From 91c50221adbd92efbe188bc27af4945c01e5f0c4 Mon Sep 17 00:00:00 2001
From: LorenzoTettamanti <lorenzotettamanti5@gmail.com>
Date: Mon, 20 Oct 2025 10:24:37 +0200
Subject: [PATCH 1/5] [#105]: updated policies commands: added remove-ip
 function

---
 cli/src/main.rs     | 23 +++++++++++++++++++++--
 cli/src/policies.rs | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+), 2 deletions(-)

diff --git a/cli/src/main.rs b/cli/src/main.rs
index 6128d59..d1c0586 100644
--- a/cli/src/main.rs
+++ b/cli/src/main.rs
@@ -28,7 +28,13 @@ use crate::monitoring::{ list_features, monitor_identity_events, MonitorArgs, Mo
 use crate::service::{ ServiceCommands, ServiceArgs, describe_service, list_services };
 use crate::status::{ StatusArgs, status_command };
 use crate::uninstall::uninstall;
-use crate::policies::{ PoliciesCommands, PoliciesArgs, create_blocklist, check_blocklist };
+use crate::policies::{
+    PoliciesCommands,
+    PoliciesArgs,
+    create_blocklist,
+    check_blocklist,
+    remove_ip,
+};
 
 use crate::essential::GeneralData;
 
@@ -164,7 +170,7 @@ async fn args_parser() -> Result<(), Error> {
                         // pass the ip as a monitoring flag
                         match policies_args.flags {
                             None => {
-                                println!("Insert at least one ip to create a blocklist");
+                                println!("{}","Insert at least one ip to create a blocklist".red());
                                 Ok(())
                             }
                             Some(exclude_flag) => {
@@ -174,6 +180,19 @@ async fn args_parser() -> Result<(), Error> {
                             }
                         }
                     }
+                    PoliciesCommands::RemoveIpFromBlocklist => {
+                        match policies_args.flags {
+                            None => {
+                                println!("{}","Insert at least one ip to remove from the blocklist".red());
+                                Ok(())
+                            }
+                            Some(ip) => {
+                                println!("Inserted ip: {}", ip);
+                                let _ = remove_ip(&ip).await;
+                                Ok(())
+                            }
+                        }
+                    }
                 }
             }
             None => {
diff --git a/cli/src/policies.rs b/cli/src/policies.rs
index 20a32c6..9f264d1 100644
--- a/cli/src/policies.rs
+++ b/cli/src/policies.rs
@@ -1,7 +1,9 @@
 #![allow(warnings)]
+use std::result::Result::Ok;
 use colored::Colorize;
 use agent_api::requests::send_check_blocklist_request;
 use agent_api::requests::send_create_blocklist_request;
+use agent_api::requests::remove_ip_from_blocklist_request;
 use anyhow::Error;
 use clap::{ Args, Parser, Subcommand };
 use agent_api::client::{ connect_to_client, connect_to_server_reflection };
@@ -13,6 +15,8 @@ pub enum PoliciesCommands {
     CreateBlocklist,
     #[command(name = "check-blocklist", about = "Check current ip blocklist")]
     CheckBlocklist,
+    #[command(name="remove-ip",about ="Remove an ip from the blocklist")]
+    RemoveIpFromBlocklist
 }
 
 // cfcli policies <args>
@@ -87,3 +91,33 @@ pub async fn check_blocklist() -> Result<(), Error> {
     }
     Ok(())
 }
+pub async fn remove_ip(ip:&str) -> Result<(), Error> {
+    println!("{} {}", "=====>".blue().bold(), "Connecting to cortexflow Client".white());
+    match connect_to_client().await {
+        Ok(client) => {
+            println!("{} {}", "=====>".blue().bold(), "Connected to CortexFlow Client".green());
+            match remove_ip_from_blocklist_request(client,ip).await {
+                Ok(response) => {
+                    println!("{:?}", response.into_inner().events);
+                }
+                Err(e) => {
+                    println!(
+                        "{} {} {} {}",
+                        "=====>".blue().bold(),
+                        "An error occured".red(),
+                        "Error:",
+                        e
+                    );
+                }
+            }
+        }
+        Err(_) => {
+            println!(
+                "{} {}",
+                "=====>".blue().bold(),
+                "Failed to connect to CortexFlow Client".red()
+            );
+        }
+    }
+    Ok(())
+}

