Track drops

[flowspec-xdp] / genrules.py
diff --git a/genrules.py b/genrules.py

index c0a5311916f6f25536848a21c3a5061be547bab5..40fc5c1f2d84969b959e5d30fdaad8c3c29cdf20 100755 (executable)
--- a/genrules.py
+++ b/genrules.py
@@ -238,6 +238,7 @@ if (!( {ast.write("((((uint32_t)(ip6->flow_lbl[0] & 0xf)) << 2*8) | (((uint32_t)
  with open("rules.h", "w") as out:
      parse = argparse.ArgumentParser()
      parse.add_argument("--ihl", dest="ihl", required=True, choices=["drop-options","accept-options","parse-options"])
+    parse.add_argument("--v6frag", dest="v6frag", required=True, choices=["drop-frags","ignore","parse-frags","ignore-parse-if-rule"])
      parse.add_argument("--8021q", dest="vlan", required=True, choices=["drop-vlan","accept-vlan","parse-vlan"])
      parse.add_argument("--require-8021q", dest="vlan_tag")
      args = parse.parse_args(sys.argv[1:])
@@ -249,6 +250,13 @@ with open("rules.h", "w") as out:
      elif args.ihl == "parse-options":
          out.write("#define PARSE_IHL PARSE\n")
  
+    if args.v6frag == "drop-frags":
+        out.write("#define PARSE_V6_FRAG XDP_DROP\n")
+    elif args.v6frag == "ignore":
+        pass
+    elif args.v6frag == "parse-frags":
+        out.write("#define PARSE_V6_FRAG PARSE\n")
+
      if args.vlan == "drop-vlan":
          out.write("#define PARSE_8021Q XDP_DROP\n")
      elif args.vlan == "accept-vlan":
@@ -261,6 +269,11 @@ with open("rules.h", "w") as out:
              assert False
          out.write("#define REQ_8021Q " + args.vlan_tag + "\n")
  
+    use_v4 = False
+    use_v6 = False
+    use_v6_frags = False
+    rulecnt = 0
+
      out.write("#define RULES \\\n")
  
      def write_rule(r):
@@ -272,10 +285,12 @@ with open("rules.h", "w") as out:
              continue
          if t[0].strip() == "flow4":
              proto = 4
+            use_v4 = True
              out.write("if (eth_proto == htons(ETH_P_IP)) { \\\n")
              out.write("\tdo {\\\n")
          elif t[0].strip() == "flow6":
              proto = 6
+            use_v6 = True
              out.write("if (eth_proto == htons(ETH_P_IPV6)) { \\\n")
              out.write("\tdo {\\\n")
          else:
@@ -313,12 +328,24 @@ with open("rules.h", "w") as out:
              elif step.strip().startswith("label"):
                  write_rule(flow_label_to_rule(step.strip()[6:]))
              elif step.strip().startswith("fragment"):
+                if proto == 6:
+                    use_v6_frags = True
                  write_rule(fragment_to_rule(proto, step.strip()[9:]))
              elif step.strip() == "":
                  pass
              else:
                  assert False
-        out.write("\t\treturn XDP_DROP;\\\n")
+        out.write(f"\t\tconst uint32_t ruleidx = STATIC_RULE_CNT + {rulecnt};\\\n")
+        out.write("\t\tDO_RETURN(ruleidx, XDP_DROP);\\\n")
          out.write("\t} while(0);\\\n}\\\n")
+        rulecnt += 1
  
      out.write("\n")
+    out.write(f"#define RULECNT {rulecnt}\n")
+    if use_v4:
+        out.write("#define NEED_V4_PARSE\n")
+    if use_v6:
+        out.write("#define NEED_V6_PARSE\n")
+    if args.v6frag == "ignore-parse-if-rule":
+        if use_v6_frags:
+            out.write("#define PARSE_V6_FRAG PARSE\n")