ebpf: add XDP Syncookie program

Add XDP Syncookie program to enable Suricata
in af-packet IDS mode to stop host from SYN
flooding attack.

Signed-off-by: Vincent Li <[email protected]>

ebpf/Makefile.am

@@ -1,5 +1,5 @@
 EXTRA_DIST= include bypass_filter.c filter.c lb.c vlan_filter.c xdp_filter.c \
-	    xdp_lb.c hash_func01.h
+	    xdp_lb.c xdp_synproxy_kern.c hash_func01.h
 
 if BUILD_EBPF
 
@@ -12,6 +12,7 @@ BPF_TARGETS += bypass_filter.bpf
 BPF_TARGETS += xdp_filter.bpf
 BPF_TARGETS += xdp_lb.bpf
 BPF_TARGETS += vlan_filter.bpf
+BPF_TARGETS += xdp_synproxy_kern.bpf
 
 all: $(BPF_TARGETS)
 
@@ -21,6 +22,9 @@ $(BPF_TARGETS): %.bpf: %.c
 	${CLANG} -Wall $(BPF_CFLAGS) -O2 -g \
 		-I/usr/include/$(build_cpu)-$(build_os)/ \
 		-D__KERNEL__ -D__ASM_SYSREG_H \
+		-Wno-unused-value \
+		-Wno-pointer-sign \
+		-Wno-compare-distinct-pointer-types \
 		-target bpf -S -emit-llvm $< -o ${@:.bpf=.ll}
 #      From LLVM-IR to BPF-bytecode in ELF-obj file
 	${LLC} -march=bpf -filetype=obj ${@:.bpf=.ll} -o $@

ebpf/include/vmlinux/vmlinux_common.h

@@ -0,0 +1,11 @@
+#ifndef __VMLINUX_COMMON_H__
+#define __VMLINUX_COMMON_H__
+
+enum {
+	false = 0,
+	true = 1,
+};
+
+typedef _Bool bool;
+
+#endif /* __VMLINUX_COMMON_H__ */

ebpf/include/vmlinux/vmlinux_net.h

@@ -0,0 +1,16 @@
+#ifndef __VMLINUX_NET_H__
+#define __VMLINUX_NET_H__
+
+typedef __u32 __wsum;
+
+struct nf_conn {
+	unsigned long status;
+};
+
+enum ip_conntrack_status {
+	/* Connection is confirmed: originating packet has left box */
+	IPS_CONFIRMED_BIT = 3,
+	IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT),
+};
+
+#endif /* __VMLINUX_NET_H__ */

ebpf/include/vmlinux/vmlinux_types.h

@@ -0,0 +1,14 @@
+#ifndef __VMLINUX_TYPES_H__
+#define __VMLINUX_TYPES_H__
+
+typedef __u8 u8;
+typedef __s16 s16;
+typedef __u16 u16;
+typedef __s32 s32;
+typedef __u32 u32;
+typedef __s64 s64;
+typedef __u64 u64;
+
+typedef s64 ktime_t;
+
+#endif /* __VMLINUX_TYPES_H__ */

ebpf/include/vmlinux_local.h

@@ -0,0 +1,27 @@
+/*
+ * WARNING: This file shadow vmlinux.h that you can generate yourself
+ *
+ * Cmdline to generate vmlinux.h
+ *  bpftool btf dump file /sys/kernel/btf/vmlinux format c > vmlinux.h
+ *
+ * This vmlinux.h shadow contains kernel headers reduced to that were
+ * needed in this project.
+ */
+#ifndef __VMLINUX_H__
+#define __VMLINUX_H__
+
+#include <linux/types.h> /* Needed for __uNN in vmlinux/vmlinux_types.h */
+
+#ifndef BPF_NO_PRESERVE_ACCESS_INDEX
+#pragma clang attribute push (__attribute__((preserve_access_index)), apply_to = record)
+#endif
+
+#include "vmlinux/vmlinux_types.h"
+#include "vmlinux/vmlinux_common.h"
+#include "vmlinux/vmlinux_net.h"
+
+#ifndef BPF_NO_PRESERVE_ACCESS_INDEX
+#pragma clang attribute pop
+#endif
+
+#endif /* __VMLINUX_H__ */