kaffa/XDP-Firewall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Cleanup code and filter output.

Browse Source
This commit is contained in:
Christian Deacon
2025-03-28 11:48:25 -04:00
parent 8b4be2ee2f
commit 3062ddd166
2 changed files with 52 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
src/loader/utils/config.c
View File

@@ -1328,19 +1328,19 @@ void print_filter(filter_rule_cfg_t* filter, int idx)
printf("\t\tEnabled => %d\n", filter->enabled); printf("\t\tEnabled => %d\n", filter->enabled);
printf("\t\tLog => %d\n\n", filter->log); printf("\t\tLog => %d\n\n", filter->log);
printf("\t\tAction => %d (0 = Block, 1 = Allow).\n", filter->action); printf("\t\tAction => %d (0 = Block, 1 = Allow)\n", filter->action);
printf("\t\t\tBlock Time => %d\n\n", filter->block_time); printf("\t\tBlock Time => %d\n\n", filter->block_time);
printf("\t\t\tIP PPS => %lld\n", filter->ip_pps); printf("\t\tIP PPS => %lld\n", filter->ip_pps);
printf("\t\t\tIP BPS => %lld\n", filter->ip_bps); printf("\t\tIP BPS => %lld\n", filter->ip_bps);
printf("\t\t\tFlow PPS => %lld\n", filter->flow_pps); printf("\t\tFlow PPS => %lld\n", filter->flow_pps);
printf("\t\t\tFlow BPS => %lld\n", filter->flow_bps); printf("\t\tFlow BPS => %lld\n", filter->flow_bps);
printf("\t\tMin Packet Length => %d\n", filter->ip.min_len);
printf("\t\tMax Packet Length => %d\n\n", filter->ip.max_len);
// IP Options. // IP Options.
printf("\t\tIP Options\n");
// IP addresses require additional code for string printing.
const char* src_ip = "N/A"; const char* src_ip = "N/A";
if (filter->ip.src_ip) if (filter->ip.src_ip)
@@ -1348,8 +1348,6 @@ void print_filter(filter_rule_cfg_t* filter, int idx)
src_ip = filter->ip.src_ip; src_ip = filter->ip.src_ip;
} }
printf("\t\t\tSource IPv4 => %s\n", src_ip);
const char* dst_ip = "N/A"; const char* dst_ip = "N/A";
if (filter->ip.dst_ip) if (filter->ip.dst_ip)
@@ -1357,8 +1355,6 @@ void print_filter(filter_rule_cfg_t* filter, int idx)
dst_ip = filter->ip.dst_ip; dst_ip = filter->ip.dst_ip;
} }
printf("\t\t\tDestination IPv4 => %s\n", dst_ip);
const char* src_ip6 = "N/A"; const char* src_ip6 = "N/A";
if (filter->ip.src_ip6) if (filter->ip.src_ip6)
@@ -1366,8 +1362,6 @@ void print_filter(filter_rule_cfg_t* filter, int idx)
src_ip6 = filter->ip.src_ip6; src_ip6 = filter->ip.src_ip6;
} }
printf("\t\t\tSource IPv6 => %s\n", src_ip6);
const char* dst_ip6 = "N/A"; const char* dst_ip6 = "N/A";
if (filter->ip.dst_ip6) if (filter->ip.dst_ip6)
@@ -1375,21 +1369,38 @@ void print_filter(filter_rule_cfg_t* filter, int idx)
dst_ip6 = filter->ip.dst_ip6; dst_ip6 = filter->ip.dst_ip6;
} }
printf("\t\tIP Options\n");
printf("\t\t\tSource IPv4 => %s\n", src_ip);
printf("\t\t\tDestination IPv4 => %s\n", dst_ip);
printf("\t\t\tSource IPv6 => %s\n", src_ip6);
printf("\t\t\tDestination IPv6 => %s\n", dst_ip6); printf("\t\t\tDestination IPv6 => %s\n", dst_ip6);
printf("\t\t\tMin TTL => %d\n", filter->ip.min_ttl); printf("\t\t\tMin TTL => %d\n", filter->ip.min_ttl);
printf("\t\t\tMax TTL => %d\n", filter->ip.max_ttl); printf("\t\t\tMax TTL => %d\n", filter->ip.max_ttl);
