Lower MAX_FILTERS to 80 to fix error related to BPF program too large.
This commit is contained in:
Christian Deacon
@@ -84,7 +84,7 @@ ICMP options exist in the main filter array and start with `icmp_`. Please see b
|
||||
|
||||
Everything besides the main `enabled` and `action` options within a filter are **not** required. This means you do not have to define them within your config.
|
||||
|
||||
**Note** - As of right now, you can specify up to 90 maximum filters. This is due to BPF's limitations with complexity and jumps. If you want more than 90 filters, you may increase BPF limitations manually or with a patch. If you want to do this, please read [this](https://github.com/gamemann/XDP-Forwarding/tree/master/patches) README from my XDP Forwarding project. Afterwards, feel free to raise the `MAX_FILTERS` constant in the `src/xdpfw.h` [file](https://github.com/gamemann/XDP-Firewall/blob/master/src/xdpfw.h#L6) and then recompile the firewall.
|
||||
**Note** - As of right now, you can specify up to 80 maximum filters. This is due to BPF's limitations with complexity and jumps. If you want more than 80 filters, you may increase BPF limitations manually or with a patch. If you want to do this, please read [this](https://github.com/gamemann/XDP-Forwarding/tree/master/patches) README from my XDP Forwarding project. Afterwards, feel free to raise the `MAX_FILTERS` constant in the `src/xdpfw.h` [file](https://github.com/gamemann/XDP-Firewall/blob/master/src/xdpfw.h#L6) and then recompile the firewall.
|
||||
|
||||
## Configuration Example
|
||||
Here's an example of a config:
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
#include <linux/types.h>
|
||||
|
||||
#define MAX_PCKT_LENGTH 65535
|
||||
#define MAX_FILTERS 90
|
||||
#define MAX_FILTERS 80
|
||||
#define MAX_TRACK_IPS 100000
|
||||
#define MAX_CPUS 256
|
||||
|
||||
|
||||
Reference in New Issue
Block a user