From eac34c42100b814be8b771439af199b96fe1f875 Mon Sep 17 00:00:00 2001 From: Vincent Li Date: Tue, 12 Nov 2024 02:08:28 +0000 Subject: [PATCH] ddos: disable XDP SYNACK window scale option disable window scaling for XDP generated SYNACK in ddos script by default Signed-off-by: Vincent Li --- src/initscripts/system/ddos | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/initscripts/system/ddos b/src/initscripts/system/ddos index 1e0f1199f..419b0bb37 100755 --- a/src/initscripts/system/ddos +++ b/src/initscripts/system/ddos @@ -27,6 +27,10 @@ eval $(/usr/local/bin/readhash /var/ipfire/ddos/settings) eval $(/usr/local/bin/readhash /var/ipfire/ddos/udp-ddos-settings) eval $(/usr/local/bin/readhash /var/ipfire/ddos/dns-ddos-settings) +MSSOPTS="--mss4 1460 --mss6 1440" +TTLOPTS="--ttl 64" +WSCALE="--wscale 0" + get_ports () { # Define an empty variable to store the output local output="" @@ -55,17 +59,17 @@ load_syncookie () { /usr/sbin/xdp-loader status red0 | grep 'syncookie_xdp' if [ $? -eq 0 ]; then prog_id=$(xdp-loader status red0 | grep 'syncookie_xdp' | awk '{print $4}') - xdp_synproxy --prog $prog_id --ports="$tcp_ports" + xdp_synproxy --prog $prog_id $MSSOPTS $WSCALE $TTLOPTS --ports="$tcp_ports" else xdp-loader load red0 /usr/lib/bpf/xdp_synproxy.bpf.o if [ $? -ge 1 ]; then boot_mesg "Native mode not supported, try SKB" xdp-loader load red0 -m skb /usr/lib/bpf/xdp_synproxy.bpf.o prog_id=$(/usr/sbin/xdp-loader status red0 | grep 'syncookie_xdp' | awk '{print $4}') - xdp_synproxy --prog $prog_id --ports="$tcp_ports" + xdp_synproxy --prog $prog_id $MSSOPTS $WSCALE $TTLOPTS --ports="$tcp_ports" else prog_id=$(/usr/sbin/xdp-loader status red0 | grep 'syncookie_xdp' | awk '{print $4}') - xdp_synproxy --prog $prog_id --ports="$tcp_ports" + xdp_synproxy --prog $prog_id $MSSOPTS $WSCALE $TTLOPTS --ports="$tcp_ports" fi fi }