GoKawiilayaFlow
A high-performance, eBPF-based network traffic analyzer written in Rust. Designed to run as a sidecarless DaemonSet in Kubernetes, providing kernel-native visibility into node-wide network traffic with minimal overhead.
Built on the Aya eBPF framework.
Architecture
Kernel: NIC --> TC Hook (eBPF, ingress + egress) --> RingBuf | Userspace: Tokio Event Loop / | \ DashMap SQLite Axum HTTP (live stats) (history) (API + /metrics)
Kernel-side : A TC (Traffic Control) classifier attached at both ingress and egress parses Ethernet/IPv4/TCP/UDP headers and pushes lightweight PacketEvent structs (with a direction tag) to a shared ring buffer.
: A TC (Traffic Control) classifier attached at both ingress and egress parses Ethernet/IPv4/TCP/UDP headers and pushes lightweight structs (with a direction tag) to a shared ring buffer. Userspace: An async Tokio agent polls the ring buffer, maintains live connection state in a DashMap, persists events to SQLite, and exposes a REST API with Prometheus metrics.
Features
eBPF-native capture -- No libpcap, no privileged sidecar. Hooks directly into the kernel's traffic control subsystem.
-- No libpcap, no privileged sidecar. Hooks directly into the kernel's traffic control subsystem. Sidecarless DaemonSet -- One pod per node instead of one per application pod.
... continue reading