I think that I solved it. I changed the code of xdp_ddos01_blacklist_kern.c: case ETH_P_ARP: return XDP_PASS instead of break. Works! :-) On Mon, Jun 5, 2017 at 3:14 PM, Adel Fuchs <adelfuchs@xxxxxxxxx> wrote: > Hi Jesper, > > First of all, thanks for updating the prototype-kernel packet. It works! > > I tried to switch to white list and it worked. Though, as a result, > there is no way to ping the machine and get a response. I assume that > this occurs because the white list blocks protocols from lower levels, > such as ARP. > Do you know how to solve this problem? (enabling ARP and other > protocols from lower levels somehow...?) > > Thanks, > Adel > > On Thu, Jun 1, 2017 at 10:11 PM, Jesper Dangaard Brouer > <brouer@xxxxxxxxxx> wrote: >> On Thu, 1 Jun 2017 18:59:34 +0200 >> Jesper Dangaard Brouer <brouer@xxxxxxxxxx> wrote: >> >>> I guess, I'll update the documentation a bit after your feedback, >> >> Done, updated the documentation in the prototype-kernel github repo. >> >> See three top commits in this link: >> https://github.com/netoptimizer/prototype-kernel/commits/7db5539438fa7 >> >> The prototype-kernel doc is rendered here: >> https://prototype-kernel.readthedocs.io/en/latest/index.html >> https://prototype-kernel.readthedocs.io/en/latest/prototype-kernel/index.html >> >> -- >> Best regards, >> Jesper Dangaard Brouer >> MSc.CS, Principal Kernel Engineer at Red Hat >> LinkedIn: http://www.linkedin.com/in/brouer
|