d4161ac5ecdd0af8e1f3b2a38" dependencies = [ - "hashbrown 0.15.0", + "hashbrown", ] [[package]] @@ -627,10 +618,13 @@ checksum = "e82e9f64c09f56aa7c80c3fa087997bd99a913f91d9c74d36cf5fd75dd5773e6" [[package]] name = "object" -version = "0.32.2" +version = "0.36.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441" +checksum = "aedf0a2d09c573ed1d8d85b30c119153926a2b36dce0ab28322c09a117a4683e" dependencies = [ + "crc32fast", + "hashbrown", + "indexmap", "memchr", ] @@ -1188,23 +1182,3 @@ dependencies = [ "anyhow", "clap", ] - -[[package]] -name = "zerocopy" -version = "0.7.35" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" -dependencies = [ - "zerocopy-derive", -] - -[[package]] -name = "zerocopy-derive" -version = "0.7.35" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] diff --git a/oryx-tui/Cargo.toml b/oryx-tui/Cargo.toml index 8466043..68513af 100644 --- a/oryx-tui/Cargo.toml +++ b/oryx-tui/Cargo.toml @@ -14,7 +14,7 @@ ratatui = "0.28" tui-big-text = "0.6" tui-input = "0.10" libc = "0.2" -aya = "0.12" +aya = "0.13" oryx-common = { path = "../oryx-common" } mio = { version = "1", features = ["os-poll", "os-ext"] } itertools = "0.13" diff --git a/oryx-tui/src/ebpf.rs b/oryx-tui/src/ebpf.rs index 652a017..60147f1 100644 --- a/oryx-tui/src/ebpf.rs +++ b/oryx-tui/src/ebpf.rs @@ -11,7 +11,7 @@ use aya::{ include_bytes_aligned, maps::{ring_buf::RingBufItem, Array, HashMap, MapData, RingBuf}, programs::{tc, SchedClassifier, TcAttachType}, - Bpf, + Ebpf, }; use oryx_common::{protocols::Protocol, RawPacket, MAX_RULES_PORT}; @@ -23,15 +23,13 @@ use crate::{ }; use mio::{event::Source, unix::SourceFd, Events, Interest, Poll, Registry, Token}; -pub struct Ebpf; - pub struct RingBuffer<'a> { buffer: RingBuf<&'a mut MapData>, } impl<'a> RingBuffer<'a> { - fn new(bpf: &'a mut Bpf) -> Self { - let buffer = RingBuf::try_from(bpf.map_mut("DATA").unwrap()).unwrap(); + fn new(ebpf: &'a mut Ebpf) -> Self { + let buffer = RingBuf::try_from(ebpf.map_mut("DATA").unwrap()).unwrap(); Self { buffer } } @@ -201,384 +199,380 @@ fn update_ipv6_blocklist( } } -impl Ebpf { - pub fn load_ingress( - iface: String, - notification_sender: kanal::Sender, - data_sender: kanal::Sender<[u8; RawPacket::LEN]>, - filter_channel_receiver: kanal::Receiver, - firewall_ingress_receiver: kanal::Receiver, - terminate: Arc, - ) { - thread::spawn({ - let iface = iface.to_owned(); - let notification_sender = notification_sender.clone(); - - move || { - let rlim = libc::rlimit { - rlim_cur: libc::RLIM_INFINITY, - rlim_max: libc::RLIM_INFINITY, - }; - - unsafe { libc::setrlimit(libc::RLIMIT_MEMLOCK, &rlim) }; - - #[cfg(debug_assertions)] - let mut bpf = match Bpf::load(include_bytes_aligned!( - "../../target/bpfel-unknown-none/debug/oryx" - )) { - Ok(v) => v, - Err(e) => { - Notification::send( - format!("Failed to load the ingress eBPF bytecode\n {}", e), - NotificationLevel::Error, - notification_sender, - ) - .unwrap(); - return; - } - }; - - #[cfg(not(debug_assertions))] - let mut bpf = match Bpf::load(include_bytes_aligned!( - "../../target/bpfel-unknown-none/release/oryx" - )) { - Ok(v) => v, - Err(e) => { - Notification::send( - format!