From 61cd48be18d19a073543bbc374dd675d6d532098 Mon Sep 17 00:00:00 2001
From: LorenzoTettamanti <lorenzotettamanti5@gmail.com>
Date: Mon, 20 Oct 2025 10:26:15 +0200
Subject: [PATCH 2/5] [#105]: agent api update: added function to remove ip
 from the blocklist. fixed typos in check_blocklist and add_ip_to_blocklist
 function

---
 core/api/protos/agent.proto | 17 ++++++-
 core/api/src/agent.rs       | 93 +++++++++++++++++++++++++++++++++++++
 core/api/src/api.rs         | 51 +++++++++++++++++---
 3 files changed, 153 insertions(+), 8 deletions(-)

diff --git a/core/api/protos/agent.proto b/core/api/protos/agent.proto
index c682cba..eae500d 100644
--- a/core/api/protos/agent.proto
+++ b/core/api/protos/agent.proto
@@ -23,11 +23,17 @@ message ActiveConnectionResponse{
 
 //declare agent api 
 service Agent{
-    //active connections endpoint 
+    
+    // active connections endpoint 
     rpc ActiveConnections(RequestActiveConnections) returns (ActiveConnectionResponse);
-    //create blocklist endpoint
+    
+    // create blocklist endpoint
     rpc AddIpToBlocklist(AddIpToBlocklistRequest) returns (BlocklistResponse);
     rpc CheckBlocklist(google.protobuf.Empty) returns (BlocklistResponse);
+
+    // remove ip from blocklist endpoint
+    rpc RmIpFromBlocklist(RmIpFromBlocklistRequest) returns (RmIpFromBlocklistResponse);
+
 }
 
