Hide UDP port better #33
Description
Mimic now doesn't filter out incoming UDP packets if the tuple is in the whitelist but instead directly pass it to the next step. To align the behaviour when probed with an unopened port, Mimic could either do the following in XDP:
- Drop the UDP packets and only expect TCP
- Returns ICMP Port Unreachable (default behaviour of Linux)
For outbound packets, since Mimic operates without the interference of Linux firewall rules, there's no perfect options (other than setting up another firewall in Mimic's traffic path), but service dependency at startup can at least ensure no UDP packets leak at startup. This could be only done in documentation level, though.
Todos
- Add new option for incoming UDP packet handling
- Implement dropping
- Implement ICMP returning
- Document systemd (and others if available) service dependency in common use cases to prevent UDP leaking at startup