L3AFD is a crucial part of the L3AF ecosystem. For more information on L3AF see https://l3af.io/
L3AFD is the primary component of the L3AF control plane. L3AFD is a daemon that orchestrates and manages multiple eBPF programs. L3AFD runs on each node where the user wishes to run eBPF programs. L3AFD reads configuration data and manages the execution and monitoring of eBPF programs running on the node.
L3AFD downloads pre-built eBPF programs from a user-configured repository. However, we envision the creation of a community-driven eBPF package marketplace where L3AF users can obtain a variety of eBPF programs developed by multiple sources.
See our L3AF Development Environment for a quick and easy way to try out L3AF on your local machine.
Try a binary release.
To build on your local machine, including swagger docs do the following.
For Linux:
make
For Windows:
cmake -B build
cmake --build build
- L3AFD binary & configuration that is required in the Docker image needs to be built locally and copied to build-docker directory
- Execute below command to build the docker image
docker build -t l3afd:<version> -f Dockerfile .
Requirements to run L3AFD as a Container
- BPF, debugfs & shared-memory filesystems mount points should be available in the container
- L3AFD container needs privileged access as it needs to manage eBPF programs
- eBPF programs should be attached to the host interface so that it will apply to all the containers in the host
In order to satisfy the above requirements L3afd docker container needs to be run using the below command
docker run -d -v /sys/fs/bpf:/sys/fs/bpf -v /sys/kernel/debug/:/sys/kernel/debug/ -v /dev/shm:/dev/shm --privileged --net=host l3afd:<version>
To test on your local machine, do the following.
For Linux:
go test ./...
For Windows:
go test -tags WINDOWS ./...
See our Swaggo setup
Contributing to L3afd is fun. To get started: