From c12496abb60b0400bf267f575a069c32623be895 Mon Sep 17 00:00:00 2001 From: Christian Deacon Date: Wed, 11 Oct 2023 22:05:30 +0000 Subject: [PATCH] Lower MAX_FILTERS to 80 to fix error related to BPF program too large. --- README.md | 2 +- src/xdpfw.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 46f8742..654bbaa 100644 --- a/README.md +++ b/README.md @@ -84,7 +84,7 @@ ICMP options exist in the main filter array and start with `icmp_`. Please see b Everything besides the main `enabled` and `action` options within a filter are **not** required. This means you do not have to define them within your config. -**Note** - As of right now, you can specify up to 90 maximum filters. This is due to BPF's limitations with complexity and jumps. If you want more than 90 filters, you may increase BPF limitations manually or with a patch. If you want to do this, please read [this](https://github.com/gamemann/XDP-Forwarding/tree/master/patches) README from my XDP Forwarding project. Afterwards, feel free to raise the `MAX_FILTERS` constant in the `src/xdpfw.h` [file](https://github.com/gamemann/XDP-Firewall/blob/master/src/xdpfw.h#L6) and then recompile the firewall. +**Note** - As of right now, you can specify up to 80 maximum filters. This is due to BPF's limitations with complexity and jumps. If you want more than 80 filters, you may increase BPF limitations manually or with a patch. If you want to do this, please read [this](https://github.com/gamemann/XDP-Forwarding/tree/master/patches) README from my XDP Forwarding project. Afterwards, feel free to raise the `MAX_FILTERS` constant in the `src/xdpfw.h` [file](https://github.com/gamemann/XDP-Firewall/blob/master/src/xdpfw.h#L6) and then recompile the firewall. ## Configuration Example Here's an example of a config: diff --git a/src/xdpfw.h b/src/xdpfw.h index 4be467b..09ae567 100644 --- a/src/xdpfw.h +++ b/src/xdpfw.h @@ -3,7 +3,7 @@ #include #define MAX_PCKT_LENGTH 65535 -#define MAX_FILTERS 90 +#define MAX_FILTERS 80 #define MAX_TRACK_IPS 100000 #define MAX_CPUS 256