MCPcopy Index your code
hub / github.com/FoxMoss/fox-xdp

github.com/FoxMoss/fox-xdp @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
64 symbols 96 edges 8 files 1 documented · 2%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

Fox's High Speed TLS Signature Filtering

High speed TLS based filtering able to run entirely in an eBPF filter.

Requirements

  • Linux 6.12.43+
  • libpbf and libxdp

How does it work

Instead of taking the full JA4 hash to fingerprint traffic which is slow to calculate and is hard to implement in a BPF filter, I take a Jenkins hash of the sorted supported ciphers in any given TLS request. To similar effect as JA4, keeping fingerprinting usefulness. Switching to a non-cryptographic hashing algorithm is okay here because any given attacker with enough skill could replicate the ciphers of another client, so any hash reversing would be useless or at best force the attacker to implement a different amount of hashes.

Example Usage

Generate a config file

./generate-config block-curl.fconf blacklist signatures/curl-8.15.0-arch.bin

Load the filter on to a network device

sudo ./fox-filter block-curl.fconf wlan0 fox.bpf

Core symbols most depended-on inside this repo

test
called by 5
benchmark/src/main.rs
usage
called by 2
calculate.c
xsk_alloc_umem_frame
called by 2
user.c
unload
called by 2
user.c
u8_vec_to_u16_vec
called by 2
benchmark/src/server.rs
calculate_hash
called by 2
benchmark/src/server.rs
run_server
called by 2
benchmark/src/server.rs
calculate_hash
called by 1
calculate.c

Shape

Class 27
Function 24
Method 8
Enum 5

Languages

C62%
Rust33%
C++3%
TypeScript2%

Modules by API surface

user.c31 symbols
benchmark/src/server.rs14 symbols
kern.c6 symbols
benchmark/src/client.rs4 symbols
calculate.c3 symbols
benchmark/src/main.rs3 symbols
shared.h2 symbols
benchmark/echarts_theme.js1 symbols

For agents

$ claude mcp add fox-xdp \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact