kaffa/XDP-Firewall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename functions and cmdline to cli for organization.

Browse Source
This commit is contained in:
Christian Deacon
2025-03-06 13:49:09 -05:00
parent e1b0fec39e
commit 916189a498
27 changed files with 494 additions and 493 deletions
Download Patch File Download Diff File Expand all files Collapse all files

208
src/loader/prog.c
View File

@@ -11,7 +11,7 @@
#include <net/if.h>
#include <loader/utils/cmdline.h>
#include <loader/utils/cli.h>
#include <loader/utils/config.h>
#include <loader/utils/xdp.h>
#include <loader/utils/logging.h>
@@ -28,56 +28,56 @@ int doing_stats = 0;
* @param obj A pointer to the BPF object.
* @param ignore_errors Whether to ignore errors.
*/
static void UnpinNeededMaps(config__t* cfg, struct bpf_object* obj, int ignore_errors)
static void unpin_needed_maps(config__t* cfg, struct bpf_object* obj, int ignore_errors)
{
int ret;
// Unpin block map.
if ((ret = UnpinBpfMap(obj, XDP_MAP_PIN_DIR, "map_block")) != 0)
if ((ret = unpin_bpf_map(obj, XDP_MAP_PIN_DIR, "map_block")) != 0)
{
if (!ignore_errors)
{
LogMsg(cfg, 1, 0, "[WARNING] Failed to un-pin BPF map 'map_block' from file system (%d).", ret);
log_msg(cfg, 1, 0, "[WARNING] Failed to un-pin BPF map 'map_block' from file system (%d).", ret);
}
}
// Unpin block (IPv6) map.
if ((ret = UnpinBpfMap(obj, XDP_MAP_PIN_DIR, "map_block6")) != 0)
if ((ret = unpin_bpf_map(obj, XDP_MAP_PIN_DIR, "map_block6")) != 0)
{
if (!ignore_errors)
{
LogMsg(cfg, 1, 0, "[WARNING] Failed to un-pin BPF map 'map_block6' from file system (%d).", ret);
log_msg(cfg, 1, 0, "[WARNING] Failed to un-pin BPF map 'map_block6' from file system (%d).", ret);
}
}
#ifdef ENABLE_IP_RANGE_DROP
// Unpin IPv4 range drop map.
if ((ret = UnpinBpfMap(obj, XDP_MAP_PIN_DIR, "map_range_drop")) != 0)
if ((ret = unpin_bpf_map(obj, XDP_MAP_PIN_DIR, "map_range_drop")) != 0)
{
if (!ignore_errors)
{
LogMsg(cfg, 1, 0, "[WARNING] Failed to un-pin BPF map 'map_range_drop' from file system (%d).", ret);
log_msg(cfg, 1, 0, "[WARNING] Failed to un-pin BPF map 'map_range_drop' from file system (%d).", ret);
}
}
#endif
#ifdef ENABLE_FILTERS
// Unpin filters map.
if ((ret = UnpinBpfMap(obj, XDP_MAP_PIN_DIR, "map_filters")) != 0)
if ((ret = unpin_bpf_map(obj, XDP_MAP_PIN_DIR, "map_filters")) != 0)
{
if (!ignore_errors)
{
LogMsg(cfg, 1, 0, "[WARNING] Failed to un-pin BPF map 'map_filters' from file system (%d).", ret);
log_msg(cfg, 1, 0, "[WARNING] Failed to un-pin BPF map 'map_filters' from file system (%d).", ret);
}
}
#ifdef ENABLE_FILTER_LOGGING
// Unpin filters log map.
if ((ret = UnpinBpfMap(obj, XDP_MAP_PIN_DIR, "map_filter_log")) != 0)
if ((ret = unpin_bpf_map(obj, XDP_MAP_PIN_DIR, "map_filter_log")) != 0)
{
if (!ignore_errors)
{
LogMsg(cfg, 1, 0, "[WARNING] Failed to un-pin BPF map 'map_filter_log' from file system (%d).", ret);
log_msg(cfg, 1, 0, "[WARNING] Failed to un-pin BPF map 'map_filter_log' from file system (%d).", ret);
}
}
#endif
@@ -89,21 +89,21 @@ int main(int argc, char *argv[])
int ret;
// Parse the command line.
cmdline_t cmd = {0};
cmd.cfg_file = CONFIG_DEFAULT_PATH;
cmd.verbose = -1;
cmd.pin_maps = -1;
cmd.update_time = -1;
cmd.no_stats = -1;
cmd.stats_per_second = -1;
cmd.stdout_update_time = -1;
cli_t cli = {0};
cli.cfg_file = CONFIG_DEFAULT_PATH;
cli.verbose = -1;
cli.pin_maps = -1;
cli.update_time = -1;
cli.no_stats = -1;
cli.stats_per_second = -1;
cli.stdout_update_time = -1;
ParseCommandLine(&cmd, argc, argv);
parse_cli(&cli, argc, argv);
// Check for help.
if (cmd.help)
if (cli.help)
{
PrintHelpMenu();
print_help_menu();
return EXIT_SUCCESS;
}
@@ -111,31 +111,31 @@ int main(int argc, char *argv[])
// Initialize config.
config__t cfg = {0};
SetCfgDefaults(&cfg);
set_cfg_defaults(&cfg);
// Create overrides for config and set arguments from CLI.
config_overrides_t cfg_overrides = {0};
cfg_overrides.verbose = cmd.verbose;
cfg_overrides.log_file = cmd.log_file;
cfg_overrides.interface = cmd.interface;
cfg_overrides.pin_maps = cmd.pin_maps;
cfg_overrides.update_time = cmd.update_time;
cfg_overrides.no_stats = cmd.no_stats;
cfg_overrides.stats_per_second = cmd.stats_per_second;
cfg_overrides.stdout_update_time = cmd.stdout_update_time;
cfg_overrides.verbose = cli.verbose;
cfg_overrides.log_file = cli.log_file;
cfg_overrides.interface = cli.interface;
cfg_overrides.pin_maps = cli.pin_maps;
cfg_overrides.update_time = cli.update_time;
cfg_overrides.no_stats = cli.no_stats;
cfg_overrides.stats_per_second = cli.stats_per_second;
cfg_overrides.stdout_update_time = cli.stdout_update_time;
// Load config.
if ((ret = LoadConfig(&cfg, cmd.cfg_file, &cfg_overrides)) != 0)
if ((ret = load_cfg(&cfg, cli.cfg_file, &cfg_overrides)) != 0)
{
fprintf(stderr, "[ERROR] Failed to load config from file system (%s)(%d).\n", cmd.cfg_file, ret);
fprintf(stderr, "[ERROR] Failed to load config from file system (%s)(%d).\n", cli.cfg_file, ret);
return EXIT_FAILURE;
}
// Check for list option.
if (cmd.list)
if (cli.list)
{
PrintConfig(&cfg);
print_cfg(&cfg);
return EXIT_SUCCESS;
}
@@ -143,42 +143,42 @@ int main(int argc, char *argv[])
// Print tool info.
if (cfg.verbose > 0)
{
PrintToolInfo();
print_tool_info();
}
// Check interface.
if (cfg.interface == NULL)
{
LogMsg(&cfg, 0, 1, "[ERROR] No interface specified in config or CLI override.");
log_msg(&cfg, 0, 1, "[ERROR] No interface specified in config or CLI override.");
return EXIT_FAILURE;
}
LogMsg(&cfg, 2, 0, "Raising RLimit...");
log_msg(&cfg, 2, 0, "Raising RLimit...");
// Raise RLimit.
struct rlimit rl = { RLIM_INFINITY, RLIM_INFINITY };
if (setrlimit(RLIMIT_MEMLOCK, &rl))
{
