README Documentation:
- Complete project overview and architecture description
- Detailed installation and setup instructions
- Comprehensive usage examples for all features
- Command-line reference with all options
- Structured logging format specifications
Key Documentation Sections:
- XDP vs other eBPF hook point comparison
- Performance considerations and tuning guide
- Security considerations and best practices
- Troubleshooting guide for common issues
- Development workflow and contribution guidelines
Usage Examples:
- Basic traffic monitoring setup
- Structured logging in multiple formats
- Log analysis and threat detection workflows
- Configuration management examples
- Docker and containerized deployments
Technical Details:
- eBPF program architecture and data flow
- Ring buffer communication mechanisms
- CIDR range configuration and validation
- Logging system design and performance
- Threat detection algorithms and thresholds
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Configuration Files:
- configs/default.json: Standard private network CIDR ranges
- configs/strict.json: Restrictive localhost-only configuration
- configs/logging-example.json: Example with logging settings
Test Suite (tests/integration_tests.rs):
- Comprehensive integration tests for all components
- CIDR parsing and IP matching validation
- Event handling and statistics verification
- Configuration loading and validation tests
- Error handling and edge case coverage
Features Tested:
- IP address parsing and CIDR range matching
- Traffic event processing and statistics
- Configuration file loading and validation
- Protocol detection and classification
- Event handler statistics and summaries
Quality Assurance:
- Edge case handling for malformed inputs
- Performance testing for high-volume scenarios
- Memory safety verification for eBPF integration
- Cross-platform compatibility testing
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Main Program (main.rs):
- Command-line interface using clap with comprehensive options
- eBPF program lifecycle management (load, configure, attach)
- Integration with structured logging system
- Graceful shutdown handling with log flushing
Command-Line Options:
- Interface selection for XDP attachment
- Configuration file path for CIDR ranges
- Packet action control (log-only vs drop)
- Logging format selection (console/json/csv/jsonl)
- Output file specification and buffer size tuning
- Verbose logging for debugging
eBPF Integration:
- Automatic eBPF program loading and BTF initialization
- CIDR range configuration via eBPF maps
- Real-time event processing from ring buffers
- XDP attachment with fallback to SKB mode
Enhanced Features:
- Structured event logging with flow correlation
- Real-time statistics and periodic summaries
- Signal handling for clean shutdown
- Error handling with context preservation
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Core eBPF Program (traffic_monitor.bpf.rs):
- XDP-based packet processing for high performance
- IP header parsing and CIDR range matching
- Configurable packet dropping or logging
- Ring buffer event logging to userspace
Supporting Modules:
- config.rs: JSON configuration management for CIDR ranges
- ip_utils.rs: CIDR parsing and IP matching utilities
- event_handler.rs: Traffic event processing and statistics
- lib.rs: Module exports and shared structures
Key Features:
- Line-rate packet filtering in kernel space
- Support for up to 256 permitted CIDR ranges
- Real-time event streaming via ring buffers
- Protocol-aware logging (TCP/UDP/ICMP/etc.)
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add Cargo.toml with aya dependencies and project configuration
- Add build.rs with aya-build integration for eBPF compilation
- Configure workspace and example targets
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Krish Sharma