tinyXDP

Traffic ratelimit, tinyXDP!

The purpose is to mitigate DDoS by clearing traffic exceeding the rate limit through tinyXDP in a space that can be processed before the kernel. It's superfast, even dropped packets will not log.

Requirements

Debian

Usage example

To attach tinyXDP, type

make
make load
make attach INTERFACE=yourinterfacename

To detach tinyXDP, type

make unload
make detach INTERFACE=yourinterfacename

To whitelist server endpoint IP, type

make ip ACTION=add IP=x.x.x.x

To remove IP from whitelist, type

make ip ACTION=remove IP=x.x.x.x

Development setup

Install Requirements

Release History

• 0.1.0

  • The first proper release
  • CREATE: TCP ratelimit

• 0.2.0

  • ADD: TCP conntrack
  • ADD: TCP bogon FLAG check
  • ADD: endpoint ip whitelist adder

• 0.2.1

  • ADD: TCP conntrack advanced
  • EDIT: Change bogon FLAG check logic

Meta

Minjae Kim – minj.ae – minjae@minj.ae

Distributed under the GPLv3 license. See LICENSE for more information.

github.com/minj-ae

Contributing

1. Fork it (https://github.com/minj-ae/tinyXDP)
2. Create your feature branch (git checkout -b feature/fooBar)
3. Commit your changes (git commit -am 'Add some fooBar')
4. Push to the branch (git push origin feature/fooBar)
5. Create a new Pull Request