{"id":15056997,"url":"https://github.com/theobori/tinyfilter","last_synced_at":"2026-02-07T14:01:16.188Z","repository":{"id":231634393,"uuid":"746477476","full_name":"theobori/tinyfilter","owner":"theobori","description":"XDP packet filtering for OSI model layers 2, 3 and 4","archived":false,"fork":false,"pushed_at":"2024-11-14T22:11:19.000Z","size":72,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-10T05:06:29.461Z","etag":null,"topics":["bpf","ebpf","packet-filtering","xdp"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/theobori.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-01-22T04:30:58.000Z","updated_at":"2024-11-14T22:11:23.000Z","dependencies_parsed_at":null,"dependency_job_id":"d93f1ac2-faf8-438d-b70e-9bcbd9d99d97","html_url":"https://github.com/theobori/tinyfilter","commit_stats":null,"previous_names":["theobori/tinyfilter"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/theobori/tinyfilter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theobori%2Ftinyfilter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theobori%2Ftinyfilter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theobori%2Ftinyfilter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theobori%2Ftinyfilter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/theobori","download_url":"https://codeload.github.com/theobori/tinyfilter/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theobori%2Ftinyfilter/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29196607,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-07T12:38:28.597Z","status":"ssl_error","status_checked_at":"2026-02-07T12:38:23.888Z","response_time":63,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bpf","ebpf","packet-filtering","xdp"],"created_at":"2024-09-24T21:59:50.604Z","updated_at":"2026-02-07T14:01:16.133Z","avatar_url":"https://github.com/theobori.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# tinyfilter\n\n[![build](https://github.com/theobori/tinyfilter/actions/workflows/build.yml/badge.svg)](https://github.com/theobori/tinyfilter/actions/workflows/build.yml)\n\n[![built with nix](https://builtwithnix.org/badge.svg)](https://builtwithnix.org)\n\neBPF (XDP) packet filtering for OSI model layers 2, 3 and 4.\n\n\nThe filtering mechanism is inspired by [Berkeley packet filters](https://www.ibm.com/docs/en/qsip/7.4?topic=queries-berkeley-packet-filters) but in a simpler way.\n\n## Build and run\n\nYou only need the following requirements (packages):\n- `llvm`\n- `clang`\n- `make`\n- `libxdp`\n\n### Debian / Ubuntu\n\n```bash\napt install -y llvm clang make libxdp-dev\n```\n\n### RHEL / Fedora\n\n```bash\ndnf install -y llvm clang make libxdp-devel\n```\n\nYou should also have `bpftool` if you need to debug.\n\nTo build, run the following command.\n```bash\nmake\n```\n\nThen you can run.\n```bash\n./tinyfilter help\n```\n\n## Contribute\n\nIf you want to help the project, you can follow the guidelines in [CONTRIBUTING.md](./CONTRIBUTING.md).\n\n## Filters\n\nThere are multiple available filters, addresse and port can be source or/and dest.\n\n- Layer 2\n  - Ethernet (adresses)\n- Layer 3\n  - IPv4 (adresses)\n  - IPv6 (adresses)\n- Layer 4\n  - TCP (ports)\n  - UDP (ports)\n  - ICMP (type)\n\n## Use cases\n\nTo test the program, I have created two Linux network namespaces (both reachable by each other) following [this steps](https://medium.com/@technbd/creating-network-namespaces-in-linux-system-and-connecting-two-network-namespaces-using-virtual-6031d295f69b).\n\n```bash\n# Creates namespaces\nip netns add ns1\nip netns add ns2\n\n# Creates two wirtual network interface peered\nip link add veth1 type veth peer name veth2\n\n# Assigns virtual interface to the namespaces\nip link set veth1 netns ns1\nip link set veth2 netns ns2\n\n# Assigns IP addresses to the virtual interfaces inside the namespaces\nip netns exec ns1 ip addr add 10.10.0.2/24 dev veth1\nip netns exec ns2 ip addr add 10.10.0.3/24 dev veth2\n\n# Enables the virtual interfaces inside the namespaces\nip netns exec ns1 ip link set dev veth1 up\nip netns exec ns2 ip link set dev veth2 up\n```\n\nNow everything is setup, you can run the XDP program inside the first network namespace and play with filters.\n\n## Some examples\n\n#### Load the XDP program\n\n```bash\n./tinyfilter load -i veth1\n```\n\nIf you this error `libxdp: No bpffs found at /sys/fs/bpf`, you can mount the filesystem using the following command.\n\n```bash\nmount -t bpf bpf /sys/fs/bpf/\n```\n\n#### Load the XDP program with the XDP_PASS return value\n\n```bash\n./tinyfilter load -i veth1 -b ./src/tinyfilter_pass.bpf.o\n```\n\n#### Filter for TCP from port 10001 to 10002\n\n```bash\n./tinyfilter port add -i veth1 --src 10001 --dst 10002 -p tcp\n```\n\n#### Filter for SSH port\n\n```bash\n./tinyfilter port add -i veth1 --dst 22 -p tcp\n```\n\n#### Filter for IPv6 address fe80::9c0c:93ff:fe18:7d1d\n\n```bash\n./tinyfilter ip6 add -i veth1 --src fe80::9c0c:93ff:fe18:7d1d\n```\n\n## Tasks\n\n- [x] Resolve layer 4 protocols strings\n- [x] Implement ICMP filters\n- [x] Two programs for two default policy (allow / drop)\n- [ ] Unpin maps at unload by network interface name","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftheobori%2Ftinyfilter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftheobori%2Ftinyfilter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftheobori%2Ftinyfilter/lists"}