kaffa/XDP-Firewall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add more info to filter logging.

Browse Source
This commit is contained in:
Christian Deacon
2025-02-26 12:16:33 -05:00
parent f27481fb3b
commit e54fb3fe79
5 changed files with 72 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/common/types.h
View File

@@ -139,9 +139,19 @@ struct filter_log_event
{ {
u64 ts; u64 ts;
int filter_id; int filter_id;
u32 src_ip; u32 src_ip;
u32 src_ip6[4]; u32 src_ip6[4];
u16 src_port; u16 src_port;
u32 dst_ip;
u32 dst_ip6[4];
u16 dst_port;
u8 protocol;
u64 pps; u64 pps;
u64 bps; u64 bps;
} typedef filter_log_event_t; } typedef filter_log_event_t;

24
src/loader/utils/helpers.c
View File

@@ -57,6 +57,30 @@ ip_range_t ParseIpCidr(const char *ip)
return ret; return ret;
} }
/**
* Retrieves protocol name by ID.
*
* @param id The protocol ID
*
* @return The protocol string.
*/
const char* GetProtocolStrById(int id)
{
switch (id)
{
case IPPROTO_TCP:
return "TCP";
case IPPROTO_UDP:
return "UDP";
case IPPROTO_ICMP:
return "ICMP";
}
return "N/A";
}
/** /**
* Prints tool name and author. * Prints tool name and author.
* *

1
src/loader/utils/helpers.h
View File

@@ -18,4 +18,5 @@ extern int cont;
void PrintHelpMenu(); void PrintHelpMenu();
void SignalHndl(int code); void SignalHndl(int code);
ip_range_t ParseIpCidr(const char* ip); ip_range_t ParseIpCidr(const char* ip);
const char* GetProtocolStrById(int id);
void PrintToolInfo(); void PrintToolInfo();

15
src/loader/utils/logging.c
View File

@@ -101,6 +101,8 @@ void LogMsg(config__t* cfg, int req_lvl, int error, const char* msg, ...)
* @param ctx The context (should be config__t*). * @param ctx The context (should be config__t*).
* @param data The event data (should be filter_log_event_t*). * @param data The event data (should be filter_log_event_t*).
* @param sz The event data size. * @param sz The event data size.
*
* @return 0 on success or 1 on failure.
*/ */
int HandleRbEvent(void* ctx, void* data, size_t sz) int HandleRbEvent(void* ctx, void* data, size_t sz)
{ {
@@ -114,14 +116,17 @@ int HandleRbEvent(void* ctx, void* data, size_t sz)
return 1; return 1;
} }
char ip_str[INET6_ADDRSTRLEN]; char src_ip_str[INET6_ADDRSTRLEN];
char dst_ip_str[INET_ADDRSTRLEN];
if (memcmp(e->src_ip6, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 16) != 0) if (memcmp(e->src_ip6, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 16) != 0)
{ {
inet_ntop(AF_INET6, e->src_ip6, ip_str, sizeof(ip_str)); inet_ntop(AF_INET6, e->src_ip6, src_ip_str, sizeof(src_ip_str));
inet_ntop(AF_INET6, e->dst_ip6, dst_ip_str, sizeof(dst_ip_str));
} else } else
{ {
inet_ntop(AF_INET, &e->src_ip, ip_str, sizeof(ip_str)); inet_ntop(AF_INET, &e->src_ip, src_ip_str, sizeof(src_ip_str));
inet_ntop(AF_INET, &e->dst_ip, dst_ip_str, sizeof(dst_ip_str));
} }
char* action = "Dropped"; char* action = "Dropped";
@@ -131,7 +136,9 @@ int HandleRbEvent(void* ctx, void* data, size_t sz)
action = "Passed"; action = "Passed";
} }
LogMsg(cfg, 0, 0, "[FILTER %d] %s packet from '%s:%d' (PPS => %llu, BPS => %llu, Filter Block Time => %llu)...", e->filter_id, action, ip_str, e->src_port, e->pps, e->bps, filter->blocktime); const char* protocol_str = GetProtocolStrById(e->protocol);
LogMsg(cfg, 0, 0, "[FILTER %d] %s %s packet '%s:%d' => '%s:%d' (PPS => %llu, BPS => %llu, Filter Block Time => %llu)...", e->filter_id, action, protocol_str, src_ip_str, htons(e->src_port), dst_ip_str, htons(e->dst_port), e->pps, e->bps, filter->blocktime);
return 0; return 0;
} }

26
src/xdp/prog.c
View File

@@ -136,6 +136,11 @@ int xdp_prog_main(struct xdp_md *ctx)
struct icmp6hdr *icmp6h = NULL; struct icmp6hdr *icmp6h = NULL;
u16 src_port = 0; u16 src_port = 0;
#ifdef ENABLE_FILTER_LOGGING
u16 dst_port = 0;
#endif
u8 protocol = 0; u8 protocol = 0;
if (iph6) if (iph6)
@@ -156,6 +161,10 @@ int xdp_prog_main(struct xdp_md *ctx)
src_port = tcph->source; src_port = tcph->source;
#ifdef ENABLE_FILTER_LOGGING
dst_port = tcph->dest;
#endif
break; break;
case IPPROTO_UDP: case IPPROTO_UDP:
@@ -170,6 +179,10 @@ int xdp_prog_main(struct xdp_md *ctx)
src_port = udph->source; src_port = udph->source;
#ifdef ENABLE_FILTER_LOGGING
dst_port = udph->dest;
#endif
break; break;
case IPPROTO_ICMPV6: case IPPROTO_ICMPV6:
@@ -203,6 +216,10 @@ int xdp_prog_main(struct xdp_md *ctx)
src_port = tcph->source; src_port = tcph->source;
#ifdef ENABLE_FILTER_LOGGING
dst_port = tcph->dest;
#endif
break; break;
case IPPROTO_UDP: case IPPROTO_UDP:
@@ -217,6 +234,10 @@ int xdp_prog_main(struct xdp_md *ctx)
src_port = udph->source; src_port = udph->source;
#ifdef ENABLE_FILTER_LOGGING
dst_port = udph->dest;
#endif
break; break;
case IPPROTO_ICMP: case IPPROTO_ICMP:
@@ -527,12 +548,17 @@ int xdp_prog_main(struct xdp_md *ctx)
if (iph) if (iph)
{ {
e->src_ip = iph->saddr; e->src_ip = iph->saddr;
e->dst_ip = iph->daddr;
} else if (iph6) } else if (iph6)
{ {
memcpy(&e->src_ip6, iph6->saddr.in6_u.u6_addr32, 4); memcpy(&e->src_ip6, iph6->saddr.in6_u.u6_addr32, 4);
memcpy(&e->dst_ip6, iph6->daddr.in6_u.u6_addr32, 4);
} }
e->src_port = src_port; e->src_port = src_port;
e->dst_port = dst_port;
e->protocol = protocol;
e->pps = pps; e->pps = pps;
e->bps = bps; e->bps = bps;