{"id":15282538,"url":"https://github.com/sematext/oxdpus","last_synced_at":"2025-04-19T12:36:12.672Z","repository":{"id":42675819,"uuid":"188826158","full_name":"sematext/oxdpus","owner":"sematext","description":"A toy tool that leverages the super powers of XDP to bring in-kernel IP filtering","archived":false,"fork":false,"pushed_at":"2020-08-24T14:16:27.000Z","size":42,"stargazers_count":104,"open_issues_count":5,"forks_count":20,"subscribers_count":20,"default_branch":"master","last_synced_at":"2025-03-29T07:51:25.741Z","etag":null,"topics":["bpf","ebpf","kernel","network","xdp"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sematext.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-05-27T10:55:34.000Z","updated_at":"2025-02-24T08:38:03.000Z","dependencies_parsed_at":"2022-07-08T05:31:13.617Z","dependency_job_id":null,"html_url":"https://github.com/sematext/oxdpus","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sematext%2Foxdpus","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sematext%2Foxdpus/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sematext%2Foxdpus/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sematext%2Foxdpus/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sematext","download_url":"https://codeload.github.com/sematext/oxdpus/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246385451,"owners_count":20768668,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bpf","ebpf","kernel","network","xdp"],"created_at":"2024-09-30T14:26:46.225Z","updated_at":"2025-03-30T21:31:51.815Z","avatar_url":"https://github.com/sematext.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# oxdpus\no**xdp**us is a toy tool that demonstrates some of the super powers of [XDP](https://www.iovisor.org/technology/xdp) - a high performance packet processing path built into the kernel.\n\n\n## Requirements\n\nTo build oxdpus you have to satisify the following requirements:\n- have a modern Linux kernel (\u003e4.12) that supports XDP\n- linux headers\n- clang\n- LLVM\n- Go \u003e1.12\n- gobindata (to embed XDP bytecode inside Go binary)\n\nThis repository ships with a `Makefile` to facilitate the build process. The `make xdp` command compiles the XDP program and generates Go source code to reference the resulting bytecode. Once the XDP ELF object is produced, you can build the Go binary with `make go`. After compilation is done, the binary will be availalbe in `cmd/oxdpus/oxdpus`.\n\nIf your mere intention is to just build the Go binary without requiring modifications in the XDP program, then you'll only need the Go compiler since the XDP bytecode is already baked into the binary. \n\n## Usage\n\nTo see available CLI options, run `oxdpus --help`:\n\n```\noxdpus --help\nA toy tool that leverages the super powers of XDP to bring in-kernel IP filtering\n\nUsage:\n  oxdpus [command]\n\nAvailable Commands:\n  add         Appends a new IP address to the blacklist\n  attach      Attaches the XDP program on the specified device\n  detach      Removes the XDP program from the specified device\n  help        Help about any command\n  list        Shows all IP addresses registered in the blacklist\n  remove      Removes an IP address from the blacklist\n\nFlags:\n  -h, --help   help for oxdpus\n\nUse \"oxdpus [command] --help\" for more information about a command.\n```\n\nTo attach the XDP program to the network interface:\n\n```bash\n$ oxdpus attach --dev=vethbd33820\nINFO XDP program successfully attached to vethbd33820 device\n```\n\nThe magic happens after you add a couple of IP addresses to the blacklist:\n\n```bash\n$ oxdpus add --ip=172.17.0.2\nINFO 172.17.0.2 address added to the blacklist\n$ oxdpus list\n* 172.17.0.2\n$ curl -v 172.17.0.2:80\n*   Trying 172.17.0.2...\n* TCP_NODELAY set\ncurl: (7) Failed to connect to 172.17.0.2 port 80: No route to host\n```\n\nYou can remove the IP from the blacklist or even completely unload the program:\n\n```bash\n$ oxdpus remove --ip=172.17.0.2\nINFO 172.17.0.2 address removed from the blacklist\n$ oxdpus detach --dev=vethbd33820\nINFO XDP program successfully unloaded from vethbd33820 device\n```\n\n### Bump max file descriptor limit\n\nIf you get an error such as `FATA error while loading map \"maps/blacklist\": too many open files`, you're likely running on low file descriptor limits. Run the following commands to bump the limt:\n\n```\necho \"fs.file-max = 4194304\" \u003e\u003e /etc/sysctl.d/local.conf\necho \"fs.nr_open = 4194304\" \u003e\u003e /etc/sysctl.d/local.conf\nsysctl -p /etc/sysctl.d/local.conf\nulimit -n 4194304\nulimit -l unlimited\nsed -i \"s/# End of file//\" /etc/security/limits.conf\nprintf \"\\n* - nofile 4194304\\nroot - nofile 4194304\\n\" \u003e\u003e /etc/security/limits.conf\nprintf \"\\n* - memlock unlimited\\nroot - memlock unlimited\\n\" \u003e\u003e /etc/security/limits.conf\nprintf \"\\nulimit -n 4194304\\nulimit -l unlimited\\n\" \u003e\u003e ~/.bashrc\n```\n\n## Tutorial\n\nTo read more, check out the tutorial I wrote about [Processing Packets at Bare-metal Speed](https://sematext.com/blog/ebpf-and-xdp-for-processing-packets-at-bare-metal-speed/). \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsematext%2Foxdpus","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsematext%2Foxdpus","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsematext%2Foxdpus/lists"}