kaffa/XDP-Firewall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename functions and cmdline to cli for organization.

Browse Source
This commit is contained in:
Christian Deacon
2025-03-06 13:49:09 -05:00
parent e1b0fec39e
commit 916189a498
27 changed files with 494 additions and 493 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
Makefile
View File

@@ -52,8 +52,8 @@ LOADER_UTILS_DIR = $(LOADER_DIR)/utils
LOADER_UTILS_CONFIG_SRC = config.c LOADER_UTILS_CONFIG_SRC = config.c
LOADER_UTILS_CONFIG_OBJ = config.o LOADER_UTILS_CONFIG_OBJ = config.o
LOADER_UTILS_CMDLINE_SRC = cmdline.c LOADER_UTILS_cli_SRC = cli.c
LOADER_UTILS_CMDLINE_OBJ = cmdline.o LOADER_UTILS_cli_OBJ = cli.o
LOADER_UTILS_XDP_SRC = xdp.c LOADER_UTILS_XDP_SRC = xdp.c
LOADER_UTILS_XDP_OBJ = xdp.o LOADER_UTILS_XDP_OBJ = xdp.o
@@ -68,7 +68,7 @@ LOADER_UTILS_HELPERS_SRC = helpers.c
LOADER_UTILS_HELPERS_OBJ = helpers.o LOADER_UTILS_HELPERS_OBJ = helpers.o
# Loader objects. # Loader objects.
LOADER_OBJS = $(BUILD_LOADER_DIR)/$(LOADER_UTILS_CONFIG_OBJ) $(BUILD_LOADER_DIR)/$(LOADER_UTILS_CMDLINE_OBJ) $(BUILD_LOADER_DIR)/$(LOADER_UTILS_XDP_OBJ) $(BUILD_LOADER_DIR)/$(LOADER_UTILS_LOGGING_OBJ) $(BUILD_LOADER_DIR)/$(LOADER_UTILS_STATS_OBJ) $(BUILD_LOADER_DIR)/$(LOADER_UTILS_HELPERS_OBJ) LOADER_OBJS = $(BUILD_LOADER_DIR)/$(LOADER_UTILS_CONFIG_OBJ) $(BUILD_LOADER_DIR)/$(LOADER_UTILS_cli_OBJ) $(BUILD_LOADER_DIR)/$(LOADER_UTILS_XDP_OBJ) $(BUILD_LOADER_DIR)/$(LOADER_UTILS_LOGGING_OBJ) $(BUILD_LOADER_DIR)/$(LOADER_UTILS_STATS_OBJ) $(BUILD_LOADER_DIR)/$(LOADER_UTILS_HELPERS_OBJ)
ifeq ($(LIBXDP_STATIC), 1) ifeq ($(LIBXDP_STATIC), 1)
LOADER_OBJS := $(LIBBPF_OBJS) $(LIBXDP_OBJS) $(LOADER_OBJS) LOADER_OBJS := $(LIBBPF_OBJS) $(LIBXDP_OBJS) $(LOADER_OBJS)
@@ -92,10 +92,10 @@ RULE_ADD_OUT = xdpfw-add
RULE_ADD_UTILS_DIR = $(RULE_ADD_DIR)/utils RULE_ADD_UTILS_DIR = $(RULE_ADD_DIR)/utils
# Rule add utils. # Rule add utils.
RULE_ADD_UTILS_CMDLINE_SRC = cmdline.c RULE_ADD_UTILS_cli_SRC = cli.c
RULE_ADD_UTILS_CMDLINE_OBJ = cmdline.o RULE_ADD_UTILS_cli_OBJ = cli.o
RULE_ADD_OBJS = $(BUILD_RULE_ADD_DIR)/$(RULE_ADD_UTILS_CMDLINE_OBJ) RULE_ADD_OBJS = $(BUILD_RULE_ADD_DIR)/$(RULE_ADD_UTILS_cli_OBJ)
# Rule delete. # Rule delete.
RULE_DEL_SRC = prog.c RULE_DEL_SRC = prog.c
@@ -104,10 +104,10 @@ RULE_DEL_OUT = xdpfw-del
RULE_DEL_UTILS_DIR = $(RULE_DEL_DIR)/utils RULE_DEL_UTILS_DIR = $(RULE_DEL_DIR)/utils
# Rule delete utils. # Rule delete utils.
RULE_DEL_UTILS_CMDLINE_SRC = cmdline.c RULE_DEL_UTILS_cli_SRC = cli.c
RULE_DEL_UTILS_CMDLINE_OBJ = cmdline.o RULE_DEL_UTILS_cli_OBJ = cli.o
RULE_DEL_OBJS = $(BUILD_RULE_DEL_DIR)/$(RULE_DEL_UTILS_CMDLINE_OBJ) RULE_DEL_OBJS = $(BUILD_RULE_DEL_DIR)/$(RULE_DEL_UTILS_cli_OBJ)
# Includes. # Includes.
INCS = -I $(SRC_DIR) -I /usr/include -I /usr/local/include INCS = -I $(SRC_DIR) -I /usr/include -I /usr/local/include
@@ -133,13 +133,13 @@ all: loader xdp rule_add rule_del
loader: loader_utils loader: loader_utils
$(CC) $(INCS) $(FLAGS) $(FLAGS_LOADER) -o $(BUILD_LOADER_DIR)/$(LOADER_OUT) $(LOADER_OBJS) $(LOADER_DIR)/$(LOADER_SRC) $(CC) $(INCS) $(FLAGS) $(FLAGS_LOADER) -o $(BUILD_LOADER_DIR)/$(LOADER_OUT) $(LOADER_OBJS) $(LOADER_DIR)/$(LOADER_SRC)
loader_utils: loader_utils_config loader_utils_cmdline loader_utils_helpers loader_utils_xdp loader_utils_logging loader_utils_stats loader_utils: loader_utils_config loader_utils_cli loader_utils_helpers loader_utils_xdp loader_utils_logging loader_utils_stats
loader_utils_config: loader_utils_config:
$(CC) $(INCS) $(FLAGS) -c -o $(BUILD_LOADER_DIR)/$(LOADER_UTILS_CONFIG_OBJ) $(LOADER_UTILS_DIR)/$(LOADER_UTILS_CONFIG_SRC) $(CC) $(INCS) $(FLAGS) -c -o $(BUILD_LOADER_DIR)/$(LOADER_UTILS_CONFIG_OBJ) $(LOADER_UTILS_DIR)/$(LOADER_UTILS_CONFIG_SRC)
loader_utils_cmdline: loader_utils_cli:
$(CC) $(INCS) $(FLAGS) -c -o $(BUILD_LOADER_DIR)/$(LOADER_UTILS_CMDLINE_OBJ) $(LOADER_UTILS_DIR)/$(LOADER_UTILS_CMDLINE_SRC) $(CC) $(INCS) $(FLAGS) -c -o $(BUILD_LOADER_DIR)/$(LOADER_UTILS_cli_OBJ) $(LOADER_UTILS_DIR)/$(LOADER_UTILS_cli_SRC)
loader_utils_xdp: loader_utils_xdp:
$(CC) $(INCS) $(FLAGS) -c -o $(BUILD_LOADER_DIR)/$(LOADER_UTILS_XDP_OBJ) $(LOADER_UTILS_DIR)/$(LOADER_UTILS_XDP_SRC) $(CC) $(INCS) $(FLAGS) -c -o $(BUILD_LOADER_DIR)/$(LOADER_UTILS_XDP_OBJ) $(LOADER_UTILS_DIR)/$(LOADER_UTILS_XDP_SRC)
@@ -161,19 +161,19 @@ xdp:
rule_add: loader_utils rule_add_utils rule_add: loader_utils rule_add_utils
$(CC) $(INCS) $(FLAGS) $(FLAGS_LOADER) -o $(BUILD_RULE_ADD_DIR)/$(RULE_ADD_OUT) $(RULE_OBJS) $(RULE_ADD_OBJS) $(RULE_ADD_DIR)/$(RULE_ADD_SRC) $(CC) $(INCS) $(FLAGS) $(FLAGS_LOADER) -o $(BUILD_RULE_ADD_DIR)/$(RULE_ADD_OUT) $(RULE_OBJS) $(RULE_ADD_OBJS) $(RULE_ADD_DIR)/$(RULE_ADD_SRC)
rule_add_utils: rule_add_utils_cmdline rule_add_utils: rule_add_utils_cli
rule_add_utils_cmdline: rule_add_utils_cli:
$(CC) $(INCS) $(FLAGS) -c -o $(BUILD_RULE_ADD_DIR)/$(RULE_ADD_UTILS_CMDLINE_OBJ) $(RULE_ADD_UTILS_DIR)/$(RULE_ADD_UTILS_CMDLINE_SRC) $(CC) $(INCS) $(FLAGS) -c -o $(BUILD_RULE_ADD_DIR)/$(RULE_ADD_UTILS_cli_OBJ) $(RULE_ADD_UTILS_DIR)/$(RULE_ADD_UTILS_cli_SRC)
# Rule delete. # Rule delete.
rule_del: loader_utils rule_del_utils rule_del: loader_utils rule_del_utils
$(CC) $(INCS) $(FLAGS) $(FLAGS_LOADER) -o $(BUILD_RULE_DEL_DIR)/$(RULE_DEL_OUT) $(RULE_OBJS) $(RULE_DEL_OBJS) $(RULE_DEL_DIR)/$(RULE_DEL_SRC) $(CC) $(INCS) $(FLAGS) $(FLAGS_LOADER) -o $(BUILD_RULE_DEL_DIR)/$(RULE_DEL_OUT) $(RULE_OBJS) $(RULE_DEL_OBJS) $(RULE_DEL_DIR)/$(RULE_DEL_SRC)
rule_del_utils: rule_del_utils_cmdline rule_del_utils: rule_del_utils_cli
rule_del_utils_cmdline: rule_del_utils_cli:
$(CC) $(INCS) $(FLAGS) -c -o $(BUILD_RULE_DEL_DIR)/$(RULE_DEL_UTILS_CMDLINE_OBJ) $(RULE_DEL_UTILS_DIR)/$(RULE_DEL_UTILS_CMDLINE_SRC) $(CC) $(INCS) $(FLAGS) -c -o $(BUILD_RULE_DEL_DIR)/$(RULE_DEL_UTILS_cli_OBJ) $(RULE_DEL_UTILS_DIR)/$(RULE_DEL_UTILS_cli_SRC)
# LibXDP chain. We need to install objects here since our program relies on installed object files and such. # LibXDP chain. We need to install objects here since our program relies on installed object files and such.
libxdp: libxdp:

