1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef NET_FIREWALL_MAP_H
17 #define NET_FIREWALL_MAP_H
18 
19 #include <linux/bpf.h>
20 
21 #include "netfirewall_types.h"
22 #include "netfirewall_map_def.h"
23 
24 // ingress map begin
25 bpf_map_def SEC("maps") INGRESS_SADDR_MAP = {
26     .type = BPF_MAP_TYPE_LPM_TRIE,
27     .key_size = sizeof(struct ipv4_lpm_key),
28     .value_size = sizeof(struct bitmap),
29     .max_entries = MAP_MAX_ENTRIES,
30     .map_flags = BPF_F_NO_PREALLOC,
31     .inner_map_idx = 0,
32     .numa_node = 0,
33 };
34 bpf_map_def SEC("maps") INGRESS_SADDR6_MAP = {
35     .type = BPF_MAP_TYPE_LPM_TRIE,
36     .key_size = sizeof(struct ipv6_lpm_key),
37     .value_size = sizeof(struct bitmap),
38     .max_entries = MAP_MAX_ENTRIES,
39     .map_flags = BPF_F_NO_PREALLOC,
40     .inner_map_idx = 0,
41     .numa_node = 0,
42 };
43 
44 bpf_map_def SEC("maps") INGRESS_DADDR_MAP = {
45     .type = BPF_MAP_TYPE_LPM_TRIE,
46     .key_size = sizeof(struct ipv4_lpm_key),
47     .value_size = sizeof(struct bitmap),
48     .max_entries = MAP_MAX_ENTRIES,
49     .map_flags = BPF_F_NO_PREALLOC,
50     .inner_map_idx = 0,
51     .numa_node = 0,
52 };
53 bpf_map_def SEC("maps") INGRESS_DADDR6_MAP = {
54     .type = BPF_MAP_TYPE_LPM_TRIE,
55     .key_size = sizeof(struct ipv6_lpm_key),
56     .value_size = sizeof(struct bitmap),
57     .max_entries = MAP_MAX_ENTRIES,
58     .map_flags = BPF_F_NO_PREALLOC,
59     .inner_map_idx = 0,
60     .numa_node = 0,
61 };
62 
63 bpf_map_def SEC("maps") INGRESS_SPORT_MAP = {
64     .type = BPF_MAP_TYPE_LRU_HASH,
65     .key_size = sizeof(port_key),
66     .value_size = sizeof(struct bitmap),
67     .max_entries = MAP_MAX_ENTRIES,
68     .map_flags = 0,
69     .inner_map_idx = 0,
70     .numa_node = 0,
71 };
72 
73 bpf_map_def SEC("maps") INGRESS_DPORT_MAP = {
74     .type = BPF_MAP_TYPE_LRU_HASH,
75     .key_size = sizeof(port_key),
76     .value_size = sizeof(struct bitmap),
77     .max_entries = MAP_MAX_ENTRIES,
78     .map_flags = 0,
79     .inner_map_idx = 0,
80     .numa_node = 0,
81 };
82 bpf_map_def SEC("maps") INGRESS_PROTO_MAP = {
83     .type = BPF_MAP_TYPE_LRU_HASH,
84     .key_size = sizeof(proto_key),
85     .value_size = sizeof(struct bitmap),
86     .max_entries = MAP_MAX_ENTRIES,
87     .map_flags = 0,
88     .inner_map_idx = 0,
89     .numa_node = 0,
90 };
91 bpf_map_def SEC("maps") INGRESS_ACTION_MAP = {
92     .type = BPF_MAP_TYPE_LRU_HASH,
93     .key_size = sizeof(action_key),
94     .value_size = sizeof(action_val),
95     .max_entries = MAP_MAX_ENTRIES,
96     .map_flags = 0,
97     .inner_map_idx = 0,
98     .numa_node = 0,
99 };
100 bpf_map_def SEC("maps") INGRESS_APPUID_MAP = {
101     .type = BPF_MAP_TYPE_LRU_HASH,
102     .key_size = sizeof(appuid_key),
103     .value_size = sizeof(struct bitmap),
104     .max_entries = MAP_MAX_ENTRIES,
105     .map_flags = 0,
106     .inner_map_idx = 0,
107     .numa_node = 0,
108 };
109 bpf_map_def SEC("maps") INGRESS_UID_MAP = {
110     .type = BPF_MAP_TYPE_LRU_HASH,
111     .key_size = sizeof(uid_key),
112     .value_size = sizeof(struct bitmap),
113     .max_entries = MAP_MAX_ENTRIES,
114     .map_flags = 0,
115     .inner_map_idx = 0,
116     .numa_node = 0,
117 };
118 // ingress map end
119 // egress map begin
120 bpf_map_def SEC("maps") EGRESS_SADDR_MAP = {
121     .type = BPF_MAP_TYPE_LPM_TRIE,
122     .key_size = sizeof(struct ipv4_lpm_key),
123     .value_size = sizeof(struct bitmap),
