Skip to content

facebook/bpfilter

BranchesTags

Repository files navigation

bpfilter

An eBPF-based packet filtering framework.

Warning

I, @qdeslandes, the maintainer of bpfilter, am currently on baby leave until January 20th. Until then, please expect delayed responses to issues, pull requests, and messages. Thank you for your patience and understanding. I'll do my best to address urgent matters as soon as possible.

bpfilter is an eBPF-based packet filtering framework designed to translate filtering rules into BPF programs. It comprises three main components:

  1. A daemon that runs on the host, translating filtering rules into BPF programs.
  2. A lightweight library to facilitate communication with the daemon.
  3. A dedicated command line interface to define the filtering rules.

A typical usage workflow would be to start the bpfilter daemon, then define the filtering rules using bfcli (part of the bpfilter project), nftables or iptables. The bpfilter daemon will be responsible for translating the filtering rules into custom BPF programs, and loading them on the system.

Detailed information can be found in the documentation.

Quick start guide (Fedora 41)

  1. Install dependencies

    # To build bpfilter
sudo dnf install -y bison bpftool clang clang-tools-extra cmake doxygen flex g++ gcc git jq lcov libasan libbpf-devel libcmocka-devel libnl3-devel libubsan pkgconf python3-breathe python3-furo python3-linuxdoc python3-sphinx

# To build nftables and iptables
sudo dnf install -y autoconf automake git gmp-devel libtool libedit-devel libmnl-devel libnftnl-devel

  2. Build bpfilter

    cmake -S $SOURCES_DIR -B $BUILD_DIR
make -C $BUILD_DIR
make -C $BUILD_DIR test

  3. Build custom versions of nftables and iptables (optional)

    make -C $BUILD_DIR nftables iptables

  4. Start the bpfilter daemon

    sudo $BUILD_DIR/src/bpfilter

  5. Configure the filtering rules

    • For bfcli: 
      $BUILD_DIR/output/bin/bfcli --file $RULESET
    • For nftables: 
      sudo $BUILD_DIR/tools/install/sbin/nft --bpf ...
    • For iptables: 
      sudo $BUILD_DIR/tools/install/sbin/iptables --bpf ...

License

bpfilter is licensed under GPLv2. You can find the licensing details in the COPYING file.

Acknowledgements

bpfilter was initially developed by Dmitrii Banshchikov as a Linux kernel usermode helper.

For further information and updates, visit the bpfilter documentation.

About

BPF-based packet filtering framework

bpfilter.io

Resources

Readme

License

GPL-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

141 stars

Watchers

23 watching

Forks

29 forks
Report repository

Packages

 
 
 

Contributors 9

Languages