 message AddIpToBlocklistRequest{
@@ -38,3 +44,10 @@ message BlocklistResponse{
     string status = 1 ;
     map<string,string> events = 2 ;
 }
+message RmIpFromBlocklistRequest{
+    string ip = 1 ;
+}
+message RmIpFromBlocklistResponse{
+    string status = 1;
+    map<string,string> events = 2 ;
+}
diff --git a/core/api/src/agent.rs b/core/api/src/agent.rs
index 3e8ef70..ea03aa8 100644
--- a/core/api/src/agent.rs
+++ b/core/api/src/agent.rs
@@ -42,6 +42,21 @@ pub struct BlocklistResponse {
         ::prost::alloc::string::String,
     >,
 }
+#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
+pub struct RmIpFromBlocklistRequest {
+    #[prost(string, tag = "1")]
+    pub ip: ::prost::alloc::string::String,
+}
+#[derive(Clone, PartialEq, ::prost::Message)]
+pub struct RmIpFromBlocklistResponse {
+    #[prost(string, tag = "1")]
+    pub status: ::prost::alloc::string::String,
+    #[prost(map = "string, string", tag = "2")]
+    pub events: ::std::collections::HashMap<
+        ::prost::alloc::string::String,
+        ::prost::alloc::string::String,
+    >,
+}
 /// Generated client implementations.
 pub mod agent_client {
     #![allow(
@@ -208,6 +223,31 @@ pub mod agent_client {
                 .insert(GrpcMethod::new("agent.Agent", "CheckBlocklist"));
             self.inner.unary(req, path, codec).await
         }
+        /// remove ip from blocklist endpoint
+        pub async fn rm_ip_from_blocklist(
+            &mut self,
+            request: impl tonic::IntoRequest<super::RmIpFromBlocklistRequest>,
+        ) -> std::result::Result<
+            tonic::Response<super::RmIpFromBlocklistResponse>,
+            tonic::Status,
+        > {
+            self.inner
+                .ready()
+                .await
+                .map_err(|e| {
+                    tonic::Status::unknown(
+                        format!("Service was not ready: {}", e.into()),
+                    )
+                })?;
+            let codec = tonic_prost::ProstCodec::default();
+            let path = http::uri::PathAndQuery::from_static(
+                "/agent.Agent/RmIpFromBlocklist",
+            );
+            let mut req = request.into_request();
+            req.extensions_mut()
+                .insert(GrpcMethod::new("agent.Agent", "RmIpFromBlocklist"));
+            self.inner.unary(req, path, codec).await
+        }
     }
 }
 /// Generated server implementations.
@@ -246,6 +286,14 @@ pub mod agent_server {
             tonic::Response<super::BlocklistResponse>,
             tonic::Status,
         >;
+        /// remove ip from blocklist endpoint
+        async fn rm_ip_from_blocklist(
+            &self,
+            request: tonic::Request<super::RmIpFromBlocklistRequest>,
+        ) -> std::result::Result<
+            tonic::Response<super::RmIpFromBlocklistResponse>,
+            tonic::Status,
+        >;
     }
     /// declare agent api
     #[derive(Debug)]
@@ -454,6 +502,51 @@ pub mod agent_server {
                     };
                     Box::pin(fut)
                 }
+                "/agent.Agent/RmIpFromBlocklist" => {
+                    #[allow(non_camel_case_types)]
+                    struct RmIpFromBlocklistSvc<T: Agent>(pub Arc<T>);
+                    impl<
+                        T: Agent,
+                    > tonic::server::UnaryService<super::RmIpFromBlocklistRequest>
+                    for RmIpFromBlocklistSvc<T> {
+                        type Response = super::RmIpFromBlocklistResponse;
+                        type Future = BoxFuture<
+                            tonic::Response<Self::Response>,
+                            tonic::Status,
+                        >;
+                        fn call(
+                            &mut self,
+                            request: tonic::Request<super::RmIpFromBlocklistRequest>,
+                        ) -> Self::Future {
+                            let inner = Arc::clone(&self.0);
+                            let fut = async move {
+                                <T as Agent>::rm_ip_from_blocklist(&inner, request).await
+                            };
+                            Box::pin(fut)
+                        }
+                    }
+                    let accept_compression_encodings = self.accept_compression_encodings;
+                    let send_compression_encodings = self.send_compression_encodings;
+                    let max_decoding_message_size = self.max_decoding_message_size;
+                    let max_encoding_message_size = self.max_encoding_message_size;
+                    let inner = self.inner.clone();
+                    let fut = async move {
+                        let method = RmIpFromBlocklistSvc(inner);
+                        let codec = tonic_prost::ProstCodec::default();
+                        let mut grpc = tonic::server::Grpc::new(codec)
+                            .apply_compression_config(
+                                accept_compression_encodings,
+                                send_compression_encodings,
+                            )
+                            .apply_max_message_size_config(
+                                max_decoding_message_size,
+                                max_encoding_message_size,
+                            );
+                        let res = grpc.unary(method, req).await;
+                        Ok(res)
+                    };
+                    Box::pin(fut)
+                }
                 _ => {
                     Box::pin(async move {
                         let mut response = http::Response::new(
diff --git a/core/api/src/api.rs b/core/api/src/api.rs
index c8402ef..29d0e8d 100644
--- a/core/api/src/api.rs
+++ b/core/api/src/api.rs
@@ -3,7 +3,7 @@ use anyhow::Context;
 use chrono::Local;
 use prost::bytes::BytesMut;
 use std::str::FromStr;
-use std::{sync::Mutex };
+use std::{ sync::Mutex };
 use tonic::{ Request, Response, Status };
 use tracing::info;
 
@@ -24,6 +24,8 @@ use crate::agent::{
     RequestActiveConnections,
     AddIpToBlocklistRequest,
     BlocklistResponse,
+    RmIpFromBlocklistRequest,
+    RmIpFromBlocklistResponse,
 };
 use aya::maps::Map;
 use bytemuck_derive::Zeroable;
@@ -58,7 +60,7 @@ pub trait EventSender: Send + Sync + 'static {
     async fn send_map(
         &self,
         map: Vec<ConnectionEvent>,
-        tx: mpsc::Sender<Result<Vec<ConnectionEvent>, Status>>,
+        tx: mpsc::Sender<Result<Vec<ConnectionEvent>, Status>>
     ) {
         let status = Status::new(tonic::Code::Ok, "success");
         let event = Ok(map);
@@ -289,8 +291,8 @@ impl Agent for AgentApi {
         for item in blocklist_map.iter() {
             let (k, v) = item.unwrap();
             // convert keys and values from [u8;4] to String
-            let key = String::from_utf8(k.to_vec()).unwrap();
-            let value = String::from_utf8(v.to_vec()).unwrap();
+            let key = Ipv4Addr::from(k).to_string();
+            let value = Ipv4Addr::from(k).to_string();
             converted_blocklist_map.insert(key, value);
         }
 
