ddos init: add ratelimit

langs/en/cgi-bin/en.pl

@@ -1519,6 +1519,8 @@
 'xdp enable' => 'Enable DDoS',
 'xdp tcp port' => 'TCP Ports',
 'xdp udp port' => 'UDP Ports',
+'xdp dns ratelimit' => 'DNS Ratelimit:',
+'xdp udp ratelimit' => 'UDP Ratelimit:',
 'xdp status' => 'XDP Program Status',
 'xdp interface' => 'Interface',
 'xdp prio' => 'Prio',

langs/zh/cgi-bin/zh.pl

@@ -1511,6 +1511,8 @@
 'xdp enable' => '启动XDP DDoS 分布式攻击防御功能',
 'xdp tcp port' => 'XDP DDoS 分布式攻击防御TCP端口',
 'xdp udp port' => 'XDP DDoS 分布式攻击防御UDP端口',
+'xdp dns ratelimit' => 'DNS 网络包每秒接收速率:',
+'xdp udp ratelimit' => 'UDP 网络包每秒接收速率:',
 'xdp status' => 'XDP 程序加载状态',
 'xdp interface' => '网络接口',
 'xdp prio' => '优先级',

src/initscripts/system/ddos

@@ -133,6 +133,15 @@ unload_xdpdns () {
 	fi
 }
 
+set_ratelimit () {
+	local rate=$1
+	local map=$2
+	hex=$(printf '%08x' "$rate")  # Convert decimal to hexadecimal
+	bytes=$(echo "$hex" | fold -w2 | tac)   # Split the hexadecimal into pairs of bytes and reverse the order
+	hex_le=$(echo "$bytes" | sed 's/^/0x/' | tr '\n' ' ')  # Add prefix "0x" to each byte and concatenate them
+	bpftool map update name $map key hex 00 00 00 00 value $hex_le
+}
+
 tcp_ports="$(get_ports /var/ipfire/ddos/settings)"
 udp_ports="$(get_ports /var/ipfire/ddos/udp-ddos-settings)"
 
@@ -162,9 +171,15 @@ case "$1" in
 		fi
 		if [ "$ENABLE_UDP_DDOS" == "off" ]; then
 			unload_xdpudp
+			if [ -n "$UDP_RATELIMIT" ]; then
+				set_ratelimit $UDP_RATELIMIT "xdp_udp.data"
+			fi
 		fi
 		if [ "$ENABLE_DNS_DDOS" == "off" ]; then
 			unload_xdpdns
+			if [ -n "$DNS_RATELIMIT" ]; then
+				set_ratelimit $DNS_RATELIMIT "xdp_dnsr.data"
+			fi
 		fi
 		;;