Closed gamerxp closed 2 years ago
gamemann
commented
2 years ago Hey! I'm sorry for the late reply!
To be honest, I was pretty new to C/network programming at the time I made this project, so I'm not sure what I was thinking. The way you want it ran makes more sense so I just pushed a couple commits that should fix that :)
Please let me know if it works for you!
Thank you!
gamerxp
commented
2 years ago Hi, No problem about the reply.
This project is really cool! I not the one using but my friend use this feature and I think it a bit weird, So I make a issue here.
Thanks again for amazing project.
gamemann
commented
2 years ago Hey and thank you! In the future, I plan on implementing more in-depth payload matching (complex matching will need to be done in AF_XDP which is still very fast compared to TC hooks, IPTables/NFTables, and the user-space).
I am going to close this issue for now, but if you have any other questions/issues, please let me know! 🙂
As your readme file state,
max_len: The maximum packet length the packet must match. This includes the entire frame...min_len: The minimum packet length the packet must match. This includes the entire frame...My expected behavior is when specific min and max length (eg. 100, 500), It should be matching packet size between 100-500. But it seem to be other way around, When specific
min_lenwith 100 it's matching every packet that have size lower than 100. Also formax_lenit matching packet that have size above the setting.Is this expected behavior or my expectation is wrong?
After browsing the code, It's seem to occur with TTL as well. https://github.com/gamemann/XDP-Firewall/blob/master/src/xdpfw_kern.c#L440