LogMsg(&cfg, 0, 1, "[ERROR] Failed to raise rlimit. Please make sure this program is ran as root!\n");
log_msg(&cfg, 0, 1, "[ERROR] Failed to raise rlimit. Please make sure this program is ran as root!\n");
return EXIT_FAILURE;
}
LogMsg(&cfg, 2, 0, "Retrieving interface index for '%s'...", cfg.interface);
log_msg(&cfg, 2, 0, "Retrieving interface index for '%s'...", cfg.interface);
// Get interface index.
int ifidx = if_nametoindex(cfg.interface);
if (ifidx < 0)
{
LogMsg(&cfg, 0, 1, "[ERROR] Failed to retrieve index of network interface '%s'.\n", cfg.interface);
log_msg(&cfg, 0, 1, "[ERROR] Failed to retrieve index of network interface '%s'.\n", cfg.interface);
return EXIT_FAILURE;
}
LogMsg(&cfg, 2, 0, "Loading XDP/BPF program at '%s'...", XDP_OBJ_PATH);
log_msg(&cfg, 2, 0, "Loading XDP/BPF program at '%s'...", XDP_OBJ_PATH);
// Determine custom LibBPF log level.
int silent = 1;
@@ -188,187 +188,187 @@ int main(int argc, char *argv[])
silent = 0;
}
SetLibBPFLogMode(silent);
set_libbpf_log_mode(silent);
// Load BPF object.
struct xdp_program *prog = LoadBpfObj(XDP_OBJ_PATH);
struct xdp_program *prog = load_bpf_obj(XDP_OBJ_PATH);
if (prog == NULL)
{
LogMsg(&cfg, 0, 1, "[ERROR] Failed to load eBPF object file. Object path => %s.\n", XDP_OBJ_PATH);
log_msg(&cfg, 0, 1, "[ERROR] Failed to load eBPF object file. Object path => %s.\n", XDP_OBJ_PATH);
return EXIT_FAILURE;
}
LogMsg(&cfg, 2, 0, "Attaching XDP program to interface '%s'...", cfg.interface);
log_msg(&cfg, 2, 0, "Attaching XDP program to interface '%s'...", cfg.interface);
// Attach XDP program.
char *mode_used = NULL;
if ((ret = AttachXdp(prog, &mode_used, ifidx, 0, cmd.skb, cmd.offload)) != 0)
if ((ret = attach_xdp(prog, &mode_used, ifidx, 0, cli.skb, cli.offload)) != 0)
{
LogMsg(&cfg, 0, 1, "[ERROR] Failed to attach XDP program to interface '%s' using available modes (%d).\n", cfg.interface, ret);
log_msg(&cfg, 0, 1, "[ERROR] Failed to attach XDP program to interface '%s' using available modes (%d).\n", cfg.interface, ret);
return EXIT_FAILURE;
}
if (mode_used != NULL)
{
LogMsg(&cfg, 1, 0, "Attached XDP program using mode '%s'...", mode_used);
log_msg(&cfg, 1, 0, "Attached XDP program using mode '%s'...", mode_used);
}
LogMsg(&cfg, 2, 0, "Retrieving BPF map FDs...");
log_msg(&cfg, 2, 0, "Retrieving BPF map FDs...");
// Retrieve BPF maps.
int map_stats = FindMapFd(prog, "map_stats");
int map_stats = get_map_fd(prog, "map_stats");
if (map_stats < 0)
{
LogMsg(&cfg, 0, 1, "[ERROR] Failed to find 'map_stats' BPF map.\n");
log_msg(&cfg, 0, 1, "[ERROR] Failed to find 'map_stats' BPF map.\n");
return EXIT_FAILURE;
}
#ifdef ENABLE_FILTERS
int map_filters = FindMapFd(prog, "map_filters");
int map_filters = get_map_fd(prog, "map_filters");
// Check for valid maps.
if (map_filters < 0)
{
LogMsg(&cfg, 0, 1, "[ERROR] Failed to find 'map_filters' BPF map.\n");
log_msg(&cfg, 0, 1, "[ERROR] Failed to find 'map_filters' BPF map.\n");
return EXIT_FAILURE;
}
LogMsg(&cfg, 3, 0, "map_filters FD => %d.", map_filters);
log_msg(&cfg, 3, 0, "map_filters FD => %d.", map_filters);
#ifdef ENABLE_FILTER_LOGGING
int map_filter_log = FindMapFd(prog, "map_filter_log");
int map_filter_log = get_map_fd(prog, "map_filter_log");
struct ring_buffer* rb = NULL;
if (map_filter_log < 0)
{
LogMsg(&cfg, 1, 0, "[WARNING] Failed to find 'map_filter_log' BPF map. Filter logging will be disabled...");
log_msg(&cfg, 1, 0, "[WARNING] Failed to find 'map_filter_log' BPF map. Filter logging will be disabled...");
}
else
{
LogMsg(&cfg, 3, 0, "map_filter_log FD => %d.", map_filter_log);
log_msg(&cfg, 3, 0, "map_filter_log FD => %d.", map_filter_log);
rb = ring_buffer__new(map_filter_log, HandleRbEvent, &cfg, NULL);
rb = ring_buffer__new(map_filter_log, hdl_filters_rb_event, &cfg, NULL);
}
#endif
#endif
#ifdef ENABLE_IP_RANGE_DROP
int map_range_drop = FindMapFd(prog, "map_range_drop");
int map_range_drop = get_map_fd(prog, "map_range_drop");
if (map_range_drop < 0)
{
LogMsg(&cfg, 1, 0, "[WARNING] Failed to find 'map_range_drop' BPF map. IP range drops will be disabled...");
log_msg(&cfg, 1, 0, "[WARNING] Failed to find 'map_range_drop' BPF map. IP range drops will be disabled...");
}
else
{
LogMsg(&cfg, 3, 0, "map_range_drop FD => %d.", map_range_drop);
log_msg(&cfg, 3, 0, "map_range_drop FD => %d.", map_range_drop);
}
#endif
LogMsg(&cfg, 3, 0, "map_stats FD => %d.", map_stats);
log_msg(&cfg, 3, 0, "map_stats FD => %d.", map_stats);
// Pin BPF maps to file system if we need to.
if (cfg.pin_maps)
{
LogMsg(&cfg, 2, 0, "Pinning BPF maps...");
log_msg(&cfg, 2, 0, "Pinning BPF maps...");
struct bpf_object* obj = GetBpfObj(prog);
struct bpf_object* obj = get_bpf_obj(prog);
// There are times where the BPF maps from the last run weren't cleaned up properly.
// So it's best to attempt to unpin the maps before pinning while ignoring errors.
UnpinNeededMaps(&cfg, obj, 1);
unpin_needed_maps(&cfg, obj, 1);
// Pin the block maps.
if ((ret = PinBpfMap(obj, XDP_MAP_PIN_DIR, "map_block")) != 0)
if ((ret = pin_bpf_map(obj, XDP_MAP_PIN_DIR, "map_block")) != 0)
{
LogMsg(&cfg, 1, 0, "[WARNING] Failed to pin 'map_block' to file system (%d)...", ret);
log_msg(&cfg, 1, 0, "[WARNING] Failed to pin 'map_block' to file system (%d)...", ret);
}
else
{
LogMsg(&cfg, 3, 0, "BPF map 'map_block' pinned to '%s/map_block'.", XDP_MAP_PIN_DIR);
log_msg(&cfg, 3, 0, "BPF map 'map_block' pinned to '%s/map_block'.", XDP_MAP_PIN_DIR);
}
if ((ret = PinBpfMap(obj, XDP_MAP_PIN_DIR, "map_block6")) != 0)
if ((ret = pin_bpf_map(obj, XDP_MAP_PIN_DIR, "map_block6")) != 0)
{
LogMsg(&cfg, 1, 0, "[WARNING] Failed to pin 'map_block6' to file system (%d)...", ret);
