GitXplorerGitXplorer
f

bpfilter

public
124 stars
22 forks
5 issues

Commits

List of commits on branch main.
Unverified
19545fab9c9cb06792f3bb1d8b6255297930de66

doc: update the list of hooks in the documentation

qqdeslandes committed a day ago
Unverified
91221e94ebf2dbb8bf324ef1f6fae8aad542b9f1

cgen: map: create the BTF data for counters map

qqdeslandes committed 3 days ago
Unverified
ca4b51aa8f7138a0c24ade8d93bb26261b135a03

core: bpf: use proper bpf() syscall number depending the arch

qqdeslandes committed 4 days ago
Unverified
3c42f770f3893a84ff984432b630640b33c80615

cgen: program: use bf_map to manage the counters map

qqdeslandes committed 4 days ago
Unverified
5e158e2efe1ce7c0495eda6fba8a4b08920d8553

cgen: program: destroy the set maps if it can't be filled

qqdeslandes committed 4 days ago
Unverified
6c232d06affe8cfcc2a2d6be26b04f382241928b

cgen: map: allow to create bf_map with a unknown size

qqdeslandes committed 4 days ago

README

The README file for this repository.

bpfilter

An eBPF-based packet filtering framework.

bpfilter is an eBPF-based packet filtering framework designed to translate filtering rules into BPF programs. It comprises three main components:

  1. A daemon that runs on the host, translating filtering rules into BPF programs.
  2. A lightweight library to facilitate communication with the daemon.
  3. A dedicated command line interface to define the filtering rules.

A typical usage workflow would be to start the bpfilter daemon, then define the filtering rules using bfcli (part of the bpfilter project), nftables or iptables. The bpfilter daemon will be responsible for translating the filtering rules into custom BPF programs, and loading them on the system.

Detailed information can be found in the documentation.

Quick start guide

  1. Install dependencies

    # To build bpfilter
sudo dnf install -y \
    bison \
    bpftool \
    clang \
    clang-tools-extra \
    cmake \
    flex \
    jq \
    libcmocka-devel \
    doxygen \
    git \
    lcov \
    libasan \
    libbpf-devel \
    libnl3-devel \
    libubsan \
    python3-breathe \
    python3-furo \
    python3-linuxdoc \
    python3-sphinx \
    pkgconf

# To build nftables and iptables
sudo dnf install \
    autoconf \
    automake \
    bison \
    flex \
    gmp-devel \
    libedit-devel \
    libmnl-devel \
    libnftnl-devel \
    libtool

  2. Build bpfilter

    cmake -S $SOURCES_DIR -B $BUILD_DIR
make -C $BUILD_DIR
make -C $BUILD_DIR test

  3. Build custom versions of nftables and iptables (optional)

    make -C $BUILD_DIR nftables iptables

  4. Start the bpfilter daemon

    sudo $BUILD_DIR/src/bpfilter

  5. Configure the filtering rules

    • For bfcli: 
      $BUILD_DIR/output/bin/bfcli --file $RULESET
    • For nftables: 
      sudo $BUILD_DIR/tools/install/sbin/nft --bpf ...
    • For iptables: 
      sudo $BUILD_DIR/tools/install/sbin/iptables --bpf ...

License

bpfilter is licensed under GPLv2. You can find the licensing details in the COPYING file.

Acknowledgements

bpfilter was initially developed by Dmitrii Banshchikov as a Linux kernel usermode helper.

For further information and updates, visit the bpfilter documentation.