From 7964f8986ab3471380f0a1b7f9ef593c2cf874bc Mon Sep 17 00:00:00 2001 From: gamemann Date: Tue, 16 Nov 2021 00:33:30 +0000 Subject: [PATCH] Move defines to header file for XDP program. --- src/xdpfw.h | 5 +++++ src/xdpfw_kern.c | 5 ----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/xdpfw.h b/src/xdpfw.h index 7695556..3a1b1cf 100644 --- a/src/xdpfw.h +++ b/src/xdpfw.h @@ -22,6 +22,11 @@ #endif #define __u128 __uint128_t + +// Additional options for XDP program. +//#define DEBUG +//#define DOSTATSONBLOCKMAP // Feel free to comment this out if you don't want the `blocked` entry on the stats map to be incremented every single time a packet is dropped from the source IP being on the blocked map. Commenting this line out should increase performance when blocking malicious traffic. +#define ALLOWSINGLEIPV4V6 // When this is defined, a check will occur inside the IPv4 and IPv6 filters. For IPv6 packets, if no IPv6 source/destination IP addresses are set, but there is an IPv4 address, it will ignore the filter. The same goes for IPv4, if there is no IPv4 source/destination IP addresses set, if an IPv6 address is set, it will ignore the filter. #endif struct tcpopts diff --git a/src/xdpfw_kern.c b/src/xdpfw_kern.c index 05738f3..9c3189e 100644 --- a/src/xdpfw_kern.c +++ b/src/xdpfw_kern.c @@ -16,11 +16,6 @@ #include "xdpfw.h" -//#define DEBUG -//#define DOSTATSONBLOCKMAP // Feel free to comment this out if you don't want the `blocked` entry on the stats map to be incremented every single time a packet is dropped from the source IP being on the blocked map. Commenting this line out should increase performance when blocking malicious traffic. - -#define ALLOWSINGLEIPV4V6 // When this is defined, a check will occur inside the IPv4 and IPv6 filters. For IPv6 packets, if no IPv6 source/destination IP addresses are set, but there is an IPv4 address, it will ignore the filter. The same goes for IPv4, if there is no IPv4 source/destination IP addresses set, if an IPv6 address is set, it will ignore the filter. - #ifdef DEBUG #define bpf_printk(fmt, ...) \ ({ \