Durdur 🐝

Durdur is a CLI tool for Linux implementing L3/L4 packet dropping with eBPF/Go.

How to use

Durdur is easy to use with these commands: attach, detach, drop, undrop, and list.
All commands should be run with root privileges.

Attach

attach installs Durdur on the system for a specific interface.

durdur attach --interface eth0

Detach

detach uninstalls Durdur from the system.

durdur detach

Drop and Undrop

drop and undrop checks all (ingress) L3 and L4 packets in the system and either block or allow them.
Both commands support the following flags:

• src for the source address value of an IPv4 packet.
• dns for the domain value of a DNS packet.

Example usage for drop;

durdur drop --src "192.0.1.1"

durdur drop --dns "example.com"

Example usage for undrop;

durdur undrop --src "192.0.1.1"

durdur undrop --dns "example.com"

List

list writes all entires of the maps to the stdout. It has 3 subcommands; src, dns, and all.

Example usage for list;

durdur list src

durdur list dns

durdur list all

How to install

From source;

Build and use build/durdur binary.

make build

From Docker image;

Build the image.

make build-docker

Run the container with privileges.

Example usage;

docker run --rm -i -t --net="host" --privileged -v /sys/fs/bpf:/sys/fs/bpf durdur -- attach -i eth0

docker run --rm -i -t --net="host" --privileged -v /sys/fs/bpf:/sys/fs/bpf durdur -- drop --dns "example"

PS: You don't need to use --net="host" if you don't want to access host's interfaces.

TODO

• Egress support.
• Wildcard support to DNS.
• IPv6 support.
• Multiple interfaces support.
• Port support.

Copyright

GPL-3.0 license,
Copyright 2022-2023 Bora Tanrikulu <[email protected]>