xdp-dns: attach xdp-dns prog to green0 interface

To block or rate limit DNS query from green network client, the xdp-dns program should be attached to green0 interface to scan the DNS query. attach to red0 interface only get the DNS response packet from red0(WAN), not matching the DNS query we want. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
2026-04-09 18:45:54 +02:00 · 2024-09-04 19:04:42 +00:00
parent a6f4f1dc2e
commit 3579fd95a1
1 changed files with 6 additions and 7 deletions
--- a/src/initscripts/system/ddos
+++ b/src/initscripts/system/ddos
@@ -90,12 +90,12 @@ load_xdpudp () {
 }

 load_xdpdns () {
-	/usr/sbin/xdp-loader status red0 | grep 'xdp_dns'
+	/usr/sbin/xdp-loader status green0 | grep 'xdp_dns'
 	if [ $? -ne 0 ]; then
-		xdp-loader load red0 -P 80 -p /sys/fs/bpf/xdp-dns -n xdp_dns /usr/lib/bpf/xdp_dnsrrl.bpf.o
+		xdp-loader load green0 -P 80 -p /sys/fs/bpf/xdp-dns -n xdp_dns /usr/lib/bpf/xdp_dnsrrl.bpf.o
 		if [ $? -ge 1 ]; then
 			boot_mesg "Native mode not supported, try SKB"
-			xdp-loader load red0 -m skb -P 80 -p /sys/fs/bpf/xdp-dns -n xdp_dns /usr/lib/bpf/xdp_dnsrrl.bpf.o
+			xdp-loader load green0 -m skb -P 80 -p /sys/fs/bpf/xdp-dns -n xdp_dns /usr/lib/bpf/xdp_dnsrrl.bpf.o
 		fi
 	fi
 }
@@ -123,11 +123,10 @@ unload_xdpudp () {
 }

 unload_xdpdns () {
-	/usr/sbin/xdp-loader status red0 | grep 'xdp_dns'
+	/usr/sbin/xdp-loader status green0 | grep 'xdp_dns'
 	if [ $? -eq 0 ]; then
-		prog_id=$(xdp-loader status red0 | grep 'xdp_dns' | awk '{print $4}')
-		/usr/sbin/xdp-loader unload -i $prog_id red0
-		/bin/rm -rf /sys/fs/bpf/xdp-dns
+		prog_id=$(xdp-loader status green0 | grep 'xdp_dns' | awk '{print $4}')
+		/usr/sbin/xdp-loader unload -i $prog_id green0
 	else
 		boot_mesg "Error xdp_dns not loaded!"
 	fi