kaffa/XDP-Firewall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement both IP and flow-based rate limiting.

Browse Source
This commit is contained in:
Christian Deacon
2025-03-23 20:35:08 -04:00
parent 2727740a64
commit 5aa3270f82
15 changed files with 420 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/xdp/utils/logging.c
View File

@@ -14,14 +14,16 @@
* @param dst_port The destination port.
* @param protocol The protocol.
* @param now The timestamp.
* @param pps The current PPS rate.
* @param bps The current BPS rate.
* @param ip_pps The current IP PPS rate.
* @param ip_bps The current IP BPS rate.
* @param flow_pps The current flow PPS rate.
* @param flow_bps The current flow BPS rate.
* @param pkt_len The full packet length.
* @param filter_id The filter ID that matched.
*
* @return always 0
*/
static __always_inline int log_filter_msg(struct iphdr* iph, struct ipv6hdr* iph6, u16 src_port, u16 dst_port, u8 protocol, u64 now, u64 pps, u64 bps, int pkt_len, int filter_id)
static __always_inline int log_filter_msg(struct iphdr* iph, struct ipv6hdr* iph6, u16 src_port, u16 dst_port, u8 protocol, u64 now, u64 ip_pps, u64 ip_bps, u64 flow_pps, u64 flow_bps, int pkt_len, int filter_id)
{
filter_log_event_t* e = bpf_ringbuf_reserve(&map_filter_log, sizeof(*e), 0);
@@ -45,8 +47,11 @@ static __always_inline int log_filter_msg(struct iphdr* iph, struct ipv6hdr* iph
e->protocol = protocol;
e->pps = pps;
e->bps = bps;
e->ip_pps = ip_pps;
e->ip_bps = ip_bps;
e->flow_pps = flow_pps;
e->flow_bps = flow_bps;
e->length = pkt_len;