A lightweight XDP-powered network filtering solution controllable through a REST API.
Express Data Path (XDP) integration enables line-rate packet filtering at the network driver level, processing millions of packets per second before kernel stack ingress.
Programmable interface for dynamic rule management with atomic operations. Features role-based access control (RBAC), Unix domain socket transport, and comprehensive OpenAPI specification.
Define persistent filtering rules using .couic set files. Supports hot reloading with differential updates, adapted for scheduled tasks and infrastructure-as-code workflows.
Native IPv4 and IPv6 prefix handling with automatic network address canonicalization. eBPF LPM (Longest Prefix Match) trie implementation ensures efficient lookup operations.
Configurable TTL (Time-To-Live) for dynamically added entries with automatic expiration. Enables temporary mitigation strategies during active incidents without manual cleanup requirements.
Tagging mechanism for rule organization and lifecycle management. Supports filtering and statistical aggregation.
The couicctl binary provides administrative operations for both local and remote management modes. Features include rule manipulation, policy control, statistics retrieval, and client authentication management.
Native metrics endpoint exposing XDP counters, CIDR statistics, and per-tag packet/byte accounting. Enables integration with standard observability stacks for monitoring and alerting.
Peering protocol for distributed rule propagation across infrastructure. Batched transmission with conflict resolution ensures eventual consistency in multi-node deployments.