Traffic ratelimit, tinyXDP!
The purpose is to mitigate DDoS by clearing traffic exceeding the rate limit through tinyXDP in a space that can be processed before the kernel. It's superfast, even dropped packets will not log.
sudo apt install clang llvm libelf-dev libpcap-dev build-essential libc6-dev-i386 linux-perf linux-headers-$(uname -r) bpftool tcpdump
To attach tinyXDP, type
make
make load
make attach INTERFACE=yourinterfacename
To detach tinyXDP, type
make unload
make detach INTERFACE=yourinterfacename
To whitelist server endpoint IP, type
make ip ACTION=add IP=x.x.x.x
To remove IP from whitelist, type
make ip ACTION=remove IP=x.x.x.x
Install Requirements
-
0.1.0
- The first proper release
- CREATE: TCP ratelimit
-
0.2.0
- ADD: TCP conntrack
- ADD: TCP bogon FLAG check
- ADD: endpoint ip whitelist adder
-
0.2.1
- ADD: TCP conntrack advanced
- EDIT: Change bogon FLAG check logic
-
0.3.0
- ADD: GRE support
- ADD: TCP Strict overload logic
- ADD: UDP Strict overload logic based detection
Minjae Kim – minj.ae – minjae@minj.ae
Distributed under the GPLv3 license. See LICENSE
for more information.
- Fork it (https://github.com/minj-ae/tinyXDP)
- Create your feature branch (
git checkout -b feature/fooBar
) - Commit your changes (
git commit -am 'Add some fooBar'
) - Push to the branch (
git push origin feature/fooBar
) - Create a new Pull Request