log_msg(&cfg, 1, 0, "[WARNING] Failed to pin 'map_block6' to file system (%d)...", ret);
}
else
{
LogMsg(&cfg, 3, 0, "BPF map 'map_block6' pinned to '%s/map_block6'.", XDP_MAP_PIN_DIR);
log_msg(&cfg, 3, 0, "BPF map 'map_block6' pinned to '%s/map_block6'.", XDP_MAP_PIN_DIR);
}
#ifdef ENABLE_IP_RANGE_DROP
// Pin the IPv4 range drop map.
if ((ret = PinBpfMap(obj, XDP_MAP_PIN_DIR, "map_range_drop")) != 0)
if ((ret = pin_bpf_map(obj, XDP_MAP_PIN_DIR, "map_range_drop")) != 0)
{
LogMsg(&cfg, 1, 0, "[WARNING] Failed to pin 'map_range_drop' to file system (%d)...", ret);
log_msg(&cfg, 1, 0, "[WARNING] Failed to pin 'map_range_drop' to file system (%d)...", ret);
}
else
{
LogMsg(&cfg, 3, 0, "BPF map 'map_range_drop' pinned to '%s/map_range_drop'.", XDP_MAP_PIN_DIR);
log_msg(&cfg, 3, 0, "BPF map 'map_range_drop' pinned to '%s/map_range_drop'.", XDP_MAP_PIN_DIR);
}
#endif
#ifdef ENABLE_FILTERS
// Pin the filters map.
if ((ret = PinBpfMap(obj, XDP_MAP_PIN_DIR, "map_filters")) != 0)
if ((ret = pin_bpf_map(obj, XDP_MAP_PIN_DIR, "map_filters")) != 0)
{
LogMsg(&cfg, 1, 0, "[WARNING] Failed to pin 'map_filters' to file system (%d)...", ret);
log_msg(&cfg, 1, 0, "[WARNING] Failed to pin 'map_filters' to file system (%d)...", ret);
}
else
{
LogMsg(&cfg, 3, 0, "BPF map 'map_filters' pinned to '%s/map_filters'.", XDP_MAP_PIN_DIR);
log_msg(&cfg, 3, 0, "BPF map 'map_filters' pinned to '%s/map_filters'.", XDP_MAP_PIN_DIR);
}
#ifdef ENABLE_FILTER_LOGGING
// Pin the filters log map.
if ((ret = PinBpfMap(obj, XDP_MAP_PIN_DIR, "map_filter_log")) != 0)
if ((ret = pin_bpf_map(obj, XDP_MAP_PIN_DIR, "map_filter_log")) != 0)
{
LogMsg(&cfg, 1, 0, "[WARNING] Failed to pin 'map_filter_log' to file system (%d)...", ret);
log_msg(&cfg, 1, 0, "[WARNING] Failed to pin 'map_filter_log' to file system (%d)...", ret);
}
else
{
LogMsg(&cfg, 3, 0, "BPF map 'map_filter_log' pinned to '%s/map_filter_log'.", XDP_MAP_PIN_DIR);
log_msg(&cfg, 3, 0, "BPF map 'map_filter_log' pinned to '%s/map_filter_log'.", XDP_MAP_PIN_DIR);
}
#endif
#endif
}
#ifdef ENABLE_FILTERS
LogMsg(&cfg, 2, 0, "Updating filters...");
log_msg(&cfg, 2, 0, "Updating filters...");
// Update filters.
UpdateFilters(map_filters, &cfg);
update_filters(map_filters, &cfg);
#endif
#ifdef ENABLE_IP_RANGE_DROP
if (map_range_drop > -1)
{
LogMsg(&cfg, 2, 0, "Updating IP drop ranges...");
log_msg(&cfg, 2, 0, "Updating IP drop ranges...");
// Update IP range drops.
UpdateRangeDrops(map_range_drop, &cfg);
update_range_drops(map_range_drop, &cfg);
}
#endif
// Signal.
signal(SIGINT, SignalHndl);
signal(SIGTERM, SignalHndl);
signal(SIGINT, hdl_signal);
signal(SIGTERM, hdl_signal);
// Receive CPU count for stats map parsing.
int cpus = get_nprocs_conf();
LogMsg(&cfg, 4, 0, "Retrieved %d CPUs on host.", cpus);
log_msg(&cfg, 4, 0, "Retrieved %d CPUs on host.", cpus);
unsigned int end_time = (cmd.time > 0) ? time(NULL) + cmd.time : 0;
unsigned int end_time = (cli.time > 0) ? time(NULL) + cli.time : 0;
// Create last updated variables.
time_t last_update_check = time(NULL);
@@ -399,16 +399,16 @@ int main(int argc, char *argv[])
if (cfg.update_time > 0 && (cur_time - last_update_check) > cfg.update_time)
{
// Check if config file have been modified
if (stat(cmd.cfg_file, &conf_stat) == 0 && conf_stat.st_mtime > last_config_check) {
if (stat(cli.cfg_file, &conf_stat) == 0 && conf_stat.st_mtime > last_config_check) {
// Reload config.
if ((ret = LoadConfig(&cfg, cmd.cfg_file, &cfg_overrides)) != 0)
if ((ret = load_cfg(&cfg, cli.cfg_file, &cfg_overrides)) != 0)
{
LogMsg(&cfg, 1, 0, "[WARNING] Failed to load config after update check (%d)...\n", ret);
log_msg(&cfg, 1, 0, "[WARNING] Failed to load config after update check (%d)...\n", ret);
}
#ifdef ENABLE_FILTERS
// Update filters.
UpdateFilters(map_filters, &cfg);
update_filters(map_filters, &cfg);
#endif
// Update last check timer
@@ -428,14 +428,14 @@ int main(int argc, char *argv[])
// Calculate and display stats if enabled.
if (!cfg.no_stats)
{
if (CalculateStats(map_stats, cpus, cfg.stats_per_second))
if (calc_stats(map_stats, cpus, cfg.stats_per_second))
{
LogMsg(&cfg, 1, 0, "[WARNING] Failed to calculate packet stats. Stats map FD => %d...\n", map_stats);
log_msg(&cfg, 1, 0, "[WARNING] Failed to calculate packet stats. Stats map FD => %d...\n", map_stats);
}
}
#if defined(ENABLE_FILTERS) && defined(ENABLE_FILTER_LOGGING)
PollFiltersRb(rb);
poll_filters_rb(rb);
#endif
usleep(sleep_time);
@@ -443,7 +443,7 @@ int main(int argc, char *argv[])
fprintf(stdout, "\n");
LogMsg(&cfg, 2, 0, "Cleaning up...");
log_msg(&cfg, 2, 0, "Cleaning up...");
#if defined(ENABLE_FILTERS) && defined(ENABLE_FILTER_LOGGING)
if (rb)
@@ -453,9 +453,9 @@ int main(int argc, char *argv[])
#endif
// Detach XDP program.
if (AttachXdp(prog, &mode_used, ifidx, 1, cmd.skb, cmd.offload))
if (attach_xdp(prog, &mode_used, ifidx, 1, cli.skb, cli.offload))
{
LogMsg(&cfg, 0, 1, "[ERROR] Failed to detach XDP program from interface '%s'.\n", cfg.interface);
log_msg(&cfg, 0, 1, "[ERROR] Failed to detach XDP program from interface '%s'.\n", cfg.interface);
return EXIT_FAILURE;
}
@@ -463,17 +463,17 @@ int main(int argc, char *argv[])
// Unpin maps from file system.
if (cfg.pin_maps)
{
LogMsg(&cfg, 2, 0, "Un-pinning BPF maps from file system...");
log_msg(&cfg, 2, 0, "Un-pinning BPF maps from file system...");
struct bpf_object* obj = GetBpfObj(prog);
struct bpf_object* obj = get_bpf_obj(prog);
UnpinNeededMaps(&cfg, obj, 0);
unpin_needed_maps(&cfg, obj, 0);
}
// Lastly, close the XDP program.
xdp_program__close(prog);
LogMsg(&cfg, 1, 0, "Exiting.\n");
log_msg(&cfg, 1, 0, "Exiting.\n");
// Exit program successfully.
return EXIT_SUCCESS;

