From efcf2c5cba01a596203b153eeb89994e4b7ef2e9 Mon Sep 17 00:00:00 2001 From: Badr Date: Wed, 9 Oct 2024 12:32:36 +0200 Subject: [PATCH] unload filters properly --- oryx-tui/src/ebpf.rs | 56 ++++++++++++++++++------------ oryx-tui/src/filter.rs | 78 ++++++++++++++++++++++++++++++++++-------- 2 files changed, 98 insertions(+), 36 deletions(-) diff --git a/oryx-tui/src/ebpf.rs b/oryx-tui/src/ebpf.rs index 2d5cbfa..d8d3145 100644 --- a/oryx-tui/src/ebpf.rs +++ b/oryx-tui/src/ebpf.rs @@ -17,6 +17,7 @@ use oryx_common::{protocols::Protocol, RawPacket}; use crate::{ event::Event, + filter::FilterChannelSignal, notification::{Notification, NotificationLevel}, section::firewall::{BlockedPort, FirewallSignal}, }; @@ -201,7 +202,7 @@ impl Ebpf { iface: String, notification_sender: kanal::Sender, data_sender: kanal::Sender<[u8; RawPacket::LEN]>, - filter_channel_receiver: kanal::Receiver<(Protocol, bool)>, + filter_channel_receiver: kanal::Receiver, firewall_ingress_receiver: kanal::Receiver, terminate: Arc, ) { @@ -324,16 +325,21 @@ impl Ebpf { }); thread::spawn(move || loop { - if let Ok((filter, flag)) = filter_channel_receiver.recv() { - match filter { - Protocol::Transport(p) => { - let _ = transport_filters.set(p as u32, flag as u32, 0); - } - Protocol::Network(p) => { - let _ = network_filters.set(p as u32, flag as u32, 0); - } - Protocol::Link(p) => { - let _ = link_filters.set(p as u32, flag as u32, 0); + if let Ok(signal) = filter_channel_receiver.recv() { + match signal { + FilterChannelSignal::Update((filter, flag)) => match filter { + Protocol::Transport(p) => { + let _ = transport_filters.set(p as u32, flag as u32, 0); + } + Protocol::Network(p) => { + let _ = network_filters.set(p as u32, flag as u32, 0); + } + Protocol::Link(p) => { + let _ = link_filters.set(p as u32, flag as u32, 0); + } + }, + FilterChannelSignal::Kill => { + break; } } } @@ -386,7 +392,7 @@ impl Ebpf { iface: String, notification_sender: kanal::Sender, data_sender: kanal::Sender<[u8; RawPacket::LEN]>, - filter_channel_receiver: kanal::Receiver<(Protocol, bool)>, + filter_channel_receiver: kanal::Receiver, firewall_egress_receiver: kanal::Receiver, terminate: Arc, ) { @@ -505,20 +511,26 @@ impl Ebpf { }); thread::spawn(move || loop { - if let Ok((filter, flag)) = filter_channel_receiver.recv() { - match filter { - Protocol::Transport(p) => { - let _ = transport_filters.set(p as u32, flag as u32, 0); - } - Protocol::Network(p) => { - let _ = network_filters.set(p as u32, flag as u32, 0); - } - Protocol::Link(p) => { - let _ = link_filters.set(p as u32, flag as u32, 0); + if let Ok(signal) = filter_channel_receiver.recv() { + match signal { + FilterChannelSignal::Update((filter, flag)) => match filter { + Protocol::Transport(p) => { + let _ = transport_filters.set(p as u32, flag as u32, 0); + } + Protocol::Network(p) => { + let _ = network_filters.set(p as u32, flag as u32, 0); + } + Protocol::Link(p) => { + let _ = link_filters.set(p as u32, flag as u32, 0); + } + }, + FilterChannelSignal::Kill => { + break; } } } }); + let mut ring_buf = RingBuffer::new(&mut bpf); poll.registry() diff --git a/oryx-tui/src/filter.rs b/oryx-tui/src/filter.rs index 8c44e01..cba3f3b 