// the find
gamemann/XDP-Proxy
A stateless, high-performance NAT-like proxy that attaches to the XDP hook in the Linux kernel using (e)BPF for fast packet processing. This proxy forwards packets based on configurable rules and performs source-port mapping, similar to IPTables and NFTables.
A stateless XDP/eBPF proxy that does L3/L4 packet forwarding with source-port mapping at the earliest point in the network stack — before the kernel allocates an SKB. Think of it as a lightweight DNAT replacement that sidesteps netfilter entirely. The target audience is anyone running a Linux gateway or game server who wants lower forwarding latency than iptables can offer.
Attaches at the XDP DRV hook so packets are processed before SKB allocation — this is the right place for forwarding and genuinely faster than netfilter-based solutions. The pinned BPF maps plus xdpfwd-add/xdpfwd-del utilities let you modify rules at runtime without restarting or reloading the program, which matters for production use. The build system correctly distinguishes the bpf_loop() path (kernel 5.17+) from the older bounded-loop path, and documents the tradeoff honestly: without bpf_loop() you're limited to ~21 concurrent source ports. CI runs both a build workflow and an actual run workflow, which is more than most eBPF repos bother with.
Stateless design is the headline feature but also the main operational hazard: there is no connection tracking, so reply packets need to find their way back through the same box, which constrains your topology more than the README lets on. The 256-rule hard limit is baked into a compile-time constant — fine for simple setups but a real ceiling for anyone trying to replace a general-purpose load balancer. IPv6 support is absent and not mentioned; for anything internet-facing in 2026 that's a gap worth knowing about before you commit to it. The libconfig file format is an unusual choice that adds a non-standard dependency and a learning curve when most operators expect JSON or TOML.