ebpf: add some comments to eBPF filter

diff --git a/ebpf/bypass_filter.c b/ebpf/bypass_filter.c
index aea9f8ce72f14e5c8af65cd59dfd79376b93cfc0..d2ce12aa1cd502a0b9170be945cf1abf5096de34 100644 (file)
--- a/ebpf/bypass_filter.c
+++ b/ebpf/bypass_filter.c
@@ -70,6 +70,11 @@ struct bpf_map_def SEC("maps") flow_table_v6 = {
     .max_entries = 32768,
 };
 
+/**
+ * IPv4 filter
+ *
+ * \return 0 to drop packet out and -1 to accept it
+ */
 static __always_inline int ipv4_filter(struct __sk_buff *skb)
 {
     uint32_t nhoff, verlen;
@@ -127,6 +132,11 @@ static __always_inline int ipv4_filter(struct __sk_buff *skb)
     return -1;
 }
 
+/**
+ * IPv6 filter
+ *
+ * \return 0 to drop packet out and -1 to accept it
+ */
 static __always_inline int ipv6_filter(struct __sk_buff *skb)
 {
     uint32_t nhoff;
@@ -180,6 +190,14 @@ static __always_inline int ipv6_filter(struct __sk_buff *skb)
     return -1;
 }
 
+/**
+ * filter function
+ *
+ * It is loaded in kernel by Suricata that uses the section name specified
+ * by the SEC call to find it in the Elf binary object and load it.
+ *
+ * \return 0 to drop packet out and -1 to accept it
+ */
 int SEC("filter") hashfilter(struct __sk_buff *skb) {
     __u32 nhoff = BPF_LL_OFF + ETH_HLEN;
 

diff --git a/ebpf/lb.c b/ebpf/lb.c
index afc8d4f614d9f21e9ef231303393db623c1684c1..14974784d9258aeb817ea03982fa2b281038748f 100644 (file)
--- a/ebpf/lb.c
+++ b/ebpf/lb.c
@@ -105,4 +105,6 @@ int  __section("loadbalancer") lb(struct __sk_buff *skb) {
 
 char __license[] __section("license") = "GPL";
 
+/* libbpf needs version section to check sync of eBPF code and kernel
+ * but socket filter don't need it */
 uint32_t __version __section("version") = LINUX_VERSION_CODE;