@@ -324,8 +326,8 @@ impl Agent for AgentApi {
         for item in blocklist_map.iter() {
             let (k, v) = item.unwrap();
             // convert keys and values from [u8;4] to String
-            let key = String::from_utf8(k.to_vec()).unwrap();
-            let value = String::from_utf8(v.to_vec()).unwrap();
+            let key = Ipv4Addr::from(k).to_string();
+            let value = Ipv4Addr::from(k).to_string();
             converted_blocklist_map.insert(key, value);
         }
         Ok(
@@ -335,4 +337,41 @@ impl Agent for AgentApi {
             })
         )
     }
+    async fn rm_ip_from_blocklist(
+        &self,
+        request: Request<RmIpFromBlocklistRequest>
+    ) -> Result<Response<RmIpFromBlocklistResponse>, Status> {
+        //read request
+        let req = request.into_inner();
+        info!("Removing ip from blocklist map");
+        //open blocklist map
+        let mapdata = MapData::from_pin("/sys/fs/bpf/maps/blocklist_map").expect(
+            "cannot open blocklist_map Mapdata"
+        );
+        let blocklist_mapdata = Map::HashMap(mapdata); //load mapdata
+        let mut blocklist_map: ayaHashMap<MapData, [u8; 4], [u8; 4]> = ayaHashMap
+            ::try_from(blocklist_mapdata)
+            .unwrap();
+        //remove the address
+        let ip_to_remove = req.ip;
+        let u8_4_ip_to_remove = Ipv4Addr::from_str(&ip_to_remove).unwrap().octets();
+        blocklist_map.remove(&u8_4_ip_to_remove);
+
+        //convert the maps with a buffer to match the protobuffer types
+        let mut converted_blocklist_map: HashMap<String, String> = HashMap::new();
+        for item in blocklist_map.iter() {
+            let (k, v) = item.unwrap();
+            // convert keys and values from [u8;4] to String
+            let key = Ipv4Addr::from(k).to_string();
+            let value = Ipv4Addr::from(k).to_string();
+            converted_blocklist_map.insert(key, value);
+        }
+
+        Ok(
+            Response::new(RmIpFromBlocklistResponse {
+                status: "Ip removed from blocklist".to_string(),
+                events: converted_blocklist_map,
+            })
+        )
+    }
 }

From ec53a624e48a60230ece0047a616fc98efd5088c Mon Sep 17 00:00:00 2001
From: LorenzoTettamanti <lorenzotettamanti5@gmail.com>
Date: Mon, 20 Oct 2025 10:27:03 +0200
Subject: [PATCH 3/5] [#105]: agent request module update: added
 remove_ip_from_blocklist request

---
 core/api/src/requests.rs | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/core/api/src/requests.rs b/core/api/src/requests.rs
index 353e8e0..4bb2228 100644
--- a/core/api/src/requests.rs
+++ b/core/api/src/requests.rs
@@ -13,6 +13,8 @@ use crate::agent::ActiveConnectionResponse;
 use crate::agent::RequestActiveConnections;
 use crate::agent::BlocklistResponse;
 use crate::agent::AddIpToBlocklistRequest;
+use crate::agent::RmIpFromBlocklistRequest;
+use crate::agent::RmIpFromBlocklistResponse;
 
 pub async fn send_active_connection_request(
     mut client: AgentClient<Channel>
@@ -51,3 +53,13 @@ pub async fn send_check_blocklist_request(
     let response = client.check_blocklist(request).await?;
     Ok(response)
 }
+
+pub async fn remove_ip_from_blocklist_request(
+    mut client: AgentClient<Channel>,
+    ip: &str
+) -> Result<Response<RmIpFromBlocklistResponse>, Error> {
+    let ip = ip.to_string();
+    let request = Request::new(RmIpFromBlocklistRequest { ip });
+    let response = client.rm_ip_from_blocklist(request).await?;
+    Ok(response)
+}

From 5b1a1f630f7c75819f345f3590c6520cf20826cb Mon Sep 17 00:00:00 2001
From: LorenzoTettamanti <lorenzotettamanti5@gmail.com>
Date: Mon, 20 Oct 2025 10:38:06 +0200
Subject: [PATCH 4/5] [#105]: kernel space update: updated connetracker Added
 blocklist logic

---
 core/src/components/conntracker/src/main.rs | 126 +++++++++++---------
 1 file changed, 71 insertions(+), 55 deletions(-)

diff --git a/core/src/components/conntracker/src/main.rs b/core/src/components/conntracker/src/main.rs
index d670b28..d6f8274 100644
--- a/core/src/components/conntracker/src/main.rs
+++ b/core/src/components/conntracker/src/main.rs
@@ -20,16 +20,19 @@ mod bindings;
 mod data_structures;
 mod offsets;
 
