kaffa/XDP-Firewall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move stats map initialization and increase blocked count for source IPs on blocked map.

Browse Source
This commit is contained in:
Christian Deacon
2020-06-04 18:06:12 +00:00
parent af26940018
commit f7a2f0ccfb
1 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/xdpfw_kern.c
View File

@@ -115,6 +115,12 @@ int xdp_prog_main(struct xdp_md *ctx)
return XDP_DROP; return XDP_DROP;
} }
// Get stats map.
uint32_t key = 0;
struct xdpfw_stats *stats;
stats = bpf_map_lookup_elem(&stats_map, &key);
uint64_t now = bpf_ktime_get_ns(); uint64_t now = bpf_ktime_get_ns();
// Check blacklist map. // Check blacklist map.
@@ -133,6 +139,12 @@ int xdp_prog_main(struct xdp_md *ctx)
} }
else else
{ {
// Increase blocked stats entry.
if (stats)
{
__sync_fetch_and_add(&stats->blocked, 1);
}
// They're still blocked. Drop the packet. // They're still blocked. Drop the packet.
return XDP_DROP; return XDP_DROP;
} }
@@ -460,12 +472,7 @@ int xdp_prog_main(struct xdp_md *ctx)
if (matched) if (matched)
{ {
// Get stats map. // Increase allowed or blocked entries on stats map.
uint32_t key = 0;
struct xdpfw_stats *stats;
stats = bpf_map_lookup_elem(&stats_map, &key);
if (stats) if (stats)
{ {
// Update stats map. // Update stats map.