rules6 = ""
rules4 = ""
use_v6_frags = False
- rulecnt = 0
+ stats_rulecnt = 0
ratelimitcnt = 0
v4persrcratelimits = []
v5persrcratelimits = []
# Now write the match handling!
first_action = None
- stats_action = None
+ stats_action = ""
last_action = None
for community in line.split("("):
if not community.startswith("generic, "):
if low_bytes & 1 == 0:
last_action = "return XDP_PASS;"
if low_bytes & 2 == 2:
- stats_action = f"const uint32_t ruleidx = STATIC_RULE_CNT + {rulecnt};\n"
+ stats_action = f"const uint32_t ruleidx = STATIC_RULE_CNT + {stats_rulecnt};\n"
stats_action += "INCREMENT_MATCH(ruleidx);"
elif ty == "0x8008":
assert False # We do not implement the redirect action
write_rule("ip6->flow_lbl[0] = (ip6->flow_lbl[0] & 0x3f) | " + str((low_bytes & 3) << 6) + ";")
if first_action is not None:
write_rule(first_action.replace("{stats_replace}", stats_action))
- if stats_action is not None and (first_action is None or "{stats_replace}" not in first_action):
+ if stats_action != "" and (first_action is None or "{stats_replace}" not in first_action):
write_rule(stats_action)
if last_action is not None:
write_rule(last_action)
rules6 += "\t} while(0);\\\n"
else:
rules4 += "\t} while(0);\\\n"
- rulecnt += 1
+ if stats_action != "":
+ print(rule)
+ stats_rulecnt += 1
lastrule = None
out.write("\n")
- out.write(f"#define RULECNT {rulecnt}\n")
+ out.write(f"#define STATS_RULECNT {stats_rulecnt}\n")
if ratelimitcnt != 0:
out.write(f"#define RATE_CNT {ratelimitcnt}\n")
if rules4 != "":
echo "const uint8_t COMPILE_TIME_RAND[] = { $(dd if=/dev/urandom of=/dev/stdout bs=1 count=8 2>/dev/null | hexdump -e '4/1 "0x%02x, "') };" > rand.h
-echo "$RULES" | ./genrules.py --8021q=drop-vlan --v6frag=ignore-parse-if-rule --ihl=parse-options
+STATS_RULES="$(echo "$RULES" | ./genrules.py --8021q=drop-vlan --v6frag=ignore-parse-if-rule --ihl=parse-options)"
clang $CLANG_ARGS -g -std=c99 -pedantic -Wall -Wextra -Wno-pointer-arith -Wno-unused-variable -Wno-unused-function -O3 -emit-llvm -c xdp.c -o xdp.bc
if [ "$2" != "" ]; then
clang $4 -g -std=c99 -pedantic -Wall -Wextra -Wno-pointer-arith -O3 -emit-llvm -c "$2" -o wrapper.bc
echo "Failed to install in driver, using generic..." && ip link set "$1" xdpgeneric obj xdp sec $XDP_SECTION
)
)
-echo "$RULES" | grep "^flow. {" > installed-rules.txt
+echo "$STATS_RULES" > installed-rules.txt
static const int XDP_PASS = 0;
static const int XDP_DROP = 1;
-static long drop_cnt_map[RULECNT + STATIC_RULE_CNT];
+static long drop_cnt_map[STATS_RULECNT + STATIC_RULE_CNT];
#define INCREMENT_MATCH(reason) { drop_cnt_map[reason] += 1; drop_cnt_map[reason] += data_end - pktdata; }
#else /* TEST */
};
struct {
__uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
- __uint(max_entries, RULECNT + STATIC_RULE_CNT);
+ __uint(max_entries, STATS_RULECNT + STATIC_RULE_CNT);
__u32 *key;
struct match_counter *value;
} drop_cnt_map SEC(".maps");
projects / flowspec-xdp / commitdiff