+use core::net::Ipv4Addr;
+
 use aya_ebpf::{
-    bindings::{TC_ACT_OK, TC_ACT_SHOT},
-    helpers::{bpf_get_current_pid_tgid, bpf_probe_read_kernel},
-    macros::{classifier, kprobe},
-    programs::{ProbeContext, TcContext},
+    bindings::{ TC_ACT_OK, TC_ACT_SHOT },
+    helpers::{ bpf_get_current_pid_tgid, bpf_probe_read_kernel },
+    macros::{ classifier, kprobe },
+    programs::{ ProbeContext, TcContext },
 };
+use aya_log_ebpf::info;
 
-use crate::bindings::{net, net_device};
-use crate::data_structures::{ConnArray, PacketLog, VethLog};
-use crate::data_structures::{EVENTS, VETH_EVENTS};
+use crate::bindings::{ net, net_device };
+use crate::data_structures::{ ConnArray, PacketLog, VethLog };
+use crate::data_structures::{ EVENTS, VETH_EVENTS, BLOCKLIST };
 use crate::offsets::OFFSETS;
 
 #[kprobe]
@@ -57,7 +60,9 @@ fn read_linux_inner_struct<T>(ptr: *const u8, offset: usize) -> Result<*const T,
         let inner_field: *const T = unsafe {
             match bpf_probe_read_kernel(inner_ptr as *const *const T) {
                 Ok(inner_field) => inner_field,
-                Err(e) => return Err(e),
+                Err(e) => {
+                    return Err(e);
+                }
             }
         };
         Ok(inner_field)
@@ -75,7 +80,9 @@ fn read_linux_inner_value<T: Copy>(ptr: *const u8, offset: usize) -> Result<T, i
     let inner_value = unsafe {
         match bpf_probe_read_kernel::<T>(inner_ptr as *const T) {
             Ok(inner_field) => inner_field,
-            Err(e) => return Err(e),
+            Err(e) => {
+                return Err(e);
+            }
         }
     };
 
@@ -111,8 +118,10 @@ pub fn try_veth_tracer(ctx: ProbeContext, mode: u8) -> Result<u32, i64> {
     //name field
     let name_field_offset = 304; // reading the name field offset
 
-    let name_array: [u8; 16] =
-        read_linux_inner_value::<[u8; 16]>(net_device_pointer as *const u8, name_field_offset)?;
+    let name_array: [u8; 16] = read_linux_inner_value::<[u8; 16]>(
+        net_device_pointer as *const u8,
+        name_field_offset
+    )?;
 
     //state field
     let state_offset = 168;
@@ -120,8 +129,10 @@ pub fn try_veth_tracer(ctx: ProbeContext, mode: u8) -> Result<u32, i64> {
 
     //dev_addr
     let dev_addr_offset = 1080;
-    let dev_addr_array: [u32; 8] =
-        read_linux_inner_value::<[u32; 8]>(net_device_pointer as *const u8, dev_addr_offset)?;
+    let dev_addr_array: [u32; 8] = read_linux_inner_value::<[u32; 8]>(
+        net_device_pointer as *const u8,
+        dev_addr_offset
+    )?;
 
     let inum: u32 = extract_netns_inum(net_device_pointer as *const u8)?;
     let pid: u32 = bpf_get_current_pid_tgid() as u32; //extracting lower 32 bit corresponding to the PID
@@ -165,60 +176,64 @@ fn try_identity_classifier(ctx: TcContext) -> Result<(), i64> {
 
     //read if the packets has Options
     let first_ipv4_byte = u8::from_be(ctx.load::<u8>(OFFSETS::ETH_STACK_BYTES).map_err(|_| 1)?);
-    let ihl = (first_ipv4_byte & 0x0f) as usize; /* 0x0F=00001111 &=AND bit a bit operator to extract the last 4 bit*/
+    let ihl = (first_ipv4_byte &
+        0x0f) as usize; /* 0x0F=00001111 &=AND bit a bit operator to extract the last 4 bit*/
     let ip_header_len = ihl * 4; //returns the header lenght in bytes
 
