zhylmzr
commented
1 year ago 用这个命令安装
ip link set dev eth0 xdp obj ./xdp-clean-dns.elf sec xdpOpen zhaibin18 opened 1 year ago
zhylmzr
commented
1 year ago 用这个命令安装
ip link set dev eth0 xdp obj ./xdp-clean-dns.elf sec xdp
zhaibin18
commented
1 year ago 多谢反馈,使用上面的命令不报错了,在openwrt中使用pppoe拨号,对应的物理网卡是eth0,拨号完成后会有pppoe-wan的接口,执行上面的命令应该用eth0的接口还是pppoe-wan的接口?执行完命令
ip link set dev pppoe-wan xdp obj ./xdp-clean-dns.elf sec xdp
用dig还是获得了污染的IP。
dig信息
dig www.google.com @8.8.8.8
; <<>> DiG 9.18.7 <<>> www.google.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39230
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 83 IN A 199.96.58.105
;; Query time: 29 msec
;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
;; WHEN: Sun Oct 22 14:52:21 CST 2023
;; MSG SIZE rcvd: 48tcpdump数据:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pppoe-wan, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
14:52:21.950975 IP 123.113.111.29.55679 > 8.8.8.8.53: 39230+ [1au] A? www.google.com. (55)
14:52:21.985101 IP 8.8.8.8.53 > 123.113.111.29.55679: 39230 1/0/0 A 199.96.58.105 (48)
14:52:21.985768 IP 8.8.8.8.53 > 123.113.111.29.55679: 39230 1/0/0 A 199.16.156.11 (48)
14:52:21.993570 IP 8.8.8.8.53 > 123.113.111.29.55679: 39230 1/0/1 A 142.251.43.4 (59)tcpdump -i pppoe-wan host 8.8.8.8 -w 1.pcap用wireshark看看数据包是怎样的
zhaibin18
commented
1 year ago zhylmzr
commented
1 year ago 很奇怪为什么IPID=0的包没DROP掉
zhaibin18
commented
1 year ago 我在centos8 上测试貌似是没有问题的,不知道openwrt的问题出在哪里。
zhylmzr
commented
1 year ago 我尝试开启BPF_EVENT后编译内核安装到虚拟机中,在日志中发现确定已经过滤掉相应的包,这就太奇怪了。
zhaibin18
commented
1 year ago 我用的这个openwrt使用imagebuilder自己做的,不知道跟这个有关系没有。
使用openwrt的sdk编译完成后,执行:
ip link set dev eth0 xdp obj ./xdp-clean-dns.elf object file doesn't contain sec prog
openwrt 22.03.2 kernel 5.10.146