This program is based on eBPF and XDP.
It allows you to get some information about all packets in a flow (or all of them by setting the FIRST_PACKET_OF_FLOW_ONLY flag to 1).
After clone the repo, update the git submodule with following commands:
git submodule update --init --recursiveOn Ubuntu, you may run make install to install dependencies.
To build the project, run the following command:
make buildYou can run the binary with:
sudo src/bootstrap <interface-name>- IPV6 extesion headers support
- Fragmentation support
- QUIC recognition
- Multiple TLS messagge in the same packet
- Tails to improve performances
Still not able to test properly. I run it on the real network and it seems to work, but I need to test it on a controlled environment.
The TLS recognition is not working properly. I'm not able to get the correct information from the packet.
I used eunomia-bpf template to create this project. Eumonia-bpf is licensed under the MIT License. See the LICENSE file for more information.