webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-24 09:52:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
21,630 Commits 2 Branches 1 Tag
fe2ad5da663e26545eb2148de06cfd21aaa1dfc2
Commit Graph

16 Commits

Author SHA1 Message Date
Vincent Li
09c182c75a xdp-tools: XDP UDP DDoS for online game protection 
UDP DDoS has pattern of flooding game server with
random source IP and UDP with random payload. game
server UDP traffic requires certain payload
pattern, so this XDP program can serve as example
to stop UDP DDoS attack with UDP payload that does not
match game UDP traffic payload pattern.

without UDP DDoS protection, under DDoS attack:

BPFire UI RED Traffic: in 9xx Mbit/s.

with UDP DDoS protection, under DDoS attack:

BPFire UI RED Traffic: in 1xx Mbit/s.

Tested-by: Muhammad Haikal <eykalpirates@gmail.com>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-11-27 18:32:10 +00:00
Vincent Li
5de3f44cc7 xdp-synproxy: enable or disable window scaling 
XDP generated SYNACK tcp options with window
scaling and timestamp could intermittently cause
small packet transmission on DDoS protected server.
allow user to disable window scaling when such
problem occurs. see [0]

[0]: https://github.com/vincentmli/xdp-tools/issues/7

Reported-by: DNSPROXY.ORG LLC <dnsproxyorg@gmail.com>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-11-12 01:22:27 +00:00
Vincent Li
a600787c67 xdp-synproxy: drop IP don't fragment check 
When XDP DDoS syncookie program is attached
to red0 interface, green network client internet
connection to website like gmail/youtube... failed.
it is because these sites does not have IP DF flag
set for each tcp packet, and syncookie_xdp program
would drop these packets when they arrived at red0
interface.

see https://github.com/vincentmli/BPFire/issues/59

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-10-25 20:35:33 +00:00
Vincent Li
3e17c7b30b xdp-tools: build xdp-tools with libbpf 1.4.6 
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-10-18 17:16:17 +00:00
Vincent Li
86a9264a25 xdp-geoip: add XDP GeoIP program 
Add XDP GeoIP program to do location
IP block in XDP.

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-10-12 20:33:12 +00:00
Vincent Li
a118df6060 xdp-sni: switch LPM trie map to hash map 
switch xdp_sni.bpf.o LPM trie map to hash map
to reduce code complexity and avoid verifier error

now need to add domain and its sub domain to hash
map to block each domain and its sub domain site.

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-10-09 02:48:38 +00:00
Vincent Li
d334d39e3f xdp-sni: add XDP TLS SNI logging 
add XDP TLS SNI logging with bpf ringbuf
drop xdp_sni.bpf.o reverse_string due to
bpf verifier complaining program is too large.

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-10-08 01:05:01 +00:00
Vincent Li
8b3cdb2ebe xdp-tools: fix xdp-dns XDP program byte reverse 
domain name in xdp_dns.bpf.o not reversed properly
result in domain name mismatch with domain inserted
from user space xdp_dns

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-10-04 21:36:09 +00:00
Vincent Li
ccf49b1105 xdp-dns: update xdp_dns to correct map 
change xdp_dns to use
/sys/fs/bpf/xdp-dns-denylist/domain_denylist

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-10-04 04:06:00 +00:00
Vincent Li
13530fa1ef xdp-tools: remove dns query from xdp-dnsrrl 
also change user space xdp_dns_log program to
use map /sys/fs/bpf/xdp-dns-denylist/dns_ringbuf

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-10-02 20:20:48 +00:00
Vincent Li
652ab98e1a xdp-tools: add xdp-dns system logging 
add bpf ringbuf to xdp-dns program and
user space program to log DNS query to
system log.

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-10-01 23:45:03 +00:00
Vincent Li
32c15c3fe3 xdp-tools: add xdp-sni 
add XDP TLS/SSL SNI parsing

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-09-30 03:24:30 +00:00
Vincent Li
74cf8a3943 xdp-tools: add XDP DNS domain denylist 
upgrade xdp-tools and add XDP DNS domain
denylist bpf and user space program.

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-09-12 17:12:16 +00:00
Vincent Li
be1fc5ce77 xdp-tools: add xdp-udp 
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-04-24 00:48:04 +00:00
Vincent Li
9f86b661cb Add xdp dns rate limit program with bpf_printk deleted 
XDP dns rate limit program has static tail call
which requires revert xdp-tool commit:
(039bdea "xdp-loader: Only load the BPF program we need from object files")

XDP dns rate limit program also uses bpf_printk helper which is not
supported on FireBeeOS since kernel CONFIG_BPF_EVENTS which allows user
to do kprobe, uprobe, tracepoint is not enabled, so bpf_printk helper is
not available, so removed bpf_printk

see discussion in [0] xdp-loader load xdp program with bpf tail call result in Bad file descriptor(-9)

[0] https://github.com/xdp-project/xdp-tools/issues/377

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-04-08 19:15:32 +00:00
Vincent Li
f8ca312cfa Add xdp-tools add-on with XDP Synproxy 
add xdp-tools utilities with addition of
SYN flooding DDoS attack protection in XDP

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-03-01 04:08:02 +00:00