oxdpus
oxdpus copied to clipboard
sematext
A toy tool that leverages the super powers of XDP to bring in-kernel IP filtering
IP/CIDR list file support, something like: _oxdpus add --file=/path/to/[bi_any_2_7d.ipset](https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_any_2_7d.ipset)_ (ignoring empty lines and those that start with #)
domain (with optional subdomain wildcard) support, something like: _oxdpus add --domain=mydomain.com_ _oxdpus add --domain=*.anotherdomain.com_ This capability would be similar to [L4Drop / bpfgen](https://blog.cloudflare.com/l4drop-xdp-ebpf-based-ddos-mitigations/)
dependency: #5 IP/CIDR list folder support, something like: _oxdpus add --file=/path/to/folder/*.ipset_
Added completely wrong addresses ``` root@r4:/tmp/oxdpus# ./cmd/oxdpus/oxdpus add 192.168.122.12 INFO 172.17.0.2 address added to the blacklist root@r4:/tmp/oxdpus# root@r4:/tmp/oxdpus# ./cmd/oxdpus/oxdpus list * 172.17.0.2 root@r4:/tmp/oxdpus# ```
Input: `make xdp` output: `clang -I /lib/modules/5.4.0-73-generic/build/arch/x86/include -I /lib/modules/5.4.0-73-generic/build/arch/x86/include/generated/uapi -I /lib/modules/5.4.0-73-generic/build/arch/x86/include/generated -I /lib/modules/5.4.0-73-generic/build/include -I /lib/modules/5.4.0-73-generic/build/arch/x86/include/uapi -I /lib/modules/5.4.0-73-generic/build/include/uapi -include /lib/modules/5.4.0-73-generic/build/include/linux/kconfig.h -I /lib/modules/5.4.0-73-generic/build/include/generated/uapi -D__KERNEL__ -D__ASM_SYSREG_H -Wunused -Wall -Wno-compare-distinct-pointer-types -fno-stack-protector -Wno-pointer-sign -O2 -S...
