X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=xdp.c;h=1344acd1aac2558494ad47b58b0ed89caca74f07;hb=e7e5b2c8192b715dcfb574051c8d098c8360d746;hp=8f73d809ce75d6f7f886a07f0094e254d19da1a7;hpb=c9cc1ccad026928d22628ab8f5f82b3520b85a61;p=flowspec-xdp

diff --git a/xdp.c b/xdp.c
index 8f73d80..1344acd 100644
--- a/xdp.c
+++ b/xdp.c
@@ -7,7 +7,7 @@
 #include <linux/icmpv6.h>
 #include <arpa/inet.h>
 
-#define NULL (void*)0
+#include "siphash.h"
 
 /* IP flags. */
 #define IP_CE		0x8000		/* Flag: "Congestion"		*/
@@ -175,10 +175,7 @@ struct {
 #ifdef RATE_CNT
 struct ratelimit {
 	struct bpf_spin_lock lock;
-	union {
-		int64_t sent_bytes;
-		int64_t sent_packets;
-	} rate;
+	int64_t sent_rate;
 	int64_t sent_time;
 };
 struct {
@@ -194,16 +191,14 @@ struct {
 // map_check_btf as of Linux 5.10).
 // This isn't exactly accurate, but at least its faster.
 struct percpu_ratelimit {
-	union {
-		int64_t sent_bytes;
-		int64_t sent_packets;
-	} rate;
+	int64_t sent_rate;
 	int64_t sent_time;
 };
 
 #define V6_SRC_RATE_DEFINE(n, limit) \
 struct { \
 	__uint(type, BPF_MAP_TYPE_LRU_PERCPU_HASH); \
+	__uint(map_flags, BPF_F_NO_COMMON_LRU); \
 	__uint(max_entries, limit); \
 	uint128_t *key; \
 	struct percpu_ratelimit *value; \
@@ -212,6 +207,7 @@ struct { \
 #define V4_SRC_RATE_DEFINE(n, limit) \
 struct { \
 	__uint(type, BPF_MAP_TYPE_LRU_PERCPU_HASH); \
+	__uint(map_flags, BPF_F_NO_COMMON_LRU); \
 	__uint(max_entries, limit); \
 	__u32 *key; \
 	struct percpu_ratelimit *value; \
@@ -264,8 +260,7 @@ int xdp_drop_prog(struct xdp_md *ctx)
 
 	const void *l4hdr = NULL;
 	const struct tcphdr *tcp = NULL;
-	uint8_t ports_valid = 0;
-	uint16_t sport, dport; // Host Endian! Only valid with tcp || udp
+	int32_t sport = -1, dport = -1; // Host Endian! Only valid with tcp || udp
 
 #ifdef NEED_V4_PARSE
 	if (eth_proto == BE16(ETH_P_IP)) {
@@ -287,13 +282,11 @@ int xdp_drop_prog(struct xdp_md *ctx)
 				tcp = (struct tcphdr*) l4hdr;
 				sport = BE16(tcp->source);
 				dport = BE16(tcp->dest);
-				ports_valid = 1;
 			} else if (ip->protocol == IP_PROTO_UDP) {
 				CHECK_LEN(l4hdr, udphdr);
 				const struct udphdr *udp = (struct udphdr*) l4hdr;
 				sport = BE16(udp->source);
 				dport = BE16(udp->dest);
-				ports_valid = 1;
 			} else if (ip->protocol == IP_PROTO_ICMP) {
 				CHECK_LEN(l4hdr, icmphdr);
 				icmp = (struct icmphdr*) l4hdr;
@@ -334,13 +327,11 @@ int xdp_drop_prog(struct xdp_md *ctx)
 				tcp = (struct tcphdr*) l4hdr;
 				sport = BE16(tcp->source);
 				dport = BE16(tcp->dest);
-				ports_valid = 1;
 			} else if (v6nexthdr == IP_PROTO_UDP) {
 				CHECK_LEN(l4hdr, udphdr);
 				const struct udphdr *udp = (struct udphdr*) l4hdr;
 				sport = BE16(udp->source);
 				dport = BE16(udp->dest);
-				ports_valid = 1;
 			} else if (v6nexthdr == IP6_PROTO_ICMPV6) {
 				CHECK_LEN(l4hdr, icmp6hdr);
 				icmpv6 = (struct icmp6hdr*) l4hdr;