ebpf: add some comments to eBPF filter

pull/3221/head
Eric Leblond 8 years ago
parent 0807dd6740
commit bc34703c09

@ -70,6 +70,11 @@ struct bpf_map_def SEC("maps") flow_table_v6 = {
.max_entries = 32768,
};
/**
* IPv4 filter
*
* \return 0 to drop packet out and -1 to accept it
*/
static __always_inline int ipv4_filter(struct __sk_buff *skb)
{
uint32_t nhoff, verlen;
@ -127,6 +132,11 @@ static __always_inline int ipv4_filter(struct __sk_buff *skb)
return -1;
}
/**
* IPv6 filter
*
* \return 0 to drop packet out and -1 to accept it
*/
static __always_inline int ipv6_filter(struct __sk_buff *skb)
{
uint32_t nhoff;
@ -180,6 +190,14 @@ static __always_inline int ipv6_filter(struct __sk_buff *skb)
return -1;
}
/**
* filter function
*
* It is loaded in kernel by Suricata that uses the section name specified
* by the SEC call to find it in the Elf binary object and load it.
*
* \return 0 to drop packet out and -1 to accept it
*/
int SEC("filter") hashfilter(struct __sk_buff *skb) {
__u32 nhoff = BPF_LL_OFF + ETH_HLEN;

@ -105,4 +105,6 @@ int __section("loadbalancer") lb(struct __sk_buff *skb) {
char __license[] __section("license") = "GPL";
/* libbpf needs version section to check sync of eBPF code and kernel
* but socket filter don't need it */
uint32_t __version __section("version") = LINUX_VERSION_CODE;

Loading…
Cancel
Save