Unify xdp-blocker and xdp-ddos into single xdp-defense project

Chain two XDP programs via libxdp dispatcher on the same interface: xdp_blocker (priority 10) handles CIDR/country/whitelist blocking, xdp_ddos (priority 20) handles rate limiting, EWMA analysis, and AI anomaly detection. Whitelist maps are shared via BPF map pinning so whitelisted IPs bypass both blocklist checks and DDoS rate limiting. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 08:39:21 +09:00
commit 1bcaddce25
12 changed files with 3523 additions and 0 deletions
--- a/config/xdp-defense.service
+++ b/config/xdp-defense.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=XDP Defense - Unified CIDR Blocker + DDoS Defense
+After=network-online.target
+Wants=network-online.target
+Documentation=man:xdp-defense(8)
+
+[Service]
+Type=simple
+ExecStartPre=/usr/local/bin/xdp-defense load
+ExecStart=/usr/local/bin/xdp-defense daemon start-foreground
+ExecStop=/usr/local/bin/xdp-defense stop-all
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+RestartSec=5
+
+# Security hardening
+ProtectSystem=strict
+ReadWritePaths=/var/lib/xdp-defense /etc/xdp-defense /etc/xdp-blocker /sys/fs/bpf
+ProtectHome=true
+NoNewPrivileges=false
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_BPF CAP_SYS_ADMIN CAP_PERFMON
+AmbientCapabilities=CAP_NET_ADMIN CAP_BPF CAP_SYS_ADMIN CAP_PERFMON
+
+[Install]
+WantedBy=multi-user.target