("Failed to load the ingress eBPF bytecode\n {}", e), - NotificationLevel::Error, - notification_sender, - ) - .unwrap(); - return; - } - }; - - let _ = tc::qdisc_add_clsact(&iface); - - let program: &mut SchedClassifier = - bpf.program_mut("oryx").unwrap().try_into().unwrap(); - - if let Err(e) = program.load() { +pub fn load_ingress( + iface: String, + notification_sender: kanal::Sender, + data_sender: kanal::Sender<[u8; RawPacket::LEN]>, + filter_channel_receiver: kanal::Receiver, + firewall_ingress_receiver: kanal::Receiver, + terminate: Arc, +) { + thread::spawn({ + let iface = iface.to_owned(); + let notification_sender = notification_sender.clone(); + + move || { + let rlim = libc::rlimit { + rlim_cur: libc::RLIM_INFINITY, + rlim_max: libc::RLIM_INFINITY, + }; + + unsafe { libc::setrlimit(libc::RLIMIT_MEMLOCK, &rlim) }; + + #[cfg(debug_assertions)] + let mut bpf = match Ebpf::load(include_bytes_aligned!( + "../../target/bpfel-unknown-none/debug/oryx" + )) { + Ok(v) => v, + Err(e) => { Notification::send( - format!( - "Failed to load the ingress eBPF program to the kernel\n{}", - e - ), + format!("Failed to load the ingress eBPF bytecode\n {}", e), NotificationLevel::Error, notification_sender, ) .unwrap(); return; - }; - - if let Err(e) = program.attach(&iface, TcAttachType::Ingress) { + } + }; + + #[cfg(not(debug_assertions))] + let mut bpf = match Bpf::load(include_bytes_aligned!( + "../../target/bpfel-unknown-none/release/oryx" + )) { + Ok(v) => v, + Err(e) => { Notification::send( - format!( - "Failed to attach the ingress eBPF program to the interface\n{}", - e - ), + format!("Failed to load the ingress eBPF bytecode\n {}", e), NotificationLevel::Error, notification_sender, ) .unwrap(); return; - }; - - let mut poll = Poll::new().unwrap(); - let mut events = Events::with_capacity(128); - - //filter-ebpf interface - let mut transport_filters: Array<_, u32> = - Array::try_from(bpf.take_map("TRANSPORT_FILTERS").unwrap()).unwrap(); - - let mut network_filters: Array<_, u32> = - Array::try_from(bpf.take_map("NETWORK_FILTERS").unwrap()).unwrap(); - - let mut link_filters: Array<_, u32> = - Array::try_from(bpf.take_map("LINK_FILTERS").unwrap()).unwrap(); - - // firewall-ebpf interface - let mut ipv4_firewall: HashMap<_, u32, [u16; MAX_RULES_PORT]> = - HashMap::try_from(bpf.take_map("BLOCKLIST_IPV4").unwrap()).unwrap(); - - let mut ipv6_firewall: HashMap<_, u128, [u16; MAX_RULES_PORT]> = - HashMap::try_from(bpf.take_map("BLOCKLIST_IPV6").unwrap()).unwrap(); - - thread::spawn(move || loop { - if let Ok(signal) = firewall_ingress_receiver.recv() { - match signal { - FirewallSignal::Rule(rule) => match rule.ip { - IpAddr::V4(addr) => update_ipv4_blocklist( - &mut ipv4_firewall, - addr, - rule.port, - rule.enabled, - ), - - IpAddr::V6(addr) => update_ipv6_blocklist( - &mut ipv6_firewall, - addr, - rule.port, - rule.enabled, - ), - }, - FirewallSignal::Kill => { - break; - } + } + }; + + let _ = tc::qdisc_add_clsact(&iface); + + let program: &mut SchedClassifier = + bpf.program_mut("oryx").unwrap().try_into().unwrap(); + + if let Err(e) = program.load() { + Notification::send( + format!( + "Failed to load the ingress eBPF program to the kernel\n{}", + e + ), + NotificationLevel::Error, + notification_sender, + ) + .unwrap(); + return; + }; + + if let Err(e) = program.attach(&iface, TcAttachType::Ingress) { + Notification::send( + format!