kaffa/XDP-Firewall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename functions and cmdline to cli for organization.

Browse Source
This commit is contained in:
Christian Deacon
2025-03-06 13:49:09 -05:00
parent e1b0fec39e
commit 916189a498
27 changed files with 494 additions and 493 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/xdp/prog.c
View File

@@ -126,7 +126,7 @@ int xdp_prog_main(struct xdp_md *ctx)
}
#ifdef ENABLE_IP_RANGE_DROP
if (iph && CheckIpRangeDrop(iph->saddr))
if (iph && check_ip_range_drop(iph->saddr))
{
#ifdef DO_STATS_ON_IP_RANGE_DROP_MAP
if (stats)
@@ -274,11 +274,11 @@ int xdp_prog_main(struct xdp_md *ctx)
if (iph6)
{
UpdateIp6Stats(&pps, &bps, &src_ip6, src_port, protocol, pkt_len, now);
update_ip6_stats(&pps, &bps, &src_ip6, src_port, protocol, pkt_len, now);
}
else if (iph)
{
UpdateIpStats(&pps, &bps, iph->saddr, src_port, protocol, pkt_len, now);
update_ip_stats(&pps, &bps, iph->saddr, src_port, protocol, pkt_len, now);
}
int action = 0;
@@ -290,7 +290,6 @@ int xdp_prog_main(struct xdp_md *ctx)
filter_t *filter = bpf_map_lookup_elem(&map_filters, &key);
// Check if ID is above 0 (if 0, it's an invalid rule).
if (!filter || !filter->set)
{
break;
@@ -352,10 +351,12 @@ int xdp_prog_main(struct xdp_md *ctx)
continue;
}
if (!IsIpInRange(iph->saddr, filter->src_ip, filter->src_cidr))
if (!is_ip_in_range(iph->saddr, filter->src_ip, filter->src_cidr))
{
continue;
}
}
// Destination address.
@@ -366,7 +367,7 @@ int xdp_prog_main(struct xdp_md *ctx)
continue;
}
if (!IsIpInRange(iph->daddr, filter->dst_ip, filter->dst_cidr))
if (!is_ip_in_range(iph->daddr, filter->dst_ip, filter->dst_cidr))
{
continue;
}
@@ -549,7 +550,7 @@ int xdp_prog_main(struct xdp_md *ctx)
#ifdef ENABLE_FILTER_LOGGING
if (filter->log > 0)
{
LogFilterMsg(iph, iph6, src_port, dst_port, protocol, now, pps, bps, i);
log_filter_msg(iph, iph6, src_port, dst_port, protocol, now, pps, bps, i);
}
#endif

4
src/xdp/utils/helpers.c
View File

@@ -11,7 +11,7 @@
*
* @return 1 on yes, 0 on no.
*/
static __always_inline int IsIpInRange(u32 src_ip, u32 net_ip, u8 cidr)
static __always_inline int is_ip_in_range(u32 src_ip, u32 net_ip, u8 cidr)
{
return !((src_ip ^ net_ip) & htonl(0xFFFFFFFFu << (32 - cidr)));
}
@@ -24,7 +24,7 @@ static __always_inline int IsIpInRange(u32 src_ip, u32 net_ip, u8 cidr)
*
* @return 1 on yes or 0 on no.
*/
static __always_inline int CheckIpRangeDrop(u32 ip)
static __always_inline int check_ip_range_drop(u32 ip)
{
LpmTrieKey key =
{

4
src/xdp/utils/helpers.h
View File

@@ -32,10 +32,10 @@
#define memcpy(dest, src, n) __builtin_memcpy((dest), (src), (n))
#endif
static __always_inline int IsIpInRange(u32 src_ip, u32 net_ip, u8 cidr);
static __always_inline int is_ip_in_range(u32 src_ip, u32 net_ip, u8 cidr);
#ifdef ENABLE_IP_RANGE_DROP
static __always_inline int CheckIpRangeDrop(u32 ip);
static __always_inline int check_ip_range_drop(u32 ip);
#endif
// The source file is included directly below instead of compiled and linked as an object because when linking, there is no guarantee the compiler will inline the function (which is crucial for performance).

2
src/xdp/utils/logging.c
View File

@@ -20,7 +20,7 @@
*
* @return always 0
*/
static __always_inline int LogFilterMsg(struct iphdr* iph, struct ipv6hdr* iph6, u16 src_port, u16 dst_port, u8 protocol, u64 now, u64 pps, u64 bps, int filter_id)
static __always_inline int log_filter_msg(struct iphdr* iph, struct ipv6hdr* iph6, u16 src_port, u16 dst_port, u8 protocol, u64 now, u64 pps, u64 bps, int filter_id)
{
filter_log_event_t* e = bpf_ringbuf_reserve(&map_filter_log, sizeof(*e), 0);

2
src/xdp/utils/logging.h
View File

@@ -6,7 +6,7 @@
#include <xdp/prog_dispatcher.h>
#if defined(ENABLE_FILTERS) && defined(ENABLE_FILTER_LOGGING)
static __always_inline int LogFilterMsg(struct iphdr* iph, struct ipv6hdr* iph6, u16 src_port, u16 dst_port, u8 protocol, u64 now, u64 pps, u64 bps, int filter_id);
static __always_inline int log_filter_msg(struct iphdr* iph, struct ipv6hdr* iph6, u16 src_port, u16 dst_port, u8 protocol, u64 now, u64 pps, u64 bps, int filter_id);
#endif
// The source file is included directly below instead of compiled and linked as an object because when linking, there is no guarantee the compiler will inline the function (which is crucial for performance).

4
src/xdp/utils/rl.c
View File

@@ -14,7 +14,7 @@
*
* @return void
*/
static __always_inline void UpdateIpStats(u64 *pps, u64 *bps, u32 ip, u16 port, u8 protocol, u16 pkt_len, u64 now)
static __always_inline void update_ip_stats(u64 *pps, u64 *bps, u32 ip, u16 port, u8 protocol, u16 pkt_len, u64 now)
{
#ifdef USE_FLOW_RL
flow_t key = {0};
@@ -79,7 +79,7 @@ static __always_inline void UpdateIpStats(u64 *pps, u64 *bps, u32 ip, u16 port,
*
* @return void
*/
static __always_inline void UpdateIp6Stats(u64 *pps, u64 *bps, u128 *ip, u16 port, u8 protocol, u16 pkt_len, u64 now)
static __always_inline void update_ip6_stats(u64 *pps, u64 *bps, u128 *ip, u16 port, u8 protocol, u16 pkt_len, u64 now)
{
#ifdef USE_FLOW_RL
flow6_t key = {0};

4
src/xdp/utils/rl.h
View File

@@ -7,8 +7,8 @@
#include <xdp/utils/maps.h>
#ifdef ENABLE_FILTERS
static __always_inline void UpdateIpStats(u64 *pps, u64 *bps, u32 ip, u16 port, u8 protocol, u16 pkt_len, u64 now);
static __always_inline void UpdateIp6Stats(u64 *pps, u64 *bps, u128 *ip, u16 port, u8 protocol, u16 pkt_len, u64 now);
static __always_inline void update_ip_stats(u64 *pps, u64 *bps, u32 ip, u16 port, u8 protocol, u16 pkt_len, u64 now);
static __always_inline void update_ip6_stats(u64 *pps, u64 *bps, u128 *ip, u16 port, u8 protocol, u16 pkt_len, u64 now);
#endif
// The source file is included directly below instead of compiled and linked as an object because when linking, there is no guarantee the compiler will inline the function (which is crucial for performance).