#define CPUMAP_MAX_CPUS 64
#define USE_PERCPU_HASH 1
+#define GOT_TX_PEER 1
+#define WRITE_MAP 1
struct vlan_hdr {
__u16 h_vlan_TCI;
};
#endif
+#if GOT_TX_PEER
/* Map has only one element as we don't handle any sort of
* routing for now. Key value set by user space is 0 and
* value is the peer interface. */
.value_size = sizeof(int),
.max_entries = 1,
};
+#endif
#define USE_GLOBAL_BYPASS 0
#if USE_GLOBAL_BYPASS
int sport;
struct flowv4_keys tuple;
struct pair *value;
+#if BUILD_CPUMAP || GOT_TX_PEER
__u32 key0 = 0;
+#endif
#if BUILD_CPUMAP
__u32 cpu_dest;
__u32 *cpu_max = bpf_map_lookup_elem(&cpus_count, &key0);
__u32 *cpu_selected;
__u32 cpu_hash;
#endif
+#if GOT_TX_PEER
int *iface_peer;
int tx_port = 0;
+#endif
if ((void *)(iph + 1) > data_end)
return XDP_PASS;
char fmt[] = "Data: t:%lu p:%lu n:%lu\n";
bpf_trace_printk(fmt, sizeof(fmt), value->time, value->packets, value->bytes);
#endif
+#if WRITE_MAP
value->packets++;
value->bytes += data_end - data;
+#endif
+#if GOT_TX_PEER
iface_peer = bpf_map_lookup_elem(&tx_peer_int, &key0);
if (!iface_peer) {
return XDP_DROP;
} else {
return bpf_redirect_map(&tx_peer, tx_port, 0);
}
+#else
+ return XDP_DROP;
+#endif
}
#if BUILD_CPUMAP
int sport;
struct flowv6_keys tuple;
struct pair *value;
+#if BUILD_CPUMAP || GOT_TX_PEER
__u32 key0 = 0;
+#endif
#if BUILD_CPUMAP
__u32 cpu_dest;
int *cpu_max = bpf_map_lookup_elem(&cpus_count, &key0);
__u32 *cpu_selected;
__u32 cpu_hash;
#endif
+#if GOT_TX_PEER
int tx_port = 0;
int *iface_peer;
+#endif
if ((void *)(ip6h + 1) > data_end)
return 0;
char fmt6[] = "Found IPv6 flow: %d -> %d\n";
bpf_trace_printk(fmt6, sizeof(fmt6), sport, dport);
#endif
+#if WRITE_MAP
value->packets++;
value->bytes += data_end - data;
+#endif
+#if GOT_TX_PEER
iface_peer = bpf_map_lookup_elem(&tx_peer_int, &key0);
if (!iface_peer) {
return XDP_DROP;
} else {
return bpf_redirect_map(&tx_peer, tx_port, 0);
}
+#else
+ return XDP_DROP;
+#endif
}
#if BUILD_CPUMAP
projects / thirdparty / suricata.git / commitdiff
