diff --git a/oryx-ebpf/src/main.rs b/oryx-ebpf/src/main.rs index 40aa3c2..1ded468 100644 --- a/oryx-ebpf/src/main.rs +++ b/oryx-ebpf/src/main.rs @@ -33,6 +33,9 @@ static TRANSPORT_FILTERS: Array = Array::with_max_entries(8, 0); #[map] static LINK_FILTERS: Array = Array::with_max_entries(8, 0); +#[map] +static TRAFFIC_DIRECTION_FILTERS: Array = Array::with_max_entries(2, 0); + #[map] static BLOCKLIST_IPV6: HashMap = HashMap::::with_max_entries(MAX_FIREWALL_RULES, 0); @@ -56,6 +59,7 @@ fn submit(packet: RawPacket) { buf.submit(0); } } + #[inline] fn ptr_at(ctx: &TcContext, offset: usize) -> Result<*const T, ()> { let start = ctx.data(); @@ -70,12 +74,26 @@ fn ptr_at(ctx: &TcContext, offset: usize) -> Result<*const T, ()> { } #[inline] -fn filter_for_ipv4_address( - addr: u32, - port: u16, - blocked_ports_map: &HashMap, -) -> bool { - if let Some(blocked_ports) = unsafe { blocked_ports_map.get(&addr) } { +fn filter_direction() -> bool { + // 0(default) -> false(send to tui), 1 -> true(filter) + if let Some(v) = TRAFFIC_DIRECTION_FILTERS.get(0) { + return *v != 0; + } + false +} + +#[inline] +fn is_ingress() -> bool { + // 0(default) -> true(is ingress), 1 -> false (is egress) + if let Some(v) = TRAFFIC_DIRECTION_FILTERS.get(1) { + return *v == 0; + } + true +} + +#[inline] +fn block_ipv4(addr: u32, port: u16) -> bool { + if let Some(blocked_ports) = unsafe { BLOCKLIST_IPV4.get(&addr) } { for (idx, blocked_port) in blocked_ports.iter().enumerate() { if *blocked_port == 0 { if idx == 0 { @@ -92,12 +110,8 @@ fn filter_for_ipv4_address( } #[inline] -fn filter_for_ipv6_address( - addr: u128, - port: u16, - blocked_ports_map: &HashMap, -) -> bool { - if let Some(blocked_ports) = unsafe { blocked_ports_map.get(&addr) } { +fn block_ipv6(addr: u128, port: u16) -> bool { + if let Some(blocked_ports) = unsafe { BLOCKLIST_IPV6.get(&addr) } { for (idx, blocked_port) in blocked_ports.iter().enumerate() { if *blocked_port == 0 { if idx == 0 { @@ -142,26 +156,33 @@ fn process(ctx: TcContext) -> Result { match ethhdr.ether_type { EtherType::Ipv4 => { let header: Ipv4Hdr = ctx.load(EthHdr::LEN).map_err(|_| ())?; - let src_addr = u32::from_be(header.src_addr); - let dst_addr = u32::from_be(header.dst_addr); + + let addr = if is_ingress() { + u32::from_be(header.src_addr) + } else { + u32::from_be(header.dst_addr) + }; match header.proto { IpProto::Tcp => { let tcphdr: *const TcpHdr = ptr_at(&ctx, EthHdr::LEN + Ipv4Hdr::LEN)?; - let src_port = u16::from_be(unsafe { (*tcphdr).source }); - let dst_port = u16::from_be(unsafe { (*tcphdr).dest }); + let port = if is_ingress() { + u16::from_be(unsafe { (*tcphdr).source }) + } else { + u16::from_be(unsafe { (*tcphdr).dest }) + }; - if filter_for_ipv4_address(src_addr, src_port, &BLOCKLIST_IPV4) - || filter_for_ipv4_address(dst_addr, dst_port, &BLOCKLIST_IPV4) - { + if block_ipv4(addr, port) { return Ok(TC_ACT_SHOT); } if filter_packet(Protocol::Network(NetworkProtocol::Ipv4)) || filter_packet(Protocol::Transport(TransportProtocol::TCP)) + || filter_direction() { return Ok(TC_ACT_PIPE); //DONT FWD PACKET TO TUI } + submit(RawPacket::Ip( IpHdr::V4(header), ProtoHdr::Tcp(unsafe { *tcphdr }), @@ -169,17 +190,19 @@ fn process(ctx: TcContext) -> Result { } IpProto::Udp => { let udphdr: *const UdpHdr = ptr_at(&ctx, EthHdr::LEN + Ipv4Hdr::LEN)?; - let src_port = u16::from_be(unsafe { (*udphdr).source }); - let dst_port = u16::from_be(unsafe { (*udphdr).dest }); + let port = if is_ingress() { + u16::from_be(unsafe { (*udphdr).source }) + } else { + u16::from_be(unsafe { (*udphdr).dest }) + }; - if filter_for_ipv4_address(src_addr, src_port, &BLOCKLIST_IPV4) - || filter_for_ipv4_address(dst_addr, dst_port, &BLOCKLIST_IPV4) - { + if block_ipv4(addr, port) { return Ok(TC_ACT_SHOT); } if filter_packet(Protocol::Network(NetworkProtocol::Ipv4)) || filter_packet(Protocol::Transport(TransportProtocol::UDP)) + || filter_direction() { return Ok(TC_ACT_PIPE); } @@ -204,22 +227,28 @@ fn process(ctx: TcContext) -> Result { } EtherType::Ipv6 => { let header: Ipv6Hdr = ctx.load(EthHdr::LEN).map_err(|_| ())?; - let src_addr = header.src_addr().to_bits(); - let dst_addr = header.dst_addr().to_bits(); + let addr = if is_ingress() { + header.src_addr().to_bits() + } else { + header.dst_addr().to_bits() + }; match header.next_hdr { IpProto::Tcp => { let tcphdr: *const TcpHdr = ptr_at(&ctx, EthHdr::LEN + Ipv6Hdr::LEN)?; - let src_port = u16::from_be(unsafe { (*tcphdr).source }); - let dst_port = u16::from_be(unsafe { (*tcphdr).dest }); + let port = if is_ingress() { + u16::from_be(unsafe { (*tcphdr).source }) + } else { + u16::from_be(unsafe { (*tcphdr).dest }) + }; - if filter_for_ipv6_address(src_addr, src_port, &BLOCKLIST_IPV6) - || filter_for_ipv6_address(dst_addr, dst_port, &BLOCKLIST_IPV6) - { + if block_ipv6(addr, port) { return Ok(TC_ACT_SHOT); } + if filter_packet(Protocol::Network(NetworkProtocol::Ipv6)) || filter_packet(Protocol::Transport(TransportProtocol::TCP)) + || filter_direction() { return Ok(TC_ACT_PIPE); //DONT FWD PACKET TO TUI } @@ -230,16 +259,19 @@ fn process(ctx: TcContext) -> Result { } IpProto::Udp => { let udphdr: *const UdpHdr = ptr_at(&ctx, EthHdr::LEN + Ipv6Hdr::LEN)?; - let src_port = u16::from_be(unsafe { (*udphdr).source }); - let dst_port = u16::from_be(unsafe { (*udphdr).dest }); + let port = if is_ingress() { + u16::from_be(unsafe { (*udphdr).source }) + } else { + u16::from_be(unsafe { (*udphdr).dest }) + }; - if filter_for_ipv6_address(src_addr, src_port, &BLOCKLIST_IPV6) - || filter_for_ipv6_address(dst_addr, dst_port, &BLOCKLIST_IPV6) - { + if block_ipv6(addr, port) { return Ok(TC_ACT_SHOT); } + if filter_packet(Protocol::Network(NetworkProtocol::Ipv6)) || filter_packet(Protocol::Transport(TransportProtocol::UDP)) + || filter_direction() { return Ok(TC_ACT_PIPE); //DONT FWD PACKET TO TUI } diff --git a/oryx-tui/src/app.rs b/oryx-tui/src/app.rs index e21e474..1cb5462 100644 --- a/oryx-tui/src/app.rs +++ b/oryx-tui/src/app.rs @@ -8,10 +8,11 @@ use std::{ error, sync::{Arc, Mutex}, thread, + time::Duration, }; -use crate::notification::Notification; use crate::{filter::Filter, help::Help}; +use crate::{filter::IoChans, notification::Notification}; use crate::{packet::AppPacket, section::Section}; pub type AppResult = std::result::Result>; @@ -58,9 +59,7 @@ impl App { let (sender, receiver) = kanal::unbounded(); - let (firewall_ingress_sender, firewall_ingress_receiver) = kanal::unbounded(); - let (firewall_egress_sender, firewall_egress_receiver) = kanal::unbounded(); - + let firewall_chans = IoChans::new(); thread::spawn({ let packets = packets.clone(); move || loop { @@ -78,20 +77,11 @@ impl App { Self { running: true, help: Help::new(), - filter: Filter::new( - firewall_ingress_sender.clone(), - firewall_ingress_receiver, - firewall_egress_sender.clone(), - firewall_egress_receiver, - ), + filter: Filter::new(firewall_chans.clone()), start_sniffing: false, packets: packets.clone(), notifications: Vec::new(), - section: Section::new( - packets.clone(), - firewall_ingress_sender, - firewall_egress_sender, - ), + section: Section::new(packets.clone(), firewall_chans.clone()), data_channel_sender: sender, is_editing: false, active_popup: None, @@ -138,7 +128,8 @@ impl App { if let Err(e) = self.section.firewall.save_rules() { error!