( + "Failed to attach the ingress eBPF program to the interface\n{}", + e + ), + NotificationLevel::Error, + notification_sender, + ) + .unwrap(); + return; + }; + + let mut poll = Poll::new().unwrap(); + let mut events = Events::with_capacity(128); + + //filter-ebpf interface + let mut transport_filters: Array<_, u32> = + Array::try_from(bpf.take_map("TRANSPORT_FILTERS").unwrap()).unwrap(); + + let mut network_filters: Array<_, u32> = + Array::try_from(bpf.take_map("NETWORK_FILTERS").unwrap()).unwrap(); + + let mut link_filters: Array<_, u32> = + Array::try_from(bpf.take_map("LINK_FILTERS").unwrap()).unwrap(); + + // firewall-ebpf interface + let mut ipv4_firewall: HashMap<_, u32, [u16; MAX_RULES_PORT]> = + HashMap::try_from(bpf.take_map("BLOCKLIST_IPV4").unwrap()).unwrap(); + + let mut ipv6_firewall: HashMap<_, u128, [u16; MAX_RULES_PORT]> = + HashMap::try_from(bpf.take_map("BLOCKLIST_IPV6").unwrap()).unwrap(); + + thread::spawn(move || loop { + if let Ok(signal) = firewall_ingress_receiver.recv() { + match signal { + FirewallSignal::Rule(rule) => match rule.ip { + IpAddr::V4(addr) => update_ipv4_blocklist( + &mut ipv4_firewall, + addr, + rule.port, + rule.enabled, + ), + + IpAddr::V6(addr) => update_ipv6_blocklist( + &mut ipv6_firewall, + addr, + rule.port, + rule.enabled, + ), + }, + FirewallSignal::Kill => { + break; } } - }); - - thread::spawn(move || loop { - if let Ok(signal) = filter_channel_receiver.recv() { - match signal { - FilterChannelSignal::Update((filter, flag)) => match filter { - Protocol::Transport(p) => { - let _ = transport_filters.set(p as u32, flag as u32, 0); - } - Protocol::Network(p) => { - let _ = network_filters.set(p as u32, flag as u32, 0); - } - Protocol::Link(p) => { - let _ = link_filters.set(p as u32, flag as u32, 0); - } - }, - FilterChannelSignal::Kill => { - break; + } + }); + + thread::spawn(move || loop { + if let Ok(signal) = filter_channel_receiver.recv() { + match signal { + FilterChannelSignal::Update((filter, flag)) => match filter { + Protocol::Transport(p) => { + let _ = transport_filters.set(p as u32, flag as u32, 0); + } + Protocol::Network(p) => { + let _ = network_filters.set(p as u32, flag as u32, 0); + } + Protocol::Link(p) => { + let _ = link_filters.set(p as u32, flag as u32, 0); } + }, + FilterChannelSignal::Kill => { + break; } } - }); + } + }); - let mut ring_buf = RingBuffer::new(&mut bpf); + let mut ring_buf = RingBuffer::new(&mut bpf); - poll.registry() - .register( - &mut SourceFd(&ring_buf.buffer.as_raw_fd()), - Token(0), - Interest::READABLE, - ) - .unwrap(); + poll.registry() + .register( + &mut SourceFd(&ring_buf.buffer.as_raw_fd()), + Token(0), + Interest::READABLE, + ) + .unwrap(); - loop { - poll.poll(&mut events, Some(Duration::from_millis(100))) - .unwrap(); + loop { + poll.poll(&mut events, Some(Duration::from_millis(100))) + .unwrap(); + if terminate.load(std::sync::atomic::Ordering::Relaxed) { + break; + } + for event in &events { if terminate.load(std::sync::atomic::Ordering::Relaxed) { break; } - for event in &events { + if event.token() == Token(0) && event.is_readable() { if terminate.load(std::sync::atomic::Ordering::Relaxed) { break; } - if event.token() == Token(0) && event.is_readable() { + while let Some(item) = ring_buf.next() { if terminate.load(std::sync::atomic::Ordering::Relaxed) { break; } - while let Some(item) = ring_buf.next() { - if terminate.load(std::sync::atomic::Ordering::Relaxed) { - break; - } - let