Loading xdpfw in offload/hardware mode

gamemann / XDP-Firewall

A firewall that utilizes the Linux kernel's XDP hook. The XDP hook allows for very fast network processing on Linux systems. This is great for dropping malicious traffic from a (D)DoS attack. IPv6 is supported with this firewall! I hope this helps network engineers/programmers interested in utilizing XDP!

https://deaconn.net/

MIT License

557 stars 91 forks source link

Loading xdpfw in offload/hardware mode #20

Closed Firewallv2 closed 2 years ago

Firewallv2 commented 2 years ago

when trying to load the xdpfw program using offload/hardware mode using the command xdpfw --offload i get the error

libbpf: map 'filters_map': failed to create: Invalid argument(-22) libbpf: failed to load object '/etc/xdpfw/xdpfw_kern.o' Could not load XDP BPF program :: Invalid argument. Error loading eBPF object file. File name => /etc/xdpfw/xdpfw_kern.o.

Do you Know How to fix this error so it will load in offload/hardware mode?

gamemann commented 2 years ago

Hey, I apologize for the delay!

What NIC are you using with offload mode? Unfortunately, NICs have even stricter BPF size limitations for offloading since the NICs don't have as much memory. I ran into this issue a few times with Netronome NICs, but with another XDP program which worked fine in DRV mode, but not offload mode. Therefore, it may not be possible to run this full program with offload mode.

Thank you.