gamemann / XDP-Firewall

A firewall that utilizes the Linux kernel's XDP hook. The XDP hook allows for very fast network processing on Linux systems. This is great for dropping malicious traffic from a (D)DoS attack. IPv6 is supported with this firewall! I hope this helps network engineers/programmers interested in utilizing XDP!
https://deaconn.net/
MIT License
556 stars 91 forks source link

Min, Max Length matcher behavior #22

Closed gamerxp closed 2 years ago

gamerxp commented 2 years ago

As your readme file state,

max_len: The maximum packet length the packet must match. This includes the entire frame... min_len: The minimum packet length the packet must match. This includes the entire frame...

My expected behavior is when specific min and max length (eg. 100, 500), It should be matching packet size between 100-500. But it seem to be other way around, When specific min_len with 100 it's matching every packet that have size lower than 100. Also for max_len it matching packet that have size above the setting.

Is this expected behavior or my expectation is wrong?

After browsing the code, It's seem to occur with TTL as well. https://github.com/gamemann/XDP-Firewall/blob/master/src/xdpfw_kern.c#L440

gamemann commented 2 years ago

Hey! I'm sorry for the late reply!

To be honest, I was pretty new to C/network programming at the time I made this project, so I'm not sure what I was thinking. The way you want it ran makes more sense so I just pushed a couple commits that should fix that :)

Please let me know if it works for you!

Thank you!

gamerxp commented 2 years ago

Hi, No problem about the reply.

This project is really cool! I not the one using but my friend use this feature and I think it a bit weird, So I make a issue here.

Thanks again for amazing project.

gamemann commented 2 years ago

Hey and thank you! In the future, I plan on implementing more in-depth payload matching (complex matching will need to be done in AF_XDP which is still very fast compared to TC hooks, IPTables/NFTables, and the user-space).

I am going to close this issue for now, but if you have any other questions/issues, please let me know! 🙂