("{}", e) } - + self.filter.terminate(); + thread::sleep(Duration::from_millis(110)); self.running = false; } } diff --git a/oryx-tui/src/ebpf.rs b/oryx-tui/src/ebpf.rs index 54d53ad..4634212 100644 --- a/oryx-tui/src/ebpf.rs +++ b/oryx-tui/src/ebpf.rs @@ -295,13 +295,18 @@ pub fn load_ingress( let mut link_filters: Array<_, u32> = Array::try_from(bpf.take_map("LINK_FILTERS").unwrap()).unwrap(); - // firewall-ebpf interface + let mut traffic_direction_filters: Array<_, u32> = + Array::try_from(bpf.take_map("TRAFFIC_DIRECTION_FILTERS").unwrap()).unwrap(); + let _ = traffic_direction_filters.set(0, 0, 0); + let _ = traffic_direction_filters.set(1, 0, 0); //setup ingress flag + // firewall-ebpf interface let mut ipv4_firewall: HashMap<_, u32, [u16; MAX_RULES_PORT]> = HashMap::try_from(bpf.take_map("BLOCKLIST_IPV4").unwrap()).unwrap(); let mut ipv6_firewall: HashMap<_, u128, [u16; MAX_RULES_PORT]> = HashMap::try_from(bpf.take_map("BLOCKLIST_IPV6").unwrap()).unwrap(); + // firewall thread thread::spawn(move || loop { if let Ok(signal) = firewall_ingress_receiver.recv() { match signal { @@ -327,10 +332,11 @@ pub fn load_ingress( } }); + // packets filters thread thread::spawn(move || loop { if let Ok(signal) = filter_channel_receiver.recv() { match signal { - FilterChannelSignal::Update((filter, flag)) => match filter { + FilterChannelSignal::ProtoUpdate((filter, flag)) => match filter { Protocol::Transport(p) => { let _ = transport_filters.set(p as u32, flag as u32, 0); } @@ -341,6 +347,9 @@ pub fn load_ingress( let _ = link_filters.set(p as u32, flag as u32, 0); } }, + FilterChannelSignal::DirectionUpdate(flag) => { + let _ = traffic_direction_filters.set(0, flag as u32, 0); + } FilterChannelSignal::Kill => { break; } @@ -482,6 +491,11 @@ pub fn load_egress( let mut link_filters: Array<_, u32> = Array::try_from(bpf.take_map("LINK_FILTERS").unwrap()).unwrap(); + let mut traffic_direction_filters: Array<_, u32> = + Array::try_from(bpf.take_map("TRAFFIC_DIRECTION_FILTERS").unwrap()).unwrap(); + let _ = traffic_direction_filters.set(0, 0, 0); + let _ = traffic_direction_filters.set(1, 1, 0); //setup egress flag + // firewall-ebpf interface let mut ipv4_firewall: HashMap<_, u32, [u16; MAX_RULES_PORT]> = HashMap::try_from(bpf.take_map("BLOCKLIST_IPV4").unwrap()).unwrap(); @@ -489,6 +503,7 @@ pub fn load_egress( let mut ipv6_firewall: HashMap<_, u128, [u16; MAX_RULES_PORT]> = HashMap::try_from(bpf.take_map("BLOCKLIST_IPV6").unwrap()).unwrap(); + // firewall thread thread::spawn(move || loop { if let Ok(signal) = firewall_egress_receiver.recv() { match signal { @@ -514,10 +529,11 @@ pub fn load_egress( } }); + // packets filters thread thread::spawn(move || loop { if let Ok(signal) = filter_channel_receiver.recv() { match signal { - FilterChannelSignal::Update((filter, flag)) => match filter { + FilterChannelSignal::ProtoUpdate((filter, flag)) => match filter { Protocol::Transport(p) => { let _ = transport_filters.set(p as u32, flag as u32, 