printf("\t\t\tMin Length => %d\n", filter->ip.min_len);
printf("\t\t\tMax Length => %d\n", filter->ip.max_len);
printf("\t\t\tTOS => %d\n\n", filter->ip.tos); printf("\t\t\tTOS => %d\n\n", filter->ip.tos);
// TCP Options. // TCP Options.
const char* tcp_sport = "N/A";
if (filter->tcp.sport)
{
tcp_sport = filter->tcp.sport;
}
const char* tcp_dport = "N/A";
if (filter->tcp.dport)
{
tcp_dport = filter->tcp.dport;
}
printf("\t\tTCP Options\n"); printf("\t\tTCP Options\n");
printf("\t\t\tTCP Enabled => %d\n", filter->tcp.enabled); printf("\t\t\tTCP Enabled => %d\n", filter->tcp.enabled);
printf("\t\t\tTCP Source Port => %s\n", filter->tcp.sport); printf("\t\t\tTCP Source Port => %s\n", tcp_sport);
printf("\t\t\tTCP Destination Port => %s\n", filter->tcp.dport); printf("\t\t\tTCP Destination Port => %s\n", tcp_dport);
printf("\t\t\tTCP URG Flag => %d\n", filter->tcp.urg); printf("\t\t\tTCP URG Flag => %d\n", filter->tcp.urg);
printf("\t\t\tTCP ACK Flag => %d\n", filter->tcp.ack); printf("\t\t\tTCP ACK Flag => %d\n", filter->tcp.ack);
printf("\t\t\tTCP RST Flag => %d\n", filter->tcp.rst); printf("\t\t\tTCP RST Flag => %d\n", filter->tcp.rst);
@@ -1400,13 +1411,29 @@ void print_filter(filter_rule_cfg_t* filter, int idx)
printf("\t\t\tTCP CWR Flag => %d\n\n", filter->tcp.cwr); printf("\t\t\tTCP CWR Flag => %d\n\n", filter->tcp.cwr);
// UDP Options. // UDP Options.
const char* udp_sport = "N/A";
if (filter->udp.sport)
{
udp_sport = filter->udp.sport;
}
const char* udp_dport = "N/A";
if (filter->udp.dport)
{
udp_dport = filter->udp.dport;
}
printf("\t\tUDP Options\n"); printf("\t\tUDP Options\n");
printf("\t\t\tUDP Enabled => %d\n", filter->udp.enabled); printf("\t\t\tUDP Enabled => %d\n", filter->udp.enabled);
printf("\t\t\tUDP Source Port => %s\n", filter->udp.sport); printf("\t\t\tUDP Source Port => %s\n", udp_sport);
printf("\t\t\tUDP Destination Port => %s\n\n", filter->udp.dport); printf("\t\t\tUDP Destination Port => %s\n\n", udp_dport);
// ICMP Options. // ICMP Options.
printf("\t\tICMP Options\n"); printf("\t\tICMP Options\n");
printf("\t\t\tICMP Enabled => %d\n", filter->icmp.enabled); printf("\t\t\tICMP Enabled => %d\n", filter->icmp.enabled);
printf("\t\t\tICMP Code => %d\n", filter->icmp.code); printf("\t\t\tICMP Code => %d\n", filter->icmp.code);
printf("\t\t\tICMP Type => %d\n", filter->icmp.type); printf("\t\t\tICMP Type => %d\n", filter->icmp.type);

3
src/loader/utils/logging.c
View File

@@ -148,7 +148,8 @@ int hdl_filters_rb_event(void* ctx, void* data, size_t sz)
{ {
inet_ntop(AF_INET6, e->src_ip6, src_ip_str, sizeof(src_ip_str)); inet_ntop(AF_INET6, e->src_ip6, src_ip_str, sizeof(src_ip_str));
inet_ntop(AF_INET6, e->dst_ip6, dst_ip_str, sizeof(dst_ip_str)); inet_ntop(AF_INET6, e->dst_ip6, dst_ip_str, sizeof(dst_ip_str));
} else }
else
{ {
inet_ntop(AF_INET, &e->src_ip, src_ip_str, sizeof(src_ip_str)); inet_ntop(AF_INET, &e->src_ip, src_ip_str, sizeof(src_ip_str));
inet_ntop(AF_INET, &e->dst_ip, dst_ip_str, sizeof(dst_ip_str)); inet_ntop(AF_INET, &e->dst_ip, dst_ip_str, sizeof(dst_ip_str));