Track ports valid directly - as LLVM will | pointers which BPF wont allow

diff --git a/genrules.py b/genrules.py
index edef6175e264f03f6edec910069c55ea92ae1c41..4468c1e00e52d58fb12c9d4769ae12c95c7d2704 100755 (executable)
--- a/genrules.py
+++ b/genrules.py
@@ -232,10 +232,10 @@ def dscp_to_rule(proto, rules):
 def port_to_rule(ty, rules):
     if ty == "port" :
         ast = parse_ast(rules, parse_numbers_expr)
-        return "if (tcp == NULL && udp == NULL) break;\nif (!( " + ast.write("sport", "dport") + " )) break;"
+        return "if (!ports_valid) break;\nif (!( " + ast.write("sport", "dport") + " )) break;"
 
     ast = parse_ast(rules, parse_numbers_expr)
-    return "if (tcp == NULL && udp == NULL) break;\nif (!( " + ast.write(ty) + " )) break;"
+    return "if (!ports_valid) break;\nif (!( " + ast.write(ty) + " )) break;"
 
 def tcp_flags_to_rule(rules):
     ast = parse_ast(rules, parse_bit_expr)

diff --git a/xdp.c b/xdp.c
index 01feac657723f2e290a91f5d9721752626b5ee14..4e4d6c6308437ed759239c1f166f982dca36256c 100644 (file)
--- a/xdp.c
+++ b/xdp.c
@@ -204,7 +204,7 @@ int xdp_drop_prog(struct xdp_md *ctx)
 
        const void *l4hdr = NULL;
        const struct tcphdr *tcp = NULL;
-       const struct udphdr *udp = NULL;
+       uint8_t ports_valid = 0;
        uint16_t sport, dport; // Host Endian! Only valid with tcp || udp
 
 #ifdef NEED_V4_PARSE
@@ -227,11 +227,13 @@ int xdp_drop_prog(struct xdp_md *ctx)
                                tcp = (struct tcphdr*) l4hdr;
                                sport = BE16(tcp->source);
                                dport = BE16(tcp->dest);
+                               ports_valid = 1;
                        } else if (ip->protocol == IP_PROTO_UDP) {
                                CHECK_LEN(l4hdr, udphdr);
-                               udp = (struct udphdr*) l4hdr;
+                               const struct udphdr *udp = (struct udphdr*) l4hdr;
                                sport = BE16(udp->source);
                                dport = BE16(udp->dest);
+                               ports_valid = 1;
                        } else if (ip->protocol == IP_PROTO_ICMP) {
                                CHECK_LEN(l4hdr, icmphdr);
                                icmp = (struct icmphdr*) l4hdr;
@@ -272,11 +274,13 @@ int xdp_drop_prog(struct xdp_md *ctx)
                                tcp = (struct tcphdr*) l4hdr;
                                sport = BE16(tcp->source);
                                dport = BE16(tcp->dest);
+                               ports_valid = 1;
                        } else if (v6nexthdr == IP_PROTO_UDP) {
                                CHECK_LEN(l4hdr, udphdr);
-                               udp = (struct udphdr*) l4hdr;
+                               const struct udphdr *udp = (struct udphdr*) l4hdr;
                                sport = BE16(udp->source);
                                dport = BE16(udp->dest);
+                               ports_valid = 1;
                        } else if (v6nexthdr == IP6_PROTO_ICMPV6) {
                                CHECK_LEN(l4hdr, icmp6hdr);
                                icmpv6 = (struct icmp6hdr*) l4hdr;