From: Eric Leblond <eric@regit.org>
Date: Sun, 7 Jan 2018 21:05:40 +0000 (+0100)
Subject: ebpf: add some comments to eBPF filter
X-Git-Tag: suricata-4.1.0-beta1~188
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bc34703c093ff2d4e7d7e11d894eca393969df8a;p=thirdparty%2Fsuricata.git

ebpf: add some comments to eBPF filter
---

diff --git a/ebpf/bypass_filter.c b/ebpf/bypass_filter.c
index aea9f8ce72..d2ce12aa1c 100644
--- a/ebpf/bypass_filter.c
+++ b/ebpf/bypass_filter.c
@@ -70,6 +70,11 @@ struct bpf_map_def SEC("maps") flow_table_v6 = {
     .max_entries = 32768,
 };
 
+/**
+ * IPv4 filter
+ *
+ * \return 0 to drop packet out and -1 to accept it
+ */
 static __always_inline int ipv4_filter(struct __sk_buff *skb)
 {
     uint32_t nhoff, verlen;
@@ -127,6 +132,11 @@ static __always_inline int ipv4_filter(struct __sk_buff *skb)
     return -1;
 }
 
+/**
+ * IPv6 filter
+ *
+ * \return 0 to drop packet out and -1 to accept it
+ */
 static __always_inline int ipv6_filter(struct __sk_buff *skb)
 {
     uint32_t nhoff;
@@ -180,6 +190,14 @@ static __always_inline int ipv6_filter(struct __sk_buff *skb)
     return -1;
 }
 
+/**
+ * filter function
+ *
+ * It is loaded in kernel by Suricata that uses the section name specified
+ * by the SEC call to find it in the Elf binary object and load it.
+ *
+ * \return 0 to drop packet out and -1 to accept it
+ */
 int SEC("filter") hashfilter(struct __sk_buff *skb) {
     __u32 nhoff = BPF_LL_OFF + ETH_HLEN;
 
diff --git a/ebpf/lb.c b/ebpf/lb.c
index afc8d4f614..14974784d9 100644
--- a/ebpf/lb.c
+++ b/ebpf/lb.c
@@ -105,4 +105,6 @@ int  __section("loadbalancer") lb(struct __sk_buff *skb) {
 
 char __license[] __section("license") = "GPL";
 
+/* libbpf needs version section to check sync of eBPF code and kernel
+ * but socket filter don't need it */
 uint32_t __version __section("version") = LINUX_VERSION_CODE;