packet: [u8; RawPacket::LEN] = - item.to_owned().try_into().unwrap(); - data_sender.send(packet).ok(); - } + let packet: [u8; RawPacket::LEN] = item.to_owned().try_into().unwrap(); + data_sender.send(packet).ok(); } } } - - let _ = poll - .registry() - .deregister(&mut SourceFd(&ring_buf.buffer.as_raw_fd())); } - }); - } - pub fn load_egress( - iface: String, - notification_sender: kanal::Sender, - data_sender: kanal::Sender<[u8; RawPacket::LEN]>, - filter_channel_receiver: kanal::Receiver, - firewall_egress_receiver: kanal::Receiver, - terminate: Arc, - ) { - thread::spawn({ - let iface = iface.to_owned(); - let notification_sender = notification_sender.clone(); - - move || { - let rlim = libc::rlimit { - rlim_cur: libc::RLIM_INFINITY, - rlim_max: libc::RLIM_INFINITY, - }; - - unsafe { libc::setrlimit(libc::RLIMIT_MEMLOCK, &rlim) }; - - #[cfg(debug_assertions)] - let mut bpf = match Bpf::load(include_bytes_aligned!( - "../../target/bpfel-unknown-none/debug/oryx" - )) { - Ok(v) => v, - Err(e) => { - Notification::send( - format!("Fail to load the egress eBPF bytecode\n {}", e), - NotificationLevel::Error, - notification_sender, - ) - .unwrap(); - return; - } - }; - - #[cfg(not(debug_assertions))] - let mut bpf = match Bpf::load(include_bytes_aligned!( - "../../target/bpfel-unknown-none/release/oryx" - )) { - Ok(v) => v, - Err(e) => { - Notification::send( - format!("Failed to load the egress eBPF bytecode\n {}", e), - NotificationLevel::Error, - notification_sender, - ) - .unwrap(); - return; - } - }; - - let _ = tc::qdisc_add_clsact(&iface); - let program: &mut SchedClassifier = - bpf.program_mut("oryx").unwrap().try_into().unwrap(); + let _ = poll + .registry() + .deregister(&mut SourceFd(&ring_buf.buffer.as_raw_fd())); + } + }); +} - if let Err(e) = program.load() { +pub fn load_egress( + iface: String, + notification_sender: kanal::Sender, + data_sender: kanal::Sender<[u8; RawPacket::LEN]>, + filter_channel_receiver: kanal::Receiver, + firewall_egress_receiver: kanal::Receiver, + terminate: Arc, +) { + thread::spawn({ + let iface = iface.to_owned(); + let notification_sender = notification_sender.clone(); + + move || { + let rlim = libc::rlimit { + rlim_cur: libc::RLIM_INFINITY, + rlim_max: libc::RLIM_INFINITY, + }; + + unsafe { libc::setrlimit(libc::RLIMIT_MEMLOCK, &rlim) }; + + #[cfg(debug_assertions)] + let mut bpf = match Ebpf::load(include_bytes_aligned!( + "../../target/bpfel-unknown-none/debug/oryx" + )) { + Ok(v) => v, + Err(e) => { Notification::send( - format!("Fail to load the egress eBPF program to the kernel\n{}", e), + format!("Fail to load the egress eBPF bytecode\n {}", e), NotificationLevel::Error, notification_sender, ) .unwrap(); return; - }; - - if let Err(e) = program.attach(&iface, TcAttachType::Egress) { + } + }; + + #[cfg(not(debug_assertions))] + let mut bpf = match Bpf::load(include_bytes_aligned!( + "../../target/bpfel-unknown-none/release/oryx" + )) { + Ok(v) => v, + Err(e) => { Notification::send( - format!( - "Failed to attach the egress eBPF program to the interface\n{}", - e - ), + format!