36
src/loader/utils/cmdline.c → src/loader/utils/cli.c
View File

@@ -1,4 +1,4 @@
#include <loader/utils/cmdline.h>
#include <loader/utils/cli.h>
const struct option opts[] =
{
@@ -22,13 +22,13 @@ const struct option opts[] =
};
/**
* Parses the command line and stores values in the cmdline structure.
* Parses the command line and stores values in the cli structure.
*
* @param cmd A pointer to the cmdline structure.
* @param cli A pointer to the cli structure.
*
* @return Void
*/
void ParseCommandLine(cmdline_t *cmd, int argc, char *argv[])
void parse_cli(cli_t *cli, int argc, char *argv[])
{
int c;
@@ -37,72 +37,72 @@ void ParseCommandLine(cmdline_t *cmd, int argc, char *argv[])
switch (c)
{
case 'c':
cmd->cfg_file = optarg;
cli->cfg_file = optarg;
break;
case 'o':
cmd->offload = 1;
cli->offload = 1;
break;
case 's':
cmd->skb = 1;
cli->skb = 1;
break;
case 't':
cmd->time = atoi(optarg);
cli->time = atoi(optarg);
break;
case 'l':
cmd->list = 1;
cli->list = 1;
break;
case 'h':
cmd->help = 1;
cli->help = 1;
break;
case 'v':
cmd->verbose = atoi(optarg);
cli->verbose = atoi(optarg);
break;
case 0:
cmd->log_file = optarg;
cli->log_file = optarg;
break;
case 'i':
cmd->interface = optarg;
cli->interface = optarg;
break;
case 'p':
cmd->pin_maps = atoi(optarg);
cli->pin_maps = atoi(optarg);
break;
case 'u':
cmd->update_time = atoi(optarg);
cli->update_time = atoi(optarg);
break;
case 'n':
cmd->no_stats = atoi(optarg);
cli->no_stats = atoi(optarg);
break;
case 1:
cmd->stats_per_second = atoi(optarg);
cli->stats_per_second = atoi(optarg);
break;
case 2:
cmd->stdout_update_time = atoi(optarg);
cli->stdout_update_time = atoi(optarg);
break;

6
src/loader/utils/cmdline.h → src/loader/utils/cli.h
View File

@@ -4,7 +4,7 @@
#include <stdlib.h>
#include <getopt.h>
struct cmdline
struct cli
{
char *cfg_file;
unsigned int offload : 1;
@@ -21,6 +21,6 @@ struct cmdline
int no_stats;
int stats_per_second;
int stdout_update_time;
} typedef cmdline_t;
} typedef cli_t;
void ParseCommandLine(cmdline_t *cmd, int argc, char *argv[]);
void parse_cli(cli_t *cli, int argc, char *argv[]);

