diff --git a/.github/workflows/getdeps_linux.yml b/.github/workflows/getdeps_linux.yml new file mode 100644 index 0000000..ed38a21 --- /dev/null +++ b/.github/workflows/getdeps_linux.yml @@ -0,0 +1,13 @@ + +name: linux + +permissions: + contents: read # to fetch code (actions/checkout) + +jobs: + build: + runs-on: ubuntu-22.04 + steps: + + - name: Test x-defender + diff --git a/.gitignore b/.gitignore index aa6a529..f360698 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +Ansible *.c *.h *.o diff --git a/.gitmodules b/.gitmodules index 4329a52..058c88e 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,6 @@ [submodule "wirefilter"] path = wirefilter url = https://github.com/cloudflare/wirefilter.git +[submodule "xdp-tools"] + path = xdp-tools + url = https://github.com/xdp-project/xdp-tools.git diff --git a/README.md b/README.md index 285b070..96bf871 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ **X-Defender** is an advanced [DDoS mitigation](https://www.cloudflare.com/learning/ddos/ddos-mitigation/#:~:text=DDoS%20mitigation%20refers%20to%20the,%2Dservice%20(DDoS)%20attack.) tool built with [eBPF](https://ebpf.io/) and [XDP](https://www.iovisor.org/technology/xdp). It not only filters and limits malicious traffic in real-time but also takes a proactive and aggressive approach to neutralize threats before they impact your network. Leveraging the power of XDP, X-Defender operates at the lowest level of the Linux networking stack, ensuring high performance and minimal latency while effectively countering even the most sophisticated DDoS attacks. -**Note: This project is in progress, and we are actively working on the code** + # Table of Contents - [Deep Architecture Overview](https://github.com/SamanKhalife/X-Defender/blob/main/docs/architecture.md) @@ -16,12 +16,12 @@ - [Workflow Diagram](https://github.com/SamanKhalife/X-Defender/blob/main/docs/flowchart.md) - [XDP and eBPF Resources](https://github.com/SamanKhalife/X-Defender/blob/main/docs/resources-xdp-ebpf.md) - -

X-Defender Network Topology

![alt text](imgs/X-defnder.png "Network Topology") +> [!CAUTION] +> This project is still in very early stages of development. Use at your own risk. We are looking for contributors to help improve and expand the project. # Why?? As shown in the Packet Flow in [Packet flow in Netfilter and General Networking](https://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg), XDP operates at the earliest point where packets are handled by the network card. This allows X-Defender to intercept and process packets at this initial stage. By implementing DDoS mitigation at this level, you can protect your system efficiently and cost-effectively while minimizing the load on your system. mostly they use xdp for mitigation and for load balancing like in [cloud flare](https://youtu.be/ZQsbYmdMjnw?t=2685) or many other providers and even [Meta](https://about.meta.com/). diff --git a/xdp-tools b/xdp-tools new file mode 160000 index 0000000..cc7a112 --- /dev/null +++ b/xdp-tools @@ -0,0 +1 @@ +Subproject commit cc7a1123ef7f8d0c82ae3b72f8d8c9e85e758874