("Failed to load the egress eBPF bytecode\n {}", e), NotificationLevel::Error, notification_sender, ) .unwrap(); return; - }; - - let mut poll = Poll::new().unwrap(); - let mut events = Events::with_capacity(128); - - //filter-ebpf interface - let mut transport_filters: Array<_, u32> = - Array::try_from(bpf.take_map("TRANSPORT_FILTERS").unwrap()).unwrap(); - - let mut network_filters: Array<_, u32> = - Array::try_from(bpf.take_map("NETWORK_FILTERS").unwrap()).unwrap(); - - let mut link_filters: Array<_, u32> = - Array::try_from(bpf.take_map("LINK_FILTERS").unwrap()).unwrap(); - - // firewall-ebpf interface - let mut ipv4_firewall: HashMap<_, u32, [u16; MAX_RULES_PORT]> = - HashMap::try_from(bpf.take_map("BLOCKLIST_IPV4").unwrap()).unwrap(); - - let mut ipv6_firewall: HashMap<_, u128, [u16; MAX_RULES_PORT]> = - HashMap::try_from(bpf.take_map("BLOCKLIST_IPV6").unwrap()).unwrap(); - - thread::spawn(move || loop { - if let Ok(signal) = firewall_egress_receiver.recv() { - match signal { - FirewallSignal::Rule(rule) => match rule.ip { - IpAddr::V4(addr) => update_ipv4_blocklist( - &mut ipv4_firewall, - addr, - rule.port, - rule.enabled, - ), - - IpAddr::V6(addr) => update_ipv6_blocklist( - &mut ipv6_firewall, - addr, - rule.port, - rule.enabled, - ), - }, - FirewallSignal::Kill => { - break; - } + } + }; + + let _ = tc::qdisc_add_clsact(&iface); + let program: &mut SchedClassifier = + bpf.program_mut("oryx").unwrap().try_into().unwrap(); + + if let Err(e) = program.load() { + Notification::send( + format!("Fail to load the egress eBPF program to the kernel\n{}", e), + NotificationLevel::Error, + notification_sender, + ) + .unwrap(); + return; + }; + + if let Err(e) = program.attach(&iface, TcAttachType::Egress) { + Notification::send( + format!( + "Failed to attach the egress eBPF program to the interface\n{}", + e + ), + NotificationLevel::Error, + notification_sender, + ) + .unwrap(); + return; + }; + + let mut poll = Poll::new().unwrap(); + let mut events = Events::with_capacity(128); + + //filter-ebpf interface + let mut transport_filters: Array<_, u32> = + Array::try_from(bpf.take_map("TRANSPORT_FILTERS").unwrap()).unwrap(); + + let mut network_filters: Array<_, u32> = + Array::try_from(bpf.take_map("NETWORK_FILTERS").unwrap()).unwrap(); + + let mut link_filters: Array<_, u32> = + Array::try_from(bpf.take_map("LINK_FILTERS").unwrap()).unwrap(); + + // firewall-ebpf interface + let mut ipv4_firewall: HashMap<_, u32, [u16; MAX_RULES_PORT]> = + HashMap::try_from(bpf.take_map("BLOCKLIST_IPV4").unwrap()).unwrap(); + + let mut ipv6_firewall: HashMap<_, u128, [u16; MAX_RULES_PORT]> = + HashMap::try_from(bpf.take_map("BLOCKLIST_IPV6").unwrap()).unwrap(); + + thread::spawn(move || loop { + if let Ok(signal) = firewall_egress_receiver.recv() { + match signal { + FirewallSignal::Rule(rule) => match rule.ip { + IpAddr::V4(addr) => update_ipv4_blocklist( + &mut ipv4_firewall, + addr, + rule.port, + rule.enabled, + ), + + IpAddr::V6(addr) => update_ipv6_blocklist( + &mut ipv6_firewall, + addr, + rule.port, + rule.enabled, + ), + }, + FirewallSignal::Kill => { + break; } } - }); - - thread::spawn(move || loop { - if let Ok(signal) = filter_channel_receiver.recv() { - match signal { - FilterChannelSignal::Update((filter, flag)) => match filter { - Protocol::Transport(p) => { - let _ = transport_filters.set(p as u32, flag as u32, 0); - } - Protocol::Network(p) => { - let _ = network_filters.set(p as u32, flag as u32, 0); - } - Protocol::Link(p) => { - let _ = link_filters.set(p as u32, flag as u32, 