46
src/loader/utils/config.c
View File

@@ -9,49 +9,49 @@
*
* @return 0 on success or 1 on error.
*/
int LoadConfig(config__t *cfg, const char* cfg_file, config_overrides_t* overrides)
int load_cfg(config__t *cfg, const char* cfg_file, config_overrides_t* overrides)
{
int ret;
FILE *file = NULL;
// Open config file.
if ((ret = OpenCfg(&file, cfg_file)) != 0 || file == NULL)
if ((ret = open_cfg(&file, cfg_file)) != 0 || file == NULL)
{
fprintf(stderr, "Error opening config file.\n");
return ret;
}
SetCfgDefaults(cfg);
set_cfg_defaults(cfg);
memset(cfg->filters, 0, sizeof(cfg->filters));
char* buffer = NULL;
// Read config.
if ((ret = ReadCfg(file, &buffer)) != 0)
if ((ret = read_cfg(file, &buffer)) != 0)
{
fprintf(stderr, "Error reading config file.\n");
CloseCfg(file);
close_cfg(file);
return ret;
}
// Parse config.
if ((ret = ParseCfg(cfg, buffer, overrides)) != 0)
if ((ret = parse_cfg(cfg, buffer, overrides)) != 0)
{
fprintf(stderr, "Error parsing config file.\n");
CloseCfg(file);
close_cfg(file);
return ret;
}
free(buffer);
if ((ret = CloseCfg(file)) != 0)
if ((ret = close_cfg(file)) != 0)
{
fprintf(stderr, "Error closing config file.\n");
@@ -68,7 +68,7 @@ int LoadConfig(config__t *cfg, const char* cfg_file, config_overrides_t* overrid
*
* @return 0 on success or 1 on error.
*/
int OpenCfg(FILE** file, const char *file_name)
int open_cfg(FILE** file, const char *file_name)
{
// Close any existing files.
if (*file != NULL)
@@ -95,7 +95,7 @@ int OpenCfg(FILE** file, const char *file_name)
*
* @param return 0 on success or error value of fclose().
*/
int CloseCfg(FILE* file)
int close_cfg(FILE* file)
{
return fclose(file);
}
@@ -106,7 +106,7 @@ int CloseCfg(FILE* file)
* @param file The file pointer.
* @param buffer The buffer to store the data in (manually allocated).
*/
int ReadCfg(FILE* file, char** buffer)
int read_cfg(FILE* file, char** buffer)
{
fseek(file, 0, SEEK_END);
long file_size = ftell(file);
@@ -139,7 +139,7 @@ int ReadCfg(FILE* file, char** buffer)
*
* @return 0 on success or 1/-1 on error.
*/
int ParseCfg(config__t *cfg, const char* data, config_overrides_t* overrides)
int parse_cfg(config__t *cfg, const char* data, config_overrides_t* overrides)
{
// Initialize config.
config_t conf;
@@ -150,7 +150,7 @@ int ParseCfg(config__t *cfg, const char* data, config_overrides_t* overrides)
// Attempt to read the config.
if (config_read_string(&conf, data) == CONFIG_FALSE)
{
LogMsg(cfg, 0, 1, "Error from LibConfig when reading file - %s (Line %d)", config_error_text(&conf), config_error_line(&conf));
log_msg(cfg, 0, 1, "Error from LibConfig when reading file - %s (Line %d)", config_error_text(&conf), config_error_line(&conf));
config_destroy(&conf);
@@ -317,7 +317,7 @@ int ParseCfg(config__t *cfg, const char* data, config_overrides_t* overrides)
if (filter == NULL || filter_cfg == NULL)
{
LogMsg(cfg, 0, 1, "[WARNING] Failed to read filter rule at index #%d. 'filter' or 'filter_cfg' is NULL (make sure you didn't exceed the maximum filters allowed!)...");
log_msg(cfg, 0, 1, "[WARNING] Failed to read filter rule at index #%d. 'filter' or 'filter_cfg' is NULL (make sure you didn't exceed the maximum filters allowed!)...");
continue;
}
@@ -351,7 +351,7 @@ int ParseCfg(config__t *cfg, const char* data, config_overrides_t* overrides)
if (config_setting_lookup_string(filter_cfg, "src_ip", &sip) == CONFIG_TRUE)
{
ip_range_t ip = ParseIpCidr(sip);
ip_range_t ip = parse_ip_range(sip);
filter->src_ip = ip.ip;
filter->src_cidr = ip.cidr;
@@ -362,7 +362,7 @@ int ParseCfg(config__t *cfg, const char* data, config_overrides_t* overrides)
if (config_setting_lookup_string(filter_cfg, "dst_ip", &dip) == CONFIG_TRUE)
{
ip_range_t ip = ParseIpCidr(dip);
ip_range_t ip = parse_ip_range(dip);
filter->dst_ip = ip.ip;
filter->dst_cidr = ip.cidr;
@@ -662,7 +662,7 @@ int ParseCfg(config__t *cfg, const char* data, config_overrides_t* overrides)
*
* @param return 0 on success or 1 on failure.
*/
int SaveCfg(config__t* cfg, const char* file_path)
int save_cfg(config__t* cfg, const char* file_path)
{
config_t conf;
config_setting_t *root, *setting;
@@ -945,7 +945,7 @@ int SaveCfg(config__t* cfg, const char* file_path)
*
* @return void
*/
void SetFilterDefaults(filter_t* filter)
void set_filter_defaults(filter_t* filter)
{
filter->set = 0;
filter->enabled = 1;
@@ -1010,7 +1010,7 @@ void SetFilterDefaults(filter_t* filter)
*
* @return void
*/
void SetCfgDefaults(config__t* cfg)
void set_cfg_defaults(config__t* cfg)
{
cfg->verbose = 2;
cfg->log_file = strdup("/var/log/xdpfw.log");
@@ -1025,7 +1025,7 @@ void SetCfgDefaults(config__t* cfg)
{
filter_t* filter = &cfg->filters[i];
SetFilterDefaults(filter);
set_filter_defaults(filter);
}
memset(cfg->drop_ranges, 0, sizeof(cfg->drop_ranges));
@@ -1120,7 +1120,7 @@ void PrintFilter(filter_t* filter, int idx)
*
* @return void
*/
void PrintConfig(config__t* cfg)
void print_cfg(config__t* cfg)
{
char* interface = "N/A";
@@ -1186,7 +1186,7 @@ void PrintConfig(config__t* cfg)
*
* @return The next available index or -1 if there are no available indexes.
*/
int GetNextAvailableFilterIndex(config__t* cfg)
int get_next_filter_idx(config__t* cfg)
{
for (int i = 0; i < MAX_FILTERS; i++)
{
@@ -1210,7 +1210,7 @@ int GetNextAvailableFilterIndex(config__t* cfg)
*
* @return The next available index or -1 if there are no available indexes.
*/
int GetNextAvailableIpDropRangeIndex(config__t* cfg)
int get_next_ip_drop_range_idx(config__t* cfg)
{
for (int i = 0; i < MAX_IP_RANGES; i++)
{

