kaffa/XDP-Firewall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add define for incrementing blocked stats when the source IP is on the blocked map.

Browse Source
This commit is contained in:
Christian Deacon
2020-06-04 18:22:07 +00:00
parent f7a2f0ccfb
commit 9c19e1eb8c
1 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/xdpfw_kern.c
View File

@@ -16,6 +16,7 @@
#include "include/xdpfw.h" #include "include/xdpfw.h"
//#define DEBUG //#define DEBUG
#define DOSTATSONBLOCKMAP // Feel free to comment this out if you don't want the `blocked` entry on the stats map to be incremented every single time a packet is dropped from the source IP being on the blocked map. Commenting this line out should increase performance when blocking malicious traffic.
#ifdef DEBUG #ifdef DEBUG
@@ -139,11 +140,13 @@ int xdp_prog_main(struct xdp_md *ctx)
} }
else else
{ {
// Increase blocked stats entry. #ifdef DOSTATSONBLOCKMAP
if (stats) // Increase blocked stats entry.
{ if (stats)
__sync_fetch_and_add(&stats->blocked, 1); {
} __sync_fetch_and_add(&stats->blocked, 1);
}
#endif
// They're still blocked. Drop the packet. // They're still blocked. Drop the packet.
return XDP_DROP; return XDP_DROP;