100644 --- a/oryx-tui/src/filter.rs +++ b/oryx-tui/src/filter.rs @@ -32,10 +32,16 @@ use crate::{ section::firewall::FirewallSignal, }; +#[derive(Debug, Clone)] +pub enum FilterChannelSignal { + Update((Protocol, bool)), + Kill, +} + #[derive(Debug, Clone)] pub struct Channels { - pub sender: kanal::Sender<(Protocol, bool)>, - pub receiver: kanal::Receiver<(Protocol, bool)>, + pub sender: kanal::Sender, + pub receiver: kanal::Receiver, } #[derive(Debug, Clone)] @@ -191,20 +197,32 @@ impl Filter { self.filter_chans .ingress .sender - .send((Protocol::Transport(*protocol), false))?; + .send(FilterChannelSignal::Update(( + Protocol::Transport(*protocol), + false, + )))?; self.filter_chans .egress .sender - .send((Protocol::Transport(*protocol), false))?; + .send(FilterChannelSignal::Update(( + Protocol::Transport(*protocol), + false, + )))?; } else { self.filter_chans .ingress .sender - .send((Protocol::Transport(*protocol), true))?; + .send(FilterChannelSignal::Update(( + Protocol::Transport(*protocol), + true, + )))?; self.filter_chans .egress .sender - .send((Protocol::Transport(*protocol), true))?; + .send(FilterChannelSignal::Update(( + Protocol::Transport(*protocol), + true, + )))?; } } @@ -213,20 +231,32 @@ impl Filter { self.filter_chans .ingress .sender - .send((Protocol::Network(*protocol), false))?; + .send(FilterChannelSignal::Update(( + Protocol::Network(*protocol), + false, + )))?; self.filter_chans .egress .sender - .send((Protocol::Network(*protocol), false))?; + .send(FilterChannelSignal::Update(( + Protocol::Network(*protocol), + false, + )))?; } else { self.filter_chans .ingress .sender - .send((Protocol::Network(*protocol), true))?; + .send(FilterChannelSignal::Update(( + Protocol::Network(*protocol), + true, + )))?; self.filter_chans .egress .sender - .send((Protocol::Network(*protocol), true))?; + .send(FilterChannelSignal::Update(( + Protocol::Network(*protocol), + true, + )))?; } } @@ -235,20 +265,32 @@ impl Filter { self.filter_chans .ingress .sender - .send((Protocol::Link(*protocol), false))?; + .send(FilterChannelSignal::Update(( + Protocol::Link(*protocol), + false, + )))?; self.filter_chans .egress .sender - .send((Protocol::Link(*protocol), false))?; + .send(FilterChannelSignal::Update(( + Protocol::Link(*protocol), + false, + )))?; } else { self.filter_chans .ingress .sender - .send((Protocol::Link(*protocol), true))?; + .send(FilterChannelSignal::Update(( + Protocol::Link(*protocol), + true, + )))?; self.filter_chans .egress .sender - .send((Protocol::Link(*protocol), true))?; + .send(FilterChannelSignal::Update(( + Protocol::Link(*protocol), + true, + )))?; } } @@ -271,6 +313,10 @@ impl Filter { .contains(&TrafficDirection::Egress) { self.firewall_egress_sender.send(FirewallSignal::Kill)?; + self.filter_chans + .egress + .sender + .send(FilterChannelSignal::Kill)?; self.traffic_direction.terminate(TrafficDirection::Egress); } @@ -311,6 +357,10 @@ impl Filter { .contains(&TrafficDirection::Ingress) { self.firewall_ingress_sender.send(FirewallSignal::Kill)?; + self.filter_chans + .ingress + .sender + .send(FilterChannelSignal::Kill)?; self.traffic_direction.terminate(TrafficDirection::Ingress); }