https://docs.mitigator.ru/v26.04/en/tags/bpf/ Recent content in Bpf on BIFIT Mitigator Hugo -- gohugo.io en https://docs.mitigator.ru/v26.04/en/maintenance/compat/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/maintenance/compat/ Update Path A successful upgrade to the next major versions is only guaranteed from the latest minor version of the currently installed major version. Minor versions within a major version may be skipped during an upgrade. Example. Given available versions: v12.34.0, v12.34.1, v12.34.2, v12.35.0, v12.35.1. Guaranteed: v12.34.2 → v12.35.0 (minor version .2 is the latest of v12.34) v12.34.2 → v12.35.1 (see above, v12.35.0 can be skipped) v12.34.0 → v12.34.2 (v12.34.1 can be skipped) Not guaranteed: https://docs.mitigator.ru/v26.04/en/kb/bpf/tutorial/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/kb/bpf/tutorial/ This is a step‑by‑step example of how to write an MCR countermeasure with UDP authentication (protocol description) to get hands‑on experience with BPF countermeasure programming. The final program will be under 100 lines of code. You will need: MITIGATOR v20.06 or higher. Ability to run commands from the terminal. Basic knowledge of the C language (explanations will be provided as we go). Understanding that packets have protocols, headers, and payloads. Environment Setup Any operating system will work, but Linux is recommended. https://docs.mitigator.ru/v26.04/en/kb/bpf/api/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/kb/bpf/api/ API Documentation Overview Programs are loaded into MITIGATOR as ELF object files. They can use the API functions from mitigator_bpf.h (download). The compatibility policy applies to BPF. A minimal program must place metadata and code into the correct sections of the object file using macros: #include "mitigator_bpf.h" ENTRYPOINT enum Result program(Context ctx) { return RESULT_PASS; } PROGRAM_DISPLAY_ID("Example v0.1") Typically, programs are written in C and compiled with clang (EBPF support added in GCC 10). https://docs.mitigator.ru/v26.04/en/kb/bpf/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/kb/bpf/ “Programmable filter” (BPF) may be used to create custom countermeasures if the existing ones are not sufficient. Writing programs requires basic programming skills, but allows to solve complex tasks quickly: Protection for applications and protocols that are not supported yet. There’s no need to contact developers and wait for the next release if one understand how an application works and how to protect its traffic. More complex filters than the ACL and REX countermeasures allow.