EBPF-based Network Isolation for Stellar Protocols

[OtowoSamuel]

🔴 Difficulty: High (200 Points)

Standard K8s NetworkPolicies are L4. We need L7 deep packet inspection using eBPF to ensure only valid SCP messages are allowed.

✅ Acceptance Criteria

• Implement an eBPF program (using aya-rs or libbpf-rs) that filter traffic on port 11625.
• Reject any packet that doesn't follow the XDR-encoded Stellar protocol structure.
• Export eBPF-derived metrics to Prometheus.

[drips-wave]

This issue has been added to the Stellar Wave Program and is worth 200 Points.

🧑‍💻 Interested in contributing? Apply to work on this issue on Drips Wave, earn points, and receive rewards.

Warning

Only applications submitted via the apply link above will be considered. Please do not apply by commenting on the issue or opening a PR directly.

🤠 Repo maintainers: You can manage this issue's Points and Complexity on your Maintainer Dashboard here. Please keep an eye on applications and respond quickly 💙

ℹ️ Learn more about Drips Wave

[devJaja]

@devJaja has applied to work on this issue as part of the Stellar Wave Program's 2nd wave.

Hello, I’m a smart contract and full-stack developer actively contributing to open-source ecosystems. I’ve worked on 30+ projects across the ecosystem, with hands-on experience in Solidity, Cairo, Soroban, JavaScript, TypeScript, Rust, and building on the Stellar ecosystem. I’m passionate about delivering secure and scalable blockchain systems and would love the opportunity to support and contribute to this issue.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @devJaja to this issue.

[devJaja]

GM @OtowoSamuel , can I take this issue

[GoSTEAN]

@GoSTEAN has applied to work on this issue as part of the Stellar Wave Program's 2nd wave.

Can i work on this?

ℹ️ Repo Maintainers: To accept this application, review their application or assign @GoSTEAN to this issue.

[Otaiki1]

@Otaiki1 has applied to work on this issue as part of the Stellar Wave Program's 2nd wave.

Please can i get my hands on this , My PRs would be available before the deadline

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Otaiki1 to this issue.

[drips-wave]

Congratulations, @Otaiki1! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on February 26, 2026.

🧑‍💻 @Otaiki1: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are issued when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