208
src/loader/prog.c
View File

@@ -11,7 +11,7 @@
#include <net/if.h> #include <net/if.h>
#include <loader/utils/cmdline.h> #include <loader/utils/cli.h>
#include <loader/utils/config.h> #include <loader/utils/config.h>
#include <loader/utils/xdp.h> #include <loader/utils/xdp.h>
#include <loader/utils/logging.h> #include <loader/utils/logging.h>
@@ -28,56 +28,56 @@ int doing_stats = 0;
* @param obj A pointer to the BPF object. * @param obj A pointer to the BPF object.
* @param ignore_errors Whether to ignore errors. * @param ignore_errors Whether to ignore errors.
*/ */
static void UnpinNeededMaps(config__t* cfg, struct bpf_object* obj, int ignore_errors) static void unpin_needed_maps(config__t* cfg, struct bpf_object* obj, int ignore_errors)
{ {
int ret; int ret;
// Unpin block map. // Unpin block map.
if ((ret = UnpinBpfMap(obj, XDP_MAP_PIN_DIR, "map_block")) != 0) if ((ret = unpin_bpf_map(obj, XDP_MAP_PIN_DIR, "map_block")) != 0)
{ {
if (!ignore_errors) if (!ignore_errors)
{ {
LogMsg(cfg, 1, 0, "[WARNING] Failed to un-pin BPF map 'map_block' from file system (%d).", ret); log_msg(cfg, 1, 0, "[WARNING] Failed to un-pin BPF map 'map_block' from file system (%d).", ret);
} }
} }
// Unpin block (IPv6) map. // Unpin block (IPv6) map.
if ((ret = UnpinBpfMap(obj, XDP_MAP_PIN_DIR, "map_block6")) != 0) if ((ret = unpin_bpf_map(obj, XDP_MAP_PIN_DIR, "map_block6")) != 0)
{ {
if (!ignore_errors) if (!ignore_errors)
{ {
LogMsg(cfg, 1, 0, "[WARNING] Failed to un-pin BPF map 'map_block6' from file system (%d).", ret); log_msg(cfg, 1, 0, "[WARNING] Failed to un-pin BPF map 'map_block6' from file system (%d).", ret);
} }
} }
#ifdef ENABLE_IP_RANGE_DROP #ifdef ENABLE_IP_RANGE_DROP
// Unpin IPv4 range drop map. // Unpin IPv4 range drop map.
if ((ret = UnpinBpfMap(obj, XDP_MAP_PIN_DIR, "map_range_drop")) != 0) if ((ret = unpin_bpf_map(obj, XDP_MAP_PIN_DIR, "map_range_drop")) != 0)
{ {
if (!ignore_errors) if (!ignore_errors)
{ {
LogMsg(cfg, 1, 0, "[WARNING] Failed to un-pin BPF map 'map_range_drop' from file system (%d).", ret); log_msg(cfg, 1, 0, "[WARNING] Failed to un-pin BPF map 'map_range_drop' from file system (%d).", ret);
} }
} }
#endif #endif
#ifdef ENABLE_FILTERS #ifdef ENABLE_FILTERS
// Unpin filters map. // Unpin filters map.
if ((ret = UnpinBpfMap(obj, XDP_MAP_PIN_DIR, "map_filters")) != 0) if ((ret = unpin_bpf_map(obj, XDP_MAP_PIN_DIR, "map_filters")) != 0)
{ {
if (!ignore_errors) if (!ignore_errors)
{ {
LogMsg(cfg, 1, 0, "[WARNING] Failed to un-pin BPF map 'map_filters' from file system (%d).", ret); log_msg(cfg, 1, 0, "[WARNING] Failed to un-pin BPF map 'map_filters' from file system (%d).", ret);
} }
} }
#ifdef ENABLE_FILTER_LOGGING #ifdef ENABLE_FILTER_LOGGING
// Unpin filters log map. // Unpin filters log map.
if ((ret = UnpinBpfMap(obj, XDP_MAP_PIN_DIR, "map_filter_log")) != 0) if ((ret = unpin_bpf_map(obj, XDP_MAP_PIN_DIR, "map_filter_log")) != 0)
{ {
if (!ignore_errors) if (!ignore_errors)
{ {
LogMsg(cfg, 1, 0, "[WARNING] Failed to un-pin BPF map 'map_filter_log' from file system (%d).", ret); log_msg(cfg, 1, 0, "[WARNING] Failed to un-pin BPF map 'map_filter_log' from file system (%d).", ret);
} }
} }
#endif #endif
@@ -89,21 +89,21 @@ int main(int argc, char *argv[])
int ret; int ret;
// Parse the command line. // Parse the command line.
cmdline_t cmd = {0}; cli_t cli = {0};
cmd.cfg_file = CONFIG_DEFAULT_PATH; cli.cfg_file = CONFIG_DEFAULT_PATH;
cmd.verbose = -1; cli.verbose = -1;
cmd.pin_maps = -1; cli.pin_maps = -1;
cmd.update_time = -1; cli.update_time = -1;
cmd.no_stats = -1; cli.no_stats = -1;
cmd.stats_per_second = -1; cli.stats_per_second = -1;
cmd.stdout_update_time = -1; cli.stdout_update_time = -1;
ParseCommandLine(&cmd, argc, argv); parse_cli(&cli, argc, argv);
// Check for help. // Check for help.
if (cmd.help) if (cli.help)
{ {
PrintHelpMenu(); print_help_menu();
return EXIT_SUCCESS; return EXIT_SUCCESS;
} }
@@ -111,31 +111,31 @@ int main(int argc, char *argv[])
// Initialize config. // Initialize config.
config__t cfg = {0}; config__t cfg = {0};
SetCfgDefaults(&cfg); set_cfg_defaults(&cfg);
// Create overrides for config and set arguments from CLI. // Create overrides for config and set arguments from CLI.
config_overrides_t cfg_overrides = {0}; config_overrides_t cfg_overrides = {0};
cfg_overrides.verbose = cmd.verbose; cfg_overrides.verbose = cli.verbose;
cfg_overrides.log_file = cmd.log_file; cfg_overrides.log_file = cli.log_file;
cfg_overrides.interface = cmd.interface; cfg_overrides.interface = cli.interface;
cfg_overrides.pin_maps = cmd.pin_maps; cfg_overrides.pin_maps = cli.pin_maps;
cfg_overrides.update_time = cmd.update_time; cfg_overrides.update_time = cli.update_time;
cfg_overrides.no_stats = cmd.no_stats; cfg_overrides.no_stats = cli.no_stats;
cfg_overrides.stats_per_second = cmd.stats_per_second; cfg_overrides.stats_per_second = cli.stats_per_second;
cfg_overrides.stdout_update_time = cmd.stdout_update_time; cfg_overrides.stdout_update_time = cli.stdout_update_time;
// Load config. // Load config.
if ((ret = LoadConfig(&cfg, cmd.cfg_file, &cfg_overrides)) != 0) if ((ret = load_cfg(&cfg, cli.cfg_file, &cfg_overrides)) != 0)
{ {
fprintf(stderr, "[ERROR] Failed to load config from file system (%s)(%d).\n", cmd.cfg_file, ret); fprintf(stderr, "[ERROR] Failed to load config from file system (%s)(%d).\n", cli.cfg_file, ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
// Check for list option. // Check for list option.
if (cmd.list) if (cli.list)
{ {
PrintConfig(&cfg); print_cfg(&cfg);
return EXIT_SUCCESS; return EXIT_SUCCESS;
} }
@@ -143,42 +143,42 @@ int main(int argc, char *argv[])
// Print tool info. // Print tool info.
if (cfg.verbose > 0) if (cfg.verbose > 0)
{ {
PrintToolInfo(); print_tool_info();
} }
// Check interface. // Check interface.
if (cfg.interface == NULL) if (cfg.interface == NULL)
{ {
LogMsg(&cfg, 0, 1, "[ERROR] No interface specified in config or CLI override."); log_msg(&cfg, 0, 1, "[ERROR] No interface specified in config or CLI override.");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
LogMsg(&cfg, 2, 0, "Raising RLimit..."); log_msg(&cfg, 2, 0, "Raising RLimit...");
// Raise RLimit. // Raise RLimit.
struct rlimit rl = { RLIM_INFINITY, RLIM_INFINITY }; struct rlimit rl = { RLIM_INFINITY, RLIM_INFINITY };
if (setrlimit(RLIMIT_MEMLOCK, &rl)) if (setrlimit(RLIMIT_MEMLOCK, &rl))
{ {
LogMsg(&cfg, 0, 1, "[ERROR] Failed to raise rlimit. Please make sure this program is ran as root!\n"); log_msg(&cfg, 0, 1, "[ERROR] Failed to raise rlimit. Please make sure this program is ran as root!\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
LogMsg(&cfg, 2, 0, "Retrieving interface index for '%s'...", cfg.interface); log_msg(&cfg, 2, 0, "Retrieving interface index for '%s'...", cfg.interface);
// Get interface index. // Get interface index.
int ifidx = if_nametoindex(cfg.interface); int ifidx = if_nametoindex(cfg.interface);
if (ifidx < 0) if (ifidx < 0)
{ {
LogMsg(&cfg, 0, 1, "[ERROR] Failed to retrieve index of network interface '%s'.\n", cfg.interface); log_msg(&cfg, 0, 1, "[ERROR] Failed to retrieve index of network interface '%s'.\n", cfg.interface);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
LogMsg(&cfg, 2, 0, "Loading XDP/BPF program at '%s'...", XDP_OBJ_PATH); log_msg(&cfg, 2, 0, "Loading XDP/BPF program at '%s'...", XDP_OBJ_PATH);
// Determine custom LibBPF log level. // Determine custom LibBPF log level.
int silent = 1; int silent = 1;
@@ -188,187 +188,187 @@ int main(int argc, char *argv[])
silent = 0; silent = 0;
} }
SetLibBPFLogMode(silent); set_libbpf_log_mode(silent);
// Load BPF object. // Load BPF object.
struct xdp_program *prog = LoadBpfObj(XDP_OBJ_PATH); struct xdp_program *prog = load_bpf_obj(XDP_OBJ_PATH);
if (prog == NULL) if (prog == NULL)
{ {
LogMsg(&cfg, 0, 1, "[ERROR] Failed to load eBPF object file. Object path => %s.\n", XDP_OBJ_PATH); log_msg(&cfg, 0, 1, "[ERROR] Failed to load eBPF object file. Object path => %s.\n", XDP_OBJ_PATH);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
LogMsg(&cfg, 2, 0, "Attaching XDP program to interface '%s'...", cfg.interface); log_msg(&cfg, 2, 0, "Attaching XDP program to interface '%s'...", cfg.interface);
// Attach XDP program. // Attach XDP program.
char *mode_used = NULL; char *mode_used = NULL;
if ((ret = AttachXdp(prog, &mode_used, ifidx, 0, cmd.skb, cmd.offload)) != 0) if ((ret = attach_xdp(prog, &mode_used, ifidx, 0, cli.skb, cli.offload)) != 0)
{ {
LogMsg(&cfg, 0, 1, "[ERROR] Failed to attach XDP program to interface '%s' using available modes (%d).\n", cfg.interface, ret); log_msg(&cfg, 0, 1, "[ERROR] Failed to attach XDP program to interface '%s' using available modes (%d).\n", cfg.interface, ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
if (mode_used != NULL) if (mode_used != NULL)
{ {
LogMsg(&cfg, 1, 0, "Attached XDP program using mode '%s'...", mode_used); log_msg(&cfg, 1, 0, "Attached XDP program using mode '%s'...", mode_used);
} }
LogMsg(&cfg, 2, 0, "Retrieving BPF map FDs..."); log_msg(&cfg, 2, 0, "Retrieving BPF map FDs...");
// Retrieve BPF maps. // Retrieve BPF maps.
int map_stats = FindMapFd(prog, "map_stats"); int map_stats = get_map_fd(prog, "map_stats");
if (map_stats < 0) if (map_stats < 0)
{ {
LogMsg(&cfg, 0, 1, "[ERROR] Failed to find 'map_stats' BPF map.\n"); log_msg(&cfg, 0, 1, "[ERROR] Failed to find 'map_stats' BPF map.\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
#ifdef ENABLE_FILTERS #ifdef ENABLE_FILTERS
int map_filters = FindMapFd(prog, "map_filters"); int map_filters = get_map_fd(prog, "map_filters");
// Check for valid maps. // Check for valid maps.
if (map_filters < 0) if (map_filters < 0)
{ {
LogMsg(&cfg, 0, 1, "[ERROR] Failed to find 'map_filters' BPF map.\n"); log_msg(&cfg, 0, 1, "[ERROR] Failed to find 'map_filters' BPF map.\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
LogMsg(&cfg, 3, 0, "map_filters FD => %d.", map_filters); log_msg(&cfg, 3, 0, "map_filters FD => %d.", map_filters);
#ifdef ENABLE_FILTER_LOGGING #ifdef ENABLE_FILTER_LOGGING
int map_filter_log = FindMapFd(prog, "map_filter_log"); int map_filter_log = get_map_fd(prog, "map_filter_log");
struct ring_buffer* rb = NULL; struct ring_buffer* rb = NULL;
if (map_filter_log < 0) if (map_filter_log < 0)
{ {
LogMsg(&cfg, 1, 0, "[WARNING] Failed to find 'map_filter_log' BPF map. Filter logging will be disabled..."); log_msg(&cfg, 1, 0, "[WARNING] Failed to find 'map_filter_log' BPF map. Filter logging will be disabled...");
} }
else else
{ {
LogMsg(&cfg, 3, 0, "map_filter_log FD => %d.", map_filter_log); log_msg(&cfg, 3, 0, "map_filter_log FD => %d.", map_filter_log);
rb = ring_buffer__new(map_filter_log, HandleRbEvent, &cfg, NULL); rb = ring_buffer__new(map_filter_log, hdl_filters_rb_event, &cfg, NULL);
} }
#endif #endif
#endif #endif
#ifdef ENABLE_IP_RANGE_DROP #ifdef ENABLE_IP_RANGE_DROP
int map_range_drop = FindMapFd(prog, "map_range_drop"); int map_range_drop = get_map_fd(prog, "map_range_drop");
if (map_range_drop < 0) if (map_range_drop < 0)
{ {
LogMsg(&cfg, 1, 0, "[WARNING] Failed to find 'map_range_drop' BPF map. IP range drops will be disabled..."); log_msg(&cfg, 1, 0, "[WARNING] Failed to find 'map_range_drop' BPF map. IP range drops will be disabled...");
} }
else else
{ {
LogMsg(&cfg, 3, 0, "map_range_drop FD => %d.", map_range_drop); log_msg(&cfg, 3, 0, "map_range_drop FD => %d.", map_range_drop);
} }
#endif #endif
LogMsg(&cfg, 3, 0, "map_stats FD => %d.", map_stats); log_msg(&cfg, 3, 0, "map_stats FD => %d.", map_stats);
// Pin BPF maps to file system if we need to. // Pin BPF maps to file system if we need to.
if (cfg.pin_maps) if (cfg.pin_maps)
{ {
LogMsg(&cfg, 2, 0, "Pinning BPF maps..."); log_msg(&cfg, 2, 0, "Pinning BPF maps...");
struct bpf_object* obj = GetBpfObj(prog); struct bpf_object* obj = get_bpf_obj(prog);
// There are times where the BPF maps from the last run weren't cleaned up properly. // There are times where the BPF maps from the last run weren't cleaned up properly.
// So it's best to attempt to unpin the maps before pinning while ignoring errors. // So it's best to attempt to unpin the maps before pinning while ignoring errors.
UnpinNeededMaps(&cfg, obj, 1); unpin_needed_maps(&cfg, obj, 1);
// Pin the block maps. // Pin the block maps.
if ((ret = PinBpfMap(obj, XDP_MAP_PIN_DIR, "map_block")) != 0) if ((ret = pin_bpf_map(obj, XDP_MAP_PIN_DIR, "map_block")) != 0)
{ {
LogMsg(&cfg, 1, 0, "[WARNING] Failed to pin 'map_block' to file system (%d)...", ret); log_msg(&cfg, 1, 0, "[WARNING] Failed to pin 'map_block' to file system (%d)...", ret);
} }
else else
{ {
LogMsg(&cfg, 3, 0, "BPF map 'map_block' pinned to '%s/map_block'.", XDP_MAP_PIN_DIR); log_msg(&cfg, 3, 0, "BPF map 'map_block' pinned to '%s/map_block'.", XDP_MAP_PIN_DIR);
} }
if ((ret = PinBpfMap(obj, XDP_MAP_PIN_DIR, "map_block6")) != 0) if ((ret = pin_bpf_map(obj, XDP_MAP_PIN_DIR, "map_block6")) != 0)
{ {
LogMsg(&cfg, 1, 0, "[WARNING] Failed to pin 'map_block6' to file system (%d)...", ret); log_msg(&cfg, 1, 0, "[WARNING] Failed to pin 'map_block6' to file system (%d)...", ret);
} }
else else
{ {
LogMsg(&cfg, 3, 0, "BPF map 'map_block6' pinned to '%s/map_block6'.", XDP_MAP_PIN_DIR); log_msg(&cfg, 3, 0, "BPF map 'map_block6' pinned to '%s/map_block6'.", XDP_MAP_PIN_DIR);
} }
#ifdef ENABLE_IP_RANGE_DROP #ifdef ENABLE_IP_RANGE_DROP
// Pin the IPv4 range drop map. // Pin the IPv4 range drop map.
if ((ret = PinBpfMap(obj, XDP_MAP_PIN_DIR, "map_range_drop")) != 0) if ((ret = pin_bpf_map(obj, XDP_MAP_PIN_DIR, "map_range_drop")) != 0)
{ {
LogMsg(&cfg, 1, 0, "[WARNING] Failed to pin 'map_range_drop' to file system (%d)...", ret); log_msg(&cfg, 1, 0, "[WARNING] Failed to pin 'map_range_drop' to file system (%d)...", ret);
} }
else else
{ {
LogMsg(&cfg, 3, 0, "BPF map 'map_range_drop' pinned to '%s/map_range_drop'.", XDP_MAP_PIN_DIR); log_msg(&cfg, 3, 0, "BPF map 'map_range_drop' pinned to '%s/map_range_drop'.", XDP_MAP_PIN_DIR);
} }
#endif #endif
#ifdef ENABLE_FILTERS #ifdef ENABLE_FILTERS
// Pin the filters map. // Pin the filters map.
if ((ret = PinBpfMap(obj, XDP_MAP_PIN_DIR, "map_filters")) != 0) if ((ret = pin_bpf_map(obj, XDP_MAP_PIN_DIR, "map_filters")) != 0)
{ {
LogMsg(&cfg, 1, 0, "[WARNING] Failed to pin 'map_filters' to file system (%d)...", ret); log_msg(&cfg, 1, 0, "[WARNING] Failed to pin 'map_filters' to file system (%d)...", ret);
} }
else else
{ {
LogMsg(&cfg, 3, 0, "BPF map 'map_filters' pinned to '%s/map_filters'.", XDP_MAP_PIN_DIR); log_msg(&cfg, 3, 0, "BPF map 'map_filters' pinned to '%s/map_filters'.", XDP_MAP_PIN_DIR);
} }
#ifdef ENABLE_FILTER_LOGGING #ifdef ENABLE_FILTER_LOGGING
// Pin the filters log map. // Pin the filters log map.
if ((ret = PinBpfMap(obj, XDP_MAP_PIN_DIR, "map_filter_log")) != 0) if ((ret = pin_bpf_map(obj, XDP_MAP_PIN_DIR, "map_filter_log")) != 0)
{ {
LogMsg(&cfg, 1, 0, "[WARNING] Failed to pin 'map_filter_log' to file system (%d)...", ret); log_msg(&cfg, 1, 0, "[WARNING] Failed to pin 'map_filter_log' to file system (%d)...", ret);
} }
else else
{ {
LogMsg(&cfg, 3, 0, "BPF map 'map_filter_log' pinned to '%s/map_filter_log'.", XDP_MAP_PIN_DIR); log_msg(&cfg, 3, 0, "BPF map 'map_filter_log' pinned to '%s/map_filter_log'.", XDP_MAP_PIN_DIR);
} }
#endif #endif
#endif #endif
} }
#ifdef ENABLE_FILTERS #ifdef ENABLE_FILTERS
LogMsg(&cfg, 2, 0, "Updating filters..."); log_msg(&cfg, 2, 0, "Updating filters...");
// Update filters. // Update filters.
UpdateFilters(map_filters, &cfg); update_filters(map_filters, &cfg);
#endif #endif
#ifdef ENABLE_IP_RANGE_DROP #ifdef ENABLE_IP_RANGE_DROP
if (map_range_drop > -1) if (map_range_drop > -1)
{ {
LogMsg(&cfg, 2, 0, "Updating IP drop ranges..."); log_msg(&cfg, 2, 0, "Updating IP drop ranges...");
// Update IP range drops. // Update IP range drops.
UpdateRangeDrops(map_range_drop, &cfg); update_range_drops(map_range_drop, &cfg);
} }
#endif #endif
// Signal. // Signal.
signal(SIGINT, SignalHndl); signal(SIGINT, hdl_signal);
signal(SIGTERM, SignalHndl); signal(SIGTERM, hdl_signal);
// Receive CPU count for stats map parsing. // Receive CPU count for stats map parsing.
int cpus = get_nprocs_conf(); int cpus = get_nprocs_conf();
LogMsg(&cfg, 4, 0, "Retrieved %d CPUs on host.", cpus); log_msg(&cfg, 4, 0, "Retrieved %d CPUs on host.", cpus);
unsigned int end_time = (cmd.time > 0) ? time(NULL) + cmd.time : 0; unsigned int end_time = (cli.time > 0) ? time(NULL) + cli.time : 0;
// Create last updated variables. // Create last updated variables.
time_t last_update_check = time(NULL); time_t last_update_check = time(NULL);
@@ -399,16 +399,16 @@ int main(int argc, char *argv[])
if (cfg.update_time > 0 && (cur_time - last_update_check) > cfg.update_time) if (cfg.update_time > 0 && (cur_time - last_update_check) > cfg.update_time)
{ {
// Check if config file have been modified // Check if config file have been modified
if (stat(cmd.cfg_file, &conf_stat) == 0 && conf_stat.st_mtime > last_config_check) { if (stat(cli.cfg_file, &conf_stat) == 0 && conf_stat.st_mtime > last_config_check) {
// Reload config. // Reload config.
if ((ret = LoadConfig(&cfg, cmd.cfg_file, &cfg_overrides)) != 0) if ((ret = load_cfg(&cfg, cli.cfg_file, &cfg_overrides)) != 0)
{ {
LogMsg(&cfg, 1, 0, "[WARNING] Failed to load config after update check (%d)...\n", ret); log_msg(&cfg, 1, 0, "[WARNING] Failed to load config after update check (%d)...\n", ret);
} }
#ifdef ENABLE_FILTERS #ifdef ENABLE_FILTERS
// Update filters. // Update filters.
UpdateFilters(map_filters, &cfg); update_filters(map_filters, &cfg);
#endif #endif
// Update last check timer // Update last check timer
@@ -428,14 +428,14 @@ int main(int argc, char *argv[])
// Calculate and display stats if enabled. // Calculate and display stats if enabled.
if (!cfg.no_stats) if (!cfg.no_stats)
{ {
if (CalculateStats(map_stats, cpus, cfg.stats_per_second)) if (calc_stats(map_stats, cpus, cfg.stats_per_second))
{ {
LogMsg(&cfg, 1, 0, "[WARNING] Failed to calculate packet stats. Stats map FD => %d...\n", map_stats); log_msg(&cfg, 1, 0, "[WARNING] Failed to calculate packet stats. Stats map FD => %d...\n", map_stats);
} }
} }
#if defined(ENABLE_FILTERS) && defined(ENABLE_FILTER_LOGGING) #if defined(ENABLE_FILTERS) && defined(ENABLE_FILTER_LOGGING)
PollFiltersRb(rb); poll_filters_rb(rb);
#endif #endif
usleep(sleep_time); usleep(sleep_time);
@@ -443,7 +443,7 @@ int main(int argc, char *argv[])
fprintf(stdout, "\n"); fprintf(stdout, "\n");
LogMsg(&cfg, 2, 0, "Cleaning up..."); log_msg(&cfg, 2, 0, "Cleaning up...");
#if defined(ENABLE_FILTERS) && defined(ENABLE_FILTER_LOGGING) #if defined(ENABLE_FILTERS) && defined(ENABLE_FILTER_LOGGING)
if (rb) if (rb)
@@ -453,9 +453,9 @@ int main(int argc, char *argv[])
#endif #endif
// Detach XDP program. // Detach XDP program.
if (AttachXdp(prog, &mode_used, ifidx, 1, cmd.skb, cmd.offload)) if (attach_xdp(prog, &mode_used, ifidx, 1, cli.skb, cli.offload))
{ {
LogMsg(&cfg, 0, 1, "[ERROR] Failed to detach XDP program from interface '%s'.\n", cfg.interface); log_msg(&cfg, 0, 1, "[ERROR] Failed to detach XDP program from interface '%s'.\n", cfg.interface);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
@@ -463,17 +463,17 @@ int main(int argc, char *argv[])
// Unpin maps from file system. // Unpin maps from file system.
if (cfg.pin_maps) if (cfg.pin_maps)
{ {
LogMsg(&cfg, 2, 0, "Un-pinning BPF maps from file system..."); log_msg(&cfg, 2, 0, "Un-pinning BPF maps from file system...");
struct bpf_object* obj = GetBpfObj(prog); struct bpf_object* obj = get_bpf_obj(prog);
UnpinNeededMaps(&cfg, obj, 0); unpin_needed_maps(&cfg, obj, 0);
} }
// Lastly, close the XDP program. // Lastly, close the XDP program.
xdp_program__close(prog); xdp_program__close(prog);
LogMsg(&cfg, 1, 0, "Exiting.\n"); log_msg(&cfg, 1, 0, "Exiting.\n");
// Exit program successfully. // Exit program successfully.
return EXIT_SUCCESS; return EXIT_SUCCESS;

