needs a rebase

Author: SkohTV

src/bfcli/parser.y

@@ -360,24 +360,20 @@ rule_option     : LOG LOG_HEADERS
                     _cleanup_free_ char *in = $2;
                     char *tmp = in;
                     char *saveptr;
+                    uint32_t limit;
 
                     if (tmp[0] == '-')
                         bf_parse_err("ratelimit should be positive");
 
                     errno = 0;
-                    uint32_t limit = strtoul(strtok_r(tmp, "/", &saveptr), NULL, 0);
+                    limit = strtoul(strtok_r(tmp, "/", &saveptr), NULL, 0);
                     if (errno != 0)
                         bf_parse_err("ratelimit value is too large");
 
                     $$ = (struct bf_rule_options){
                         .ratelimit = limit,
                         .flags = BF_RULE_OPTION_RATELIMIT,
                     };
-
-                    $$ = (struct bf_rule_options){
-                        .ratelimit = limit,
-                        .flags = BF_RULE_OPTION_RATELIMIT,
-                    };
                 }
                 | MARK STRING
                 {

src/bpfilter/bpf/ratelimit.bpf.c

@@ -23,9 +23,8 @@ __u8 bf_ratelimit(void *map, __u64 key, __u64 limit)
         return 1;
     }
 
-    if (current_time != ratelimit->last_time) {
+    if (current_time != ratelimit->last_time)
         ratelimit->current = 0;
-    }
 
     ratelimit->current++;
     ratelimit->last_time = current_time;

src/bpfilter/cgen/elfstub.h

@@ -135,7 +135,18 @@ enum bf_elfstub_id
      */
     BF_ELFSTUB_LOG,
 
-    // Return 0 on ACCEPT, 1 on DROP
+    /**
+     * Drop packets when `limit` number of packets have already been seen in the last unit of time
+     *
+     * `__u8 bf_ratelimit(void *map, __u64 key, __u64 limit)`
+     *
+     * **Parameters**
+     * - `map`: address of the ratelimit map.
+     * - `key`: key of the map to update.
+     * - `limit`: number of packets allowed to pass in one unit of time.
+     *
+     * **Return** 0 on accept, or 1 on drop.
+     */
     BF_ELFSTUB_RATELIMIT,
 
     _BF_ELFSTUB_MAX,

src/bpfilter/cgen/prog/map.c

@@ -312,12 +312,7 @@ static struct bf_btf *_bf_map_make_btf(const struct bf_map *map)
         btf__add_field(kbtf, "packets", 1, 0, 0);
         btf__add_field(kbtf, "bytes", 1, 64, 0);
         break;
-    case BF_MAP_TYPE_RATELIMIT: // I have no clue what I'm doing here
-        btf__add_int(kbtf, "u64", 8, 0);
-        btf->key_type_id = btf__add_int(kbtf, "u32", 4, 0);
-        btf->value_type_id = btf__add_struct(kbtf, "bf_", 16);
-        btf__add_field(kbtf, "limit", 1, 0, 0);
-        break;
+    case BF_MAP_TYPE_RATELIMIT:
     case BF_MAP_TYPE_PRINTER:
     case BF_MAP_TYPE_SET:
     case BF_MAP_TYPE_LOG:

src/bpfilter/cgen/program.c

@@ -643,13 +643,15 @@ static int _bf_program_generate_rule(struct bf_program *program,
         EMIT(program, BPF_MOV32_IMM(BPF_REG_3, rule->ratelimit));
         EMIT_FIXUP_ELFSTUB(program, BF_ELFSTUB_RATELIMIT);
 
-        _clean_bf_jmpctx_ struct bf_jmpctx ctx =
-            bf_jmpctx_get(program, BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 0));
-
-        EMIT(program,
-             BPF_MOV64_IMM(BPF_REG_0,
-                           program->runtime.ops->get_verdict(BF_VERDICT_DROP)));
-        EMIT(program, BPF_EXIT_INSN());
+        {
+            _clean_bf_jmpctx_ struct bf_jmpctx ctx =
+                bf_jmpctx_get(program, BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 0));
+
+            EMIT(program,
+                 BPF_MOV64_IMM(BPF_REG_0,
+                               program->runtime.ops->get_verdict(BF_VERDICT_DROP)));
+            EMIT(program, BPF_EXIT_INSN());
+        }
     }
 
     switch (rule->verdict) {