Userspace + XDP sandboxing system with static analysis to enforce security policies on eBPF programs.
nic-sandbox/
├── sandbox/ # Main sandbox implementation
│ ├── trusted/ # Trusted sandbox runtime
│ │ ├── sandbox.c # Main entry, CLI handling
│ │ ├── ebpf_check.c/h # eBPF static analyzer (libbpf)
│ │ ├── load.c/h # x86 ELF loader
│ │ └── interface.c/h # Sandbox syscall interface
│ ├── untrusted/ # Sandboxed userspace module
│ └── shared/ # Shared definitions
├── bpf-progs-good/ # XDP programs that pass validation
│ └── drop_all.c # Simple XDP_DROP-only program
├── bpf-progs-bad/ # XDP programs blocked by sandbox
│ ├── bad_xdp.c # Map-based data leak
│ ├── firewall.c # Uses map operations
│ ├── identity.c # Returns XDP_PASS (not DROP)
│ └── redirect_leak.c # Redirect-based exfiltration
├── redirect_leak_sender.py # Test sender for redirect attack
├── redirect_leak_receiver.py # Test receiver for redirect attack
└── decode_leak.py # Decode leaked packet data
# Install libbpf (if not present)
cd ~ && git clone git@github.com:rosalab/libbpf.git
cd libbpf && git switch snapshot && cd src
PKG_CONFIG_PATH=/build/root/lib64/pkgconfig DESTDIR=/ sudo make install
sudo ln -s /usr/include/x86_64-linux-gnu/asm /usr/include/asm# Build eBPF programs
make
# Build sandbox
cd sandbox && makecd sandbox/trusted
# Run sandbox only (no XDP)
./sandbox ../untrusted/untrusted.o
# Run sandbox with validated XDP program
sudo ./sandbox ../untrusted/untrusted.o -i <interface> <xdp.o>
# Example: load validated drop_all.o
sudo ./sandbox ../untrusted/untrusted.o -i eth0 ../../bpf-progs-good/drop_all.oThe sandbox rejects programs that:
- Use map operations (
bpf_map_lookup_elem,bpf_map_update_elem, etc.) - Use
bpf_trace_printkor tracing helpers - Return anything other than
XDP_DROP - Use non-whitelisted helpers (e.g.,
bpf_redirect)
Allowed helpers: bpf_ktime_get_ns, bpf_get_smp_processor_id, bpf_csum_diff, bpf_get_prandom_u32
cd sandbox/trusted
# These should FAIL validation:
./sandbox ../untrusted/untrusted.o -i lo ../../bpf-progs-bad/identity.o # XDP_PASS
./sandbox ../untrusted/untrusted.o -i lo ../../bpf-progs-bad/bad_xdp.o # map access
./sandbox ../untrusted/untrusted.o -i lo ../../bpf-progs-bad/redirect_leak.o # bpf_redirect
# This should PASS:
sudo ./sandbox ../untrusted/untrusted.o -i lo ../../bpf-progs-good/drop_all.oDemonstrates data exfiltration via bpf_redirect (blocked by sandbox).
# 1. Find interface indices
ip link show
# 2. Update EXFIL_IFINDEX in bpf-progs-bad/redirect_leak.c
# 3. Compile & load manually (bypassing sandbox)
make bpf-bad
sudo ip link set dev eth0 xdp object bpf-progs-bad/redirect_leak.o sec xdp
# 4. Receiver (on exfil interface)
sudo python3 redirect_leak_receiver.py eth1
# 5. Sender (to victim interface)
python3 redirect_leak_sender.py <eth0_ip> -c 10
# 6. Cleanup
sudo ip link set dev eth0 xdp off# Check loaded XDP programs
sudo bpftool prog
# Read leaked data from bad_xdp map
sudo ./read_leak /sys/fs/bpf/xdp/globals/pkt_leak_map > leak.bin
python3 decode_leak.py leak.bin