36
src/loader/utils/cmdline.c → src/loader/utils/cli.c
View File

@@ -1,4 +1,4 @@
#include <loader/utils/cmdline.h> #include <loader/utils/cli.h>
const struct option opts[] = const struct option opts[] =
{ {
@@ -22,13 +22,13 @@ const struct option opts[] =
}; };
/** /**
* Parses the command line and stores values in the cmdline structure. * Parses the command line and stores values in the cli structure.
* *
* @param cmd A pointer to the cmdline structure. * @param cli A pointer to the cli structure.
* *
* @return Void * @return Void
*/ */
void ParseCommandLine(cmdline_t *cmd, int argc, char *argv[]) void parse_cli(cli_t *cli, int argc, char *argv[])
{ {
int c; int c;
@@ -37,72 +37,72 @@ void ParseCommandLine(cmdline_t *cmd, int argc, char *argv[])
switch (c) switch (c)
{ {
case 'c': case 'c':
cmd->cfg_file = optarg; cli->cfg_file = optarg;
break; break;
case 'o': case 'o':
cmd->offload = 1; cli->offload = 1;
break; break;
case 's': case 's':
cmd->skb = 1; cli->skb = 1;
break; break;
case 't': case 't':
cmd->time = atoi(optarg); cli->time = atoi(optarg);
break; break;
case 'l': case 'l':
cmd->list = 1; cli->list = 1;
break; break;
case 'h': case 'h':
cmd->help = 1; cli->help = 1;
break; break;
case 'v': case 'v':
cmd->verbose = atoi(optarg); cli->verbose = atoi(optarg);
break; break;
case 0: case 0:
cmd->log_file = optarg; cli->log_file = optarg;
break; break;
case 'i': case 'i':
cmd->interface = optarg; cli->interface = optarg;
break; break;
case 'p': case 'p':
cmd->pin_maps = atoi(optarg); cli->pin_maps = atoi(optarg);
break; break;
case 'u': case 'u':
cmd->update_time = atoi(optarg); cli->update_time = atoi(optarg);
break; break;
case 'n': case 'n':
cmd->no_stats = atoi(optarg); cli->no_stats = atoi(optarg);
break; break;
case 1: case 1:
cmd->stats_per_second = atoi(optarg); cli->stats_per_second = atoi(optarg);
break; break;
case 2: case 2:
cmd->stdout_update_time = atoi(optarg); cli->stdout_update_time = atoi(optarg);
break; break;

6
src/loader/utils/cmdline.h → src/loader/utils/cli.h
View File

@@ -4,7 +4,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <getopt.h> #include <getopt.h>
struct cmdline struct cli
{ {
char *cfg_file; char *cfg_file;
unsigned int offload : 1; unsigned int offload : 1;
@@ -21,6 +21,6 @@ struct cmdline
int no_stats; int no_stats;
int stats_per_second; int stats_per_second;
int stdout_update_time; int stdout_update_time;
} typedef cmdline_t; } typedef cli_t;
void ParseCommandLine(cmdline_t *cmd, int argc, char *argv[]); void parse_cli(cli_t *cli, int argc, char *argv[]);

46
src/loader/utils/config.c
View File

@@ -9,49 +9,49 @@
* *
* @return 0 on success or 1 on error. * @return 0 on success or 1 on error.
*/ */
int LoadConfig(config__t *cfg, const char* cfg_file, config_overrides_t* overrides) int load_cfg(config__t *cfg, const char* cfg_file, config_overrides_t* overrides)
{ {
int ret; int ret;
FILE *file = NULL; FILE *file = NULL;
// Open config file. // Open config file.
if ((ret = OpenCfg(&file, cfg_file)) != 0 || file == NULL) if ((ret = open_cfg(&file, cfg_file)) != 0 || file == NULL)
{ {
fprintf(stderr, "Error opening config file.\n"); fprintf(stderr, "Error opening config file.\n");
return ret; return ret;
} }
SetCfgDefaults(cfg); set_cfg_defaults(cfg);
memset(cfg->filters, 0, sizeof(cfg->filters)); memset(cfg->filters, 0, sizeof(cfg->filters));
char* buffer = NULL; char* buffer = NULL;
// Read config. // Read config.
if ((ret = ReadCfg(file, &buffer)) != 0) if ((ret = read_cfg(file, &buffer)) != 0)
{ {
fprintf(stderr, "Error reading config file.\n"); fprintf(stderr, "Error reading config file.\n");
CloseCfg(file); close_cfg(file);
return ret; return ret;
} }
// Parse config. // Parse config.
if ((ret = ParseCfg(cfg, buffer, overrides)) != 0) if ((ret = parse_cfg(cfg, buffer, overrides)) != 0)
{ {
fprintf(stderr, "Error parsing config file.\n"); fprintf(stderr, "Error parsing config file.\n");
CloseCfg(file); close_cfg(file);
return ret; return ret;
} }
free(buffer); free(buffer);
if ((ret = CloseCfg(file)) != 0) if ((ret = close_cfg(file)) != 0)
{ {
fprintf(stderr, "Error closing config file.\n"); fprintf(stderr, "Error closing config file.\n");
@@ -68,7 +68,7 @@ int LoadConfig(config__t *cfg, const char* cfg_file, config_overrides_t* overrid
* *
* @return 0 on success or 1 on error. * @return 0 on success or 1 on error.
*/ */
int OpenCfg(FILE** file, const char *file_name) int open_cfg(FILE** file, const char *file_name)
{ {
// Close any existing files. // Close any existing files.
if (*file != NULL) if (*file != NULL)
@@ -95,7 +95,7 @@ int OpenCfg(FILE** file, const char *file_name)
* *
* @param return 0 on success or error value of fclose(). * @param return 0 on success or error value of fclose().
*/ */
int CloseCfg(FILE* file) int close_cfg(FILE* file)
{ {
return fclose(file); return fclose(file);
} }
@@ -106,7 +106,7 @@ int CloseCfg(FILE* file)
* @param file The file pointer. * @param file The file pointer.
* @param buffer The buffer to store the data in (manually allocated). * @param buffer The buffer to store the data in (manually allocated).
*/ */
int ReadCfg(FILE* file, char** buffer) int read_cfg(FILE* file, char** buffer)
{ {
fseek(file, 0, SEEK_END); fseek(file, 0, SEEK_END);
long file_size = ftell(file); long file_size = ftell(file);
@@ -139,7 +139,7 @@ int ReadCfg(FILE* file, char** buffer)
* *
* @return 0 on success or 1/-1 on error. * @return 0 on success or 1/-1 on error.
*/ */
int ParseCfg(config__t *cfg, const char* data, config_overrides_t* overrides) int parse_cfg(config__t *cfg, const char* data, config_overrides_t* overrides)
{ {
// Initialize config. // Initialize config.
config_t conf; config_t conf;
@@ -150,7 +150,7 @@ int ParseCfg(config__t *cfg, const char* data, config_overrides_t* overrides)
// Attempt to read the config. // Attempt to read the config.
if (config_read_string(&conf, data) == CONFIG_FALSE) if (config_read_string(&conf, data) == CONFIG_FALSE)
{ {
LogMsg(cfg, 0, 1, "Error from LibConfig when reading file - %s (Line %d)", config_error_text(&conf), config_error_line(&conf)); log_msg(cfg, 0, 1, "Error from LibConfig when reading file - %s (Line %d)", config_error_text(&conf), config_error_line(&conf));
config_destroy(&conf); config_destroy(&conf);
@@ -317,7 +317,7 @@ int ParseCfg(config__t *cfg, const char* data, config_overrides_t* overrides)
if (filter == NULL || filter_cfg == NULL) if (filter == NULL || filter_cfg == NULL)
{ {
LogMsg(cfg, 0, 1, "[WARNING] Failed to read filter rule at index #%d. 'filter' or 'filter_cfg' is NULL (make sure you didn't exceed the maximum filters allowed!)..."); log_msg(cfg, 0, 1, "[WARNING] Failed to read filter rule at index #%d. 'filter' or 'filter_cfg' is NULL (make sure you didn't exceed the maximum filters allowed!)...");
continue; continue;
} }
@@ -351,7 +351,7 @@ int ParseCfg(config__t *cfg, const char* data, config_overrides_t* overrides)
if (config_setting_lookup_string(filter_cfg, "src_ip", &sip) == CONFIG_TRUE) if (config_setting_lookup_string(filter_cfg, "src_ip", &sip) == CONFIG_TRUE)
{ {
ip_range_t ip = ParseIpCidr(sip); ip_range_t ip = parse_ip_range(sip);
filter->src_ip = ip.ip; filter->src_ip = ip.ip;
filter->src_cidr = ip.cidr; filter->src_cidr = ip.cidr;
@@ -362,7 +362,7 @@ int ParseCfg(config__t *cfg, const char* data, config_overrides_t* overrides)
if (config_setting_lookup_string(filter_cfg, "dst_ip", &dip) == CONFIG_TRUE) if (config_setting_lookup_string(filter_cfg, "dst_ip", &dip) == CONFIG_TRUE)
{ {
ip_range_t ip = ParseIpCidr(dip); ip_range_t ip = parse_ip_range(dip);
filter->dst_ip = ip.ip; filter->dst_ip = ip.ip;
filter->dst_cidr = ip.cidr; filter->dst_cidr = ip.cidr;
@@ -662,7 +662,7 @@ int ParseCfg(config__t *cfg, const char* data, config_overrides_t* overrides)
* *
* @param return 0 on success or 1 on failure. * @param return 0 on success or 1 on failure.
*/ */
int SaveCfg(config__t* cfg, const char* file_path) int save_cfg(config__t* cfg, const char* file_path)
{ {
config_t conf; config_t conf;
config_setting_t *root, *setting; config_setting_t *root, *setting;
@@ -945,7 +945,7 @@ int SaveCfg(config__t* cfg, const char* file_path)
* *
* @return void * @return void
*/ */
void SetFilterDefaults(filter_t* filter) void set_filter_defaults(filter_t* filter)
{ {
filter->set = 0; filter->set = 0;
filter->enabled = 1; filter->enabled = 1;
@@ -1010,7 +1010,7 @@ void SetFilterDefaults(filter_t* filter)
* *
* @return void * @return void
*/ */
void SetCfgDefaults(config__t* cfg) void set_cfg_defaults(config__t* cfg)
{ {
cfg->verbose = 2; cfg->verbose = 2;
cfg->log_file = strdup("/var/log/xdpfw.log"); cfg->log_file = strdup("/var/log/xdpfw.log");
@@ -1025,7 +1025,7 @@ void SetCfgDefaults(config__t* cfg)
{ {
filter_t* filter = &cfg->filters[i]; filter_t* filter = &cfg->filters[i];
SetFilterDefaults(filter); set_filter_defaults(filter);
} }
memset(cfg->drop_ranges, 0, sizeof(cfg->drop_ranges)); memset(cfg->drop_ranges, 0, sizeof(cfg->drop_ranges));
@@ -1120,7 +1120,7 @@ void PrintFilter(filter_t* filter, int idx)
* *
* @return void * @return void
*/ */
void PrintConfig(config__t* cfg) void print_cfg(config__t* cfg)
{ {
char* interface = "N/A"; char* interface = "N/A";
@@ -1186,7 +1186,7 @@ void PrintConfig(config__t* cfg)
* *
* @return The next available index or -1 if there are no available indexes. * @return The next available index or -1 if there are no available indexes.
*/ */
int GetNextAvailableFilterIndex(config__t* cfg) int get_next_filter_idx(config__t* cfg)
{ {
for (int i = 0; i < MAX_FILTERS; i++) for (int i = 0; i < MAX_FILTERS; i++)
{ {
@@ -1210,7 +1210,7 @@ int GetNextAvailableFilterIndex(config__t* cfg)
* *
* @return The next available index or -1 if there are no available indexes. * @return The next available index or -1 if there are no available indexes.
*/ */
int GetNextAvailableIpDropRangeIndex(config__t* cfg) int get_next_ip_drop_range_idx(config__t* cfg)
{ {
for (int i = 0; i < MAX_IP_RANGES; i++) for (int i = 0; i < MAX_IP_RANGES; i++)
{ {

