kaffa/XDP-Firewall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix issues with IP range drop map.

Browse Source
This commit is contained in:
Christian Deacon
2025-03-13 08:08:22 -04:00
parent 5a6fff2ba6
commit e9e9027fe7
6 changed files with 15 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/common/types.h
View File

@@ -164,4 +164,4 @@ struct lpm_trie_key
{ {
u32 prefix_len; u32 prefix_len;
u32 data; u32 data;
} typedef LpmTrieKey; } typedef lpm_trie_key_t;

8
src/loader/utils/xdp.c
View File

@@ -628,10 +628,10 @@ int add_block6(int map_block6, u128 ip, u64 expires)
*/ */
int delete_range_drop(int map_range_drop, u32 net, u8 cidr) int delete_range_drop(int map_range_drop, u32 net, u8 cidr)
{ {
u32 bit_mask = ( ~( (1 << (32 - cidr) ) - 1) ); u32 bit_mask = htonl(( ~( (1 << (32 - cidr) ) - 1) ));
u32 start = net & bit_mask; u32 start = net & bit_mask;
LpmTrieKey key = {0}; lpm_trie_key_t key = {0};
key.prefix_len = cidr; key.prefix_len = cidr;
key.data = start; key.data = start;
@@ -649,10 +649,10 @@ int delete_range_drop(int map_range_drop, u32 net, u8 cidr)
*/ */
int add_range_drop(int map_range_drop, u32 net, u8 cidr) int add_range_drop(int map_range_drop, u32 net, u8 cidr)
{ {
u32 bit_mask = ( ~( (1 << (32 - cidr) ) - 1) ); u32 bit_mask = htonl(( ~( (1 << (32 - cidr) ) - 1) ));
u32 start = net & bit_mask; u32 start = net & bit_mask;
LpmTrieKey key = {0}; lpm_trie_key_t key = {0};
key.prefix_len = cidr; key.prefix_len = cidr;
key.data = start; key.data = start;

4
src/xdp/prog.c
View File

@@ -10,13 +10,13 @@
#include <common/all.h> #include <common/all.h>
#include <xdp/utils/maps.h>
#include <xdp/utils/rl.h> #include <xdp/utils/rl.h>
#include <xdp/utils/logging.h> #include <xdp/utils/logging.h>
#include <xdp/utils/stats.h> #include <xdp/utils/stats.h>
#include <xdp/utils/helpers.h> #include <xdp/utils/helpers.h>
#include <xdp/utils/maps.h>
struct struct
{ {
__uint(priority, 10); __uint(priority, 10);

10
src/xdp/utils/helpers.c
View File

@@ -1,7 +1,5 @@
#include <xdp/utils/helpers.h> #include <xdp/utils/helpers.h>
#include <xdp/utils/maps.h>
/** /**
* Checks if an IP is within a specific CIDR range. * Checks if an IP is within a specific CIDR range.
* *
@@ -26,11 +24,9 @@ static __always_inline int is_ip_in_range(u32 src_ip, u32 net_ip, u8 cidr)
*/ */
static __always_inline int check_ip_range_drop(u32 ip) static __always_inline int check_ip_range_drop(u32 ip)
{ {
LpmTrieKey key = lpm_trie_key_t key = {0};
{ key.prefix_len = 32;
.prefix_len = 32, key.data = ip;
.data = ip
};
u64 *lookup = bpf_map_lookup_elem(&map_range_drop, &key); u64 *lookup = bpf_map_lookup_elem(&map_range_drop, &key);

2
src/xdp/utils/helpers.h
View File

@@ -13,6 +13,8 @@
#include <bpf/bpf_helpers.h> #include <bpf/bpf_helpers.h>
#endif #endif
#include <xdp/utils/maps.h>
#define likely(x) __builtin_expect(!!(x), 1) #define likely(x) __builtin_expect(!!(x), 1)
#define unlikely(x) __builtin_expect(!!(x), 0) #define unlikely(x) __builtin_expect(!!(x), 0)

5
src/xdp/utils/maps.h
View File

@@ -30,11 +30,12 @@ struct
} map_block6 SEC(".maps"); } map_block6 SEC(".maps");
#ifdef ENABLE_IP_RANGE_DROP #ifdef ENABLE_IP_RANGE_DROP
struct { struct
{
__uint(type, BPF_MAP_TYPE_LPM_TRIE); __uint(type, BPF_MAP_TYPE_LPM_TRIE);
__uint(max_entries, MAX_IP_RANGES); __uint(max_entries, MAX_IP_RANGES);
__uint(map_flags, BPF_F_NO_PREALLOC); __uint(map_flags, BPF_F_NO_PREALLOC);
__type(key, LpmTrieKey); __type(key, lpm_trie_key_t);
__type(value, u64); __type(value, u64);
} map_range_drop SEC(".maps"); } map_range_drop SEC(".maps");
#endif #endif