     //get the source ip,destination ip and connection id
-    let src_ip = ctx
-        .load::<u32>(OFFSETS::SRC_T0TAL_BYTES_OFFSET)
-        .map_err(|_| 1)?; // ETH+SOURCE_ADDRESS
+    let src_ip = ctx.load::<u32>(OFFSETS::SRC_T0TAL_BYTES_OFFSET).map_err(|_| 1)?; // ETH+SOURCE_ADDRESS
     let src_port = u16::from_be(
-        ctx.load::<u16>(
-            OFFSETS::ETH_STACK_BYTES + ip_header_len + OFFSETS::SRC_PORT_OFFSET_FROM_IP_HEADER,
-        )
-        .map_err(|_| 1)?,
+        ctx
+            .load::<u16>(
+                OFFSETS::ETH_STACK_BYTES + ip_header_len + OFFSETS::SRC_PORT_OFFSET_FROM_IP_HEADER
+            )
+            .map_err(|_| 1)?
     ); //14+IHL-Lenght+0
-    let dst_ip = ctx
-        .load::<u32>(OFFSETS::DST_T0TAL_BYTES_OFFSET)
-        .map_err(|_| 1)?; // ETH+ DESTINATION_ADDRESS
+    let dst_ip = ctx.load::<u32>(OFFSETS::DST_T0TAL_BYTES_OFFSET).map_err(|_| 1)?; // ETH+ DESTINATION_ADDRESS
     let dst_port = u16::from_be(
-        ctx.load::<u16>(
-            OFFSETS::ETH_STACK_BYTES + ip_header_len + OFFSETS::DST_PORT_OFFSET_FROM_IP_HEADER,
-        )
-        .map_err(|_| 1)?,
+        ctx
+            .load::<u16>(
+                OFFSETS::ETH_STACK_BYTES + ip_header_len + OFFSETS::DST_PORT_OFFSET_FROM_IP_HEADER
+            )
+            .map_err(|_| 1)?
     ); //14+IHL-Lenght+0
-    let proto = u8::from_be(
-        ctx.load::<u8>(OFFSETS::PROTOCOL_T0TAL_BYTES_OFFSET)
-            .map_err(|_| 1)?,
-    );
+    let proto = u8::from_be(ctx.load::<u8>(OFFSETS::PROTOCOL_T0TAL_BYTES_OFFSET).map_err(|_| 1)?);
 
     let pid: u32 = bpf_get_current_pid_tgid() as u32;
 
-    //not logging internal communication packets
     //TODO: do not log internal communications such as minikube dashboard packets or kubectl api packets
 
-    let key = ConnArray {
-        src_ip,
-        dst_ip,
-        src_port,
-        dst_port,
-        proto,
-    };
+    // check if the address is in the blocklist
+    let src_ip_be_bytes: [u8; 4] = src_ip.to_be_bytes(); //transforming the src_ip in big endian bytes
 
-    let log = PacketLog {
-        proto,
-        src_ip,
-        src_port,
-        dst_ip,
-        dst_port,
-        pid,
-    };
-    //let connections = ConnArray{
-    //  event_id,
-    //connection_id
-    //};
-    unsafe {
-        EVENTS.output(&ctx, &log, 0); //output to userspace
+    // ** blocklist logic
+    if (unsafe { BLOCKLIST.get(&src_ip_be_bytes).is_some() }) {
+        info!(
+            &ctx,
+            "Blocking address: {}. Reason: Address is in a BLOCKLIST",
+            Ipv4Addr::from(src_ip_be_bytes)
+        );
+        return Err(1);
+    } else {
+        let key = ConnArray {
+            src_ip,
+            dst_ip,
+            src_port,
+            dst_port,
+            proto,
+        };
+
+        let log = PacketLog {
+            proto,
+            src_ip,
+            src_port,
+            dst_ip,
+            dst_port,
+            pid,
+        };
+        unsafe {
+            EVENTS.output(&ctx, &log, 0); //output to userspace
+        }
     }
     Ok(())
 }
@@ -229,5 +244,6 @@ fn try_identity_classifier(ctx: TcContext) -> Result<(), i64> {
 
 #[panic_handler]
 fn panic(_info: &core::panic::PanicInfo) -> ! {
-    loop {}
+    loop {
+    }
 }

From bd22449ced8d9ccd5927f1413310caf26e7e1c35 Mon Sep 17 00:00:00 2001
From: LorenzoTettamanti <lorenzotettamanti5@gmail.com>
Date: Mon, 20 Oct 2025 10:42:20 +0200
Subject: [PATCH 5/5] [#105]: modified cargo manifests and kubernetes manifests
 for unstable release 0.1.1-beta.1

