Add typedefs and organize code.
This commit is contained in:
Christian Deacon
@@ -44,7 +44,7 @@ int xdp_prog_main(struct xdp_md *ctx)
|
||||
}
|
||||
|
||||
u8 action = 0;
|
||||
__u64 blocktime = 1;
|
||||
u64 blocktime = 1;
|
||||
|
||||
// Initialize IP headers.
|
||||
struct iphdr *iph = NULL;
|
||||
@@ -81,12 +81,12 @@ int xdp_prog_main(struct xdp_md *ctx)
|
||||
|
||||
// Get stats map.
|
||||
u32 key = 0;
|
||||
struct stats *stats = bpf_map_lookup_elem(&stats_map, &key);
|
||||
stats_t*stats = bpf_map_lookup_elem(&stats_map, &key);
|
||||
|
||||
__u64 now = bpf_ktime_get_ns();
|
||||
u64 now = bpf_ktime_get_ns();
|
||||
|
||||
// Check blacklist map.
|
||||
__u64 *blocked = NULL;
|
||||
u64 *blocked = NULL;
|
||||
|
||||
if (iph6)
|
||||
{
|
||||
@@ -234,8 +234,8 @@ int xdp_prog_main(struct xdp_md *ctx)
|
||||
}
|
||||
|
||||
// Update client stats (PPS/BPS).
|
||||
__u64 pps = 0;
|
||||
__u64 bps = 0;
|
||||
u64 pps = 0;
|
||||
u64 bps = 0;
|
||||
|
||||
if (iph6)
|
||||
{
|
||||
@@ -250,7 +250,7 @@ int xdp_prog_main(struct xdp_md *ctx)
|
||||
{
|
||||
u32 key = i;
|
||||
|
||||
struct filter *filter = bpf_map_lookup_elem(&filters_map, &key);
|
||||
filter_t *filter = bpf_map_lookup_elem(&filters_map, &key);
|
||||
|
||||
// Check if ID is above 0 (if 0, it's an invalid rule).
|
||||
if (!filter || filter->id < 1)
|
||||
@@ -534,7 +534,7 @@ int xdp_prog_main(struct xdp_md *ctx)
|
||||
// Before dropping, update the blacklist map.
|
||||
if (blocktime > 0)
|
||||
{
|
||||
__u64 newTime = now + (blocktime * NANO_TO_SEC);
|
||||
u64 newTime = now + (blocktime * NANO_TO_SEC);
|
||||
|
||||
if (iph6)
|
||||
{
|
||||
|
||||
@@ -38,7 +38,7 @@ struct
|
||||
__uint(type, BPF_MAP_TYPE_LRU_HASH);
|
||||
__uint(max_entries, MAX_TRACK_IPS);
|
||||
__type(key, u32);
|
||||
__type(value, __u64);
|
||||
__type(value, u64);
|
||||
} ip_blacklist_map SEC(".maps");
|
||||
|
||||
struct
|
||||
@@ -58,5 +58,5 @@ struct
|
||||
__uint(type, BPF_MAP_TYPE_LRU_HASH);
|
||||
__uint(max_entries, MAX_TRACK_IPS);
|
||||
__type(key, u128);
|
||||
__type(value, __u64);
|
||||
__type(value, u64);
|
||||
} ip6_blacklist_map SEC(".maps");
|
||||
@@ -13,17 +13,17 @@
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
static __always_inline void UpdateIpStats(__u64 *pps, __u64 *bps, u32 ip, u16 port, u8 protocol, u16 pkt_len, __u64 now)
|
||||
static __always_inline void UpdateIpStats(u64 *pps, u64 *bps, u32 ip, u16 port, u8 protocol, u16 pkt_len, u64 now)
|
||||
{
|
||||
#ifdef USE_FLOW_RL
|
||||
struct flow key = {0};
|
||||
flow_t key = {0};
|
||||
key.ip = ip;
|
||||
key.port = port;
|
||||
key.protocol = protocol;
|
||||
|
||||
struct ip_stats *ip_stats = bpf_map_lookup_elem(&ip_stats_map, &key);
|
||||
ip_stats_t *ip_stats = bpf_map_lookup_elem(&ip_stats_map, &key);
|
||||
#else
|
||||
struct ip_stats *ip_stats = bpf_map_lookup_elem(&ip_stats_map, &ip);
|
||||
ip_stats_t *ip_stats = bpf_map_lookup_elem(&ip_stats_map, &ip);
|
||||
#endif
|
||||
|
||||
if (ip_stats)
|
||||
@@ -48,7 +48,7 @@ static __always_inline void UpdateIpStats(__u64 *pps, __u64 *bps, u32 ip, u16 po
|
||||
else
|
||||
{
|
||||
// Create new entry.
