tfw_ipv6_hash(struct in6_addr *addr)
{
return ((unsigned long)addr->s6_addr32[0] << 32)
^ ((unsigned long)addr->s6_addr32[1] << 24)
^ ((unsigned long)addr->s6_addr32[2] << 8)
^ addr->s6_addr32[3];
}
void
tfw_filter_block_ip(struct in6_addr *addr)
{
TfwFRule rule = {
.addr = *addr,
.action = TFW_F_DROP,
};
unsigned long key = tfw_ipv6_hash(addr);
size_t len = sizeof(rule);
/* TODO create records on all NUMA nodes. */
if (!tdb_entry_create(ip_filter_db, key, &rule, &len)) {
TFW_WARN_ADDR6("cannot create blocking rule", addr);
} else {
TFW_DBG_ADDR6("block client", addr);
}
}
EXPORT_SYMBOL(tfw_filter_block_ip);
/**
* Drop early IP layer filtering.
* The check is run agains each ingress packet - if application layer filter
* blocks a client, then the client is totaly blocked and can't send us any
tfw_ipv6_hash(const struct in6_addr *addr)
{
return ((unsigned long)addr->s6_addr32[0] << 32)
^ ((unsigned long)addr->s6_addr32[1] << 24)
^ ((unsigned long)addr->s6_addr32[2] << 8)
^ addr->s6_addr32[3];
}
void
tfw_filter_block_ip(const TfwAddr *addr)
{
TfwFRule rule = {
.addr = addr->sin6_addr,
.action = TFW_F_DROP,
};
unsigned long key = tfw_ipv6_hash(&addr->sin6_addr);
size_t len = sizeof(rule);
TFW_DBG_ADDR("filter: block", addr, TFW_NO_PORT);
/* TODO create records on all NUMA nodes. */
if (!tdb_entry_create(ip_filter_db, key, &rule, &len)) {
TFW_WARN_ADDR("cannot create blocking rule", addr, TFW_NO_PORT);
} else {
TFW_DBG_ADDR("block client", addr, TFW_NO_PORT);
}
}
EXPORT_SYMBOL(tfw_filter_block_ip);
/**
* Drop early IP layer filtering.