22
src/loader/utils/config.h
View File

@@ -40,21 +40,21 @@ struct config_overrides
int stdout_update_time; int stdout_update_time;
} typedef config_overrides_t; } typedef config_overrides_t;
void SetCfgDefaults(config__t *cfg); void set_cfg_defaults(config__t *cfg);
void SetFilterDefaults(filter_t* filter); void set_filter_defaults(filter_t* filter);
void PrintConfig(config__t* cfg); void print_cfg(config__t* cfg);
void PrintFilter(filter_t* filter, int idx); void PrintFilter(filter_t* filter, int idx);
int LoadConfig(config__t *cfg, const char* cfg_file, config_overrides_t* overrides); int load_cfg(config__t *cfg, const char* cfg_file, config_overrides_t* overrides);
int SaveCfg(config__t* cfg, const char* file_path); int save_cfg(config__t* cfg, const char* file_path);
int OpenCfg(FILE** file, const char *file_name); int open_cfg(FILE** file, const char *file_name);
int CloseCfg(FILE* file); int close_cfg(FILE* file);
int ReadCfg(FILE* file, char** buffer); int read_cfg(FILE* file, char** buffer);
int ParseCfg(config__t *cfg, const char* data, config_overrides_t* overrides); int parse_cfg(config__t *cfg, const char* data, config_overrides_t* overrides);
int GetNextAvailableFilterIndex(config__t* cfg); int get_next_filter_idx(config__t* cfg);
int GetNextAvailableIpDropRangeIndex(config__t* cfg); int get_next_ip_drop_range_idx(config__t* cfg);
#include <loader/utils/logging.h> #include <loader/utils/logging.h>

14
src/loader/utils/helpers.c
View File

@@ -5,7 +5,7 @@
* *
* @return void * @return void
*/ */
void PrintHelpMenu() void print_help_menu()
{ {
printf("Usage: xdpfw [OPTIONS]\n\n"); printf("Usage: xdpfw [OPTIONS]\n\n");
@@ -31,7 +31,7 @@ void PrintHelpMenu()
* *
* @return void * @return void
*/ */
void SignalHndl(int code) void hdl_signal(int code)
{ {
cont = 0; cont = 0;
} }
@@ -43,7 +43,7 @@ void SignalHndl(int code)
* *
* @return Returns an IP structure with IP and CIDR. * @return Returns an IP structure with IP and CIDR.
*/ */
ip_range_t ParseIpCidr(const char *ip) ip_range_t parse_ip_range(const char *ip)
{ {
ip_range_t ret = {0}; ip_range_t ret = {0};
ret.cidr = 32; ret.cidr = 32;
@@ -52,7 +52,7 @@ ip_range_t ParseIpCidr(const char *ip)
strncpy(ip_copy, ip, sizeof(ip_copy) - 1); strncpy(ip_copy, ip, sizeof(ip_copy) - 1);
ip_copy[sizeof(ip_copy) - 1] = '\0'; ip_copy[sizeof(ip_copy) - 1] = '\0';
char *token = strtok((char *) ip_copy, "/"); char *token = strtok(ip_copy, "/");
if (token) if (token)
{ {
@@ -76,7 +76,7 @@ ip_range_t ParseIpCidr(const char *ip)
* *
* @return The protocol string. * @return The protocol string.
*/ */
const char* GetProtocolStrById(int id) const char* get_protocol_str_by_id(int id)
{ {
switch (id) switch (id)
{ {
@@ -98,7 +98,7 @@ const char* GetProtocolStrById(int id)
* *
* @return void * @return void
*/ */
void PrintToolInfo() void print_tool_info()
{ {
printf( printf(
" __ ______ ____ _____ _ _ _ \n" " __ ______ ____ _____ _ _ _ \n"
@@ -115,7 +115,7 @@ void PrintToolInfo()
* *
* @return The current nanoseconds since the system last booted. * @return The current nanoseconds since the system last booted.
*/ */
u64 GetBootNanoTime() u64 get_boot_nano_time()
{ {
struct sysinfo sys; struct sysinfo sys;
sysinfo(&sys); sysinfo(&sys);

12
src/loader/utils/helpers.h
View File

@@ -17,9 +17,9 @@ struct ip_range
extern int cont; extern int cont;
void PrintHelpMenu(); void print_help_menu();
void SignalHndl(int code); void hdl_signal(int code);
ip_range_t ParseIpCidr(const char* ip); ip_range_t parse_ip_range(const char* ip);
const char* GetProtocolStrById(int id); const char* get_protocol_str_by_id(int id);
void PrintToolInfo(); void print_tool_info();
u64 GetBootNanoTime(); u64 get_boot_nano_time();

16
src/loader/utils/logging.c
View File

@@ -11,7 +11,7 @@
* *
* @return void * @return void
*/ */
static void LogMsgRaw(int req_lvl, int cur_lvl, int error, const char* log_path, const char* msg, va_list args) static void log_msgRaw(int req_lvl, int cur_lvl, int error, const char* log_path, const char* msg, va_list args)
{ {
if (cur_lvl < req_lvl) if (cur_lvl < req_lvl)
{ {
@@ -86,7 +86,7 @@ static void LogMsgRaw(int req_lvl, int cur_lvl, int error, const char* log_path,
} }
/** /**
* Prints a log message using LogMsgRaw(). * Prints a log message using log_msgRaw().
* *
* @param cfg A pointer to the config structure. * @param cfg A pointer to the config structure.
* @param req_lvl The required level for this message. * @param req_lvl The required level for this message.
@@ -95,12 +95,12 @@ static void LogMsgRaw(int req_lvl, int cur_lvl, int error, const char* log_path,
* *
* @return void * @return void
*/ */
void LogMsg(config__t* cfg, int req_lvl, int error, const char* msg, ...) void log_msg(config__t* cfg, int req_lvl, int error, const char* msg, ...)
{ {
va_list args; va_list args;
va_start(args, msg); va_start(args, msg);
LogMsgRaw(req_lvl, cfg->verbose, error, (const char*)cfg->log_file, msg, args); log_msgRaw(req_lvl, cfg->verbose, error, (const char*)cfg->log_file, msg, args);
va_end(args); va_end(args);
} }
@@ -112,7 +112,7 @@ void LogMsg(config__t* cfg, int req_lvl, int error, const char* msg, ...)
* *
* @return void * @return void
*/ */
void PollFiltersRb(struct ring_buffer* rb) void poll_filters_rb(struct ring_buffer* rb)
{ {
if (rb) if (rb)
{ {
@@ -129,7 +129,7 @@ void PollFiltersRb(struct ring_buffer* rb)
* *
* @return 0 on success or 1 on failure. * @return 0 on success or 1 on failure.
*/ */
int HandleRbEvent(void* ctx, void* data, size_t sz) int hdl_filters_rb_event(void* ctx, void* data, size_t sz)
{ {
config__t* cfg = (config__t*)ctx; config__t* cfg = (config__t*)ctx;
filter_log_event_t* e = (filter_log_event_t*)data; filter_log_event_t* e = (filter_log_event_t*)data;
@@ -161,9 +161,9 @@ int HandleRbEvent(void* ctx, void* data, size_t sz)
action = "Passed"; action = "Passed";
} }
const char* protocol_str = GetProtocolStrById(e->protocol); const char* protocol_str = get_protocol_str_by_id(e->protocol);
LogMsg(cfg, 0, 0, "[FILTER %d] %s %s packet '%s:%d' => '%s:%d' (PPS => %llu, BPS => %llu, Filter Block Time => %llu)...", e->filter_id + 1, action, protocol_str, src_ip_str, htons(e->src_port), dst_ip_str, htons(e->dst_port), e->pps, e->bps, filter->block_time); log_msg(cfg, 0, 0, "[FILTER %d] %s %s packet '%s:%d' => '%s:%d' (PPS => %llu, BPS => %llu, Filter Block Time => %llu)...", e->filter_id + 1, action, protocol_str, src_ip_str, htons(e->src_port), dst_ip_str, htons(e->dst_port), e->pps, e->bps, filter->block_time);
return 0; return 0;
} }

6
src/loader/utils/logging.h
View File

@@ -16,7 +16,7 @@
extern int doing_stats; extern int doing_stats;
void LogMsg(config__t* cfg, int req_lvl, int error, const char* msg, ...); void log_msg(config__t* cfg, int req_lvl, int error, const char* msg, ...);
void PollFiltersRb(struct ring_buffer* rb); void poll_filters_rb(struct ring_buffer* rb);
int HandleRbEvent(void* ctx, void* data, size_t sz); int hdl_filters_rb_event(void* ctx, void* data, size_t sz);

2
src/loader/utils/stats.c
View File

@@ -15,7 +15,7 @@ u64 last_passed = 0;
* *
* @return 0 on success or 1 on failure. * @return 0 on success or 1 on failure.
*/ */
int CalculateStats(int map_stats, int cpus, int per_second) int calc_stats(int map_stats, int cpus, int per_second)
{ {
u32 key = 0; u32 key = 0;

2
src/loader/utils/stats.h
View File

@@ -9,4 +9,4 @@
#include <time.h> #include <time.h>
int CalculateStats(int map_stats, int cpus, int per_second); int calc_stats(int map_stats, int cpus, int per_second);

