Loading xdpfw in offload/hardware mode

gamemann / XDP-Firewall

A firewall that utilizes the Linux kernel's XDP hook. The XDP hook allows for very fast network processing on Linux systems. This is great for dropping malicious traffic from a (D)DoS attack. IPv6 is supported with this firewall! I hope this helps network engineers/programmers interested in utilizing XDP!

https://deaconn.net/

MIT License

492 stars 87 forks source link

Loading xdpfw in offload/hardware mode #20

Closed Firewallv2 closed 1 year ago

Firewallv2 commented 1 year ago

when trying to load the xdpfw program using offload/hardware mode using the command xdpfw --offload i get the error

libbpf: map 'filters_map': failed to create: Invalid argument(-22) libbpf: failed to load object '/etc/xdpfw/xdpfw_kern.o' Could not load XDP BPF program :: Invalid argument. Error loading eBPF object file. File name => /etc/xdpfw/xdpfw_kern.o.

Do you Know How to fix this error so it will load in offload/hardware mode?

gamemann commented 1 year ago

Hey, I apologize for the delay!

What NIC are you using with offload mode? Unfortunately, NICs have even stricter BPF size limitations for offloading since the NICs don't have as much memory. I ran into this issue a few times with Netronome NICs, but with another XDP program which worked fine in DRV mode, but not offload mode. Therefore, it may not be possible to run this full program with offload mode.

Thank you.