diff --git a/docs/book/programs/xdp.md b/docs/book/programs/xdp.md index d40539bc..5a616c8e 100644 --- a/docs/book/programs/xdp.md +++ b/docs/book/programs/xdp.md @@ -151,27 +151,6 @@ static BLOCKLIST: HashMap = HashMap::with_max_entries(1024, 0); Here, we define our blocklist with a `HashMap`, which stores integers (u32), with a maximum of 1024 entries. -```rust -#[xdp] -pub fn xdp_firewall(ctx: XdpContext) -> u32 { - match try_xdp_firewall(ctx) { - Ok(ret) => ret, - Err(_) => xdp_action::XDP_ABORTED, - } -``` - -An eBPF-compatible panic handler is provided, because eBPF programs cannot use -the default panic behavior. - -```rust -#[map] -static BLOCKLIST: HashMap = - HashMap::::with_max_entries(1024, 0); -``` - -Here, we define our blocklist with a `HashMap`, which stores integers (`u32`), -with a maximum of 1024 entries. - ```rust #[xdp] pub fn xdp_firewall(ctx: XdpContext) -> u32 { @@ -332,71 +311,11 @@ fn try_xdp_firewall(ctx: XdpContext) -> Result { xdp_action::XDP_DROP } else { xdp_action::XDP_PASS - }; - use aya_log_ebpf::info; - - use core::mem; - use network_types::{ - eth::{EthHdr, EtherType}, - ip::Ipv4Hdr, - }; - - #[panic_handler] - fn panic(_info: &core::panic::PanicInfo) -> ! { - unsafe { core::hint::unreachable_unchecked() } - } - - #[map] - static IP_BLOCKLIST: HashMap = - HashMap::::with_max_entries(1024, 0); - - #[xdp] - pub fn xdp_firewall(ctx: XdpContext) -> u32 { - match try_xdp_firewall(ctx) { - Ok(ret) => ret, - Err(_) => xdp_action::XDP_ABORTED, - } - } - - #[inline(always)] - unsafe fn ptr_at( - ctx: &XdpContext, offset: usize - ) -> Result<*const T, ()> { - let start = ctx.data(); - let end = ctx.data_end(); - let len = mem::size_of::(); - - if start + offset + len > end { - return Err(()); - } - - let ptr = (start + offset) as *const T; - Ok(&*ptr) - } - - fn block_ip(address: u32) -> bool { - unsafe { IP_BLOCKLIST.get(&address).is_some() } - } - - fn try_xdp_firewall(ctx: XdpContext) -> Result { - let ethhdr: *const EthHdr = unsafe { ptr_at(&ctx, 0)? }; - match unsafe { (*ethhdr).ether_type } { - EtherType::Ipv4 => {} - _ => return Ok(xdp_action::XDP_PASS), - } - - let ipv4hdr: *const Ipv4Hdr = unsafe { ptr_at(&ctx, EthHdr::LEN)? }; - let source = u32::from_be(unsafe { (*ipv4hdr).src_addr }); - - let action = if block_ip(source) { - xdp_action::XDP_DROP - } else { - xdp_action::XDP_PASS - }; - info!(&ctx, "SRC: {:i}, ACTION: {}", source, action); + }; + info!(&ctx, "SRC: {:i}, ACTION: {}", source, action); - Ok(action) - } + Ok(action) +} ``` ### Populating our map from user-space