/tinyXDP

Strict traffic overload control XDP program for endpoint, suitable for getting rid of DDoS packets

Primary LanguageCGNU Affero General Public License v3.0AGPL-3.0

tinyXDP

Traffic ratelimit, tinyXDP!

The purpose is to mitigate DDoS by clearing traffic exceeding the rate limit through tinyXDP in a space that can be processed before the kernel. It's superfast, even dropped packets will not log.

Requirements

Debian



Usage example


To attach tinyXDP, type


make
make load
make attach INTERFACE=yourinterfacename


To detach tinyXDP, type


make unload
make detach INTERFACE=yourinterfacename


To whitelist server endpoint IP, type


make ip ACTION=add IP=x.x.x.x


To remove IP from whitelist, type


make ip ACTION=remove IP=x.x.x.x


Development setup


Install Requirements




Release History


    

  • 

    0.1.0
    

      

    • The first proper release
      • 

    • CREATE: TCP ratelimit
      • 

    

    • 

  • 

    0.2.0
    

      

    • ADD: TCP conntrack
      • 

    • ADD: TCP bogon FLAG check
      • 

    • ADD: endpoint ip whitelist adder
      • 

    

    • 

  • 

    0.2.1
    

      

    • ADD: TCP conntrack advanced
      • 

    • EDIT: Change bogon FLAG check logic
      • 

    

    • 



Meta


Minjae Kim – minj.aeminjae@minj.ae


Distributed under the GPLv3 license. See LICENSE for more information.


github.com/minj-ae


Contributing


    

  1. Fork it (https://github.com/minj-ae/tinyXDP)
    2. 

  2. Create your feature branch (git checkout -b feature/fooBar)
    3. 

  3. Commit your changes (git commit -am 'Add some fooBar')
    4. 

  4. Push to the branch (git push origin feature/fooBar)
    5. 

  5. Create a new Pull Request
    6.