Contributing

If you want to start contributing to bpfilter, the best way to get to know the codebase would be to start with one of the @todo available in the code. Most of those tasks are small, self-contained, work trivial enough that they do not deserve their GitHub issue.

Once you know your way around the structure of the project, feel free to continue with the @todo, or jump on a bigger issue in the GitHub issues tracker.

You are welcome to reach out to qde@naccy.de if you need help, or have any question!

To do

  • Enforce clang-format and clang-tidy on all source files.

  • Remove the RPM x86_64 macro workaround from the Fedora bpfilter.spec.

  • Gate the documentation generate in Fedora’s bpfilter.spec with a bcond.

  • Add support for CMake 4.0 and ninja.

  • Handle extra characters in the lexer (currently, any non-matched token will be printed to stdout).

  • Add support for missing matcher operators (e.g. meta.l4_proto not).

  • Add a Fedora 43 build in the CI.

From the code

page todo

Global _bf_ipt_set_counters_handler  (const struct xt_counters_info *counters, size_t len)

Actually update the counters.

Global _bf_matcher_generate_meta_iface  (struct bf_program *program, const struct bf_matcher *matcher)

Add support for input and output interface filtering based on the program’s hook.

Global _bf_run  (void)

Failure to process a request should not stop the daemon!

Global bf_cgen::program

The codegen should not store the program: it creates a bf_program to generate the bytecode, attach it, and only keep the program’s FD (and maps). No need to keep the bytecode, nor (de)serializing it.

Global bf_chain_add_rule  (struct bf_chain *chain, struct bf_rule *rule)

Rules without any matcher should be rejected.

Struct bf_hookopts

Create dedicated function to set the various options, otherwise one could set an option but not update used_opts.

Global bf_link_attach  (struct bf_link *link, enum bf_hook hook, struct bf_hookopts **hookopts, int prog_fd)

Automatically use the most appropriate XDP mode based on the driver’s capabilities.

Validate hookopts before attaching the link.

Struct bf_matcher

bf_matcher’s payload should be a union of all the possible payload types.

Global bf_ns_init  (struct bf_ns *ns, pid_t pid)

What if /proc is not readable?

Global bf_options::transient

Validate the daemon’s behaviour when switch to and from --transient.

Global bf_program::link

A bf_program should not have any link until the program is attached.

Global bf_program_generate  (struct bf_program *program)

Allow chains to have no counters at all.

Global bf_request::data  []

Return a user-readable error message if the request fails.

Global bf_swich_generate  (struct bf_swich *swich)

If no default case is defined, the switch should jump after the last case.

Global closep  (int *fd)

Ensure file descriptors are always initialized to -1, and closed using closep.

File pack.h

bf_wpack_kv_TYPE functions should only write into objects.

bf_wpack_TYPE functions should only write into arrays.