Skip to content

Commit

Permalink
unload filters properly
Browse files Browse the repository at this point in the history
  • Loading branch information
@pythops
pythops committed Oct 9, 2024
1 parent 47d99f4 commit efcf2c5
Show file tree
Hide file tree
Showing 2 changed files with 98 additions and 36 deletions.
56 changes: 34 additions & 22 deletions oryx-tui/src/ebpf.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ use oryx_common::{protocols::Protocol, RawPacket};

use crate::{
event::Event,
filter::FilterChannelSignal,
notification::{Notification, NotificationLevel},
section::firewall::{BlockedPort, FirewallSignal},
};
Expand Down Expand Up @@ -201,7 +202,7 @@ impl Ebpf {
iface: String,
notification_sender: kanal::Sender<Event>,
data_sender: kanal::Sender<[u8; RawPacket::LEN]>,
filter_channel_receiver: kanal::Receiver<(Protocol, bool)>,
filter_channel_receiver: kanal::Receiver<FilterChannelSignal>,
firewall_ingress_receiver: kanal::Receiver<FirewallSignal>,
terminate: Arc<AtomicBool>,
) {
Expand Down Expand Up @@ -324,16 +325,21 @@ impl Ebpf {
});

thread::spawn(move || loop {
if let Ok((filter, flag)) = filter_channel_receiver.recv() {
match filter {
Protocol::Transport(p) => {
let _ = transport_filters.set(p as u32, flag as u32, 0);
}
Protocol::Network(p) => {
let _ = network_filters.set(p as u32, flag as u32, 0);
}
Protocol::Link(p) => {
let _ = link_filters.set(p as u32, flag as u32, 0);
if let Ok(signal) = filter_channel_receiver.recv() {
match signal {
FilterChannelSignal::Update((filter, flag)) => match filter {
Protocol::Transport(p) => {
let _ = transport_filters.set(p as u32, flag as u32, 0);
}
Protocol::Network(p) => {
let _ = network_filters.set(p as u32, flag as u32, 0);
}
Protocol::Link(p) => {
let _ = link_filters.set(p as u32, flag as u32, 0);
}
},
FilterChannelSignal::Kill => {
break;
}
}
}
Expand Down Expand Up @@ -386,7 +392,7 @@ impl Ebpf {
iface: String,
notification_sender: kanal::Sender<Event>,
data_sender: kanal::Sender<[u8; RawPacket::LEN]>,
filter_channel_receiver: kanal::Receiver<(Protocol, bool)>,
filter_channel_receiver: kanal::Receiver<FilterChannelSignal>,
firewall_egress_receiver: kanal::Receiver<FirewallSignal>,
terminate: Arc<AtomicBool>,
) {
Expand Down Expand Up @@ -505,20 +511,26 @@ impl Ebpf {
});

thread::spawn(move || loop {
if let Ok((filter, flag)) = filter_channel_receiver.recv() {
match filter {
Protocol::Transport(p) => {
let _ = transport_filters.set(p as u32, flag as u32, 0);
}
Protocol::Network(p) => {
let _ = network_filters.set(p as u32, flag as u32, 0);
}
Protocol::Link(p) => {
let _ = link_filters.set(p as u32, flag as u32, 0);
if let Ok(signal) = filter_channel_receiver.recv() {
match signal {
FilterChannelSignal::Update((filter, flag)) => match filter {
Protocol::Transport(p) => {
let _ = transport_filters.set(p as u32, flag as u32, 0);
}
Protocol::Network(p) => {
let _ = network_filters.set(p as u32, flag as u32, 0);
}
Protocol::Link(p) => {
let _ = link_filters.set(p as u32, flag as u32, 0);
}
},
FilterChannelSignal::Kill => {
break;
}
}
}
});

let mut ring_buf = RingBuffer::new(&mut bpf);

poll.registry()
Expand Down
78 changes: 64 additions & 14 deletions oryx-tui/src/filter.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,16 @@ use crate::{
section::firewall::FirewallSignal,
};