0); } @@ -528,6 +544,9 @@ pub fn load_egress( let _ = link_filters.set(p as u32, flag as u32, 0); } }, + FilterChannelSignal::DirectionUpdate(flag) => { + let _ = traffic_direction_filters.set(0, flag as u32, 0); + } FilterChannelSignal::Kill => { break; } diff --git a/oryx-tui/src/filter.rs b/oryx-tui/src/filter.rs index 7eb057e..4cd618c 100644 --- a/oryx-tui/src/filter.rs +++ b/oryx-tui/src/filter.rs @@ -4,8 +4,6 @@ mod link; mod network; mod transport; -use std::{thread, time::Duration}; - use crossterm::event::{KeyCode, KeyEvent}; use direction::{TrafficDirection, TrafficDirectionFilter}; use link::LinkFilter; @@ -37,30 +35,31 @@ use crate::{ #[derive(Debug, Clone)] pub enum FilterChannelSignal { - Update((Protocol, bool)), + ProtoUpdate((Protocol, bool)), + DirectionUpdate(bool), Kill, } #[derive(Debug, Clone)] -pub struct Channels { - pub sender: kanal::Sender, - pub receiver: kanal::Receiver, +pub struct Channels { + pub sender: kanal::Sender, + pub receiver: kanal::Receiver, } #[derive(Debug, Clone)] -pub struct IoChans { - pub ingress: Channels, - pub egress: Channels, +pub struct IoChans { + pub ingress: Channels, + pub egress: Channels, } -impl Channels { +impl Channels { pub fn new() -> Self { let (sender, receiver) = kanal::unbounded(); Self { sender, receiver } } } -impl IoChans { +impl IoChans { pub fn new() -> Self { Self { ingress: Channels::new(), @@ -69,13 +68,13 @@ impl IoChans { } } -impl Default for Channels { +impl Default for Channels { fn default() -> Self { Self::new() } } -impl Default for IoChans { +impl Default for IoChans { fn default() -> Self { Self::new() } @@ -98,22 +97,13 @@ pub struct Filter { pub transport: TransportFilter, pub link: LinkFilter, pub traffic_direction: TrafficDirectionFilter, - pub filter_chans: IoChans, - pub firewall_chans: IoChans, + pub filter_chans: IoChans, + pub firewall_chans: IoChans, pub focused_block: FocusedBlock, - pub firewall_ingress_sender: kanal::Sender, - pub firewall_ingress_receiver: kanal::Receiver, - pub firewall_egress_sender: kanal::Sender, - pub firewall_egress_receiver: kanal::Receiver, } impl Filter { - pub fn new( - firewall_ingress_sender: kanal::Sender, - firewall_ingress_receiver: kanal::Receiver, - firewall_egress_sender: kanal::Sender, - firewall_egress_receiver: kanal::Receiver, - ) -> Self { + pub fn new(firewall_chans: IoChans) -> Self { Self { interface: Interface::new(), network: NetworkFilter::new(), @@ -121,18 +111,35 @@ impl Filter { link: LinkFilter::new(), traffic_direction: TrafficDirectionFilter::new(), filter_chans: IoChans::new(), - firewall_chans: IoChans::new(), + firewall_chans, focused_block: FocusedBlock::Interface, - firewall_ingress_sender, - firewall_ingress_receiver, - firewall_egress_sender, - firewall_egress_receiver, } } pub fn terminate(&mut self) { + // terminate packets reader threads self.traffic_direction.terminate(TrafficDirection::Egress); self.traffic_direction.terminate(TrafficDirection::Ingress); + + // terminate filter /packets sender threads + let _ = self + .filter_chans + .ingress + .sender + .send(FilterChannelSignal::Kill); + let _ = self + .filter_chans + .egress + .sender + .send(FilterChannelSignal::Kill); + + // terminate firewall threads + let _ = self + .firewall_chans + .ingress + .sender + .send(FirewallSignal::Kill); + let _ = self.firewall_chans.egress.sender.send(FirewallSignal::Kill); } pub fn start( @@ -144,35 +151,23 @@ impl