You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat(bpf): add runtime XDP/TC health checks before each scan
Long-lived processes (e.g. limpet-timing) create Engine once at startup
and reuse it for days. If XDP/TC detach after init (interface bounce,
admin removal, another XDP program), the BPF map silently returns None
for everything and all ports become "Filtered". This adds ~5ms pre-scan
verification via `ip link show` + `tc filter show` to fail hard instead
of producing silently wrong results.
- Add `BpfTimingCollector::verify_attached()` wrapping existing verify fns
- Add pre-scan health check in `ScanEngine::discover_bpf()`
- Add pre-timing health check in `collect_timing_samples_raw()`
- Fix README: remove stale userspace fallback references
-**ML-ready output** — timing samples (not just a single RTT), mean/p50/p90 stats, and 64-dim embedding vectors for each port
27
27
-**JSON output** — machine-readable results for pipelines
@@ -34,13 +34,13 @@ What does TRS stand for? Temporal Resonance Scanner. You heard it here first.
34
34
35
35
| Requirement | Notes |
36
36
|-------------|-------|
37
-
| Linux kernel ≥ 5.11 | For BPF ring buffers; XDP timing degrades gracefully to userspace on older kernels|
37
+
| Linux kernel ≥ 5.11 | For BPF ring buffers; fails hard if BPF unavailable|
38
38
|`NET_RAW` + `NET_ADMIN` capabilities | Required for raw socket SYN scanning |
39
-
|`CAP_BPF` + `CAP_SYS_ADMIN`| Required for XDP/BPF timing (not needed for userspace fallback) |
40
-
| Bare-metal or KVM VM | AF_XDP requires a real NIC driver; Docker Desktop (macOS/Windows) will fall back to userspace timing|
39
+
|`CAP_BPF` + `CAP_SYS_ADMIN`| Required for XDP/BPF timing (no unprivileged fallback) |
40
+
| Bare-metal or KVM VM | AF_XDP requires a real NIC driver; cannot load BPF — limpet will not run|
41
41
| Root or `sudo`| Easiest path; or grant caps with `setcap`|
42
42
43
-
**Does not work on:** macOS, Windows, Docker Desktop (for BPF features — CLI builds but timing falls back to userspace).
43
+
**Does not work on:** macOS, Windows, Docker Desktop (BPF programs cannot load — scanning unavailable).
44
44
45
45
---
46
46
@@ -259,9 +259,9 @@ curl -X POST http://localhost:8888/v1/timing \
259
259
## Limitations
260
260
261
261
**Platform**
262
-
- Linux only. The BPF/XDP path requires kernel ≥ 5.11 for ring buffers. Older kernels fall back to userspace timing automatically.
262
+
- Linux only. The BPF/XDP path requires kernel ≥ 5.11 for ring buffers. Older kernels fail at BPF program load — no fallback.
263
263
- AF_XDP requires a NIC driver with XDP support. Virtio-net (KVM/QEMU) works. VMware vmxnet3 and some cloud hypervisor NICs do not.
264
-
- Docker Desktop on macOS/Windows: the CLI builds and runs but the BPF programs cannot load — timing falls back to userspace.
264
+
- Docker Desktop on macOS/Windows: the CLI builds but the BPF programs cannot load — limpet will exit with an error.
265
265
266
266
**Scanning**
267
267
-**No service detection** — limpet identifies open ports and collects RTT samples. The `banner` field contains raw bytes from the server's first response packet, but there is no protocol parsing.
@@ -272,7 +272,7 @@ curl -X POST http://localhost:8888/v1/timing \
272
272
273
273
**Timing precision**
274
274
- XDP timestamps are recorded at NIC receive time, not in application code. This gives you real wire latency including NIC driver overhead, not software scheduling jitter.
275
-
-Userspace fallback (`precision_class: "userspace"`) has ±50–200µs jitter under load — accurate enough for coarse fingerprinting, not for sub-millisecond jitter analysis.
0 commit comments