48
src/loader/utils/xdp.c
View File

@@ -8,7 +8,7 @@
* *
* @return The map's FD. * @return The map's FD.
*/ */
int FindMapFd(struct xdp_program *prog, const char *map_name) int get_map_fd(struct xdp_program *prog, const char *map_name)
{ {
int fd = -1; int fd = -1;
@@ -57,7 +57,7 @@ static int LibBPFSilent(enum libbpf_print_level level, const char *format, va_li
* *
* @return void * @return void
*/ */
void SetLibBPFLogMode(int silent) void set_libbpf_log_mode(int silent)
{ {
if (silent) if (silent)
{ {
@@ -72,7 +72,7 @@ void SetLibBPFLogMode(int silent)
* *
* @return XDP program structure (pointer) or NULL. * @return XDP program structure (pointer) or NULL.
*/ */
struct xdp_program *LoadBpfObj(const char *file_name) struct xdp_program *load_bpf_obj(const char *file_name)
{ {
struct xdp_program *prog = xdp_program__open_file(file_name, "xdp_prog", NULL); struct xdp_program *prog = xdp_program__open_file(file_name, "xdp_prog", NULL);
@@ -92,7 +92,7 @@ struct xdp_program *LoadBpfObj(const char *file_name)
* *
* @return The BPF object. * @return The BPF object.
*/ */
struct bpf_object* GetBpfObj(struct xdp_program* prog) struct bpf_object* get_bpf_obj(struct xdp_program* prog)
{ {
return xdp_program__bpf_obj(prog); return xdp_program__bpf_obj(prog);
} }
@@ -109,7 +109,7 @@ struct bpf_object* GetBpfObj(struct xdp_program* prog)
* *
* @return 0 on success and 1 on error. * @return 0 on success and 1 on error.
*/ */
int AttachXdp(struct xdp_program *prog, char** mode, int ifidx, int detach, int force_skb, int force_offload) int attach_xdp(struct xdp_program *prog, char** mode, int ifidx, int detach, int force_skb, int force_offload)
{ {
int err; int err;
@@ -197,7 +197,7 @@ int AttachXdp(struct xdp_program *prog, char** mode, int ifidx, int detach, int
* *
* @return 0 on success or the error value of bpf_map_delete_elem(). * @return 0 on success or the error value of bpf_map_delete_elem().
*/ */
int DeleteFilter(int map_filters, u32 idx) int delete_filter(int map_filters, u32 idx)
{ {
return bpf_map_delete_elem(map_filters, &idx); return bpf_map_delete_elem(map_filters, &idx);
} }
@@ -209,11 +209,11 @@ int DeleteFilter(int map_filters, u32 idx)
* *
* @return void * @return void
*/ */
void DeleteFilters(int map_filters) void delete_filters(int map_filters)
{ {
for (int i = 0; i < MAX_FILTERS; i++) for (int i = 0; i < MAX_FILTERS; i++)
{ {
DeleteFilter(map_filters, i); delete_filter(map_filters, i);
} }
} }
@@ -226,7 +226,7 @@ void DeleteFilters(int map_filters)
* *
* @return 0 on success or error value of bpf_map_update_elem(). * @return 0 on success or error value of bpf_map_update_elem().
*/ */
int UpdateFilter(int map_filters, filter_t* filter, int idx) int update_filter(int map_filters, filter_t* filter, int idx)
{ {
int ret; int ret;
@@ -249,7 +249,7 @@ int UpdateFilter(int map_filters, filter_t* filter, int idx)
* *
* @return Void * @return Void
*/ */
void UpdateFilters(int map_filters, config__t *cfg) void update_filters(int map_filters, config__t *cfg)
{ {
int ret; int ret;
int cur_idx = 0; int cur_idx = 0;
@@ -259,7 +259,7 @@ void UpdateFilters(int map_filters, config__t *cfg)
{ {
// Delete previous rule from BPF map. // Delete previous rule from BPF map.
// We do this in the case rules were edited and were put out of order since the key doesn't uniquely map to a specific rule. // We do this in the case rules were edited and were put out of order since the key doesn't uniquely map to a specific rule.
DeleteFilter(map_filters, i); delete_filter(map_filters, i);
filter_t* filter = &cfg->filters[i]; filter_t* filter = &cfg->filters[i];
@@ -270,7 +270,7 @@ void UpdateFilters(int map_filters, config__t *cfg)
} }
// Attempt to update filter. // Attempt to update filter.
if ((ret = UpdateFilter(map_filters, filter, cur_idx)) != 0) if ((ret = update_filter(map_filters, filter, cur_idx)) != 0)
{ {
fprintf(stderr, "[WARNING] Failed to update filter #%d due to BPF update error (%d)...\n", cur_idx, ret); fprintf(stderr, "[WARNING] Failed to update filter #%d due to BPF update error (%d)...\n", cur_idx, ret);
@@ -290,7 +290,7 @@ void UpdateFilters(int map_filters, config__t *cfg)
* *
* @return 0 on success or value of bpf_map__pin() on error. * @return 0 on success or value of bpf_map__pin() on error.
*/ */
int PinBpfMap(struct bpf_object* obj, const char* pin_dir, const char* map_name) int pin_bpf_map(struct bpf_object* obj, const char* pin_dir, const char* map_name)
{ {
struct bpf_map* map = bpf_object__find_map_by_name(obj, map_name); struct bpf_map* map = bpf_object__find_map_by_name(obj, map_name);
@@ -314,7 +314,7 @@ int PinBpfMap(struct bpf_object* obj, const char* pin_dir, const char* map_name)
* *
* @return * @return
*/ */
int UnpinBpfMap(struct bpf_object* obj, const char* pin_dir, const char* map_name) int unpin_bpf_map(struct bpf_object* obj, const char* pin_dir, const char* map_name)
{ {
struct bpf_map* map = bpf_object__find_map_by_name(obj, map_name); struct bpf_map* map = bpf_object__find_map_by_name(obj, map_name);
@@ -337,7 +337,7 @@ int UnpinBpfMap(struct bpf_object* obj, const char* pin_dir, const char* map_nam
* *
* @return The map FD or -1 on error. * @return The map FD or -1 on error.
*/ */
int GetMapPinFd(const char* pin_dir, const char* map_name) int get_map_fd_pin(const char* pin_dir, const char* map_name)
{ {
char full_path[255]; char full_path[255];
snprintf(full_path, sizeof(full_path), "%s/%s", pin_dir, map_name); snprintf(full_path, sizeof(full_path), "%s/%s", pin_dir, map_name);
@@ -353,7 +353,7 @@ int GetMapPinFd(const char* pin_dir, const char* map_name)
* *
* @return 0 on success or error value of bpf_map_delete_elem(). * @return 0 on success or error value of bpf_map_delete_elem().
*/ */
int DeleteBlock(int map_block, u32 ip) int delete_block(int map_block, u32 ip)
{ {
return bpf_map_delete_elem(map_block, &ip); return bpf_map_delete_elem(map_block, &ip);
} }
@@ -367,7 +367,7 @@ int DeleteBlock(int map_block, u32 ip)
* *
* @return 0 on success or error value of bpf_map_update_elem(). * @return 0 on success or error value of bpf_map_update_elem().
*/ */
int AddBlock(int map_block, u32 ip, u64 expires) int add_block(int map_block, u32 ip, u64 expires)
{ {
return bpf_map_update_elem(map_block, &ip, &expires, BPF_ANY); return bpf_map_update_elem(map_block, &ip, &expires, BPF_ANY);
} }
@@ -380,7 +380,7 @@ int AddBlock(int map_block, u32 ip, u64 expires)
* *
* @return 0 on success or error value of bpf_map_delete_elem(). * @return 0 on success or error value of bpf_map_delete_elem().
*/ */
int DeleteBlock6(int map_block6, u128 ip) int delete_block6(int map_block6, u128 ip)
{ {
return bpf_map_delete_elem(map_block6, &ip); return bpf_map_delete_elem(map_block6, &ip);
} }
@@ -394,7 +394,7 @@ int DeleteBlock6(int map_block6, u128 ip)
* *
* @return 0 on success or error value of bpf_map_update_elem(). * @return 0 on success or error value of bpf_map_update_elem().
*/ */
int AddBlock6(int map_block6, u128 ip, u64 expires) int add_block6(int map_block6, u128 ip, u64 expires)
{ {
return bpf_map_update_elem(map_block6, &ip, &expires, BPF_ANY); return bpf_map_update_elem(map_block6, &ip, &expires, BPF_ANY);
} }
@@ -408,7 +408,7 @@ int AddBlock6(int map_block6, u128 ip, u64 expires)
* *
* @return 0 on success or error value of bpf_map_delete_elem(). * @return 0 on success or error value of bpf_map_delete_elem().
*/ */
int DeleteRangeDrop(int map_range_drop, u32 net, u8 cidr) int delete_range_drop(int map_range_drop, u32 net, u8 cidr)
{ {
u32 bit_mask = ( ~( (1 << (32 - cidr) ) - 1) ); u32 bit_mask = ( ~( (1 << (32 - cidr) ) - 1) );
u32 start = net & bit_mask; u32 start = net & bit_mask;
@@ -429,7 +429,7 @@ int DeleteRangeDrop(int map_range_drop, u32 net, u8 cidr)
* *
* @return 0 on success or error value of bpf_map_update_elem(). * @return 0 on success or error value of bpf_map_update_elem().
*/ */
int AddRangeDrop(int map_range_drop, u32 net, u8 cidr) int add_range_drop(int map_range_drop, u32 net, u8 cidr)
{ {
u32 bit_mask = ( ~( (1 << (32 - cidr) ) - 1) ); u32 bit_mask = ( ~( (1 << (32 - cidr) ) - 1) );
u32 start = net & bit_mask; u32 start = net & bit_mask;
@@ -451,7 +451,7 @@ int AddRangeDrop(int map_range_drop, u32 net, u8 cidr)
* *
* @return void * @return void
*/ */
void UpdateRangeDrops(int map_range_drop, config__t* cfg) void update_range_drops(int map_range_drop, config__t* cfg)
{ {
for (int i = 0; i < MAX_IP_RANGES; i++) for (int i = 0; i < MAX_IP_RANGES; i++)
{ {
@@ -463,8 +463,8 @@ void UpdateRangeDrops(int map_range_drop, config__t* cfg)
} }
// Parse IP range string and return network IP and CIDR. // Parse IP range string and return network IP and CIDR.
ip_range_t t = ParseIpCidr(range); ip_range_t t = parse_ip_range(range);
AddRangeDrop(map_range_drop, t.ip, t.cidr); add_range_drop(map_range_drop, t.ip, t.cidr);
} }
} }

38
src/loader/utils/xdp.h
View File

@@ -10,30 +10,30 @@
#define XDP_OBJ_PATH "/etc/xdpfw/xdp_prog.o" #define XDP_OBJ_PATH "/etc/xdpfw/xdp_prog.o"
#define XDP_MAP_PIN_DIR "/sys/fs/bpf/xdpfw" #define XDP_MAP_PIN_DIR "/sys/fs/bpf/xdpfw"
int FindMapFd(struct xdp_program *prog, const char *map_name); int get_map_fd(struct xdp_program *prog, const char *map_name);
void SetLibBPFLogMode(int silent); void set_libbpf_log_mode(int silent);
struct xdp_program *LoadBpfObj(const char *file_name); struct xdp_program *load_bpf_obj(const char *file_name);
struct bpf_object* GetBpfObj(struct xdp_program* prog); struct bpf_object* get_bpf_obj(struct xdp_program* prog);
int AttachXdp(struct xdp_program *prog, char** mode, int ifidx, int detach, int force_skb, int force_offload); int attach_xdp(struct xdp_program *prog, char** mode, int ifidx, int detach, int force_skb, int force_offload);
int DeleteFilter(int map_filters, u32 idx); int delete_filter(int map_filters, u32 idx);
void DeleteFilters(int map_filters); void delete_filters(int map_filters);
int UpdateFilter(int map_filters, filter_t* filter, int idx); int update_filter(int map_filters, filter_t* filter, int idx);
void UpdateFilters(int map_filters, config__t *cfg); void update_filters(int map_filters, config__t *cfg);
int PinBpfMap(struct bpf_object* obj, const char* pin_dir, const char* map_name); int pin_bpf_map(struct bpf_object* obj, const char* pin_dir, const char* map_name);
int UnpinBpfMap(struct bpf_object* obj, const char* pin_dir, const char* map_name); int unpin_bpf_map(struct bpf_object* obj, const char* pin_dir, const char* map_name);
int GetMapPinFd(const char* pin_dir, const char* map_name); int get_map_fd_pin(const char* pin_dir, const char* map_name);
int DeleteBlock(int map_block, u32 ip); int delete_block(int map_block, u32 ip);
int AddBlock(int map_block, u32 ip, u64 expires); int add_block(int map_block, u32 ip, u64 expires);
int DeleteBlock6(int map_block6, u128 ip); int delete_block6(int map_block6, u128 ip);
int AddBlock6(int map_block6, u128 ip, u64 expires); int add_block6(int map_block6, u128 ip, u64 expires);
int DeleteRangeDrop(int map_range_drop, u32 net, u8 cidr); int delete_range_drop(int map_range_drop, u32 net, u8 cidr);
int AddRangeDrop(int map_range_drop, u32 net, u8 cidr); int add_range_drop(int map_range_drop, u32 net, u8 cidr);
void UpdateRangeDrops(int map_range_drop, config__t* cfg); void update_range_drops(int map_range_drop, config__t* cfg);

