gamemann
commented
1 year ago Hey!
These seem like very interesting feature requests and I'd love to implement them in the future, but I'm not sure when I will have the time sadly with some other projects I'm working on :frowning_face:
Feel free to also use the code with whatever you want (I made these tools to help and teach others as much as I can). I am also accepting any pull requests that implements additional functionality as long as it's stable!
I may implement these features into a future all-in-one router and firewall using XDP or other optional libraries such as the DPDK called NetConn. I haven't started development yet, but it will include a GUI and be fully open-source + free!
kolinfluence
needed this exactly for most basic anti-ddos protection.
can i buy u coffees to expand on these area?
a) i have created multiple processes for each port to handle incoming requests per cpu. e.g. if 2 cpus 8080, 8081, if 4 cpus, spawn 8080,8081,8082,8083. if 32 cpus, spawn 8080-8080+32 etc possible to do a way to crc / xxhash MOD/% (number of CPU threads) the incoming ip address and divert to the port number of the moded value? e.g. crc(123.123.123.123)%4 = 5 for example, and incoming address 123.123.123.123 -> port 8080+5 = 8085 would like can config the initial port num. need listening to port 80 and 443 actually for http
b) the programs listening to the ports has been customized to block ips based on certain rules and blocked ips are currently added to "ipset" list. how do i add IP to BPF_MAP_TYPE_LRU_HASH such that those in the LRU hash will be blocked / XDP_DROP?
c) i just saw your XDP_Firewall repo and possible to have a way to delete IPs in LRU hash in the XDP_Drop list? that's all actually.
was about to write one but u have done so much already. great work! hope to see it in production soon!
would like to buy u coffees if u can make this happen. do mention where to buy u the coffees.