Skip to content

Commit

Permalink
Lower MAX_FILTERS to 80 to fix error related to BPF program too large.
Browse files Browse the repository at this point in the history
  • Loading branch information
gamemann committed Oct 11, 2023
1 parent d5fe99c commit c12496a
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ ICMP options exist in the main filter array and start with `icmp_`. Please see b

Everything besides the main `enabled` and `action` options within a filter are **not** required. This means you do not have to define them within your config.

**Note** - As of right now, you can specify up to 90 maximum filters. This is due to BPF's limitations with complexity and jumps. If you want more than 90 filters, you may increase BPF limitations manually or with a patch. If you want to do this, please read [this](https://github.com/gamemann/XDP-Forwarding/tree/master/patches) README from my XDP Forwarding project. Afterwards, feel free to raise the `MAX_FILTERS` constant in the `src/xdpfw.h` [file](https://github.com/gamemann/XDP-Firewall/blob/master/src/xdpfw.h#L6) and then recompile the firewall.
**Note** - As of right now, you can specify up to 80 maximum filters. This is due to BPF's limitations with complexity and jumps. If you want more than 80 filters, you may increase BPF limitations manually or with a patch. If you want to do this, please read [this](https://github.com/gamemann/XDP-Forwarding/tree/master/patches) README from my XDP Forwarding project. Afterwards, feel free to raise the `MAX_FILTERS` constant in the `src/xdpfw.h` [file](https://github.com/gamemann/XDP-Firewall/blob/master/src/xdpfw.h#L6) and then recompile the firewall.

## Configuration Example
Here's an example of a config:
Expand Down
2 changes: 1 addition & 1 deletion src/xdpfw.h
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
#include <linux/types.h>

#define MAX_PCKT_LENGTH 65535
#define MAX_FILTERS 90
#define MAX_FILTERS 80
#define MAX_TRACK_IPS 100000
#define MAX_CPUS 256

Expand Down

0 comments on commit c12496a

Please sign in to comment.