ddos.cgi add ratelimit UI

add ratelimit UI for xdp dns and udp program Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
2026-04-09 18:45:54 +02:00 · 2024-04-22 21:44:47 +00:00
parent 1cd908092b
commit 6accd9056f
4 changed files with 27 additions and 0 deletions
--- a/src/initscripts/system/ddos
+++ b/src/initscripts/system/ddos
@@ -133,6 +133,15 @@ unload_xdpdns () {
 	fi
 }

+set_ratelimit () {
+	local rate=$1
+	local map=$2
+	hex=$(printf '%08x' "$rate")  # Convert decimal to hexadecimal
+	bytes=$(echo "$hex" | fold -w2 | tac)   # Split the hexadecimal into pairs of bytes and reverse the order
+	hex_le=$(echo "$bytes" | sed 's/^/0x/' | tr '\n' ' ')  # Add prefix "0x" to each byte and concatenate them
+	bpftool map update name $map key hex 00 00 00 00 value $hex_le
+}
+
 tcp_ports="$(get_ports /var/ipfire/ddos/settings)"
 udp_ports="$(get_ports /var/ipfire/ddos/udp-ddos-settings)"

@@ -149,9 +158,15 @@ case "$1" in
 		fi
 		if [ "$ENABLE_UDP_DDOS" == "on" ]; then
 			load_xdpudp
+			if [ -n "$UDP_RATELIMIT" ]; then
+				set_ratelimit $UDP_RATELIMIT "xdp_udp.data"
+			fi
 		fi
 		if [ "$ENABLE_DNS_DDOS" == "on" ]; then
 			load_xdpdns
+			if [ -n "$DNS_RATELIMIT" ]; then
+				set_ratelimit $DNS_RATELIMIT "xdp_dnsr.data"
+			fi
 		fi
 		;;