|
||||
struct ip_stats new = {0};
|
||||
ip_stats_t new = {0};
|
||||
|
||||
new.pps = 1;
|
||||
new.bps = pkt_len;
|
||||
@@ -78,17 +78,17 @@ static __always_inline void UpdateIpStats(__u64 *pps, __u64 *bps, u32 ip, u16 po
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
static __always_inline void UpdateIp6Stats(__u64 *pps, __u64 *bps, u128 *ip, u16 port, u8 protocol, u16 pkt_len, __u64 now)
|
||||
static __always_inline void UpdateIp6Stats(u64 *pps, u64 *bps, u128 *ip, u16 port, u8 protocol, u16 pkt_len, u64 now)
|
||||
{
|
||||
#ifdef USE_FLOW_RL
|
||||
struct flow6 key = {0};
|
||||
flow6_t key = {0};
|
||||
key.ip = *ip;
|
||||
key.port = port;
|
||||
key.protocol = protocol;
|
||||
|
||||
struct ip_stats *ip_stats = bpf_map_lookup_elem(&ip_stats_map, &key);
|
||||
ip_stats_t *ip_stats = bpf_map_lookup_elem(&ip_stats_map, &key);
|
||||
#else
|
||||
struct ip_stats *ip_stats = bpf_map_lookup_elem(&ip_stats_map, ip);
|
||||
ip_stats_t *ip_stats = bpf_map_lookup_elem(&ip_stats_map, ip);
|
||||
#endif
|
||||
|
||||
if (ip_stats)
|
||||
@@ -113,7 +113,7 @@ static __always_inline void UpdateIp6Stats(__u64 *pps, __u64 *bps, u128 *ip, u16
|
||||
else
|
||||
{
|
||||
// Create new entry.
|
||||
struct ip_stats new = {0};
|
||||
ip_stats_t new = {0};
|
||||
|
||||
new.pps = 1;
|
||||
new.bps = pkt_len;
|
||||
|
||||
@@ -6,8 +6,8 @@
|
||||
|
||||
#include <xdp/utils/maps.h>
|
||||
|
||||
static __always_inline void UpdateIpStats(__u64 *pps, __u64 *bps, u32 ip, u16 port, u8 protocol, u16 pkt_len, __u64 now);
|
||||
static __always_inline void UpdateIp6Stats(__u64 *pps, __u64 *bps, u128 *ip, u16 port, u8 protocol, u16 pkt_len, __u64 now);
|
||||
static __always_inline void UpdateIpStats(u64 *pps, u64 *bps, u32 ip, u16 port, u8 protocol, u16 pkt_len, u64 now);
|
||||
static __always_inline void UpdateIp6Stats(u64 *pps, u64 *bps, u128 *ip, u16 port, u8 protocol, u16 pkt_len, u64 now);
|
||||
|
||||
// NOTE: We include the C source file below because we can't link object files which includes the function logic into the main XDP program because we need to ensure the function is always inlined for performance which doesn't work with linked objects.
|
||||
// More Info: https://stackoverflow.com/questions/24289599/always-inline-does-not-work-when-function-is-implemented-in-different-file
|
||||
|
||||
Reference in New Issue
Block a user