124     .max_entries = MAP_MAX_ENTRIES,
125     .map_flags = BPF_F_NO_PREALLOC,
126     .inner_map_idx = 0,
127     .numa_node = 0,
128 };
129 bpf_map_def SEC("maps") EGRESS_SADDR6_MAP = {
130     .type = BPF_MAP_TYPE_LPM_TRIE,
131     .key_size = sizeof(struct ipv6_lpm_key),
132     .value_size = sizeof(struct bitmap),
133     .max_entries = MAP_MAX_ENTRIES,
134     .map_flags = BPF_F_NO_PREALLOC,
135     .inner_map_idx = 0,
136     .numa_node = 0,
137 };
138 
139 bpf_map_def SEC("maps") EGRESS_DADDR_MAP = {
140     .type = BPF_MAP_TYPE_LPM_TRIE,
141     .key_size = sizeof(struct ipv4_lpm_key),
142     .value_size = sizeof(struct bitmap),
143     .max_entries = MAP_MAX_ENTRIES,
144     .map_flags = BPF_F_NO_PREALLOC,
145     .inner_map_idx = 0,
146     .numa_node = 0,
147 };
148 bpf_map_def SEC("maps") EGRESS_DADDR6_MAP = {
149     .type = BPF_MAP_TYPE_LPM_TRIE,
150     .key_size = sizeof(struct ipv6_lpm_key),
151     .value_size = sizeof(struct bitmap),
152     .max_entries = MAP_MAX_ENTRIES,
153     .map_flags = BPF_F_NO_PREALLOC,
154     .inner_map_idx = 0,
155     .numa_node = 0,
156 };
157 bpf_map_def SEC("maps") EGRESS_SPORT_MAP = {
158     .type = BPF_MAP_TYPE_LRU_HASH,
159     .key_size = sizeof(port_key),
160     .value_size = sizeof(struct bitmap),
161     .max_entries = MAP_MAX_ENTRIES,
162     .map_flags = 0,
163     .inner_map_idx = 0,
164     .numa_node = 0,
165 };
166 bpf_map_def SEC("maps") EGRESS_DPORT_MAP = {
167     .type = BPF_MAP_TYPE_LRU_HASH,
168     .key_size = sizeof(port_key),
169     .value_size = sizeof(struct bitmap),
170     .max_entries = MAP_MAX_ENTRIES,
171     .map_flags = 0,
172     .inner_map_idx = 0,
173     .numa_node = 0,
174 };
175 bpf_map_def SEC("maps") EGRESS_PROTO_MAP = {
176     .type = BPF_MAP_TYPE_LRU_HASH,
177     .key_size = sizeof(proto_key),
178     .value_size = sizeof(struct bitmap),
179     .max_entries = MAP_MAX_ENTRIES,
180     .map_flags = 0,
181     .inner_map_idx = 0,
182     .numa_node = 0,
183 };
184 bpf_map_def SEC("maps") EGRESS_ACTION_MAP = {
185     .type = BPF_MAP_TYPE_LRU_HASH,
186     .key_size = sizeof(action_key),
187     .value_size = sizeof(action_val),
188     .max_entries = MAP_MAX_ENTRIES,
189     .map_flags = 0,
190     .inner_map_idx = 0,
191     .numa_node = 0,
192 };
193 bpf_map_def SEC("maps") EGRESS_APPUID_MAP = {
194     .type = BPF_MAP_TYPE_LRU_HASH,
195     .key_size = sizeof(appuid_key),
196     .value_size = sizeof(struct bitmap),
197     .max_entries = MAP_MAX_ENTRIES,
198     .map_flags = 0,
199     .inner_map_idx = 0,
200     .numa_node = 0,
201 };
202 bpf_map_def SEC("maps") EGRESS_UID_MAP = {
203     .type = BPF_MAP_TYPE_LRU_HASH,
204     .key_size = sizeof(uid_key),
205     .value_size = sizeof(struct bitmap),
206     .max_entries = MAP_MAX_ENTRIES,
207     .map_flags = 0,
208     .inner_map_idx = 0,
209     .numa_node = 0,
210 };
211 bpf_map_def SEC("maps") DEFAULT_ACTION_MAP = {
212     .type = BPF_MAP_TYPE_HASH,
213     .key_size = sizeof(default_action_key),
214     .value_size = sizeof(enum sk_action),
215     .max_entries = 2,
216     .map_flags = 0,
217     .inner_map_idx = 0,
218     .numa_node = 0,
219 };
220 bpf_map_def SEC("maps") CURRENT_UID_MAP = {
221     .type = BPF_MAP_TYPE_HASH,
222     .key_size = sizeof(current_user_id_key),
223     .value_size = sizeof(uid_key),
224     .max_entries = 1,
225     .map_flags = 0,
226     .inner_map_idx = 0,
227     .numa_node = 0,
228 };
229 
230 #endif // NET_FIREWALL_MAP_H