22
src/loader/utils/config.h
View File

@@ -40,21 +40,21 @@ struct config_overrides
int stdout_update_time;
} typedef config_overrides_t;
void SetCfgDefaults(config__t *cfg);
void SetFilterDefaults(filter_t* filter);
void set_cfg_defaults(config__t *cfg);
void set_filter_defaults(filter_t* filter);
void PrintConfig(config__t* cfg);
void print_cfg(config__t* cfg);
void PrintFilter(filter_t* filter, int idx);
int LoadConfig(config__t *cfg, const char* cfg_file, config_overrides_t* overrides);
int SaveCfg(config__t* cfg, const char* file_path);
int load_cfg(config__t *cfg, const char* cfg_file, config_overrides_t* overrides);
int save_cfg(config__t* cfg, const char* file_path);
int OpenCfg(FILE** file, const char *file_name);
int CloseCfg(FILE* file);
int ReadCfg(FILE* file, char** buffer);
int ParseCfg(config__t *cfg, const char* data, config_overrides_t* overrides);
int open_cfg(FILE** file, const char *file_name);
int close_cfg(FILE* file);
int read_cfg(FILE* file, char** buffer);
int parse_cfg(config__t *cfg, const char* data, config_overrides_t* overrides);
int GetNextAvailableFilterIndex(config__t* cfg);
int GetNextAvailableIpDropRangeIndex(config__t* cfg);
int get_next_filter_idx(config__t* cfg);
int get_next_ip_drop_range_idx(config__t* cfg);
#include <loader/utils/logging.h>

14
src/loader/utils/helpers.c
View File

@@ -5,7 +5,7 @@
*
* @return void
*/
void PrintHelpMenu()
void print_help_menu()
{
printf("Usage: xdpfw [OPTIONS]\n\n");
@@ -31,7 +31,7 @@ void PrintHelpMenu()
*
* @return void
*/
void SignalHndl(int code)
void hdl_signal(int code)
{
cont = 0;
}
@@ -43,7 +43,7 @@ void SignalHndl(int code)
*
* @return Returns an IP structure with IP and CIDR.
*/
ip_range_t ParseIpCidr(const char *ip)
ip_range_t parse_ip_range(const char *ip)
{
ip_range_t ret = {0};
ret.cidr = 32;
@@ -52,7 +52,7 @@ ip_range_t ParseIpCidr(const char *ip)
strncpy(ip_copy, ip, sizeof(ip_copy) - 1);
ip_copy[sizeof(ip_copy) - 1] = '\0';
char *token = strtok((char *) ip_copy, "/");
char *token = strtok(ip_copy, "/");
if (token)
{
@@ -76,7 +76,7 @@ ip_range_t ParseIpCidr(const char *ip)
*
* @return The protocol string.
*/
const char* GetProtocolStrById(int id)
const char* get_protocol_str_by_id(int id)
{
switch (id)
{
@@ -98,7 +98,7 @@ const char* GetProtocolStrById(int id)
*
* @return void
*/
void PrintToolInfo()
void print_tool_info()
{
printf(
" __ ______ ____ _____ _ _ _ \n"
@@ -115,7 +115,7 @@ void PrintToolInfo()
*
* @return The current nanoseconds since the system last booted.
*/
u64 GetBootNanoTime()
u64 get_boot_nano_time()
{
struct sysinfo sys;
sysinfo(&sys);

12
src/loader/utils/helpers.h
View File

@@ -17,9 +17,9 @@ struct ip_range
extern int cont;
void PrintHelpMenu();
void SignalHndl(int code);
ip_range_t ParseIpCidr(const char* ip);
const char* GetProtocolStrById(int id);
void PrintToolInfo();
u64 GetBootNanoTime();
void print_help_menu();
void hdl_signal(int code);
ip_range_t parse_ip_range(const char* ip);
const char* get_protocol_str_by_id(int id);
void print_tool_info();
u64 get_boot_nano_time();

16
src/loader/utils/logging.c
View File

@@ -11,7 +11,7 @@
*
* @return void
*/
static void LogMsgRaw(int req_lvl, int cur_lvl, int error, const char* log_path, const char* msg, va_list args)
static void log_msgRaw(int req_lvl, int cur_lvl, int error, const char* log_path, const char* msg, va_list args)
{
if (cur_lvl < req_lvl)
{
@@ -86,7 +86,7 @@ static void LogMsgRaw(int req_lvl, int cur_lvl, int error, const char* log_path,
}
/**
* Prints a log message using LogMsgRaw().
* Prints a log message using log_msgRaw().
*
* @param cfg A pointer to the config structure.
* @param req_lvl The required level for this message.
@@ -95,12 +95,12 @@ static void LogMsgRaw(int req_lvl, int cur_lvl, int error, const char* log_path,
*
* @return void
*/
void LogMsg(config__t* cfg, int req_lvl, int error, const char* msg, ...)
void log_msg(config__t* cfg, int req_lvl, int error, const char* msg, ...)
{
va_list args;
va_start(args, msg);
LogMsgRaw(req_lvl, cfg->verbose, error, (const char*)cfg->log_file, msg, args);
log_msgRaw(req_lvl, cfg->verbose, error, (const char*)cfg->log_file, msg, args);
va_end(args);
}
@@ -112,7 +112,7 @@ void LogMsg(config__t* cfg, int req_lvl, int error, const char* msg, ...)
*
* @return void
*/
void PollFiltersRb(struct ring_buffer* rb)
void poll_filters_rb(struct ring_buffer* rb)
{
if (rb)
{
@@ -129,7 +129,7 @@ void PollFiltersRb(struct ring_buffer* rb)
*
* @return 0 on success or 1 on failure.
*/
int HandleRbEvent(void* ctx, void* data, size_t sz)
int hdl_filters_rb_event(void* ctx, void* data, size_t sz)
{
config__t* cfg = (config__t*)ctx;
filter_log_event_t* e = (filter_log_event_t*)data;
@@ -161,9 +161,9 @@ int HandleRbEvent(void* ctx, void* data, size_t sz)
action = "Passed";
}
const char* protocol_str = GetProtocolStrById(e->protocol);
const char* protocol_str = get_protocol_str_by_id(e->protocol);
LogMsg(cfg, 0, 0, "[FILTER %d] %s %s packet '%s:%d' => '%s:%d' (PPS => %llu, BPS => %llu, Filter Block Time => %llu)...", e->filter_id + 1, action, protocol_str, src_ip_str, htons(e->src_port), dst_ip_str, htons(e->dst_port), e->pps, e->bps, filter->block_time);
log_msg(cfg, 0, 0, "[FILTER %d] %s %s packet '%s:%d' => '%s:%d' (PPS => %llu, BPS => %llu, Filter Block Time => %llu)...", e->filter_id + 1, action, protocol_str, src_ip_str, htons(e->src_port), dst_ip_str, htons(e->dst_port), e->pps, e->bps, filter->block_time);
return 0;
}

