kaffa/XDP-Firewall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Organize debug code.

Browse Source
This commit is contained in:
gamemann
2021-11-12 18:19:07 +00:00
parent 8527ed163c
commit 0268ab26ee
1 changed files with 9 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/xdpfw_kern.c
View File

@@ -23,14 +23,12 @@
#define ALLOWSINGLEIPV4V6 // When this is defined, a check will occur inside the IPv4 and IPv6 filters. For IPv6 packets, if no IPv6 source/destination IP addresses are set, but there is an IPv4 address, it will ignore the filter. The same goes for IPv4, if there is no IPv4 source/destination IP addresses set, if an IPv6 address is set, it will ignore the filter. #define ALLOWSINGLEIPV4V6 // When this is defined, a check will occur inside the IPv4 and IPv6 filters. For IPv6 packets, if no IPv6 source/destination IP addresses are set, but there is an IPv4 address, it will ignore the filter. The same goes for IPv4, if there is no IPv4 source/destination IP addresses set, if an IPv6 address is set, it will ignore the filter.
#ifdef DEBUG #ifdef DEBUG
#define bpf_printk(fmt, ...) \ #define bpf_printk(fmt, ...) \
({ \ ({ \
char ____fmt[] = fmt; \ char ____fmt[] = fmt; \
bpf_trace_printk(____fmt, sizeof(____fmt), \ bpf_trace_printk(____fmt, sizeof(____fmt), \
##__VA_ARGS__); \ ##__VA_ARGS__); \
}) })
#endif #endif
struct bpf_map_def SEC("maps") filters_map = struct bpf_map_def SEC("maps") filters_map =
@@ -163,7 +161,7 @@ int xdp_prog_main(struct xdp_md *ctx)
if (blocked != NULL && *blocked > 0) if (blocked != NULL && *blocked > 0)
{ {
#ifdef DEBUG #ifdef DEBUG
bpf_printk("Checking for blocked packet... Block time %llu.\n", *blocked); bpf_printk("Checking for blocked packet... Block time %llu.\n", *blocked);
#endif #endif
if (now > *blocked) if (now > *blocked)
@@ -181,11 +179,11 @@ int xdp_prog_main(struct xdp_md *ctx)
else else
{ {
#ifdef DOSTATSONBLOCKMAP #ifdef DOSTATSONBLOCKMAP
// Increase blocked stats entry. // Increase blocked stats entry.
if (stats) if (stats)
{ {
stats->dropped++; stats->dropped++;
} }
#endif #endif
// They're still blocked. Drop the packet. // They're still blocked. Drop the packet.
@@ -583,7 +581,7 @@ int xdp_prog_main(struct xdp_md *ctx)
// Matched. // Matched.
#ifdef DEBUG #ifdef DEBUG
bpf_printk("Matched rule ID #%d.\n", filter->id); bpf_printk("Matched rule ID #%d.\n", filter->id);
#endif #endif
action = filter->action; action = filter->action;
@@ -597,8 +595,8 @@ int xdp_prog_main(struct xdp_md *ctx)
matched: matched:
if (action == 0) if (action == 0)
{ {
#ifdef DEBUG #ifdef DEBUG
//bpf_printk("Matched with protocol %d and sAddr %lu.\n", iph->protocol, iph->saddr); //bpf_printk("Matched with protocol %d and sAddr %lu.\n", iph->protocol, iph->saddr);
#endif #endif
// Before dropping, update the blacklist map. // Before dropping, update the blacklist map.