https://github.com/lazypwny751/beefw

an Aya based network monitoring tool via eBPF
https://github.com/lazypwny751/beefw

aya bpf ebpf firewall rust security xdp

Last synced: 13 days ago
JSON representation

an Aya based network monitoring tool via eBPF

• Host: GitHub
• URL: https://github.com/lazypwny751/beefw
• Owner: lazypwny751
• License: gpl-3.0
• Created: 2024-04-06T14:05:52.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2025-04-04T08:14:25.000Z (3 months ago)
• Last Synced: 2025-05-30T08:53:16.399Z (about 2 months ago)
• Topics: aya, bpf, ebpf, firewall, rust, security, xdp
• Language: Rust
• Homepage:
• Size: 27.3 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# beefw

## TODO

- clippy check workflow.

- read rules from userspace to kernelspace.

- example/sample rules.

- xdp program.

- ratatui tui.

## Prerequisites

1. stable rust toolchains: `rustup toolchain install stable`

1. nightly rust toolchains: `rustup toolchain install nightly --component rust-src`

1. (if cross-compiling) rustup target: `rustup target add ${ARCH}-unknown-linux-musl`

1. (if cross-compiling) LLVM: (e.g.) `brew install llvm` (on macOS)

1. (if cross-compiling) C toolchain: (e.g.) [`brew install filosottile/musl-cross/musl-cross`](https://github.com/FiloSottile/homebrew-musl-cross) (on macOS)

1. bpf-linker: `cargo install bpf-linker` (`--no-default-features` on macOS)

## Build & Run

Use `cargo build`, `cargo check`, etc. as normal. Run your program with:

```shell

cargo run --release --config 'target."cfg(all())".runner="sudo -E"'

```

Cargo build scripts are used to automatically build the eBPF correctly and include it in the

program.

## Cross-compiling on macOS

Cross compilation should work on both Intel and Apple Silicon Macs.

```shell

CC=${ARCH}-linux-musl-gcc cargo build --package beefw --release \

  --target=${ARCH}-unknown-linux-musl \

  --config=target.${ARCH}-unknown-linux-musl.linker=\"${ARCH}-linux-musl-gcc\"

```

The cross-compiled program `target/${ARCH}-unknown-linux-musl/release/beefw` can be

copied to a Linux server or VM and run there.

# Contributing.

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

# License

[GPLv3](https://choosealicense.com/licenses/gpl-3.0/)