4 releases

new 0.1.4 May 14, 2025
0.1.3 Nov 8, 2019
0.1.2 Mar 12, 2019
0.1.1 Jan 24, 2017

#234 in Unix APIs

Download history 10/week @ 2025-02-18 12/week @ 2025-02-25 3/week @ 2025-03-04 5/week @ 2025-03-18 2/week @ 2025-03-25 8/week @ 2025-04-01 4/week @ 2025-04-08 270/week @ 2025-05-13

270 downloads per month
Used in etchdns

ISC license

20KB
149 lines

rust-bpf

A Rust library for attaching Berkeley Packet Filter (BPF) programs to sockets on Linux systems.

Features

  • Create and attach BPF filters to sockets
  • Lock BPF filters to prevent further modifications
  • Detach BPF filters when no longer needed
  • Provides a convenient macro for creating BPF programs
  • Trait-based API for easy integration with socket types
  • Cross-platform compatibility (dummy implementation on non-Linux systems)

Usage

Add this to your Cargo.toml:

[dependencies]
bpf = "0.1"

Basic Example

use bpf::{bpfprog, BpfFilterAttachable};
use std::net::UdpSocket;

fn main() -> std::io::Result<()> {
    let socket = UdpSocket::bind("127.0.0.1:0")?;

    // Create a BPF program that only accepts UDP packets on port 53 (DNS)
    // Each tuple is (code, jt, jf, k) for a BPF instruction
    let filter = bpfprog!(4,
        0x28 0 0 0x0000000c,  // (000) ldh      [12]
        0x15 0 2 0x00000800,  // (001) jeq      #0x800           jt 2    jf 4
        0x30 0 0 0x00000017,  // (002) ldb      [23]
        0x15 0 1 0x00000011,  // (003) jeq      #0x11            jt 4    jf 5
        0x06 0 0 0x00000001   // (004) ret      #1
    );

    // Attach filter to socket
    socket.attach_filter(filter)?;

    // Lock the filter if needed
    socket.lock_filter()?;

    // Use the socket...

    // Later, detach the filter if needed
    socket.detach_filter()?;

    Ok(())
}

License

ISC License

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Dependencies

~43KB