feat(rust): use more monolith structure for ebpf portals

implementations/rust/ockam/ockam_transport_tcp/Cargo.toml

@@ -36,6 +36,7 @@ cfg_aliases = "0.2.1"
 
 [dependencies]
 cfg-if = "1.0.0"
+hex = "0.4.3"
 log = "0.4.21"
 minicbor = "0.24"
 ockam_core = { path = "../ockam_core", version = "^0.117.0" }
@@ -54,9 +55,11 @@ tokio-rustls = { version = "0.26", default-features = false, features = ["loggin
 tracing = { version = "0.1", default-features = false }
 
 [target.'cfg( target_os = "linux" )'.dependencies]
-pnet = { version = "0.35.0", optional = true }
 aya = { version = "0.12", optional = true }
 aya-log = { version = "0.2", optional = true }
+
+[target.'cfg( any(target_os = "linux", target_os = "macos") )'.dependencies]
 env_logger = { version = "0.11", optional = true }
 libc = { version = "0.2", optional = true }
 nix = { version = "0.29", features = ["net"], optional = true }
+pnet = { version = "0.35.0", optional = true }

implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/common.rs

@@ -1,22 +1,37 @@
 use minicbor::{Decode, Encode};
-use ockam_core::CowBytes;
 use pnet::packet::tcp::TcpPacket;
 use pnet::packet::Packet;
+use rand::distributions::{Distribution, Standard};
+use rand::Rng;
 use std::net::Ipv4Addr;
 
+/// Unique random connection identifier
+#[derive(Clone, Debug, Eq, PartialEq, Hash, Encode, Decode)]
+#[cbor(transparent)]
+#[rustfmt::skip]
+pub struct ConnectionIdentifier(#[n(0)] String);
+
+impl Distribution<ConnectionIdentifier> for Standard {
+    fn sample<R: Rng + ?Sized>(&self, rng: &mut R) -> ConnectionIdentifier {
+        let bytes: [u8; 8] = rng.gen();
+        ConnectionIdentifier(hex::encode(bytes))
+    }
+}
+
 #[allow(missing_docs)]
 #[derive(Encode, Decode)]
 #[rustfmt::skip]
-pub struct OckamPortalPacket<'a> {
-    #[n(0)] pub sequence: u32,
-    #[n(1)] pub acknowledgement: u32,
-    #[n(2)] pub data_offset: u8,
-    #[n(3)] pub reserved: u8,
-    #[n(4)] pub flags: u8,
-    #[n(5)] pub window: u16,
-    #[n(6)] pub urgent_ptr: u16,
-    #[n(7)] pub options: Vec<TcpOption>,
-    #[b(8)] pub payload: CowBytes<'a>,
+pub struct OckamPortalPacket {
+    #[n(0)] pub connection_identifier: ConnectionIdentifier,
+    #[n(1)] pub sequence: u32,
+    #[n(2)] pub acknowledgement: u32,
+    #[n(3)] pub data_offset: u8,
+    #[n(4)] pub reserved: u8,
+    #[n(5)] pub flags: u8,
+    #[n(6)] pub window: u16,
+    #[n(7)] pub urgent_ptr: u16,
+    #[n(8)] pub options: Vec<TcpOption>,
+    #[n(9)] pub payload: Vec<u8>,
 }
 
 #[allow(missing_docs)]
@@ -38,26 +53,14 @@ impl From<TcpOption> for pnet::packet::tcp::TcpOption {
     }
 }
 
