{"id":28833261,"url":"https://github.com/chocholl/xdp_furpf","last_synced_at":"2026-04-01T17:02:15.866Z","repository":{"id":299809581,"uuid":"994328802","full_name":"chocholl/xdp_furpf","owner":"chocholl","description":"Pretty fast XDP-based URPF implementation that leverages hierarchical data structures to perform high-speed packet filtering with rate limiting support.","archived":false,"fork":false,"pushed_at":"2025-08-18T10:54:21.000Z","size":23,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-18T12:30:11.151Z","etag":null,"topics":["arp-poisoning","arp-spoofing","cloud-networking","ebpf","kernel","ndp-poisoning","ndp-spoofing","network-policy","networking","rate-limiting","security","spoofing-attack","urpf","virtual-machine","xdp"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chocholl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-01T17:52:35.000Z","updated_at":"2025-08-18T10:54:24.000Z","dependencies_parsed_at":"2025-06-18T12:53:13.434Z","dependency_job_id":null,"html_url":"https://github.com/chocholl/xdp_furpf","commit_stats":null,"previous_names":["chocholl/xdp_furpf"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/chocholl/xdp_furpf","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chocholl%2Fxdp_furpf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chocholl%2Fxdp_furpf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chocholl%2Fxdp_furpf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chocholl%2Fxdp_furpf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chocholl","download_url":"https://codeload.github.com/chocholl/xdp_furpf/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chocholl%2Fxdp_furpf/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31013915,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-27T02:58:54.984Z","status":"ssl_error","status_checked_at":"2026-03-27T02:58:46.993Z","response_time":164,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arp-poisoning","arp-spoofing","cloud-networking","ebpf","kernel","ndp-poisoning","ndp-spoofing","network-policy","networking","rate-limiting","security","spoofing-attack","urpf","virtual-machine","xdp"],"created_at":"2025-06-19T09:00:59.786Z","updated_at":"2026-03-27T03:07:09.982Z","avatar_url":"https://github.com/chocholl.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# xdp_urpf\n\n## Info\n\nPretty fast XDP-based URPF implementation that leverages hierarchical data structures to perform high-speed packet filtering.\nTwo lookups are in use; the first one, keyed with the source MAC address, brings a pointer to the LPM table containing prefix-list entries to perform a second, source IP-based lookup.\n\nAlong with URPF, it supports ARP/NDP spoofing prevention and policing legitimate traffic with the TCP friendly single-rate policer.\n\nCloud service providers might find it useful to enforce security policies by restricting virtual machines from spoofing source addresses with no computational overhead.\n\n## Filtering principles\n\nIt uses two tables to enforce source verification.\n\n* SRC MAC to SRC IPv4 prefix-list\n\n* SRC MAC to SRC IPv6 prefix-list\n\n## Filtering rules\n\n* Drop IPv4/IPv6 packet if SRC MAC is unknown.\n\n* Drop IPv4/IPv6 packet if SRC IP is missing in the MAC specific prefix-list.\n\n* Drop ICMPv6-NA is SRC Address doesn't match to ND Target Address (see https://datatracker.ietf.org/doc/html/rfc4861#section-4.4)\n\n* Drop ARP if Sender IP doesn't match IPv4 prefix-list\n\n\n## Compile and Attach to NIC\n\n```\ncd repo_dir\nmake\nbash ./attach\n```\n\n## Binding to NIC/vNIC/TAP\n```\nbpftool -d prog load xdp_fw_kern_multi_map.o /sys/fs/bpf/xdp_fw_kern_multi_map\nbpftool net attach xdp pinned /sys/fs/bpf/xdp_fw_kern_multi_map dev ens19\n```\n\n## Prefix-list editing\n\nPrefix-lists are stored in text files with lines representing individual allowed source networks a given VM may use.\n\n```\ncat ./2d-8d-16-ca.acl\n10.18.0.248/29\n192.168.4.0/24\n\ncat ff-26-37-ca.acl.v6\n2a04:f901:a:7d:ffff:ffff:ffff:fffe/128\n\ncat 2d-8d-16-ca.acl.v6\n2a04:f901:b:7d::/64\n```\n\nHaving prefix-list prepared just run CLI script which updates in-kernel data-structures.\nIn order to add entries run the following command\n```\npython3 update_map.py --mac f0-1c-2d-8d-16-ca --command add --file ./2d-8d-16-ca.acl --interface_index 3 --cir 150\n\npython3 update_map_v6.py --mac d4-04-ff-26-37-ca --file ./ff-26-37-ca.acl.v6 --command add --interface_index 3 --cir 100\n```\n\nIn order to delete entries run the following command\n```\npython3 update_map.py --mac f0-1c-2d-8d-16-ca --command del\n\npython3 update_map_v6.py --mac f0-1c-2d-8d-16-ca --command del\n```\n\n\n## Further development\n\nOpen for ideas.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchocholl%2Fxdp_furpf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchocholl%2Fxdp_furpf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchocholl%2Fxdp_furpf/lists"}