---
 cli/Cargo.lock                 |   4 +-
 cli/Cargo.toml                 |   2 +-
 core/Cargo.lock                | 123 +--------------------------------
 core/api/Cargo.toml            |   2 +-
 core/src/testing/agent.yaml    |   2 +-
 core/src/testing/identity.yaml |   2 +-
 6 files changed, 9 insertions(+), 126 deletions(-)

diff --git a/cli/Cargo.lock b/cli/Cargo.lock
index 4282860..014daf7 100644
--- a/cli/Cargo.lock
+++ b/cli/Cargo.lock
@@ -411,7 +411,7 @@ dependencies = [
 
 [[package]]
 name = "cortexflow_agent_api"
-version = "0.1.0"
+version = "0.1.1-beta.0"
 dependencies = [
  "anyhow",
  "aya",
@@ -433,7 +433,7 @@ dependencies = [
 
 [[package]]
 name = "cortexflow_identity"
-version = "0.1.0"
+version = "0.1.1-beta.0"
 dependencies = [
  "anyhow",
  "aya",
diff --git a/cli/Cargo.toml b/cli/Cargo.toml
index 2d32a80..078ab5d 100644
--- a/cli/Cargo.toml
+++ b/cli/Cargo.toml
@@ -23,7 +23,7 @@ tonic = "0.14.1"
 tonic-reflection = "0.14.1"
 prost-types = "0.14.1"
 prost = "0.14.1"
-cortexflow_agent_api = "0.1.1-beta.0"
+cortexflow_agent_api = {path = "../core/api"}
 
 [[bin]]
 name = "cfcli"
diff --git a/core/Cargo.lock b/core/Cargo.lock
index 5521859..2f1c2d8 100644
--- a/core/Cargo.lock
+++ b/core/Cargo.lock
@@ -268,26 +268,6 @@ version = "0.22.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
 
-[[package]]
-name = "bindgen"
-version = "0.72.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "993776b509cfb49c750f11b8f07a46fa23e0a1386ffc01fb1e7d343efc387895"
-dependencies = [
- "bitflags",
- "cexpr",
- "clang-sys",
- "itertools 0.13.0",
- "log",
- "prettyplease",
- "proc-macro2",
- "quote",
- "regex",
- "rustc-hash",
- "shlex",
- "syn",
-]
-
 [[package]]
 name = "bitflags"
 version = "2.9.4"
@@ -336,15 +316,6 @@ dependencies = [
  "shlex",
 ]
 
-[[package]]
-name = "cexpr"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
-dependencies = [
- "nom",
-]
-
 [[package]]
 name = "cfg-if"
 version = "1.0.3"
@@ -370,17 +341,6 @@ dependencies = [
  "windows-link",
 ]
 
-[[package]]
-name = "clang-sys"
-version = "1.8.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4"
-dependencies = [
- "glob",
- "libc",
- "libloading",
-]
-
 [[package]]
 name = "conntracker"
 version = "0.1.0"
@@ -414,7 +374,7 @@ dependencies = [
  "bytemuck",
  "bytemuck_derive",
  "chrono",
- "cortexflow_identity 0.1.1-beta.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "cortexflow_identity",
  "prost",
  "tokio",
  "tokio-stream",
@@ -444,25 +404,6 @@ dependencies = [
  "tracing-subscriber",
 ]
 
-[[package]]
-name = "cortexflow_identity"
-version = "0.1.1-beta.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cd9835ff5923939dda6d390d5d913e0b4cad15d1e7b70a826aa133cf3a0fd248"
-dependencies = [
- "anyhow",
- "aya",
- "aya-log",
- "bytemuck",
- "bytemuck_derive",
- "bytes",
- "libc",
- "nix",
- "tokio",
- "tracing",
- "tracing-subscriber",
-]
-
 [[package]]
 name = "crc32fast"
 version = "1.5.0"
@@ -587,12 +528,6 @@ version = "0.32.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e629b9b98ef3dd8afe6ca2bd0f89306cec16d43d907889945bc5d6687f2f13c7"
 
-[[package]]
-name = "glob"
-version = "0.3.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280"
-
 [[package]]
 name = "h2"
 version = "0.4.12"
@@ -783,15 +718,6 @@ dependencies = [
  "libc",
 ]
 