-impl OckamPortalPacket<'_> {
-    /// Clone data to make an owned version of an instance.
-    pub fn into_owned(self) -> OckamPortalPacket<'static> {
-        OckamPortalPacket {
-            sequence: self.sequence,
-            acknowledgement: self.acknowledgement,
-            data_offset: self.data_offset,
-            reserved: self.reserved,
-            flags: self.flags,
-            window: self.window,
-            urgent_ptr: self.urgent_ptr,
-            options: self.options,
-            payload: self.payload.to_owned(),
-        }
-    }
-}
-
-impl From<RawSocketMessage> for OckamPortalPacket<'_> {
-    fn from(value: RawSocketMessage) -> Self {
+impl OckamPortalPacket {
+    /// Transform
+    pub fn from_raw_socket_message(
+        value: RawSocketMessage,
+        connection_identifier: ConnectionIdentifier,
+    ) -> Self {
         Self {
+            connection_identifier,
             sequence: value.sequence,
             acknowledgement: value.acknowledgement,
             data_offset: value.data_offset,
@@ -66,7 +69,7 @@ impl From<RawSocketMessage> for OckamPortalPacket<'_> {
             window: value.window,
             urgent_ptr: value.urgent_ptr,
             options: value.options.into_iter().map(Into::into).collect(),
-            payload: value.payload.into(),
+            payload: value.payload,
         }
     }
 }

implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/ebpf_support.rs

@@ -10,7 +10,7 @@ use core::fmt::{Debug, Formatter};
 use ockam_core::compat::collections::HashMap;
 use ockam_core::compat::sync::RwLock;
 use ockam_core::errcode::{Kind, Origin};
-use ockam_core::{Address, Error, Result};
+use ockam_core::{Address, AllowAll, DenyAll, Error, Result};
 use ockam_node::compat::asynchronous::Mutex as AsyncMutex;
 use ockam_node::Context;
 use pnet::transport::TransportSender;
@@ -104,7 +104,8 @@ impl TcpTransportEbpfSupport {
 
         *socket_write_handle_lock = Some(socket_write_handle.clone());
 
-        ctx.start_processor(address, processor).await?;
+        ctx.start_processor_with_access_control(address, processor, DenyAll, AllowAll)
+            .await?;
 
         info!("Started RawSocket");
 
@@ -281,7 +282,7 @@ impl TcpTransportEbpfSupport {
     }
 
     /// Add inlet port
-    pub fn add_inlet_port(&self, port: u16) -> Result<()> {
+    pub fn add_inlet_port(&self, port: Port) -> Result<()> {
         let mut bpf = self.bpf.lock().unwrap();
 
         bpf.as_mut()
@@ -294,7 +295,7 @@ impl TcpTransportEbpfSupport {
     }
 
     /// Remove inlet port
-    pub fn remove_inlet_port(&self, port: u16) -> Result<()> {
+    pub fn remove_inlet_port(&self, port: Port) -> Result<()> {
         let mut bpf = self.bpf.lock().unwrap();
 
         bpf.as_mut().unwrap().inlet_port_map.remove(&port).unwrap();
@@ -303,7 +304,7 @@ impl TcpTransportEbpfSupport {
     }
 
     /// Add outlet port
-    pub fn add_outlet_port(&self, port: u16) -> Result<()> {
+    pub fn add_outlet_port(&self, port: Port) -> Result<()> {
         let mut bpf = self.bpf.lock().unwrap();
 
         bpf.as_mut()
@@ -316,7 +317,7 @@ impl TcpTransportEbpfSupport {
     }
 
     /// Remove outlet port
-    pub fn remove_outlet_port(&self, port: u16) -> Result<()> {
+    pub fn remove_outlet_port(&self, port: Port) -> Result<()> {
         let mut bpf = self.bpf.lock().unwrap();
 
         bpf.as_mut().unwrap().outlet_port_map.remove(&port).unwrap();

implementations/rust/ockam/ockam_transport_tcp/src/ebpf_portal/mod.rs

@@ -1,17 +1,13 @@
 mod common;
 mod ebpf_support;
-mod outlet_listener_worker;
 mod portal_processor;
 mod portal_worker;
 mod portals;
-mod processor;
 mod registry;
 mod transport;
 
 pub use common::*;
 pub use ebpf_support::*;
-pub use outlet_listener_worker::*;
-pub(crate) use portal_processor::*;
+pub use portal_processor::*;
 pub use portal_worker::*;
-pub use processor::*;
 pub use registry::*;