From: Matt Corallo Date: Tue, 11 May 2021 21:00:12 +0000 (+0000) Subject: Support a wrapper XDP prog which can call the defined xdp_drop meth X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=31c91503a07f942531da55ac861630bfdf8d00fb;p=flowspec-xdp Support a wrapper XDP prog which can call the defined xdp_drop meth --- diff --git a/install.sh b/install.sh index 66ea534..d77a8b0 100755 --- a/install.sh +++ b/install.sh @@ -1,11 +1,28 @@ #!/bin/bash set -e +CLANG_ARGS="" +XDP_SECTION="xdp_drop" +if [ "$2" != "" ]; then + CLANG_ARGS="-DHAVE_WRAPPER" + XDP_SECTION="$3" + if [ ! -f "$2" -o "$3" = "" ]; then + echo "To use a wrapper C file, call as $0 interface path/to/wrapper.c xdp_section wrapper-clang-args" + exit 1 + fi +fi + RULES="$(birdc show route table flowspec4 primary all) $(birdc show route table flowspec6 primary all)" echo "$RULES" | ./genrules.py --8021q=drop-vlan --v6frag=ignore-parse-if-rule --ihl=parse-options -clang -g -std=c99 -pedantic -Wall -Wextra -Wno-pointer-arith -Wno-unused-variable -O3 -emit-llvm -c xdp.c -o - | llc -O3 -march=bpf -filetype=obj -o xdp +clang $CLANG_ARGS -g -std=c99 -pedantic -Wall -Wextra -Wno-pointer-arith -Wno-unused-variable -O3 -emit-llvm -c xdp.c -o xdp.bc +if [ "$2" != "" ]; then + clang $4 -g -std=c99 -pedantic -Wall -Wextra -Wno-pointer-arith -Wno-unused-variable -O3 -emit-llvm -c "$2" -o wrapper.bc + llvm-link xdp.bc wrapper.bc | llc -O3 -march=bpf -filetype=obj -o xdp +else + cat xdp.bc | llc -O3 -march=bpf -filetype=obj -o xdp +fi echo "Before unload drop count was:" ./dropcount.sh || echo "Not loaded" @@ -13,9 +30,9 @@ echo "Before unload drop count was:" ip link set "$1" xdp off ip link set "$1" xdpgeneric off # Note that sometimes the automated fallback does not work properly so we have to || generic here -ip link set "$1" xdpoffload obj xdp sec xdp_drop || ( - echo "Failed to install in NIC, testing in driver..." && ip link set "$1" xdpdrv obj xdp sec xdp_drop || ( - echo "Failed to install in driver, using generic..." && ip link set "$1" xdpgeneric obj xdp sec xdp_drop +ip link set "$1" xdpoffload obj xdp sec $XDP_SECTION || ( + echo "Failed to install in NIC, testing in driver..." && ip link set "$1" xdpdrv obj xdp sec $XDP_SECTION || ( + echo "Failed to install in driver, using generic..." && ip link set "$1" xdpgeneric obj xdp sec $XDP_SECTION ) ) echo "$RULES" | grep "^flow. {" > installed-rules.txt diff --git a/xdp.c b/xdp.c index fc8f2c3..b473ace 100644 --- a/xdp.c +++ b/xdp.c @@ -186,8 +186,10 @@ struct { } rate_map SEC(".maps"); #endif +#ifndef HAVE_WRAPPER // Set this to call xdp_drop externally SEC("xdp_drop") #endif +#endif int xdp_drop_prog(struct xdp_md *ctx) { const void *const data_end = (void *)(size_t)ctx->data_end;