6
src/loader/utils/logging.h
View File

@@ -16,7 +16,7 @@
extern int doing_stats;
void LogMsg(config__t* cfg, int req_lvl, int error, const char* msg, ...);
void log_msg(config__t* cfg, int req_lvl, int error, const char* msg, ...);
void PollFiltersRb(struct ring_buffer* rb);
int HandleRbEvent(void* ctx, void* data, size_t sz);
void poll_filters_rb(struct ring_buffer* rb);
int hdl_filters_rb_event(void* ctx, void* data, size_t sz);

2
src/loader/utils/stats.c
View File

@@ -15,7 +15,7 @@ u64 last_passed = 0;
*
* @return 0 on success or 1 on failure.
*/
int CalculateStats(int map_stats, int cpus, int per_second)
int calc_stats(int map_stats, int cpus, int per_second)
{
u32 key = 0;

2
src/loader/utils/stats.h
View File

@@ -9,4 +9,4 @@
#include <time.h>
int CalculateStats(int map_stats, int cpus, int per_second);
int calc_stats(int map_stats, int cpus, int per_second);

48
src/loader/utils/xdp.c
View File

@@ -8,7 +8,7 @@
*
* @return The map's FD.
*/
int FindMapFd(struct xdp_program *prog, const char *map_name)
int get_map_fd(struct xdp_program *prog, const char *map_name)
{
int fd = -1;
@@ -57,7 +57,7 @@ static int LibBPFSilent(enum libbpf_print_level level, const char *format, va_li
*
* @return void
*/
void SetLibBPFLogMode(int silent)
void set_libbpf_log_mode(int silent)
{
if (silent)
{
@@ -72,7 +72,7 @@ void SetLibBPFLogMode(int silent)
*
* @return XDP program structure (pointer) or NULL.
*/
struct xdp_program *LoadBpfObj(const char *file_name)
struct xdp_program *load_bpf_obj(const char *file_name)
{
struct xdp_program *prog = xdp_program__open_file(file_name, "xdp_prog", NULL);
@@ -92,7 +92,7 @@ struct xdp_program *LoadBpfObj(const char *file_name)
*
* @return The BPF object.
*/
struct bpf_object* GetBpfObj(struct xdp_program* prog)
struct bpf_object* get_bpf_obj(struct xdp_program* prog)
{
return xdp_program__bpf_obj(prog);
}
@@ -109,7 +109,7 @@ struct bpf_object* GetBpfObj(struct xdp_program* prog)
*
* @return 0 on success and 1 on error.
*/
int AttachXdp(struct xdp_program *prog, char** mode, int ifidx, int detach, int force_skb, int force_offload)
int attach_xdp(struct xdp_program *prog, char** mode, int ifidx, int detach, int force_skb, int force_offload)
{
int err;
@@ -197,7 +197,7 @@ int AttachXdp(struct xdp_program *prog, char** mode, int ifidx, int detach, int
*
* @return 0 on success or the error value of bpf_map_delete_elem().
*/
int DeleteFilter(int map_filters, u32 idx)
int delete_filter(int map_filters, u32 idx)
{
return bpf_map_delete_elem(map_filters, &idx);
}
@@ -209,11 +209,11 @@ int DeleteFilter(int map_filters, u32 idx)
*
* @return void
*/
void DeleteFilters(int map_filters)
void delete_filters(int map_filters)
{
for (int i = 0; i < MAX_FILTERS; i++)
{
DeleteFilter(map_filters, i);
delete_filter(map_filters, i);
}
}
@@ -226,7 +226,7 @@ void DeleteFilters(int map_filters)
*
* @return 0 on success or error value of bpf_map_update_elem().
*/
int UpdateFilter(int map_filters, filter_t* filter, int idx)
int update_filter(int map_filters, filter_t* filter, int idx)
{
int ret;
@@ -249,7 +249,7 @@ int UpdateFilter(int map_filters, filter_t* filter, int idx)
*
* @return Void
*/
void UpdateFilters(int map_filters, config__t *cfg)
void update_filters(int map_filters, config__t *cfg)
{
int ret;
int cur_idx = 0;
@@ -259,7 +259,7 @@ void UpdateFilters(int map_filters, config__t *cfg)
{
// Delete previous rule from BPF map.
// We do this in the case rules were edited and were put out of order since the key doesn't uniquely map to a specific rule.
DeleteFilter(map_filters, i);
delete_filter(map_filters, i);
filter_t* filter = &cfg->filters[i];
@@ -270,7 +270,7 @@ void UpdateFilters(int map_filters, config__t *cfg)
}
// Attempt to update filter.
if ((ret = UpdateFilter(map_filters, filter, cur_idx)) != 0)
if ((ret = update_filter(map_filters, filter, cur_idx)) != 0)
{
fprintf(stderr, "[WARNING] Failed to update filter #%d due to BPF update error (%d)...\n", cur_idx, ret);
@@ -290,7 +290,7 @@ void UpdateFilters(int map_filters, config__t *cfg)
*
* @return 0 on success or value of bpf_map__pin() on error.
*/
int PinBpfMap(struct bpf_object* obj, const char* pin_dir, const char* map_name)
int pin_bpf_map(struct bpf_object* obj, const char* pin_dir, const char* map_name)
{
struct bpf_map* map = bpf_object__find_map_by_name(obj, map_name);
@@ -314,7 +314,7 @@ int PinBpfMap(struct bpf_object* obj, const char* pin_dir, const char* map_name)
*
* @return
*/
int UnpinBpfMap(struct bpf_object* obj, const char* pin_dir, const char* map_name)
int unpin_bpf_map(struct bpf_object* obj, const char* pin_dir, const char* map_name)
{
struct bpf_map* map = bpf_object__find_map_by_name(obj, map_name);
@@ -337,7 +337,7 @@ int UnpinBpfMap(struct bpf_object* obj, const char* pin_dir, const char* map_nam
*
* @return The map FD or -1 on error.
*/
int GetMapPinFd(const char* pin_dir, const char* map_name)
int get_map_fd_pin(const char* pin_dir, const char* map_name)
{
char full_path[255];
snprintf(full_path, sizeof(full_path), "%s/%s", pin_dir, map_name);
@@ -353,7 +353,7 @@ int GetMapPinFd(const char* pin_dir, const char* map_name)
*
* @return 0 on success or error value of bpf_map_delete_elem().
*/
int DeleteBlock(int map_block, u32 ip)
int delete_block(int map_block, u32 ip)
{
return bpf_map_delete_elem(map_block, &ip);
}
@@ -367,7 +367,7 @@ int DeleteBlock(int map_block, u32 ip)
*
* @return 0 on success or error value of bpf_map_update_elem().
*/
int AddBlock(int map_block, u32 ip, u64 expires)
int add_block(int map_block, u32 ip, u64 expires)
{
return bpf_map_update_elem(map_block, &ip, &expires, BPF_ANY);
}
@@ -380,7 +380,7 @@ int AddBlock(int map_block, u32 ip, u64 expires)
*
* @return 0 on success or error value of bpf_map_delete_elem().
*/
int DeleteBlock6(int map_block6, u128 ip)
int delete_block6(int map_block6, u128 ip)
{
return bpf_map_delete_elem(map_block6, &ip);
}
@@ -394,7 +394,7 @@ int DeleteBlock6(int map_block6, u128 ip)
*
* @return 0 on success or error value of bpf_map_update_elem().
*/
int AddBlock6(int map_block6, u128 ip, u64 expires)
int add_block6(int map_block6, u128 ip, u64 expires)
{
return bpf_map_update_elem(map_block6, &ip, &expires, BPF_ANY);
}
@@ -408,7 +408,7 @@ int AddBlock6(int map_block6, u128 ip, u64 expires)
*
* @return 0 on success or error value of bpf_map_delete_elem().
*/
int DeleteRangeDrop(int map_range_drop, u32 net, u8 cidr)
int delete_range_drop(int map_range_drop, u32 net, u8 cidr)
{
u32 bit_mask = ( ~( (1 << (32 - cidr) ) - 1) );
u32 start = net & bit_mask;
@@ -429,7 +429,7 @@ int DeleteRangeDrop(int map_range_drop, u32 net, u8 cidr)
*
* @return 0 on success or error value of bpf_map_update_elem().
*/
int AddRangeDrop(int map_range_drop, u32 net, u8 cidr)
int add_range_drop(int map_range_drop, u32 net, u8 cidr)
{
u32 bit_mask = ( ~( (1 << (32 - cidr) ) - 1) );
u32 start = net & bit_mask;
@@ -451,7 +451,7 @@ int AddRangeDrop(int map_range_drop, u32 net, u8 cidr)
*
* @return void
*/
void UpdateRangeDrops(int map_range_drop, config__t* cfg)
void update_range_drops(int map_range_drop, config__t* cfg)
{
for (int i = 0; i < MAX_IP_RANGES; i++)
{
@@ -463,8 +463,8 @@ void UpdateRangeDrops(int map_range_drop, config__t* cfg)
}
// Parse IP range string and return network IP and CIDR.
ip_range_t t = ParseIpCidr(range);
ip_range_t t = parse_ip_range(range);
AddRangeDrop(map_range_drop, t.ip, t.cidr);
add_range_drop(map_range_drop, t.ip, t.cidr);
}
}