270
src/rule_add/prog.c
View File

@@ -7,7 +7,7 @@
#include <loader/utils/xdp.h> #include <loader/utils/xdp.h>
#include <loader/utils/config.h> #include <loader/utils/config.h>
#include <rule_add/utils/cmdline.h> #include <rule_add/utils/cli.h>
// These are required due to being extern with Loader. // These are required due to being extern with Loader.
// To Do: Figure out a way to not require the below without requiring separate object files. // To Do: Figure out a way to not require the below without requiring separate object files.
@@ -19,46 +19,46 @@ int main(int argc, char *argv[])
int ret; int ret;
// Parse command line. // Parse command line.
cmdline_t cmd = {0}; cli_t cli = {0};
cmd.cfg_file = CONFIG_DEFAULT_PATH; cli.cfg_file = CONFIG_DEFAULT_PATH;
// We need to set integers for dynamic filters to -1 since we consider -1 as 'unset'. // We need to set integers for dynamic filters to -1 since we consider -1 as 'unset'.
cmd.enabled = -1; cli.enabled = -1;
cmd.action = -1; cli.action = -1;
cmd.log = -1; cli.log = -1;
cmd.min_ttl = -1; cli.min_ttl = -1;
cmd.max_ttl = -1; cli.max_ttl = -1;
cmd.min_len = -1; cli.min_len = -1;
cmd.max_len = -1; cli.max_len = -1;
cmd.tos = -1; cli.tos = -1;
cmd.pps = -1; cli.pps = -1;
cmd.bps = -1; cli.bps = -1;
cmd.tcp_enabled = -1; cli.tcp_enabled = -1;
cmd.tcp_sport = -1; cli.tcp_sport = -1;
cmd.tcp_dport = -1; cli.tcp_dport = -1;
cmd.tcp_urg = -1; cli.tcp_urg = -1;
cmd.tcp_ack = -1; cli.tcp_ack = -1;
cmd.tcp_rst = -1; cli.tcp_rst = -1;
cmd.tcp_psh = -1; cli.tcp_psh = -1;
cmd.tcp_syn = -1; cli.tcp_syn = -1;
cmd.tcp_fin = -1; cli.tcp_fin = -1;
cmd.tcp_ece = -1; cli.tcp_ece = -1;
cmd.tcp_cwr = -1; cli.tcp_cwr = -1;
cmd.udp_enabled = -1; cli.udp_enabled = -1;
cmd.udp_sport = -1; cli.udp_sport = -1;
cmd.udp_dport = -1; cli.udp_dport = -1;
cmd.icmp_enabled = -1; cli.icmp_enabled = -1;
cmd.icmp_code = -1; cli.icmp_code = -1;
cmd.icmp_type = -1; cli.icmp_type = -1;
ParseCommandLine(&cmd, argc, argv); parse_cli(&cli, argc, argv);
if (!cmd.help) if (!cli.help)
{ {
printf("Parsed command line...\n"); printf("Parsed command line...\n");
} }
@@ -118,7 +118,7 @@ int main(int argc, char *argv[])
} }
// Check for config file path. // Check for config file path.
if ((cmd.save || cmd.mode == 0) && (!cmd.cfg_file || strlen(cmd.cfg_file) < 1)) if ((cli.save || cli.mode == 0) && (!cli.cfg_file || strlen(cli.cfg_file) < 1))
{ {
fprintf(stderr, "[ERROR] CFG file not specified or empty. This is required for filters mode or when saving config.\n"); fprintf(stderr, "[ERROR] CFG file not specified or empty. This is required for filters mode or when saving config.\n");
@@ -128,11 +128,11 @@ int main(int argc, char *argv[])
// Load config. // Load config.
config__t cfg = {0}; config__t cfg = {0};
if (cmd.save || cmd.mode == 0) if (cli.save || cli.mode == 0)
{ {
if ((ret = LoadConfig(&cfg, cmd.cfg_file, NULL)) != 0) if ((ret = load_cfg(&cfg, cli.cfg_file, NULL)) != 0)
{ {
fprintf(stderr, "[ERROR] Failed to load config at '%s' (%d)\n", cmd.cfg_file, ret); fprintf(stderr, "[ERROR] Failed to load config at '%s' (%d)\n", cli.cfg_file, ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
@@ -141,12 +141,12 @@ int main(int argc, char *argv[])
} }
// Handle filters mode. // Handle filters mode.
if (cmd.mode == 0) if (cli.mode == 0)
{ {
printf("Using filters mode (0)...\n"); printf("Using filters mode (0)...\n");
// Retrieve filters map FD. // Retrieve filters map FD.
int map_filters = GetMapPinFd(XDP_MAP_PIN_DIR, "map_filters"); int map_filters = get_map_fd_pin(XDP_MAP_PIN_DIR, "map_filters");
if (map_filters < 0) if (map_filters < 0)
{ {
@@ -159,20 +159,20 @@ int main(int argc, char *argv[])
// Create new base filter and set its defaults. // Create new base filter and set its defaults.
filter_t new_filter = {0}; filter_t new_filter = {0};
SetFilterDefaults(&new_filter); set_filter_defaults(&new_filter);
new_filter.set = 1; new_filter.set = 1;
// Determine what index we'll be storing this filter at. // Determine what index we'll be storing this filter at.
int idx = -1; int idx = -1;
if (cmd.idx > 0) if (cli.idx > 0)
{ {
idx = cmd.idx - 1; idx = cli.idx - 1;
} }
else else
{ {
idx = GetNextAvailableFilterIndex(&cfg); idx = get_next_filter_idx(&cfg);
} }
if (idx < 0) if (idx < 0)
@@ -183,47 +183,47 @@ int main(int argc, char *argv[])
} }
// Fill out new filter. // Fill out new filter.
if (cmd.enabled > -1) if (cli.enabled > -1)
{ {
new_filter.enabled = cmd.enabled; new_filter.enabled = cli.enabled;
} }
if (cmd.action > -1) if (cli.action > -1)
{ {
new_filter.action = cmd.action; new_filter.action = cli.action;
} }
if (cmd.log > -1) if (cli.log > -1)
{ {
new_filter.log = cmd.log; new_filter.log = cli.log;
} }
if (cmd.block_time > -1) if (cli.block_time > -1)
{ {
new_filter.block_time = cmd.block_time; new_filter.block_time = cli.block_time;
} }
if (cmd.src_ip) if (cli.src_ip)
{ {
ip_range_t range = ParseIpCidr(cmd.src_ip); ip_range_t range = parse_ip_range(cli.src_ip);
new_filter.src_ip = range.ip; new_filter.src_ip = range.ip;
new_filter.src_cidr = range.cidr; new_filter.src_cidr = range.cidr;
} }
if (cmd.dst_ip) if (cli.dst_ip)
{ {
ip_range_t range = ParseIpCidr(cmd.dst_ip); ip_range_t range = parse_ip_range(cli.dst_ip);
new_filter.dst_ip = range.ip; new_filter.dst_ip = range.ip;
new_filter.dst_cidr = range.cidr; new_filter.dst_cidr = range.cidr;
} }
if (cmd.src_ip6) if (cli.src_ip6)
{ {
struct in6_addr addr; struct in6_addr addr;
if ((ret = inet_pton(AF_INET6, cmd.src_ip6, &addr)) != 1) if ((ret = inet_pton(AF_INET6, cli.src_ip6, &addr)) != 1)
{ {
fprintf(stderr, "Failed to convert source IPv6 address to decimal (%d).\n", ret); fprintf(stderr, "Failed to convert source IPv6 address to decimal (%d).\n", ret);
@@ -233,11 +233,11 @@ int main(int argc, char *argv[])
memcpy(new_filter.src_ip6, addr.s6_addr, sizeof(new_filter.src_ip6)); memcpy(new_filter.src_ip6, addr.s6_addr, sizeof(new_filter.src_ip6));
} }
if (cmd.dst_ip6) if (cli.dst_ip6)
{ {
struct in6_addr addr; struct in6_addr addr;
if ((ret = inet_pton(AF_INET6, cmd.dst_ip6, &addr)) != 1) if ((ret = inet_pton(AF_INET6, cli.dst_ip6, &addr)) != 1)
{ {
fprintf(stderr, "Failed to convert destination IPv6 address to decimal (%d).\n", ret); fprintf(stderr, "Failed to convert destination IPv6 address to decimal (%d).\n", ret);
@@ -249,145 +249,145 @@ int main(int argc, char *argv[])
// To Do: See if I can create a macro for below. // To Do: See if I can create a macro for below.
// As long as the naming convention lines up, it should be easily possible. // As long as the naming convention lines up, it should be easily possible.
if (cmd.pps > -1) if (cli.pps > -1)
{ {
new_filter.do_pps = 1; new_filter.do_pps = 1;
new_filter.pps = cmd.pps; new_filter.pps = cli.pps;
} }
if (cmd.bps > -1) if (cli.bps > -1)
{ {
new_filter.do_bps = 1; new_filter.do_bps = 1;
new_filter.bps = cmd.bps; new_filter.bps = cli.bps;
} }
if (cmd.min_ttl > -1) if (cli.min_ttl > -1)
{ {
new_filter.do_min_ttl = 1; new_filter.do_min_ttl = 1;
new_filter.min_ttl = cmd.min_ttl; new_filter.min_ttl = cli.min_ttl;
} }
if (cmd.max_ttl > -1) if (cli.max_ttl > -1)
{ {
new_filter.do_max_ttl = 1; new_filter.do_max_ttl = 1;
new_filter.max_ttl = cmd.max_ttl; new_filter.max_ttl = cli.max_ttl;
} }
if (cmd.min_len > -1) if (cli.min_len > -1)
{ {
new_filter.do_min_len = 1; new_filter.do_min_len = 1;
new_filter.min_len = cmd.min_len; new_filter.min_len = cli.min_len;
} }
if (cmd.max_len > -1) if (cli.max_len > -1)
{ {
new_filter.do_max_len = 1; new_filter.do_max_len = 1;
new_filter.max_len = cmd.max_len; new_filter.max_len = cli.max_len;
} }
if (cmd.tos > -1) if (cli.tos > -1)
{ {
new_filter.do_tos = 1; new_filter.do_tos = 1;
new_filter.tos = cmd.tos; new_filter.tos = cli.tos;
} }
if (cmd.tcp_enabled > -1) if (cli.tcp_enabled > -1)
{ {
new_filter.tcpopts.enabled = cmd.tcp_enabled; new_filter.tcpopts.enabled = cli.tcp_enabled;
} }
if (cmd.tcp_sport > -1) if (cli.tcp_sport > -1)
{ {
new_filter.tcpopts.do_sport = 1; new_filter.tcpopts.do_sport = 1;
new_filter.tcpopts.sport = cmd.tcp_sport; new_filter.tcpopts.sport = cli.tcp_sport;
} }
if (cmd.tcp_dport > -1) if (cli.tcp_dport > -1)
{ {
new_filter.tcpopts.do_dport = 1; new_filter.tcpopts.do_dport = 1;
new_filter.tcpopts.dport = cmd.tcp_dport; new_filter.tcpopts.dport = cli.tcp_dport;
} }
if (cmd.tcp_urg > -1) if (cli.tcp_urg > -1)
{ {
new_filter.tcpopts.do_urg = 1; new_filter.tcpopts.do_urg = 1;
new_filter.tcpopts.urg = cmd.tcp_urg; new_filter.tcpopts.urg = cli.tcp_urg;
} }
if (cmd.tcp_ack > -1) if (cli.tcp_ack > -1)
{ {
new_filter.tcpopts.do_ack = 1; new_filter.tcpopts.do_ack = 1;
new_filter.tcpopts.ack = cmd.tcp_ack; new_filter.tcpopts.ack = cli.tcp_ack;
} }
if (cmd.tcp_rst > -1) if (cli.tcp_rst > -1)
{ {
new_filter.tcpopts.do_rst = 1; new_filter.tcpopts.do_rst = 1;
new_filter.tcpopts.rst = cmd.tcp_rst; new_filter.tcpopts.rst = cli.tcp_rst;
} }
if (cmd.tcp_psh > -1) if (cli.tcp_psh > -1)
{ {
new_filter.tcpopts.do_psh = 1; new_filter.tcpopts.do_psh = 1;
new_filter.tcpopts.psh = cmd.tcp_psh; new_filter.tcpopts.psh = cli.tcp_psh;
} }
if (cmd.tcp_syn > -1) if (cli.tcp_syn > -1)
{ {
new_filter.tcpopts.do_syn = 1; new_filter.tcpopts.do_syn = 1;
new_filter.tcpopts.syn = cmd.tcp_syn; new_filter.tcpopts.syn = cli.tcp_syn;
} }
if (cmd.tcp_fin > -1) if (cli.tcp_fin > -1)
{ {
new_filter.tcpopts.do_fin = 1; new_filter.tcpopts.do_fin = 1;
new_filter.tcpopts.fin = cmd.tcp_fin; new_filter.tcpopts.fin = cli.tcp_fin;
} }
if (cmd.tcp_ece > -1) if (cli.tcp_ece > -1)
{ {
new_filter.tcpopts.do_ece = 1; new_filter.tcpopts.do_ece = 1;
new_filter.tcpopts.ece = cmd.tcp_ece; new_filter.tcpopts.ece = cli.tcp_ece;
} }
if (cmd.tcp_cwr > -1) if (cli.tcp_cwr > -1)
{ {
new_filter.tcpopts.do_cwr = 1; new_filter.tcpopts.do_cwr = 1;
new_filter.tcpopts.cwr = cmd.tcp_cwr; new_filter.tcpopts.cwr = cli.tcp_cwr;
} }
if (cmd.udp_enabled > -1) if (cli.udp_enabled > -1)
{ {
new_filter.udpopts.enabled = cmd.udp_enabled; new_filter.udpopts.enabled = cli.udp_enabled;
} }
if (cmd.udp_sport > -1) if (cli.udp_sport > -1)
{ {
new_filter.udpopts.do_sport = 1; new_filter.udpopts.do_sport = 1;
new_filter.udpopts.sport = cmd.udp_sport; new_filter.udpopts.sport = cli.udp_sport;
} }
if (cmd.udp_dport > -1) if (cli.udp_dport > -1)
{ {
new_filter.udpopts.do_dport = 1; new_filter.udpopts.do_dport = 1;
new_filter.udpopts.dport = cmd.udp_dport; new_filter.udpopts.dport = cli.udp_dport;
} }
if (cmd.icmp_enabled > -1) if (cli.icmp_enabled > -1)
{ {
new_filter.icmpopts.enabled = cmd.icmp_enabled; new_filter.icmpopts.enabled = cli.icmp_enabled;
} }
if (cmd.icmp_code > -1) if (cli.icmp_code > -1)
{ {
new_filter.icmpopts.do_code = 1; new_filter.icmpopts.do_code = 1;
new_filter.icmpopts.code = cmd.icmp_code; new_filter.icmpopts.code = cli.icmp_code;
} }
if (cmd.icmp_type > -1) if (cli.icmp_type > -1)
{ {
new_filter.icmpopts.do_type = 1; new_filter.icmpopts.do_type = 1;
new_filter.icmpopts.type = cmd.icmp_type; new_filter.icmpopts.type = cli.icmp_type;
} }
// Set filter at index. // Set filter at index.
@@ -396,15 +396,15 @@ int main(int argc, char *argv[])
// Update filters. // Update filters.
fprintf(stdout, "Updating filters (index %d)...\n", idx); fprintf(stdout, "Updating filters (index %d)...\n", idx);
UpdateFilters(map_filters, &cfg); update_filters(map_filters, &cfg);
} }
// Handle IPv4 range drop mode. // Handle IPv4 range drop mode.
else if (cmd.mode == 1) else if (cli.mode == 1)
{ {
printf("Using IPv4 range drop mode (1)...\n"); printf("Using IPv4 range drop mode (1)...\n");
// Make sure IP range is specified. // Make sure IP range is specified.
if (!cmd.ip) if (!cli.ip)
{ {
fprintf(stderr, "No IP address or range specified. Please set an IP range using -d, --ip arguments.\n"); fprintf(stderr, "No IP address or range specified. Please set an IP range using -d, --ip arguments.\n");
@@ -412,7 +412,7 @@ int main(int argc, char *argv[])
} }
// Get range map. // Get range map.
int map_range_drop = GetMapPinFd(XDP_MAP_PIN_DIR, "map_range_drop"); int map_range_drop = get_map_fd_pin(XDP_MAP_PIN_DIR, "map_range_drop");
if (map_range_drop < 0) if (map_range_drop < 0)
{ {
@@ -424,22 +424,22 @@ int main(int argc, char *argv[])
printf("Using 'map_range_drop' FD => %d.\n", map_range_drop); printf("Using 'map_range_drop' FD => %d.\n", map_range_drop);
// Parse IP range. // Parse IP range.
ip_range_t range = ParseIpCidr(cmd.ip); ip_range_t range = parse_ip_range(cli.ip);
// Attempt to add range. // Attempt to add range.
if ((ret = AddRangeDrop(map_range_drop, range.ip, range.cidr)) != 0) if ((ret = add_range_drop(map_range_drop, range.ip, range.cidr)) != 0)
{ {
fprintf(stderr, "Error adding range to BPF map (%d).\n", ret); fprintf(stderr, "Error adding range to BPF map (%d).\n", ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
printf("Added IP range '%s' to IP range drop map...\n", cmd.ip); printf("Added IP range '%s' to IP range drop map...\n", cli.ip);
if (cmd.save) if (cli.save)
{ {
// Get next available index. // Get next available index.
int idx = GetNextAvailableIpDropRangeIndex(&cfg); int idx = get_next_ip_drop_range_idx(&cfg);
if (idx < 0) if (idx < 0)
{ {
@@ -448,7 +448,7 @@ int main(int argc, char *argv[])
return EXIT_FAILURE; return EXIT_FAILURE;
} }
cfg.drop_ranges[idx] = strdup(cmd.ip); cfg.drop_ranges[idx] = strdup(cli.ip);
} }
} }
// Handle block map mode. // Handle block map mode.
@@ -456,7 +456,7 @@ int main(int argc, char *argv[])
{ {
printf("Using source IP block mode (2)...\n"); printf("Using source IP block mode (2)...\n");
if (!cmd.ip) if (!cli.ip)
{ {
fprintf(stderr, "No source IP address specified. Please set an IP using -s, --ip arguments.\n"); fprintf(stderr, "No source IP address specified. Please set an IP using -s, --ip arguments.\n");
@@ -465,15 +465,15 @@ int main(int argc, char *argv[])
u64 expires_rel = 0; u64 expires_rel = 0;
if (cmd.expires > 0) if (cli.expires > 0)
{ {
expires_rel = GetBootNanoTime() + ((u64)cmd.expires * 1e9); expires_rel = get_boot_nano_time() + ((u64)cli.expires * 1e9);
} }
int map_block = GetMapPinFd(XDP_MAP_PIN_DIR, "map_block"); int map_block = get_map_fd_pin(XDP_MAP_PIN_DIR, "map_block");
int map_block6 = GetMapPinFd(XDP_MAP_PIN_DIR, "map_block6"); int map_block6 = get_map_fd_pin(XDP_MAP_PIN_DIR, "map_block6");
if (cmd.v6) if (cli.v6)
{ {
if (map_block6 < 0) if (map_block6 < 0)
{ {
@@ -486,9 +486,9 @@ int main(int argc, char *argv[])
struct in6_addr addr; struct in6_addr addr;
if ((ret = inet_pton(AF_INET6, cmd.ip, &addr)) != 1) if ((ret = inet_pton(AF_INET6, cli.ip, &addr)) != 1)
{ {
fprintf(stderr, "Failed to convert IPv6 address '%s' to decimal (%d).\n", cmd.ip, ret); fprintf(stderr, "Failed to convert IPv6 address '%s' to decimal (%d).\n", cli.ip, ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
@@ -500,9 +500,9 @@ int main(int argc, char *argv[])
ip = (ip << 8) | addr.s6_addr[i]; ip = (ip << 8) | addr.s6_addr[i];
} }
if ((ret = AddBlock6(map_block6, ip, expires_rel)) != 0) if ((ret = add_block6(map_block6, ip, expires_rel)) != 0)
{ {
fprintf(stderr, "Failed to add IP '%s' to BPF map (%d).\n", cmd.ip, ret); fprintf(stderr, "Failed to add IP '%s' to BPF map (%d).\n", cli.ip, ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
@@ -520,37 +520,37 @@ int main(int argc, char *argv[])
struct in_addr addr; struct in_addr addr;
if ((ret = inet_pton(AF_INET, cmd.ip, &addr)) != 1) if ((ret = inet_pton(AF_INET, cli.ip, &addr)) != 1)
{ {
fprintf(stderr, "Failed to convert IP address '%s' to decimal (%d).\n", cmd.ip, ret); fprintf(stderr, "Failed to convert IP address '%s' to decimal (%d).\n", cli.ip, ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
if ((ret = AddBlock(map_block, addr.s_addr, expires_rel)) != 0) if ((ret = add_block(map_block, addr.s_addr, expires_rel)) != 0)
{ {
fprintf(stderr, "Failed to add IP '%s' too BPF map (%d).\n", cmd.ip, ret); fprintf(stderr, "Failed to add IP '%s' too BPF map (%d).\n", cli.ip, ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
if (cmd.expires > 0) if (cli.expires > 0)
{ {
printf("Added '%s' to block map for %lld seconds...\n", cmd.ip, cmd.expires); printf("Added '%s' to block map for %lld seconds...\n", cli.ip, cli.expires);
} }
else else
{ {
printf("Added '%s' to block map indefinitely...\n", cmd.ip); printf("Added '%s' to block map indefinitely...\n", cli.ip);
} }
} }
} }
if (cmd.save) if (cli.save)
{ {
// Save config. // Save config.
printf("Saving config...\n"); printf("Saving config...\n");
if ((ret = SaveCfg(&cfg, cmd.cfg_file)) != 0) if ((ret = save_cfg(&cfg, cli.cfg_file)) != 0)
{ {
fprintf(stderr, "[ERROR] Failed to save config.\n"); fprintf(stderr, "[ERROR] Failed to save config.\n");

