Skip to content
/ FiveM-XDP-Filter Public

XDP program for protecting a FiveM server by filtering out non-FiveM traffic.

License

MIT license
10 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ImAndromeda/FiveM-XDP-Filter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
fivem_xdp.c
fivem_xdp.c
 
 

Repository files navigation

XDP Program for Protecting a FiveM Server

This XDP program protects a FiveM server by filtering out non-FiveM traffic. The program inspects incoming packets and drops any packets that are not UDP packets destined for the FiveM server IP address and port. Additionally, it includes rate-limiting and safety checks to prevent legitimate traffic from being inadvertently dropped.

Requirements

  • Linux kernel with XDP support enabled.
  • Clang compiler for compiling the XDP program.
  • Basic knowledge of Linux networking and handling interfaces.

Installation

Step 1: Modify the XDP Program

Before compiling the program, update the FIVEM_SERVER_IP and FIVEM_SERVER_PORT macros in the XDP script to match your FiveM server's IP address and port.

  1. Open the xdp_program.c file.
  2. Modify the following macros:
#define FIVEM_SERVER_IP  0x7F000001  // Replace with your server's IP in hex format (e.g., 192.168.1.1 -> 0xC0A80101 or 0x7F000001 for 172.0.0.1 (Localhost)
#define FIVEM_SERVER_PORT 30120      // Replace with your server's port if different

Note: Changing the default FiveM port (30120) to something else is recommended for better security.

Step 2: Compile the XDP Program

Use the clang compiler to compile the XDP program for your system:

clang -O2 -target bpf -c xdp_program.c -o xdp_program.o

This will produce the xdp_program.o object file that you can load into your network interface.

Step 3: Load the XDP Program

Load the compiled XDP program into the network interface that your FiveM server uses. Replace <interface> with the name of your network interface (e.g., eth0):

ip link set dev <interface> xdp obj xdp_program.o sec xdp_program

Step 4: Verify the XDP Program

Test the XDP program by generating traffic to your FiveM server on the configured port (default: 30120). Ensure that non-FiveM traffic is being dropped and legitimate FiveM traffic is allowed to pass through.

You can use packet-capturing tools like tcpdump to verify traffic behavior:

tcpdump -i <interface>

Step 5: Monitor Packet Counts

The program includes logging for tracking how many packets are dropped or passed. Use bpftool to check the statistics:

bpftool map dump name packet_count_map

Unloading the XDP Program

If you need to unload the XDP program from the interface, run the following command:

ip link set dev <interface> xdp off

License

This XDP program is released under the MIT license. See the LICENSE file for more information.

About

XDP program for protecting a FiveM server by filtering out non-FiveM traffic.

Resources

Readme

License

MIT license
Activity

Stars

10 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases 1

Version 1.1.0 Latest
Apr 7, 2023

Packages

No packages published

Languages