-[[package]]
-name = "itertools"
-version = "0.13.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186"
-dependencies = [
- "either",
-]
-
 [[package]]
 name = "itertools"
 version = "0.14.0"
@@ -829,16 +755,6 @@ version = "0.2.177"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2874a2af47a2325c2001a6e6fad9b16a53b802102b528163885171cf92b15976"
 
-[[package]]
-name = "libloading"
-version = "0.8.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d7c4b02199fee7c5d21a5ae7d8cfa79a6ef5bb2fc834d6e9058e89c825efdc55"
-dependencies = [
- "cfg-if",
- "windows-link",
-]
-
 [[package]]
 name = "linux-raw-sys"
 version = "0.11.0"
@@ -912,9 +828,7 @@ version = "0.1.0"
 dependencies = [
  "aya-ebpf",
  "aya-log-ebpf",
- "bindgen",
  "bytemuck",
- "uname",
  "which",
 ]
 
@@ -924,12 +838,6 @@ version = "0.3.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
 
-[[package]]
-name = "minimal-lexical"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
-
 [[package]]
 name = "miniz_oxide"
 version = "0.8.9"
@@ -969,16 +877,6 @@ dependencies = [
  "memoffset",
 ]
 
-[[package]]
-name = "nom"
-version = "7.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
-dependencies = [
- "memchr",
- "minimal-lexical",
-]
-
 [[package]]
 name = "nu-ansi-term"
 version = "0.50.3"
@@ -1164,7 +1062,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ac6c3320f9abac597dcbc668774ef006702672474aad53c6d596b62e487b40b1"
 dependencies = [
  "heck",
- "itertools 0.14.0",
+ "itertools",
  "log",
  "multimap",
  "once_cell",
@@ -1186,7 +1084,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9120690fafc389a67ba3803df527d0ec9cbbc9cc45e4cc20b332996dfb672425"
 dependencies = [
  "anyhow",
- "itertools 0.14.0",
+ "itertools",
  "proc-macro2",
  "quote",
  "syn",
@@ -1280,12 +1178,6 @@ version = "0.1.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "56f7d92ca342cea22a06f2121d944b4fd82af56988c270852495420f961d4ace"
 
-[[package]]
-name = "rustc-hash"
-version = "2.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d"
-
 [[package]]
 name = "rustix"
 version = "1.1.2"
@@ -1671,15 +1563,6 @@ version = "0.2.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b"
 
-[[package]]
-name = "uname"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b72f89f0ca32e4db1c04e2a72f5345d59796d4866a1ee0609084569f73683dc8"
-dependencies = [
- "libc",
-]
-
 [[package]]
 name = "unicase"
 version = "2.8.1"
diff --git a/core/api/Cargo.toml b/core/api/Cargo.toml
index 211dd89..7604d37 100644
--- a/core/api/Cargo.toml
+++ b/core/api/Cargo.toml
@@ -25,7 +25,7 @@ tracing-subscriber = "0.3.19"
 tokio-stream = "0.1.17"
 bytemuck = {version ="1.23.0"}
 bytemuck_derive = "1.10.1"
-cortexflow_identity = "0.1.1-beta.0"
+cortexflow_identity = {path = "../src/components/identity"}
 chrono = "0.4.42"
 
 [build-dependencies]
diff --git a/core/src/testing/agent.yaml b/core/src/testing/agent.yaml
index e5c54f0..a1baf7e 100644
--- a/core/src/testing/agent.yaml
+++ b/core/src/testing/agent.yaml
@@ -19,7 +19,7 @@ spec:
       hostNetwork: true
       containers:
         - name: agent
-          image: lorenzotettamanti/cortexflow-agent:latest
+          image: lorenzotettamanti/cortexflow-agent:0.1.1-beta.2
           command: ["/bin/bash", "-c"]
           args:
             - |
diff --git a/core/src/testing/identity.yaml b/core/src/testing/identity.yaml
index 7c96ce1..968894b 100644
--- a/core/src/testing/identity.yaml
+++ b/core/src/testing/identity.yaml
@@ -53,7 +53,7 @@ spec:
                   - SYS_PTRACE 
       containers:
         - name: identity
-          image: lorenzotettamanti/cortexflow-identity:latest
+          image: lorenzotettamanti/cortexflow-identity:0.1.1-beta.2
           command: ["/bin/bash", "-c"]
           args:
             - |