diff --git a/Makefile b/Makefile index 6f6ac8a..9c3e776 100644 --- a/Makefile +++ b/Makefile @@ -13,7 +13,6 @@ LOADER_DIR = $(SRC_DIR)/loader XDP_DIR = $(SRC_DIR)/xdp ETC_DIR = /etc/xdpfw -LOG_DIR = /var/log/xdpfw # Additional build directories. BUILD_LOADER_DIR = $(BUILD_DIR)/loader @@ -135,7 +134,6 @@ libxdp_clean: install: mkdir -p $(ETC_DIR) - mkdir -p $(LOG_DIR) cp -n xdpfw.conf.example $(ETC_DIR)/xdpfw.conf diff --git a/README.md b/README.md index de21ba3..84d00b1 100644 --- a/README.md +++ b/README.md @@ -136,7 +136,7 @@ The following table quickly explains the data types used within the configuratio | Name | Type | Default | Description | | ---- | ---- | ------- | ----------- | | verbose | int | `2` | The verbose level for logging (0 - 5 supported so far). | -| log_file | string | `/var/log/xdpfw/xdpfw.log` | The log file location. If the string is empty (`""`), the log file is disabled. | +| log_file | string | `/var/log/xdpfw.log` | The log file location. If the string is empty (`""`), the log file is disabled. | | interface | string | `NULL` | The network interface name to attach the XDP program to (usually retrieved with `ip a` or `ifconfig`). | | update_time | uint | `0` | How often to update the config and filtering rules from the file system in seconds (0 disables). | | no_stats | bool | `false` | Whether to enable or disable packet counters. Disabling packet counters will improve performance, but result in less visibility on what the XDP Firewall is doing. | diff --git a/src/common/types.h b/src/common/types.h index 84f265f..d9add98 100644 --- a/src/common/types.h +++ b/src/common/types.h @@ -98,7 +98,7 @@ struct filter unsigned int do_bps : 1; u64 bps; - u64 blocktime; + u64 block_time; tcp_opts_t tcpopts; udp_opts_t udpopts; diff --git a/src/loader/utils/config.c b/src/loader/utils/config.c index 3d27868..85d8374 100644 --- a/src/loader/utils/config.c +++ b/src/loader/utils/config.c @@ -46,7 +46,7 @@ int LoadConfig(config__t *cfg, char *cfg_file, config_overrides_t* overrides) void SetCfgDefaults(config__t *cfg) { cfg->verbose = 2; - cfg->log_file = strdup("/var/log/xdpfw/xdpfw.log"); + cfg->log_file = strdup("/var/log/xdpfw.log"); cfg->update_time = 0; cfg->interface = NULL; cfg->no_stats = 0; @@ -90,7 +90,7 @@ void SetCfgDefaults(config__t *cfg) filter->do_bps = 0; filter->bps = 0; - filter->blocktime = 1; + filter->block_time = 1; filter->tcpopts.enabled = 0; filter->tcpopts.do_dport = 0; @@ -465,15 +465,15 @@ int ReadCfg(config__t *cfg, config_overrides_t* overrides) } // Block time (default 1). - long long blocktime; + long long block_time; - if (config_setting_lookup_int64(filter_cfg, "block_time", &blocktime) == CONFIG_TRUE) + if (config_setting_lookup_int64(filter_cfg, "block_time", &block_time) == CONFIG_TRUE) { - filter->blocktime = blocktime; + filter->block_time = block_time; } else { - filter->blocktime = 1; + filter->block_time = 1; } /* TCP options */ @@ -729,7 +729,7 @@ void PrintConfig(config__t* cfg) printf("\t\t\t\tTOS => %d\n", filter->tos); printf("\t\t\t\tPPS => %llu\n", filter->pps); printf("\t\t\t\tBPS => %llu\n", filter->bps); - printf("\t\t\t\tBlock Time => %llu\n\n", filter->blocktime); + printf("\t\t\t\tBlock Time => %llu\n\n", filter->block_time); // TCP Options. printf("\t\t\tTCP Options\n"); diff --git a/src/loader/utils/logging.c b/src/loader/utils/logging.c index 307045a..8b06284 100644 --- a/src/loader/utils/logging.c +++ b/src/loader/utils/logging.c @@ -164,7 +164,7 @@ int HandleRbEvent(void* ctx, void* data, size_t sz) const char* protocol_str = GetProtocolStrById(e->protocol); - LogMsg(cfg, 0, 0, "[FILTER %d] %s %s packet '%s:%d' => '%s:%d' (PPS => %llu, BPS => %llu, Filter Block Time => %llu)...", e->filter_id + 1, action, protocol_str, src_ip_str, htons(e->src_port), dst_ip_str, htons(e->dst_port), e->pps, e->bps, filter->blocktime); + LogMsg(cfg, 0, 0, "[FILTER %d] %s %s packet '%s:%d' => '%s:%d' (PPS => %llu, BPS => %llu, Filter Block Time => %llu)...", e->filter_id + 1, action, protocol_str, src_ip_str, htons(e->src_port), dst_ip_str, htons(e->dst_port), e->pps, e->bps, filter->block_time); return 0; } \ No newline at end of file diff --git a/src/xdp/prog.c b/src/xdp/prog.c index 6d1679b..243be49 100644 --- a/src/xdp/prog.c +++ b/src/xdp/prog.c @@ -45,7 +45,7 @@ int xdp_prog_main(struct xdp_md *ctx) } u8 action = 0; - u64 blocktime = 1; + u64 block_time = 1; // Initialize IP headers. struct iphdr *iph = NULL; @@ -539,7 +539,7 @@ int xdp_prog_main(struct xdp_md *ctx) // Matched. action = filter->action; - blocktime = filter->blocktime; + block_time = filter->block_time; goto matched; } @@ -555,17 +555,17 @@ int xdp_prog_main(struct xdp_md *ctx) if (action == 0) { // Before dropping, update the blacklist map. - if (blocktime > 0) + if (block_time > 0) { - u64 newTime = now + (blocktime * NANO_TO_SEC); + u64 new_time = now + (block_time * NANO_TO_SEC); if (iph6) { - bpf_map_update_elem(&ip6_blacklist_map, &src_ip6, &newTime, BPF_ANY); + bpf_map_update_elem(&ip6_blacklist_map, &src_ip6, &new_time, BPF_ANY); } else if (iph) { - bpf_map_update_elem(&ip_blacklist_map, &iph->saddr, &newTime, BPF_ANY); + bpf_map_update_elem(&ip_blacklist_map, &iph->saddr, &new_time, BPF_ANY); } } diff --git a/xdpfw.conf.example b/xdpfw.conf.example index b0d1462..3fb43d5 100644 --- a/xdpfw.conf.example +++ b/xdpfw.conf.example @@ -1,5 +1,5 @@ verbose = 2; -log_file = "/var/log/xdpfw/xdpfw.log"; +log_file = "/var/log/xdpfw.log"; interface = "ens18"; update_time = 15; no_stats = false;