Implement XDP firewall with real-time TUI monitoring

Features:
- High-performance packet filtering via eBPF/XDP
- Instant blocklist with dynamic CLI management
- Exact-match rules with Drop/Pass/Log actions
- CIDR-based IP range dropping via LPM trie
- Token-bucket rate limiting (IP-based and flow-based)
- Auto temp bans for rate limit violators
- Real-time event logging via BPF ring buffer
- Interactive TUI monitor with live stats

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-04-15 09:10:52 +07:00
commit 6101de6887
24 changed files with 3235 additions and 0 deletions

9
xtask/Cargo.toml Normal file
View File

@@ -0,0 +1,9 @@
[package]
name = "xtask"
version = "0.1.0"
edition = "2021"
[dependencies]
anyhow = "1.0"
duct = "0.13"
clap = { version = "4.5", features = ["derive"] }

51
xtask/src/main.rs Normal file
View File

@@ -0,0 +1,51 @@
use std::{path::PathBuf, process::Command};
use clap::{Parser, Subcommand};
#[derive(Parser)]
#[command(about = "Build helpers for xdp-firewall")]
struct Cli {
#[command(subcommand)]
command: Commands,
}
#[derive(Subcommand)]
enum Commands {
BuildEbpf,
}
fn main() -> anyhow::Result<()> {
let cli = Cli::parse();
match cli.command {
Commands::BuildEbpf => build_ebpf(),
}
}
fn build_ebpf() -> anyhow::Result<()> {
let root = PathBuf::from(env!("CARGO_MANIFEST_DIR")).parent().unwrap().to_path_buf();
let ebpf_dir = root.join("xdp-firewall-ebpf");
let target_dir = root.join("target");
let status = Command::new("rustup")
.args([
"run",
"nightly",
"cargo",
"build",
"-Zbuild-std=core",
"--package",
"xdp-firewall-ebpf",
"--target",
"bpfel-unknown-none",
"--release",
])
.current_dir(&ebpf_dir)
.env("CARGO_TARGET_DIR", &target_dir)
.status()?;
if !status.success() {
anyhow::bail!("eBPF build failed");
}
Ok(())
}