Filter { self.apply(); - if self - .traffic_direction - .applied_direction - .contains(&TrafficDirection::Ingress) - { - load_ingress( - iface.clone(), - notification_sender.clone(), - data_sender.clone(), - self.filter_chans.ingress.receiver.clone(), - self.firewall_ingress_receiver.clone(), - self.traffic_direction.terminate_ingress.clone(), - ); - } + load_ingress( + iface.clone(), + notification_sender.clone(), + data_sender.clone(), + self.filter_chans.ingress.receiver.clone(), + self.firewall_chans.ingress.receiver.clone(), + self.traffic_direction.terminate_ingress.clone(), + ); - if self - .traffic_direction - .applied_direction - .contains(&TrafficDirection::Egress) - { - load_egress( - iface, - notification_sender, - data_sender, - self.filter_chans.egress.receiver.clone(), - self.firewall_egress_receiver.clone(), - self.traffic_direction.terminate_egress.clone(), - ); - } + load_egress( + iface, + notification_sender, + data_sender, + self.filter_chans.egress.receiver.clone(), + self.firewall_chans.egress.receiver.clone(), + self.traffic_direction.terminate_egress.clone(), + ); self.sync()?; @@ -200,14 +195,14 @@ impl Filter { self.filter_chans .ingress .sender - .send(FilterChannelSignal::Update(( + .send(FilterChannelSignal::ProtoUpdate(( Protocol::Transport(*protocol), false, )))?; self.filter_chans .egress .sender - .send(FilterChannelSignal::Update(( + .send(FilterChannelSignal::ProtoUpdate(( Protocol::Transport(*protocol), false, )))?; @@ -215,14 +210,14 @@ impl Filter { self.filter_chans .ingress .sender - .send(FilterChannelSignal::Update(( + .send(FilterChannelSignal::ProtoUpdate(( Protocol::Transport(*protocol), true, )))?; self.filter_chans .egress .sender - .send(FilterChannelSignal::Update(( + .send(FilterChannelSignal::ProtoUpdate(( Protocol::Transport(*protocol), true, )))?; @@ -234,14 +229,14 @@ impl Filter { self.filter_chans .ingress .sender - .send(FilterChannelSignal::Update(( + .send(FilterChannelSignal::ProtoUpdate(( Protocol::Network(*protocol), false, )))?; self.filter_chans .egress .sender - .send(FilterChannelSignal::Update(( + .send(FilterChannelSignal::ProtoUpdate(( Protocol::Network(*protocol), false, )))?; @@ -249,14 +244,14 @@ impl Filter { self.filter_chans .ingress .sender - .send(FilterChannelSignal::Update(( + .send(FilterChannelSignal::ProtoUpdate(( Protocol::Network(*protocol), true, )))?; self.filter_chans .egress .sender - .send(FilterChannelSignal::Update(( + .send(FilterChannelSignal::ProtoUpdate(( Protocol::Network(*protocol), true, )))?; @@ -268,14 +263,14 @@ impl Filter { self.filter_chans .ingress .sender - .send(FilterChannelSignal::Update(( + .send(FilterChannelSignal::ProtoUpdate(( Protocol::Link(*protocol), false, )))?; self.filter_chans .egress .sender - .send(FilterChannelSignal::Update(( + .send(FilterChannelSignal::ProtoUpdate(( Protocol::Link(*protocol), false, )))?; @@ -283,130 +278,162 @@ impl Filter { self.filter_chans .ingress .sender - .send(FilterChannelSignal::Update(( + .send(FilterChannelSignal::ProtoUpdate(( Protocol::Link(*protocol), true, )))?; self.filter_chans .egress .sender - .send(FilterChannelSignal::Update(( + .send(FilterChannelSignal::ProtoUpdate(( Protocol::Link(*protocol), true, )))?; } } - Ok(()) - } - - pub fn update( - &mut self, - notification_sender: kanal::Sender, - data_sender: kanal::Sender<[u8; RawPacket::LEN]>, - ) -> AppResult<()> { - // Remove egress if self .traffic_direction .applied_direction - .contains(&TrafficDirection::Egress) - && !self - .traffic_direction - .selected_direction - .contains(&TrafficDirection::Egress) + .contains(&TrafficDirection::Ingress) { - self.firewall_egress_sender.send(FirewallSignal::Kill)?; self.filter_chans - .egress + .ingress .sender - .send(FilterChannelSignal::Kill)?; - self.traffic_direction.terminate(TrafficDirection::Egress); - } - - // Add egress - if !self - .traffic_direction - .applied_direction - .contains(&TrafficDirection::Egress) - && self - .traffic_direction - .selected_direction - .contains(&TrafficDirection::Egress) - { - self.traffic_direction - .terminate_egress - .store(false, std::sync::atomic::Ordering::Relaxed); - - let iface = self.interface.selected_interface.name.clone(); - - load_egress( - iface, - notification_sender.clone(), - data_sender.clone(), - self.filter_chans.egress.receiver.clone(), - self.firewall_egress_receiver.clone(), - self.traffic_direction.terminate_egress.clone(), - ); - } - - // Remove ingress - if self - .traffic_direction - .applied_direction - .contains(&TrafficDirection::Ingress) - && !self - .traffic_direction - .selected_direction - .contains(&TrafficDirection::Ingress) - { - self.firewall_ingress_sender.send(FirewallSignal::Kill)?; + .send(FilterChannelSignal::DirectionUpdate(false))?; + } else { self.filter_chans .ingress .sender - .send(FilterChannelSignal::Kill)?; - self.traffic_direction.terminate(TrafficDirection::Ingress); + .send(FilterChannelSignal::DirectionUpdate(true))?; } - // Add ingress - if !self + if self .traffic_direction .applied_direction - .contains(&TrafficDirection::Ingress) - && self - .traffic_direction - .selected_direction - .contains(&TrafficDirection::Ingress) + .contains(&TrafficDirection::Egress) { - let iface = self.interface.selected_interface.name.clone(); - self.traffic_direction - .terminate_ingress - .store(false, std::sync::atomic::Ordering::Relaxed); - load_ingress( - iface, - notification_sender.clone(), - data_sender.clone(), - self.filter_chans.ingress.receiver.clone(), - self.firewall_ingress_receiver.clone(), - self.traffic_direction.terminate_ingress.clone(), - ); + self.filter_chans + .egress + .sender + .send(FilterChannelSignal::DirectionUpdate(false))?; + } else { + self.filter_chans + .egress + .sender + .send(FilterChannelSignal::DirectionUpdate(true))?; } - self.apply(); - - thread::sleep(Duration::from_millis(150)); - - self.traffic_direction - .terminate_ingress - .store(false, std::sync::atomic::Ordering::Relaxed); - self.traffic_direction - .terminate_ingress - .store(false, std::sync::atomic::Ordering::Relaxed); - - self.sync()?; - Ok(()) } + // pub fn update( + // &mut self, + // // notification_sender: kanal::Sender, + // // data_sender: kanal::Sender<[u8; RawPacket::LEN]>, + // ) -> AppResult<()> { + // // Remove egress + // if self + // .traffic_direction + // .applied_direction + // .contains(&TrafficDirection::Egress) + // && !self + // .traffic_direction + // .selected_direction + // .contains(&TrafficDirection::Egress) + // { + // //self.firewall_egress_sender.send(FirewallSignal::Kill)?; + // self.filter_chans + // .egress + // .sender + // .send(FilterChannelSignal::Kill)?; + // self.traffic_direction.terminate(TrafficDirection::Egress); + // } + + // Add egress + // if !self + // .traffic_direction + // .applied_direction + // .contains(&TrafficDirection::Egress) + // && self + // .traffic_direction + // .selected_direction + // .contains(&TrafficDirection::Egress) + // { + // self.traffic_direction + // .terminate_egress + // .store(false, std::sync::atomic::Ordering::Relaxed); + + // let iface = self.interface.selected_interface.name.clone(); + + // load_egress( + // iface, + // notification_sender.clone(), + // data_sender.clone(), + // self.filter_chans.egress.receiver.clone(), + // self.firewall_egress_receiver.clone(), + // self.traffic_direction.terminate_egress.clone(), + // ); + // } + + // Remove ingress + // if self + // .traffic_direction + // .applied_direction + // .contains(&TrafficDirection::Ingress) + // && !self + // .traffic_direction + // .selected_direction + // .contains(&TrafficDirection::Ingress) + // { + // self.firewall_ingress_sender.send(FirewallSignal::Kill)?; + // self.filter_chans + // .ingress + // .sender + // .send(FilterChannelSignal::Kill)?; + // self.traffic_direction.terminate(TrafficDirection::Ingress); + // } + + // Add ingress + // if !self + // .traffic_direction + // .applied_direction + // .contains(&TrafficDirection::Ingress) + // && self + // .traffic_direction + // .selected_direction + // .contains(&TrafficDirection::Ingress) + // { + // let iface = self.interface.selected_interface.name.clone(); + // self.traffic_direction + // .terminate_ingress + // .store(false, std::sync::atomic::Ordering::Relaxed); + // load_ingress( + // iface, + // notification_sender.clone(), + // data_sender.clone(), + // self.filter_chans.ingress.receiver.clone(), + // self.firewall_ingress_receiver.clone(), + // self.traffic_direction.terminate_ingress.clone(), + // ); + // } + + // self.apply(); + + // thread::sleep(Duration::from_millis(150)); + + // self.traffic_direction + // .terminate_ingress + // .store(false, std::sync::atomic::Ordering::Relaxed); + // self.traffic_direction + // .terminate_ingress + // .store(false, std::sync::atomic::Ordering::Relaxed); + + // self.sync()?; + + // Ok(()) + // } + pub fn handle_key_events(&mut self, key_event: KeyEvent, is_update_popup_displayed: bool) { match key_event.code { KeyCode::Tab => match self.focused_block { diff --git a/oryx-tui/src/filter/direction.rs b/oryx-tui/src/filter/direction.rs index 2e5cb2d..14dbd00 100644 --- a/oryx-tui/src/filter/direction.rs +++ b/oryx-tui/src/filter/direction.rs @@ -83,13 +83,13 @@ impl TrafficDirectionFilter { self.selected_direction.clear(); } - pub fn is_ingress_loaded(&self) -> bool { - self.applied_direction.contains(&TrafficDirection::Ingress) - } + // pub fn is_ingress_loaded(&self) -> bool { + // self.applied_direction.contains(&TrafficDirection::Ingress) + // } - pub fn is_egress_loaded(&self) -> bool { - self.applied_direction.contains(&TrafficDirection::Egress) - } + // pub fn is_egress_loaded(&self) -> bool { + // self.applied_direction.contains(&TrafficDirection::Egress) + // } pub fn render(&mut self, frame: &mut Frame, block: Rect, is_focused: bool) { let layout = Layout::default() diff --git a/oryx-tui/src/handler.rs b/oryx-tui/src/handler.rs index bc92abe..494852b 100644 --- a/oryx-tui/src/handler.rs +++ b/oryx-tui/src/handler.rs @@ -71,15 +71,15 @@ pub fn handle_key_events( KeyCode::Enter => match popup { ActivePopup::UpdateFilters => { if app.filter.focused_block == FocusedBlock::Apply { - app.filter - .update(event_sender.clone(), app.data_channel_sender.clone())?; - if !app.filter.traffic_direction.is_ingress_loaded() { - app.section.firewall.disable_ingress_rules(); - } + app.filter.apply(); + app.filter.sync()?; + // if !app.filter.traffic_direction.is_ingress_loaded() { + // app.section.firewall.disable_ingress_rules(); + // } - if !app.filter.traffic_direction.is_egress_loaded() { - app.section.firewall.disable_egress_rules(); - } + // if !app.filter.traffic_direction.is_egress_loaded() { + // app.section.firewall.disable_egress_rules(); + // } app.active_popup = None; } @@ -143,15 +143,11 @@ pub fn handle_key_events( } KeyCode::Char('q') => { - app.filter.terminate(); - thread::sleep(Duration::from_millis(110)); app.quit(); } KeyCode::Char('c') | KeyCode::Char('C') => { if key_event.modifiers == KeyModifiers::CONTROL { - app.filter.terminate(); - thread::sleep(Duration::from_millis(110)); app.quit(); } } @@ -180,11 +176,7 @@ pub fn handle_key_events( KeyCode::Char(' ') => { if app.section.focused_section == FocusedSection::Firewall { - app.section.firewall.load_rule( - event_sender.clone(), - app.filter.traffic_direction.is_ingress_loaded(), - app.filter.traffic_direction.is_egress_loaded(), - )?; + app.section.firewall.submit_rule()?; } } diff --git a/oryx-tui/src/section.rs b/oryx-tui/src/section.rs index 1c080df..8c18fa5 100644 --- a/oryx-tui/src/section.rs +++ b/oryx-tui/src/section.rs @@ -22,6 +22,7 @@ use stats::Stats; use crate::{ app::{ActivePopup, AppResult}, event::Event, + filter::IoChans, packet::AppPacket, }; @@ -45,15 +46,14 @@ pub struct Section { impl Section { pub fn new( packets: Arc>>, - firewall_ingress_sender: kanal::Sender, - firewall_egress_sender: kanal::Sender, + firewall_chans: IoChans, ) -> Self { Self { focused_section: FocusedSection::Inspection, inspection: Inspection::new(packets.clone()), stats: Stats::new(packets.clone()), alert: Alert::new(packets.clone()), - firewall: Firewall::new(firewall_ingress_sender, firewall_egress_sender), + firewall: Firewall::new(firewall_chans.ingress.sender, firewall_chans.egress.sender), } } fn title_span(&self, header_section: FocusedSection) -> Span { diff --git a/oryx-tui/src/section/firewall.rs b/oryx-tui/src/section/firewall.rs index 33849d8..a87e780 100644 --- a/oryx-tui/src/section/firewall.rs +++ b/oryx-tui/src/section/firewall.rs @@ -419,41 +419,25 @@ impl Firewall { }); } - pub fn load_rule( + pub fn submit_rule( &mut self, - sender: kanal::Sender, - is_ingress_loaded: bool, - is_egress_loaded: bool, + // sender: kanal::Sender, + // is_ingress_loaded: bool, + // is_egress_loaded: bool, ) -> AppResult<()> { if let Some(index) = self.state.selected() { let rule = &mut self.rules[index]; match rule.direction { TrafficDirection::Ingress => { - if is_ingress_loaded { - rule.enabled = !rule.enabled; - self.ingress_sender - .send(FirewallSignal::Rule(rule.clone()))?; - } else { - Notification::send( - "Ingress is not loaded.", - crate::notification::NotificationLevel::Warning, - sender.clone(), - )?; - } + rule.enabled = !rule.enabled; + self.ingress_sender + .send(FirewallSignal::Rule(rule.clone()))?; } TrafficDirection::Egress => { - if is_egress_loaded { - rule.enabled = !rule.enabled; - self.egress_sender - .send(FirewallSignal::Rule(rule.clone()))?; - } else { - Notification::send( - "Egress is not loaded.", - crate::notification::NotificationLevel::Warning, - sender.clone(), - )?; - } + rule.enabled = !rule.enabled; + self.egress_sender + .send(FirewallSignal::Rule(rule.clone()))?; } } }