38
src/loader/utils/xdp.h
View File

@@ -10,30 +10,30 @@
#define XDP_OBJ_PATH "/etc/xdpfw/xdp_prog.o"
#define XDP_MAP_PIN_DIR "/sys/fs/bpf/xdpfw"
int FindMapFd(struct xdp_program *prog, const char *map_name);
void SetLibBPFLogMode(int silent);
int get_map_fd(struct xdp_program *prog, const char *map_name);
void set_libbpf_log_mode(int silent);
struct xdp_program *LoadBpfObj(const char *file_name);
struct bpf_object* GetBpfObj(struct xdp_program* prog);
struct xdp_program *load_bpf_obj(const char *file_name);
struct bpf_object* get_bpf_obj(struct xdp_program* prog);
int AttachXdp(struct xdp_program *prog, char** mode, int ifidx, int detach, int force_skb, int force_offload);
int attach_xdp(struct xdp_program *prog, char** mode, int ifidx, int detach, int force_skb, int force_offload);
int DeleteFilter(int map_filters, u32 idx);
void DeleteFilters(int map_filters);
int delete_filter(int map_filters, u32 idx);
void delete_filters(int map_filters);
int UpdateFilter(int map_filters, filter_t* filter, int idx);
void UpdateFilters(int map_filters, config__t *cfg);
int update_filter(int map_filters, filter_t* filter, int idx);
void update_filters(int map_filters, config__t *cfg);
int PinBpfMap(struct bpf_object* obj, const char* pin_dir, const char* map_name);
int UnpinBpfMap(struct bpf_object* obj, const char* pin_dir, const char* map_name);
int GetMapPinFd(const char* pin_dir, const char* map_name);
int pin_bpf_map(struct bpf_object* obj, const char* pin_dir, const char* map_name);
int unpin_bpf_map(struct bpf_object* obj, const char* pin_dir, const char* map_name);
int get_map_fd_pin(const char* pin_dir, const char* map_name);
int DeleteBlock(int map_block, u32 ip);
int AddBlock(int map_block, u32 ip, u64 expires);
int delete_block(int map_block, u32 ip);
int add_block(int map_block, u32 ip, u64 expires);
int DeleteBlock6(int map_block6, u128 ip);
int AddBlock6(int map_block6, u128 ip, u64 expires);
int delete_block6(int map_block6, u128 ip);
int add_block6(int map_block6, u128 ip, u64 expires);
int DeleteRangeDrop(int map_range_drop, u32 net, u8 cidr);
int AddRangeDrop(int map_range_drop, u32 net, u8 cidr);
void UpdateRangeDrops(int map_range_drop, config__t* cfg);
int delete_range_drop(int map_range_drop, u32 net, u8 cidr);
int add_range_drop(int map_range_drop, u32 net, u8 cidr);
void update_range_drops(int map_range_drop, config__t* cfg);