/
opts.c
109 lines (91 loc) · 2.51 KB
/
opts.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
/* SPDX-License-Identifier: GPL-2.0 */
/*
* Copyright (c) 2023 Meta Platforms, Inc. and affiliates.
*/
#include "opts.h"
#include <argp.h>
#include <stdint.h>
#include "core/logger.h"
#include "shared/helper.h"
/**
* @brief bpfilter runtime configuration
*/
static struct bf_options
{
/** If true, bpfilter won't load or save its state to the filesystem, and
* all the loaded BPF programs will be unloaded before shuting down. Hence,
* as long as bpfilter is running, filtering rules will be applied. When
* bpfilter is stopped, everything is cleaned up. */
bool transient;
/** Size of the log buffer when loading a BPF program, as a power of 2. */
unsigned int bpf_log_buf_len_pow;
/** Bit flags for enabled fronts. */
uint16_t fronts;
/** If true, print debug log messages (bf_debug). */
bool verbose;
} _opts = {
.transient = false,
.bpf_log_buf_len_pow = 16,
.fronts = 0xffff,
.verbose = false,
};
static struct argp_option options[] = {
{"transient", 't', 0, 0,
"Do not load or save runtime context and remove all BPF programs on shutdown",
0},
{"buffer-len", 'b', "BUF_LEN_POW", 0,
"Size of the BPF log buffer as a power of 2 (only used when --verbose is used). Default: 16.",
0},
{"no-iptables", 0x01, 0, 0, "Disable iptables support", 0},
{"verbose", 'v', 0, 0, "Print debug logs", 0},
{0},
};
/**
* @brief argp callback to process command line arguments.
*
* @return 0 on succcess, non-zero on failure.
*/
static error_t _bf_opts_parser(int key, char *arg, struct argp_state *state)
{
UNUSED(arg);
struct bf_options *args = state->input;
switch (key) {
case 't':
args->transient = true;
break;
case 'b':
args->bpf_log_buf_len_pow = atoi(arg);
break;
case 0x01:
bf_info("disabling iptables support");
args->fronts &= ~(1 << BF_FRONT_IPT);
break;
case 'v':
args->verbose = true;
break;
default:
return ARGP_ERR_UNKNOWN;
}
return 0;
}
int bf_opts_init(int argc, char *argv[])
{
struct argp argp = {options, _bf_opts_parser, NULL, NULL, 0, NULL, NULL};
return argp_parse(&argp, argc, argv, 0, 0, &_opts);
}
bool bf_opts_transient(void)
{
return _opts.transient;
}
unsigned int bf_opts_bpf_log_buf_len_pow(void)
{
return _opts.bpf_log_buf_len_pow;
}
bool bf_opts_is_front_enabled(enum bf_front front)
{
return _opts.fronts & (1 << front);
}
bool bf_opts_verbose(void)
{
return _opts.verbose;
}