Closed gamerxp closed 2 years ago
Hey! I'm sorry for the late reply!
To be honest, I was pretty new to C/network programming at the time I made this project, so I'm not sure what I was thinking. The way you want it ran makes more sense so I just pushed a couple commits that should fix that :)
Please let me know if it works for you!
Thank you!
Hi, No problem about the reply.
This project is really cool! I not the one using but my friend use this feature and I think it a bit weird, So I make a issue here.
Thanks again for amazing project.
Hey and thank you! In the future, I plan on implementing more in-depth payload matching (complex matching will need to be done in AF_XDP
which is still very fast compared to TC hooks, IPTables/NFTables, and the user-space).
I am going to close this issue for now, but if you have any other questions/issues, please let me know! 🙂
As your readme file state,
max_len: The maximum packet length the packet must match. This includes the entire frame...
min_len: The minimum packet length the packet must match. This includes the entire frame...
My expected behavior is when specific min and max length (eg. 100, 500), It should be matching packet size between 100-500. But it seem to be other way around, When specific
min_len
with 100 it's matching every packet that have size lower than 100. Also formax_len
it matching packet that have size above the setting.Is this expected behavior or my expectation is wrong?
After browsing the code, It's seem to occur with TTL as well. https://github.com/gamemann/XDP-Firewall/blob/master/src/xdpfw_kern.c#L440