0); - } - }, - FilterChannelSignal::Kill => { - break; + } + }); + + thread::spawn(move || loop { + if let Ok(signal) = filter_channel_receiver.recv() { + match signal { + FilterChannelSignal::Update((filter, flag)) => match filter { + Protocol::Transport(p) => { + let _ = transport_filters.set(p as u32, flag as u32, 0); } + Protocol::Network(p) => { + let _ = network_filters.set(p as u32, flag as u32, 0); + } + Protocol::Link(p) => { + let _ = link_filters.set(p as u32, flag as u32, 0); + } + }, + FilterChannelSignal::Kill => { + break; } } - }); + } + }); - let mut ring_buf = RingBuffer::new(&mut bpf); + let mut ring_buf = RingBuffer::new(&mut bpf); - poll.registry() - .register( - &mut SourceFd(&ring_buf.buffer.as_raw_fd()), - Token(0), - Interest::READABLE, - ) - .unwrap(); + poll.registry() + .register( + &mut SourceFd(&ring_buf.buffer.as_raw_fd()), + Token(0), + Interest::READABLE, + ) + .unwrap(); - loop { - poll.poll(&mut events, Some(Duration::from_millis(100))) - .unwrap(); + loop { + poll.poll(&mut events, Some(Duration::from_millis(100))) + .unwrap(); + if terminate.load(std::sync::atomic::Ordering::Relaxed) { + break; + } + for event in &events { if terminate.load(std::sync::atomic::Ordering::Relaxed) { break; } - for event in &events { + if event.token() == Token(0) && event.is_readable() { if terminate.load(std::sync::atomic::Ordering::Relaxed) { break; } - if event.token() == Token(0) && event.is_readable() { + while let Some(item) = ring_buf.next() { if terminate.load(std::sync::atomic::Ordering::Relaxed) { break; } - while let Some(item) = ring_buf.next() { - if terminate.load(std::sync::atomic::Ordering::Relaxed) { - break; - } - let packet: [u8; RawPacket::LEN] = - item.to_owned().try_into().unwrap(); - data_sender.send(packet).ok(); - } + let packet: [u8; RawPacket::LEN] = item.to_owned().try_into().unwrap(); + data_sender.send(packet).ok(); } } } - - let _ = poll - .registry() - .deregister(&mut SourceFd(&ring_buf.buffer.as_raw_fd())); } - }); - } + + let _ = poll + .registry() + .deregister(&mut SourceFd(&ring_buf.buffer.as_raw_fd())); + } + }); } diff --git a/oryx-tui/src/filter.rs b/oryx-tui/src/filter.rs index a3241db..7eb057e 100644 --- a/oryx-tui/src/filter.rs +++ b/oryx-tui/src/filter.rs @@ -28,7 +28,10 @@ use transport::TransportFilter; use tui_big_text::{BigText, PixelSize}; use crate::{ - app::AppResult, ebpf::Ebpf, event::Event, interface::Interface, + app::AppResult, + ebpf::{load_egress, load_ingress}, + event::Event, + interface::Interface, section::firewall::FirewallSignal, }; @@ -146,7 +149,7 @@ impl Filter { .applied_direction .contains(&TrafficDirection::Ingress) { - Ebpf::load_ingress( + load_ingress( iface.clone(), notification_sender.clone(), data_sender.clone(), @@ -161,7 +164,7 @@ impl Filter { .applied_direction .contains(&TrafficDirection::Egress) { - Ebpf::load_egress( + load_egress( iface, notification_sender, data_sender, @@ -336,7 +339,7 @@ impl Filter { let iface = self.interface.selected_interface.name.clone(); - Ebpf::load_egress( + load_egress( iface, notification_sender.clone(), data_sender.clone(), @@ -378,7 +381,7 @@ impl Filter { self.traffic_direction .terminate_ingress .store(false, std::sync::atomic::Ordering::Relaxed); - Ebpf::load_ingress( + load_ingress( iface, notification_sender.clone(), data_sender.clone(),