You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First of all, thank you very much for taking the time to maintain this project. This project has been very helpful to me in the past period of time, not only because of the effect of the project, but also because I have learned a lot of relevant knowledge.
In recent studies, I found that xdp seems to be used to block arp requests. Considering the current proliferation of intranet broadcasts, is it possible to use xdp to write an arp whitelist and reject all arp requests that are not local requests?
Among the bunch of arp requests above, none of them are actually my IP.
Although the kernel will ignore these invalid requests, if it can be implemented using xdp, will the performance be better? My knowledge in this area is relatively lacking, please correct me if there is anything wrong.
Thanks again in advance.
The text was updated successfully, but these errors were encountered:
Hey! I'm glad the project has helped you gain more knowledge in the networking/security fields!
I've seen XDP used for processing ARP requests, mostly for caching ARP entries inside of BPF maps. However, I haven't implemented ARP filtering/caching in any code I've written for XDP in the past. It is certainly possible, though!
Implementing ARP filtering/caching would be faster in XDP since it's the first hook for processing packets in the Linux kernel (assuming your NIC driver supports XDP native). However, I'm not sure if there will be any noticeable difference unless if you're under attack by attackers targeting ARP specifically.
It would be interesting to implement ARP filtering into this firewall, but I'm not sure if I'll have the time to implement such a feature in the near future due to time constraints and working on other projects. With that said, it'll require reworking a lot of the XDP logic.
First of all, thank you very much for taking the time to maintain this project. This project has been very helpful to me in the past period of time, not only because of the effect of the project, but also because I have learned a lot of relevant knowledge.
In recent studies, I found that xdp seems to be used to block arp requests. Considering the current proliferation of intranet broadcasts, is it possible to use xdp to write an arp whitelist and reject all arp requests that are not local requests?
for example:
Among the bunch of arp requests above, none of them are actually my IP.
Although the kernel will ignore these invalid requests, if it can be implemented using xdp, will the performance be better? My knowledge in this area is relatively lacking, please correct me if there is anything wrong.
Thanks again in advance.
The text was updated successfully, but these errors were encountered: