projects
/
flowspec-xdp
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Track and print rule source in drop prints
[flowspec-xdp]
/
xdp.c
diff --git
a/xdp.c
b/xdp.c
index fc2198d8480dcfc0ab81f7252e70a794cd634c86..4e4d6c6308437ed759239c1f166f982dca36256c 100644
(file)
--- a/
xdp.c
+++ b/
xdp.c
@@
-202,24
+202,15
@@
int xdp_drop_prog(struct xdp_md *ctx)
}
}
}
}
-#ifdef NEED_V4_PARSE
- const struct iphdr *ip = NULL;
- const struct icmphdr *icmp = NULL;
-#endif
-#ifdef NEED_V6_PARSE
- const struct ip6hdr *ip6 = NULL;
- const struct icmp6hdr *icmpv6 = NULL;
- const struct ip6_fraghdr *frag6 = NULL;
-#endif
-
const void *l4hdr = NULL;
const struct tcphdr *tcp = NULL;
const void *l4hdr = NULL;
const struct tcphdr *tcp = NULL;
- const struct udphdr *udp = NULL;
+ uint8_t ports_valid = 0;
+ uint16_t sport, dport; // Host Endian! Only valid with tcp || udp
#ifdef NEED_V4_PARSE
if (eth_proto == BE16(ETH_P_IP)) {
CHECK_LEN(pktdata, iphdr);
#ifdef NEED_V4_PARSE
if (eth_proto == BE16(ETH_P_IP)) {
CHECK_LEN(pktdata, iphdr);
- ip = (struct iphdr*) pktdata;
+
const struct iphdr *
ip = (struct iphdr*) pktdata;
#if PARSE_IHL == PARSE
if (unlikely(ip->ihl < 5)) DO_RETURN(IHL_DROP, XDP_DROP);
#if PARSE_IHL == PARSE
if (unlikely(ip->ihl < 5)) DO_RETURN(IHL_DROP, XDP_DROP);
@@
-229,28
+220,38
@@
int xdp_drop_prog(struct xdp_md *ctx)
l4hdr = pktdata + 5*4;
#endif
l4hdr = pktdata + 5*4;
#endif
+ const struct icmphdr *icmp = NULL;
if ((ip->frag_off & BE16(IP_OFFSET)) == 0) {
if (ip->protocol == IP_PROTO_TCP) {
CHECK_LEN(l4hdr, tcphdr);
tcp = (struct tcphdr*) l4hdr;
if ((ip->frag_off & BE16(IP_OFFSET)) == 0) {
if (ip->protocol == IP_PROTO_TCP) {
CHECK_LEN(l4hdr, tcphdr);
tcp = (struct tcphdr*) l4hdr;
+ sport = BE16(tcp->source);
+ dport = BE16(tcp->dest);
+ ports_valid = 1;
} else if (ip->protocol == IP_PROTO_UDP) {
CHECK_LEN(l4hdr, udphdr);
} else if (ip->protocol == IP_PROTO_UDP) {
CHECK_LEN(l4hdr, udphdr);
- udp = (struct udphdr*) l4hdr;
+ const struct udphdr *udp = (struct udphdr*) l4hdr;
+ sport = BE16(udp->source);
+ dport = BE16(udp->dest);
+ ports_valid = 1;
} else if (ip->protocol == IP_PROTO_ICMP) {
CHECK_LEN(l4hdr, icmphdr);
icmp = (struct icmphdr*) l4hdr;
}
}
} else if (ip->protocol == IP_PROTO_ICMP) {
CHECK_LEN(l4hdr, icmphdr);
icmp = (struct icmphdr*) l4hdr;
}
}
+
+ RULES4
}
#endif
#ifdef NEED_V6_PARSE
if (eth_proto == BE16(ETH_P_IPV6)) {
CHECK_LEN(pktdata, ip6hdr);
}
#endif
#ifdef NEED_V6_PARSE
if (eth_proto == BE16(ETH_P_IPV6)) {
CHECK_LEN(pktdata, ip6hdr);
- ip6 = (struct ip6hdr*) pktdata;
+
const struct ip6hdr *
ip6 = (struct ip6hdr*) pktdata;
l4hdr = pktdata + 40;
uint8_t v6nexthdr = ip6->nexthdr;
l4hdr = pktdata + 40;
uint8_t v6nexthdr = ip6->nexthdr;
+ const struct ip6_fraghdr *frag6 = NULL;
#ifdef PARSE_V6_FRAG
#if PARSE_V6_FRAG == PARSE
if (ip6->nexthdr == IP6_PROTO_FRAG) {
#ifdef PARSE_V6_FRAG
#if PARSE_V6_FRAG == PARSE
if (ip6->nexthdr == IP6_PROTO_FRAG) {
@@
-266,31
+267,29
@@
int xdp_drop_prog(struct xdp_md *ctx)
#endif
// TODO: Handle more options?
#endif
// TODO: Handle more options?
+ const struct icmp6hdr *icmpv6 = NULL;
if (frag6 == NULL || (frag6->frag_off & BE16(IP6_FRAGOFF)) == 0) {
if (v6nexthdr == IP_PROTO_TCP) {
CHECK_LEN(l4hdr, tcphdr);
tcp = (struct tcphdr*) l4hdr;
if (frag6 == NULL || (frag6->frag_off & BE16(IP6_FRAGOFF)) == 0) {
if (v6nexthdr == IP_PROTO_TCP) {
CHECK_LEN(l4hdr, tcphdr);
tcp = (struct tcphdr*) l4hdr;
+ sport = BE16(tcp->source);
+ dport = BE16(tcp->dest);
+ ports_valid = 1;
} else if (v6nexthdr == IP_PROTO_UDP) {
CHECK_LEN(l4hdr, udphdr);
} else if (v6nexthdr == IP_PROTO_UDP) {
CHECK_LEN(l4hdr, udphdr);
- udp = (struct udphdr*) l4hdr;
+ const struct udphdr *udp = (struct udphdr*) l4hdr;
+ sport = BE16(udp->source);
+ dport = BE16(udp->dest);
+ ports_valid = 1;
} else if (v6nexthdr == IP6_PROTO_ICMPV6) {
CHECK_LEN(l4hdr, icmp6hdr);
icmpv6 = (struct icmp6hdr*) l4hdr;
}
}
} else if (v6nexthdr == IP6_PROTO_ICMPV6) {
CHECK_LEN(l4hdr, icmp6hdr);
icmpv6 = (struct icmp6hdr*) l4hdr;
}
}
- }
-#endif
- uint16_t sport, dport; // Host Endian! Only valid with tcp || udp
- if (tcp != NULL) {
- sport = BE16(tcp->source);
- dport = BE16(tcp->dest);
- } else if (udp != NULL) {
- sport = BE16(udp->source);
- dport = BE16(udp->dest);
+ RULES6
}
}
-
- RULES
+#endif
return XDP_PASS;
}
return XDP_PASS;
}