Skip to content

Latest commit

 

History

History
62 lines (54 loc) · 1.42 KB

README.md

File metadata and controls

62 lines (54 loc) · 1.42 KB

Purifier

Purifier is a fast transparent stateful firewall powered by DPDK. It was created to solve transport layer DDoS attacks.

Installation

mkdir -p /mnt/huge
mount -t hugetlbfs nodev /mnt/huge
echo 1024 > /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages
  • Load Modules to Enable Userspace IO
sudo modprobe uio
sudo insmod kmod/igb_uio.ko
  • Define DPDK environment variable set path to DPDK
export RTE_SDK=/path/to/rte_sdk
  • set target (In most cases it will be x86_64-native-linuxapp-gcc)
export RTE_TARGET=x86_64-native-linuxapp-gcc
  • Compile the application
cd ../src
make

Runing app

For example to bind eth1 and eth2 from the current driver and move to use igb_uio

./tools/dpdk_nic_bind.py --bind=igb_uio eth1
./tools/dpdk_nic_bind.py --bind=igb_uio eth2

Run the app

./build/purifier -c 0x7 -n 4

Constraints

  • Tested with ixgbe NIC's

TODO

  • Add mbuf extension
  • Add ip defragmentation
  • Add telnet/ssh support
  • Rework lookup with SSE/AVX
  • Add new white/black lists based on bitmaps