84
src/rule_add/utils/cmdline.c → src/rule_add/utils/cli.c
View File

@@ -1,4 +1,4 @@
#include <rule_add/utils/cmdline.h> #include <rule_add/utils/cli.h>
const struct option opts[] = const struct option opts[] =
{ {
@@ -56,7 +56,7 @@ const struct option opts[] =
{ NULL, 0, NULL, 0 } { NULL, 0, NULL, 0 }
}; };
void ParseCommandLine(cmdline_t* cmd, int argc, char* argv[]) void parse_cli(cli_t* cli, int argc, char* argv[])
{ {
int c; int c;
@@ -65,202 +65,202 @@ void ParseCommandLine(cmdline_t* cmd, int argc, char* argv[])
switch (c) switch (c)
{ {
case 'c': case 'c':
cmd->cfg_file = optarg; cli->cfg_file = optarg;
break; break;
case 'h': case 'h':
cmd->help = 1; cli->help = 1;
break; break;
case 's': case 's':
cmd->save = 1; cli->save = 1;
break; break;
case 'm': case 'm':
cmd->mode = atoi(optarg); cli->mode = atoi(optarg);
break; break;
case 'i': case 'i':
cmd->idx = atoi(optarg); cli->idx = atoi(optarg);
break; break;
case 'd': case 'd':
cmd->ip = optarg; cli->ip = optarg;
break; break;
case 'v': case 'v':
cmd->v6 = atoi(optarg); cli->v6 = atoi(optarg);
break; break;
case 'e': case 'e':
cmd->expires = strtoll(optarg, NULL, 10); cli->expires = strtoll(optarg, NULL, 10);
break; break;
case 28: case 28:
cmd->enabled = atoi(optarg); cli->enabled = atoi(optarg);
break; break;
case 29: case 29:
cmd->action = atoi(optarg); cli->action = atoi(optarg);
break; break;
case 30: case 30:
cmd->log = atoi(optarg); cli->log = atoi(optarg);
break; break;
case 31: case 31:
cmd->block_time = strtoll(optarg, NULL, 10); cli->block_time = strtoll(optarg, NULL, 10);
break; break;
case 0: case 0:
cmd->src_ip = optarg; cli->src_ip = optarg;
break; break;
case 1: case 1:
cmd->dst_ip = optarg; cli->dst_ip = optarg;
break; break;
case 2: case 2:
cmd->src_ip6 = optarg; cli->src_ip6 = optarg;
break; break;
case 3: case 3:
cmd->dst_ip6 = optarg; cli->dst_ip6 = optarg;
break; break;
case 4: case 4:
cmd->min_ttl = atoi(optarg); cli->min_ttl = atoi(optarg);
break; break;
case 5: case 5:
cmd->max_ttl = atoi(optarg); cli->max_ttl = atoi(optarg);
break; break;
case 6: case 6:
cmd->min_len = atoi(optarg); cli->min_len = atoi(optarg);
break; break;
case 7: case 7:
cmd->max_len = atoi(optarg); cli->max_len = atoi(optarg);
break; break;
case 8: case 8:
cmd->tos = atoi(optarg); cli->tos = atoi(optarg);
break; break;
case 9: case 9:
cmd->pps = strtoll(optarg, NULL, 10); cli->pps = strtoll(optarg, NULL, 10);
break; break;
case 10: case 10:
cmd->bps = strtoll(optarg, NULL, 10); cli->bps = strtoll(optarg, NULL, 10);
break; break;
case 11: case 11:
cmd->tcp_enabled = atoi(optarg); cli->tcp_enabled = atoi(optarg);
break; break;
case 12: case 12:
cmd->tcp_sport = atoi(optarg); cli->tcp_sport = atoi(optarg);
break; break;
case 13: case 13:
cmd->tcp_dport = atoi(optarg); cli->tcp_dport = atoi(optarg);
break; break;
case 14: case 14:
cmd->tcp_urg = atoi(optarg); cli->tcp_urg = atoi(optarg);
break; break;
case 15: case 15:
cmd->tcp_ack = atoi(optarg); cli->tcp_ack = atoi(optarg);
break; break;
case 16: case 16:
cmd->tcp_rst = atoi(optarg); cli->tcp_rst = atoi(optarg);
break; break;
case 17: case 17:
cmd->tcp_psh = atoi(optarg); cli->tcp_psh = atoi(optarg);
break; break;
case 18: case 18:
cmd->tcp_syn = atoi(optarg); cli->tcp_syn = atoi(optarg);
break; break;
case 19: case 19:
cmd->tcp_fin = atoi(optarg); cli->tcp_fin = atoi(optarg);
break; break;
case 20: case 20:
cmd->tcp_ece = atoi(optarg); cli->tcp_ece = atoi(optarg);
break; break;
case 21: case 21:
cmd->tcp_cwr = atoi(optarg); cli->tcp_cwr = atoi(optarg);
break; break;
case 22: case 22:
cmd->udp_enabled = atoi(optarg); cli->udp_enabled = atoi(optarg);
break; break;
case 23: case 23:
cmd->udp_sport = atoi(optarg); cli->udp_sport = atoi(optarg);
break; break;
case 24: case 24:
cmd->udp_dport = atoi(optarg); cli->udp_dport = atoi(optarg);
break; break;
case 25: case 25:
cmd->icmp_enabled = atoi(optarg); cli->icmp_enabled = atoi(optarg);
break; break;
case 26: case 26:
cmd->icmp_code = atoi(optarg); cli->icmp_code = atoi(optarg);
break; break;
case 27: case 27:
cmd->icmp_type = atoi(optarg); cli->icmp_type = atoi(optarg);
break; break;

6
src/rule_add/utils/cmdline.h → src/rule_add/utils/cli.h
View File

@@ -8,7 +8,7 @@
#include <string.h> #include <string.h>
struct cmdline struct cli
{ {
const char* cfg_file; const char* cfg_file;
@@ -64,6 +64,6 @@ struct cmdline
int icmp_enabled; int icmp_enabled;
int icmp_code; int icmp_code;
int icmp_type; int icmp_type;
} typedef cmdline_t; } typedef cli_t;
void ParseCommandLine(cmdline_t* cmd, int argc, char* argv[]); void parse_cli(cli_t* cli, int argc, char* argv[]);

76
src/rule_del/prog.c
View File

@@ -7,7 +7,7 @@
#include <loader/utils/xdp.h> #include <loader/utils/xdp.h>
#include <loader/utils/config.h> #include <loader/utils/config.h>
#include <rule_del/utils/cmdline.h> #include <rule_del/utils/cli.h>
// These are required due to being extern with Loader. // These are required due to being extern with Loader.
// To Do: Figure out a way to not require the below without requiring separate object files. // To Do: Figure out a way to not require the below without requiring separate object files.
@@ -19,12 +19,12 @@ int main(int argc, char *argv[])
int ret; int ret;
// Parse command line. // Parse command line.
cmdline_t cmd = {0}; cli_t cli = {0};
cmd.cfg_file = CONFIG_DEFAULT_PATH; cli.cfg_file = CONFIG_DEFAULT_PATH;
ParseCommandLine(&cmd, argc, argv); parse_cli(&cli, argc, argv);
if (!cmd.help) if (!cli.help)
{ {
printf("Parsed command line...\n"); printf("Parsed command line...\n");
} else } else
@@ -42,7 +42,7 @@ int main(int argc, char *argv[])
} }
// Check for config file path. // Check for config file path.
if ((cmd.save || cmd.mode == 0) && (!cmd.cfg_file || strlen(cmd.cfg_file) < 1)) if ((cli.save || cli.mode == 0) && (!cli.cfg_file || strlen(cli.cfg_file) < 1))
{ {
fprintf(stderr, "[ERROR] CFG file not specified or empty. This is required for current mode or options set.\n"); fprintf(stderr, "[ERROR] CFG file not specified or empty. This is required for current mode or options set.\n");
@@ -52,11 +52,11 @@ int main(int argc, char *argv[])
// Load config. // Load config.
config__t cfg = {0}; config__t cfg = {0};
if (cmd.save || cmd.mode == 0) if (cli.save || cli.mode == 0)
{ {
if ((ret = LoadConfig(&cfg, cmd.cfg_file, NULL)) != 0) if ((ret = load_cfg(&cfg, cli.cfg_file, NULL)) != 0)
{ {
fprintf(stderr, "[ERROR] Failed to load config at '%s' (%d)\n", cmd.cfg_file, ret); fprintf(stderr, "[ERROR] Failed to load config at '%s' (%d)\n", cli.cfg_file, ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
@@ -65,12 +65,12 @@ int main(int argc, char *argv[])
} }
// Handle filters mode. // Handle filters mode.
if (cmd.mode == 0) if (cli.mode == 0)
{ {
printf("Using filters mode (0)...\n"); printf("Using filters mode (0)...\n");
// Check index. // Check index.
if (cmd.idx < 1) if (cli.idx < 1)
{ {
fprintf(stderr, "Invalid filter index. Index must start from 1.\n"); fprintf(stderr, "Invalid filter index. Index must start from 1.\n");
@@ -78,7 +78,7 @@ int main(int argc, char *argv[])
} }
// Retrieve filters map FD. // Retrieve filters map FD.
int map_filters = GetMapPinFd(XDP_MAP_PIN_DIR, "map_filters"); int map_filters = get_map_fd_pin(XDP_MAP_PIN_DIR, "map_filters");
if (map_filters < 0) if (map_filters < 0)
{ {
@@ -90,7 +90,7 @@ int main(int argc, char *argv[])
printf("Using 'map_filters' FD => %d...\n", map_filters); printf("Using 'map_filters' FD => %d...\n", map_filters);
int idx = -1; int idx = -1;
int cfg_idx = cmd.idx - 1; int cfg_idx = cli.idx - 1;
int cur_idx = 0; int cur_idx = 0;
// This is where things are a bit tricky due to the layout of our filtering system in XDP. // This is where things are a bit tricky due to the layout of our filtering system in XDP.
@@ -124,7 +124,7 @@ int main(int argc, char *argv[])
} }
// Unset affected filter in config. // Unset affected filter in config.
if (cmd.save) if (cli.save)
{ {
cfg.filters[cfg_idx].set = 0; cfg.filters[cfg_idx].set = 0;
} }
@@ -132,15 +132,15 @@ int main(int argc, char *argv[])
// Update filters. // Update filters.
fprintf(stdout, "Updating filters...\n"); fprintf(stdout, "Updating filters...\n");
UpdateFilters(map_filters, &cfg); update_filters(map_filters, &cfg);
} }
// Handle IPv4 range drop mode. // Handle IPv4 range drop mode.
else if (cmd.mode == 1) else if (cli.mode == 1)
{ {
printf("Using IPv4 range drop mode (1)...\n"); printf("Using IPv4 range drop mode (1)...\n");
// Make sure IP range is specified. // Make sure IP range is specified.
if (!cmd.ip) if (!cli.ip)
{ {
fprintf(stderr, "No IP address or range specified. Please set an IP range using -s, --ip arguments.\n"); fprintf(stderr, "No IP address or range specified. Please set an IP range using -s, --ip arguments.\n");
@@ -148,7 +148,7 @@ int main(int argc, char *argv[])
} }
// Get range map. // Get range map.
int map_range_drop = GetMapPinFd(XDP_MAP_PIN_DIR, "map_range_drop"); int map_range_drop = get_map_fd_pin(XDP_MAP_PIN_DIR, "map_range_drop");
if (map_range_drop < 0) if (map_range_drop < 0)
{ {
@@ -160,19 +160,19 @@ int main(int argc, char *argv[])
printf("Using 'map_range_drop' FD => %d.\n", map_range_drop); printf("Using 'map_range_drop' FD => %d.\n", map_range_drop);
// Parse IP range. // Parse IP range.
ip_range_t range = ParseIpCidr(cmd.ip); ip_range_t range = parse_ip_range(cli.ip);
// Attempt to delete range. // Attempt to delete range.
if ((ret = DeleteRangeDrop(map_range_drop, range.ip, range.cidr)) != 0) if ((ret = delete_range_drop(map_range_drop, range.ip, range.cidr)) != 0)
{ {
fprintf(stderr, "Error deleting range from BPF map (%d).\n", ret); fprintf(stderr, "Error deleting range from BPF map (%d).\n", ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
printf("Removed IP range '%s'...\n", cmd.ip); printf("Removed IP range '%s'...\n", cli.ip);
if (cmd.save) if (cli.save)
{ {
// Loop through IP drop ranges and unset if found. // Loop through IP drop ranges and unset if found.
for (int i = 0; i < MAX_IP_RANGES; i++) for (int i = 0; i < MAX_IP_RANGES; i++)
@@ -184,7 +184,7 @@ int main(int argc, char *argv[])
continue; continue;
} }
if (strcmp(cur_range, cmd.ip) != 0) if (strcmp(cur_range, cli.ip) != 0)
{ {
continue; continue;
} }
@@ -199,17 +199,17 @@ int main(int argc, char *argv[])
{ {
printf("Using source IP block mode (2)...\n"); printf("Using source IP block mode (2)...\n");
if (!cmd.ip) if (!cli.ip)
{ {
fprintf(stderr, "No source IP address specified. Please set an IP using -s, --ip arguments.\n"); fprintf(stderr, "No source IP address specified. Please set an IP using -s, --ip arguments.\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
int map_block = GetMapPinFd(XDP_MAP_PIN_DIR, "map_block"); int map_block = get_map_fd_pin(XDP_MAP_PIN_DIR, "map_block");
int map_block6 = GetMapPinFd(XDP_MAP_PIN_DIR, "map_block6"); int map_block6 = get_map_fd_pin(XDP_MAP_PIN_DIR, "map_block6");
if (cmd.v6) if (cli.v6)
{ {
if (map_block6 < 0) if (map_block6 < 0)
{ {
@@ -222,9 +222,9 @@ int main(int argc, char *argv[])
struct in6_addr addr; struct in6_addr addr;
if ((ret = inet_pton(AF_INET6, cmd.ip, &addr)) != 1) if ((ret = inet_pton(AF_INET6, cli.ip, &addr)) != 1)
{ {
fprintf(stderr, "Failed to convert IPv6 address '%s' to decimal (%d).\n", cmd.ip, ret); fprintf(stderr, "Failed to convert IPv6 address '%s' to decimal (%d).\n", cli.ip, ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
@@ -236,9 +236,9 @@ int main(int argc, char *argv[])
ip = (ip << 8) | addr.s6_addr[i]; ip = (ip << 8) | addr.s6_addr[i];
} }
if ((ret = DeleteBlock6(map_block6, ip)) != 0) if ((ret = delete_block6(map_block6, ip)) != 0)
{ {
fprintf(stderr, "Failed to delete IP '%s' from BPF map (%d).\n", cmd.ip, ret); fprintf(stderr, "Failed to delete IP '%s' from BPF map (%d).\n", cli.ip, ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
@@ -256,30 +256,30 @@ int main(int argc, char *argv[])
struct in_addr addr; struct in_addr addr;
if ((ret = inet_pton(AF_INET, cmd.ip, &addr)) != 1) if ((ret = inet_pton(AF_INET, cli.ip, &addr)) != 1)
{ {
fprintf(stderr, "Failed to convert IP address '%s' to decimal (%d).\n", cmd.ip, ret); fprintf(stderr, "Failed to convert IP address '%s' to decimal (%d).\n", cli.ip, ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
if ((ret = DeleteBlock(map_block, addr.s_addr)) != 0) if ((ret = delete_block(map_block, addr.s_addr)) != 0)
{ {
fprintf(stderr, "Failed to delete IP '%s' from BPF map (%d).\n", cmd.ip, ret); fprintf(stderr, "Failed to delete IP '%s' from BPF map (%d).\n", cli.ip, ret);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
printf("Deleted IP '%s'...\n", cmd.ip); printf("Deleted IP '%s'...\n", cli.ip);
} }
} }
if (cmd.save) if (cli.save)
{ {
// Save config. // Save config.
printf("Saving config...\n"); printf("Saving config...\n");
if ((ret = SaveCfg(&cfg, cmd.cfg_file)) != 0) if ((ret = save_cfg(&cfg, cli.cfg_file)) != 0)
{ {
fprintf(stderr, "[ERROR] Failed to save config.\n"); fprintf(stderr, "[ERROR] Failed to save config.\n");