#[derive(Debug, Clone)]
pub enum FilterChannelSignal {
Update((Protocol, bool)),
Kill,
}

#[derive(Debug, Clone)]
pub struct Channels {
pub sender: kanal::Sender<(Protocol, bool)>,
pub receiver: kanal::Receiver<(Protocol, bool)>,
pub sender: kanal::Sender<FilterChannelSignal>,
pub receiver: kanal::Receiver<FilterChannelSignal>,
}

#[derive(Debug, Clone)]
Expand Down Expand Up @@ -191,20 +197,32 @@ impl Filter {
self.filter_chans
.ingress
.sender
.send((Protocol::Transport(*protocol), false))?;
.send(FilterChannelSignal::Update((
Protocol::Transport(*protocol),
false,
)))?;
self.filter_chans
.egress
.sender
.send((Protocol::Transport(*protocol), false))?;
.send(FilterChannelSignal::Update((
Protocol::Transport(*protocol),
false,
)))?;
} else {
self.filter_chans
.ingress
.sender
.send((Protocol::Transport(*protocol), true))?;
.send(FilterChannelSignal::Update((
Protocol::Transport(*protocol),
true,
)))?;
self.filter_chans
.egress
.sender
.send((Protocol::Transport(*protocol), true))?;
.send(FilterChannelSignal::Update((
Protocol::Transport(*protocol),
true,
)))?;
}
}

Expand All @@ -213,20 +231,32 @@ impl Filter {
self.filter_chans
.ingress
.sender
.send((Protocol::Network(*protocol), false))?;
.send(FilterChannelSignal::Update((
Protocol::Network(*protocol),
false,
)))?;
self.filter_chans
.egress
.sender
.send((Protocol::Network(*protocol), false))?;
.send(FilterChannelSignal::Update((
Protocol::Network(*protocol),
false,
)))?;
} else {
self.filter_chans
.ingress
.sender
.send((Protocol::Network(*protocol), true))?;
.send(FilterChannelSignal::Update((
Protocol::Network(*protocol),
true,
)))?;
self.filter_chans
.egress
.sender
.send((Protocol::Network(*protocol), true))?;
.send(FilterChannelSignal::Update((
Protocol::Network(*protocol),
true,
)))?;
}
}

Expand All @@ -235,20 +265,32 @@ impl Filter {
self.filter_chans
.ingress
.sender
.send((Protocol::Link(*protocol), false))?;
.send(FilterChannelSignal::Update((
Protocol::Link(*protocol),
false,
)))?;
self.filter_chans
.egress
.sender
.send((Protocol::Link(*protocol), false))?;
.send(FilterChannelSignal::Update((
Protocol::Link(*protocol),
false,
)))?;
} else {
self.filter_chans
.ingress
.sender
.send((Protocol::Link(*protocol), true))?;
.send(FilterChannelSignal::Update((
Protocol::Link(*protocol),
true,
)))?;
self.filter_chans
.egress
.sender
.send((Protocol::Link(*protocol), true))?;
.send(FilterChannelSignal::Update((
Protocol::Link(*protocol),
true,
)))?;
}
}

Expand All @@ -271,6 +313,10 @@ impl Filter {
.contains(&TrafficDirection::Egress)
{
self.firewall_egress_sender.send(FirewallSignal::Kill)?;
self.filter_chans
.egress
.sender
.send(FilterChannelSignal::Kill)?;
self.traffic_direction.terminate(TrafficDirection::Egress);
}

Expand Down Expand Up @@ -311,6 +357,10 @@ impl Filter {
.contains(&TrafficDirection::Ingress)
{
self.firewall_ingress_sender.send(FirewallSignal::Kill)?;
self.filter_chans
.ingress
.sender
.send(FilterChannelSignal::Kill)?;
self.traffic_direction.terminate(TrafficDirection::Ingress);
}

Expand Down

0 comments on commit efcf2c5

Please sign in to comment.