ddos.cgi add ratelimit UI

add ratelimit UI for xdp dns and udp program Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
2026-04-09 18:45:54 +02:00 · 2024-04-22 21:44:47 +00:00
parent 1cd908092b
commit 6accd9056f
4 changed files with 27 additions and 0 deletions
--- a/html/cgi-bin/ddos.cgi
+++ b/html/cgi-bin/ddos.cgi
@@ -198,6 +198,10 @@ print <<END;
                        <td><input type='checkbox' name='ENABLE_DNS_DDOS' $dns_checked></td>
                        <td align='center'><input type='submit' name='DNS_ACTION' value='$Lang::tr{'save'}'></td>
                </tr>
+		<tr>
+                        <td width='50%' class='base'>$Lang::tr{'xdp dns ratelimit'}
+                        <td><input type='text' name='DNS_RATELIMIT' value='$dnsddossettings{'DNS_RATELIMIT'}'</td>
+		</tr>
        </table>

 END
@@ -226,6 +230,10 @@ print <<END;
                        <td><input type='checkbox' name='ENABLE_UDP_DDOS' $udp_checked></td>
                        <td align='center'><input type='submit' name='UDP_ACTION' value='$Lang::tr{'save'}'></td>
                </tr>
+		<tr>
+                        <td width='50%' class='base'>$Lang::tr{'xdp udp ratelimit'}
+                        <td><input type='text' name='UDP_RATELIMIT' value='$udpddossettings{'UDP_RATELIMIT'}'</td>
+		</tr>
        </table>

 END
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1519,6 +1519,8 @@
 'xdp enable' => 'Enable DDoS',
 'xdp tcp port' => 'TCP Ports',
 'xdp udp port' => 'UDP Ports',
+'xdp dns ratelimit' => 'DNS Ratelimit:',
+'xdp udp ratelimit' => 'UDP Ratelimit:',
 'xdp status' => 'XDP Program Status',
 'xdp interface' => 'Interface',
 'xdp prio' => 'Prio',
--- a/langs/zh/cgi-bin/zh.pl
+++ b/langs/zh/cgi-bin/zh.pl
@@ -1511,6 +1511,8 @@
 'xdp enable' => '启动XDP DDoS 分布式攻击防御功能',
 'xdp tcp port' => 'XDP DDoS 分布式攻击防御TCP端口',
 'xdp udp port' => 'XDP DDoS 分布式攻击防御UDP端口',
+'xdp dns ratelimit' => 'DNS 网络包每秒接收速率:',
+'xdp udp ratelimit' => 'UDP 网络包每秒接收速率:',
 'xdp status' => 'XDP 程序加载状态',
 'xdp interface' => '网络接口',
 'xdp prio' => '优先级',
--- a/src/initscripts/system/ddos
+++ b/src/initscripts/system/ddos
@@ -133,6 +133,15 @@ unload_xdpdns () {
 	fi
 }

+set_ratelimit () {
+	local rate=$1
+	local map=$2
+	hex=$(printf '%08x' "$rate")  # Convert decimal to hexadecimal
+	bytes=$(echo "$hex" | fold -w2 | tac)   # Split the hexadecimal into pairs of bytes and reverse the order
+	hex_le=$(echo "$bytes" | sed 's/^/0x/' | tr '\n' ' ')  # Add prefix "0x" to each byte and concatenate them
+	bpftool map update name $map key hex 00 00 00 00 value $hex_le
+}
+
 tcp_ports="$(get_ports /var/ipfire/ddos/settings)"
 udp_ports="$(get_ports /var/ipfire/ddos/udp-ddos-settings)"

@@ -149,9 +158,15 @@ case "$1" in
 		fi
 		if [ "$ENABLE_UDP_DDOS" == "on" ]; then
 			load_xdpudp
+			if [ -n "$UDP_RATELIMIT" ]; then
+				set_ratelimit $UDP_RATELIMIT "xdp_udp.data"
+			fi
 		fi
 		if [ "$ENABLE_DNS_DDOS" == "on" ]; then
 			load_xdpdns
+			if [ -n "$DNS_RATELIMIT" ]; then
+				set_ratelimit $DNS_RATELIMIT "xdp_dnsr.data"
+			fi
 		fi
 		;;