18
src/rule_del/utils/cmdline.c → src/rule_del/utils/cli.c
View File

@@ -1,4 +1,4 @@
#include <rule_del/utils/cmdline.h> #include <rule_del/utils/cli.h>
const struct option opts[] = const struct option opts[] =
{ {
@@ -16,7 +16,7 @@ const struct option opts[] =
{ NULL, 0, NULL, 0 } { NULL, 0, NULL, 0 }
}; };
void ParseCommandLine(cmdline_t* cmd, int argc, char* argv[]) void parse_cli(cli_t* cli, int argc, char* argv[])
{ {
int c; int c;
@@ -25,37 +25,37 @@ void ParseCommandLine(cmdline_t* cmd, int argc, char* argv[])
switch (c) switch (c)
{ {
case 'c': case 'c':
cmd->cfg_file = optarg; cli->cfg_file = optarg;
break; break;
case 'h': case 'h':
cmd->help = 1; cli->help = 1;
break; break;
case 's': case 's':
cmd->save = 1; cli->save = 1;
break; break;
case 'm': case 'm':
cmd->mode = atoi(optarg); cli->mode = atoi(optarg);
break; break;
case 'i': case 'i':
cmd->idx = atoi(optarg); cli->idx = atoi(optarg);
break; break;
case 'd': case 'd':
cmd->ip = optarg; cli->ip = optarg;
break; break;
case 'v': case 'v':
cmd->v6 = 1; cli->v6 = 1;
break; break;

6
src/rule_del/utils/cmdline.h → src/rule_del/utils/cli.h
View File

@@ -4,7 +4,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <getopt.h> #include <getopt.h>
struct cmdline struct cli
{ {
const char* cfg_file; const char* cfg_file;
@@ -18,6 +18,6 @@ struct cmdline
const char* ip; const char* ip;
int v6; int v6;
} typedef cmdline_t; } typedef cli_t;
void ParseCommandLine(cmdline_t* cmd, int argc, char* argv[]); void parse_cli(cli_t* cli, int argc, char* argv[]);

15
src/xdp/prog.c
View File

@@ -126,7 +126,7 @@ int xdp_prog_main(struct xdp_md *ctx)
} }
#ifdef ENABLE_IP_RANGE_DROP #ifdef ENABLE_IP_RANGE_DROP
if (iph && CheckIpRangeDrop(iph->saddr)) if (iph && check_ip_range_drop(iph->saddr))
{ {
#ifdef DO_STATS_ON_IP_RANGE_DROP_MAP #ifdef DO_STATS_ON_IP_RANGE_DROP_MAP
if (stats) if (stats)
@@ -274,11 +274,11 @@ int xdp_prog_main(struct xdp_md *ctx)
if (iph6) if (iph6)
{ {
UpdateIp6Stats(&pps, &bps, &src_ip6, src_port, protocol, pkt_len, now); update_ip6_stats(&pps, &bps, &src_ip6, src_port, protocol, pkt_len, now);
} }
else if (iph) else if (iph)
{ {
UpdateIpStats(&pps, &bps, iph->saddr, src_port, protocol, pkt_len, now); update_ip_stats(&pps, &bps, iph->saddr, src_port, protocol, pkt_len, now);
} }
int action = 0; int action = 0;
@@ -290,7 +290,6 @@ int xdp_prog_main(struct xdp_md *ctx)
filter_t *filter = bpf_map_lookup_elem(&map_filters, &key); filter_t *filter = bpf_map_lookup_elem(&map_filters, &key);
// Check if ID is above 0 (if 0, it's an invalid rule).
if (!filter || !filter->set) if (!filter || !filter->set)
{ {
break; break;
@@ -352,10 +351,12 @@ int xdp_prog_main(struct xdp_md *ctx)
continue; continue;
} }
if (!IsIpInRange(iph->saddr, filter->src_ip, filter->src_cidr)) if (!is_ip_in_range(iph->saddr, filter->src_ip, filter->src_cidr))
{ {
continue; continue;
} }
} }
// Destination address. // Destination address.
@@ -366,7 +367,7 @@ int xdp_prog_main(struct xdp_md *ctx)
continue; continue;
} }
if (!IsIpInRange(iph->daddr, filter->dst_ip, filter->dst_cidr)) if (!is_ip_in_range(iph->daddr, filter->dst_ip, filter->dst_cidr))
{ {
continue; continue;
} }
@@ -549,7 +550,7 @@ int xdp_prog_main(struct xdp_md *ctx)
#ifdef ENABLE_FILTER_LOGGING #ifdef ENABLE_FILTER_LOGGING
if (filter->log > 0) if (filter->log > 0)
{ {
LogFilterMsg(iph, iph6, src_port, dst_port, protocol, now, pps, bps, i); log_filter_msg(iph, iph6, src_port, dst_port, protocol, now, pps, bps, i);
} }
#endif #endif

4
src/xdp/utils/helpers.c
View File

@@ -11,7 +11,7 @@
* *
* @return 1 on yes, 0 on no. * @return 1 on yes, 0 on no.
*/ */
static __always_inline int IsIpInRange(u32 src_ip, u32 net_ip, u8 cidr) static __always_inline int is_ip_in_range(u32 src_ip, u32 net_ip, u8 cidr)
{ {
return !((src_ip ^ net_ip) & htonl(0xFFFFFFFFu << (32 - cidr))); return !((src_ip ^ net_ip) & htonl(0xFFFFFFFFu << (32 - cidr)));
} }
@@ -24,7 +24,7 @@ static __always_inline int IsIpInRange(u32 src_ip, u32 net_ip, u8 cidr)
* *
* @return 1 on yes or 0 on no. * @return 1 on yes or 0 on no.
*/ */
static __always_inline int CheckIpRangeDrop(u32 ip) static __always_inline int check_ip_range_drop(u32 ip)
{ {
LpmTrieKey key = LpmTrieKey key =
{ {

4
src/xdp/utils/helpers.h
View File

@@ -32,10 +32,10 @@
#define memcpy(dest, src, n) __builtin_memcpy((dest), (src), (n)) #define memcpy(dest, src, n) __builtin_memcpy((dest), (src), (n))
#endif #endif
static __always_inline int IsIpInRange(u32 src_ip, u32 net_ip, u8 cidr); static __always_inline int is_ip_in_range(u32 src_ip, u32 net_ip, u8 cidr);
#ifdef ENABLE_IP_RANGE_DROP #ifdef ENABLE_IP_RANGE_DROP
static __always_inline int CheckIpRangeDrop(u32 ip); static __always_inline int check_ip_range_drop(u32 ip);
#endif #endif
// The source file is included directly below instead of compiled and linked as an object because when linking, there is no guarantee the compiler will inline the function (which is crucial for performance). // The source file is included directly below instead of compiled and linked as an object because when linking, there is no guarantee the compiler will inline the function (which is crucial for performance).

2
src/xdp/utils/logging.c
View File

@@ -20,7 +20,7 @@
* *
* @return always 0 * @return always 0
*/ */
static __always_inline int LogFilterMsg(struct iphdr* iph, struct ipv6hdr* iph6, u16 src_port, u16 dst_port, u8 protocol, u64 now, u64 pps, u64 bps, int filter_id) static __always_inline int log_filter_msg(struct iphdr* iph, struct ipv6hdr* iph6, u16 src_port, u16 dst_port, u8 protocol, u64 now, u64 pps, u64 bps, int filter_id)
{ {
filter_log_event_t* e = bpf_ringbuf_reserve(&map_filter_log, sizeof(*e), 0); filter_log_event_t* e = bpf_ringbuf_reserve(&map_filter_log, sizeof(*e), 0);

2
src/xdp/utils/logging.h
View File

@@ -6,7 +6,7 @@
#include <xdp/prog_dispatcher.h> #include <xdp/prog_dispatcher.h>
#if defined(ENABLE_FILTERS) && defined(ENABLE_FILTER_LOGGING) #if defined(ENABLE_FILTERS) && defined(ENABLE_FILTER_LOGGING)
static __always_inline int LogFilterMsg(struct iphdr* iph, struct ipv6hdr* iph6, u16 src_port, u16 dst_port, u8 protocol, u64 now, u64 pps, u64 bps, int filter_id); static __always_inline int log_filter_msg(struct iphdr* iph, struct ipv6hdr* iph6, u16 src_port, u16 dst_port, u8 protocol, u64 now, u64 pps, u64 bps, int filter_id);
#endif #endif
// The source file is included directly below instead of compiled and linked as an object because when linking, there is no guarantee the compiler will inline the function (which is crucial for performance). // The source file is included directly below instead of compiled and linked as an object because when linking, there is no guarantee the compiler will inline the function (which is crucial for performance).

4
src/xdp/utils/rl.c
View File

@@ -14,7 +14,7 @@
* *
* @return void * @return void
*/ */
static __always_inline void UpdateIpStats(u64 *pps, u64 *bps, u32 ip, u16 port, u8 protocol, u16 pkt_len, u64 now) static __always_inline void update_ip_stats(u64 *pps, u64 *bps, u32 ip, u16 port, u8 protocol, u16 pkt_len, u64 now)
{ {
#ifdef USE_FLOW_RL #ifdef USE_FLOW_RL
flow_t key = {0}; flow_t key = {0};
@@ -79,7 +79,7 @@ static __always_inline void UpdateIpStats(u64 *pps, u64 *bps, u32 ip, u16 port,
* *
* @return void * @return void
*/ */
static __always_inline void UpdateIp6Stats(u64 *pps, u64 *bps, u128 *ip, u16 port, u8 protocol, u16 pkt_len, u64 now) static __always_inline void update_ip6_stats(u64 *pps, u64 *bps, u128 *ip, u16 port, u8 protocol, u16 pkt_len, u64 now)
{ {
#ifdef USE_FLOW_RL #ifdef USE_FLOW_RL
flow6_t key = {0}; flow6_t key = {0};

4
src/xdp/utils/rl.h
View File

@@ -7,8 +7,8 @@
#include <xdp/utils/maps.h> #include <xdp/utils/maps.h>
#ifdef ENABLE_FILTERS #ifdef ENABLE_FILTERS
static __always_inline void UpdateIpStats(u64 *pps, u64 *bps, u32 ip, u16 port, u8 protocol, u16 pkt_len, u64 now); static __always_inline void update_ip_stats(u64 *pps, u64 *bps, u32 ip, u16 port, u8 protocol, u16 pkt_len, u64 now);
static __always_inline void UpdateIp6Stats(u64 *pps, u64 *bps, u128 *ip, u16 port, u8 protocol, u16 pkt_len, u64 now); static __always_inline void update_ip6_stats(u64 *pps, u64 *bps, u128 *ip, u16 port, u8 protocol, u16 pkt_len, u64 now);
#endif #endif
// The source file is included directly below instead of compiled and linked as an object because when linking, there is no guarantee the compiler will inline the function (which is crucial for performance). // The source file is included directly below instead of compiled and linked as an object because when linking, there is no guarantee the compiler will inline the function (which is crucial for performance).