diff --git a/src/common/config.h b/src/common/config.h index 5055bee..2342df4 100644 --- a/src/common/config.h +++ b/src/common/config.h @@ -1,10 +1,10 @@ #pragma once // Feel free to comment this out if you don't want the `blocked` entry on the stats map to be incremented every single time a packet is dropped from the source IP being on the blocked map. Commenting this line out should increase performance when blocking malicious traffic. -#define DOSTATSONBLOCKMAP +#define DO_STATS_ON_BLOCK_MAP // When this is defined, a check will occur inside the IPv4 and IPv6 filters. For IPv6 packets, if no IPv6 source/destination IP addresses are set, but there is an IPv4 address, it will ignore the filter. The same goes for IPv4, if there is no IPv4 source/destination IP addresses set, if an IPv6 address is set, it will ignore the filter. -#define ALLOWSINGLEIPV4V6 +#define ALLOW_SINGLE_IP_V4_V6 // If uncommented, rate limits for clients are determined using the source IP, port, and protocol instead of just the source IP. // This allows for more precise rate limits (connection-specific instead of a single source IP). diff --git a/src/xdp/prog.c b/src/xdp/prog.c index 104fa14..6a8e842 100644 --- a/src/xdp/prog.c +++ b/src/xdp/prog.c @@ -107,7 +107,7 @@ int xdp_prog_main(struct xdp_md *ctx) } else { -#ifdef DOSTATSONBLOCKMAP +#ifdef DO_STATS_ON_BLOCK_MAP // Increase blocked stats entry. if (stats) { @@ -273,7 +273,7 @@ int xdp_prog_main(struct xdp_md *ctx) continue; } -#ifdef ALLOWSINGLEIPV4V6 +#ifdef ALLOW_SINGLE_IP_V4_V6 if (filter->src_ip != 0 || filter->dst_ip != 0) { continue; @@ -334,7 +334,7 @@ int xdp_prog_main(struct xdp_md *ctx) } } -#ifdef ALLOWSINGLEIPV4V6 +#ifdef ALLOW_SINGLE_IP_V4_V6 if ((filter->src_ip6[0] != 0 || filter->src_ip6[1] != 0 || filter->src_ip6[2] != 0 || filter->src_ip6[3] != 0) || (filter->dst_ip6[0] != 0 || filter->dst_ip6[1] != 0 || filter->dst_ip6[2] != 0 || filter->dst_ip6[3] != 0)) { continue;