release: blackwall v1

2026-05-18 15:35:12 +02:00 · 2026-04-02 00:05:44 +03:00 · 2026-04-02 00:05:44 +03:00 · e01b11f7ff
commit e01b11f7ff
63 changed files with 11133 additions and 0 deletions
--- a/assets/architecture.svg
+++ b/assets/architecture.svg
@ -0,0 +1,99 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="1400" height="860" viewBox="0 0 1400 860" role="img" aria-label="Blackwall architecture diagram">
+  <defs>
+    <linearGradient id="bg" x1="0" y1="0" x2="1" y2="1">
+      <stop offset="0%" stop-color="#060A1A"/>
+      <stop offset="100%" stop-color="#0E1328"/>
+    </linearGradient>
+    <linearGradient id="card" x1="0" y1="0" x2="1" y2="0">
+      <stop offset="0%" stop-color="#111933"/>
+      <stop offset="100%" stop-color="#171F3E"/>
+    </linearGradient>
+    <style>
+      .title { fill:#F8FAFF; font:700 34px 'Segoe UI', Arial, sans-serif; }
+      .subtitle { fill:#9FB1DA; font:500 17px 'Segoe UI', Arial, sans-serif; }
+      .box { fill:url(#card); stroke:#2C3C72; stroke-width:2; rx:16; }
+      .hot { stroke:#FF4D4D; }
+      .txt { fill:#EAF0FF; font:600 19px 'Segoe UI', Arial, sans-serif; }
+      .small { fill:#AFC1E8; font:500 15px 'Segoe UI', Arial, sans-serif; }
+      .arrow { stroke:#6EC1FF; stroke-width:3; marker-end:url(#arrow); }
+      .arrow-hot { stroke:#FF6B6B; stroke-width:3; marker-end:url(#arrowHot); }
+    </style>
+    <marker id="arrow" markerWidth="10" markerHeight="10" refX="8" refY="5" orient="auto">
+      <polygon points="0,0 10,5 0,10" fill="#6EC1FF"/>
+    </marker>
+    <marker id="arrowHot" markerWidth="10" markerHeight="10" refX="8" refY="5" orient="auto">
+      <polygon points="0,0 10,5 0,10" fill="#FF6B6B"/>
+    </marker>
+    <marker id="arrowFeed" markerWidth="10" markerHeight="10" refX="8" refY="5" orient="auto">
+      <polygon points="0,0 10,5 0,10" fill="#4ADE80"/>
+    </marker>
+    <style>
+      .arrow-feed { stroke:#4ADE80; stroke-width:2.5; stroke-dasharray:8,4; marker-end:url(#arrowFeed); }
+      .feed-label { fill:#4ADE80; font:500 13px 'Segoe UI', Arial, sans-serif; }
+    </style>
+  </defs>
+
+  <rect width="1400" height="860" fill="url(#bg)"/>
+  <text x="70" y="70" class="title">The Blackwall - High-Level Architecture</text>
+  <text x="70" y="102" class="subtitle">Kernel fast path + behavioral engine + AI deception mesh</text>
+
+  <rect x="70" y="150" width="230" height="88" class="box"/>
+  <text x="95" y="186" class="txt">Internet Traffic</text>
+  <text x="95" y="212" class="small">Inbound + outbound packets</text>
+
+  <rect x="370" y="130" width="320" height="128" class="box hot"/>
+  <text x="395" y="175" class="txt">eBPF/XDP + TC Layer</text>
+  <text x="395" y="201" class="small">JA4, entropy, DPI tail-calls</text>
+  <text x="395" y="223" class="small">PASS / DROP / REDIRECT</text>
+
+  <rect x="770" y="150" width="260" height="88" class="box"/>
+  <text x="795" y="186" class="txt">RingBuf Events</text>
+  <text x="795" y="212" class="small">Zero-copy kernel telemetry</text>
+
+  <rect x="1110" y="130" width="220" height="128" class="box"/>
+  <text x="1135" y="175" class="txt">Threat Feeds</text>
+  <text x="1135" y="201" class="small">Firehol + abuse.ch</text>
+  <text x="1135" y="223" class="small">Hourly map updates</text>
+
+  <rect x="420" y="350" width="430" height="130" class="box hot"/>
+  <text x="445" y="398" class="txt">Behavioral Engine (userspace)</text>
+  <text x="445" y="424" class="small">Per-IP state machine, fast + AI verdicts</text>
+  <text x="445" y="446" class="small">New -> Suspicious -> Malicious -> Blocked</text>
+
+  <rect x="140" y="560" width="340" height="170" class="box"/>
+  <text x="165" y="603" class="txt">Deception Mesh / Tarpit</text>
+  <text x="165" y="629" class="small">SSH bash simulation</text>
+  <text x="165" y="651" class="small">HTTP fake admin + MySQL + DNS</text>
+  <text x="165" y="673" class="small">Prompt-injection defense</text>
+
+  <rect x="530" y="560" width="300" height="170" class="box"/>
+  <text x="555" y="603" class="txt">PCAP Capture</text>
+  <text x="555" y="629" class="small">Flagged IP traffic only</text>
+  <text x="555" y="651" class="small">Rotating compressed files</text>
+
+  <rect x="890" y="560" width="380" height="170" class="box"/>
+  <text x="915" y="603" class="txt">Distributed Controller</text>
+  <text x="915" y="629" class="small">Peer sync for blocked IPs + JA4</text>
+  <text x="915" y="651" class="small">One sensor learns, all nodes block</text>
+
+  <!-- Data flow: Internet → eBPF → RingBuf → Behavioral Engine -->
+  <line x1="300" y1="194" x2="370" y2="194" class="arrow"/>
+  <line x1="690" y1="194" x2="770" y2="194" class="arrow"/>
+  <line x1="900" y1="258" x2="720" y2="350" class="arrow"/>
+  <line x1="580" y1="258" x2="620" y2="350" class="arrow-hot"/>
+
+  <!-- Threat Feeds → Behavioral Engine (external intel) -->
+  <line x1="1220" y1="258" x2="850" y2="370" class="arrow-feed"/>
+  <text x="970" y="300" class="feed-label">intel updates</text>
+
+  <!-- Behavioral Engine → eBPF/XDP (BPF map updates) -->
+  <line x1="450" y1="350" x2="490" y2="258" class="arrow-feed"/>
+  <text x="400" y="310" class="feed-label">map sync</text>
+
+  <!-- Behavioral Engine → downstream modules -->
+  <line x1="560" y1="480" x2="310" y2="560" class="arrow-hot"/>
+  <line x1="640" y1="480" x2="680" y2="560" class="arrow"/>
+  <line x1="730" y1="480" x2="1020" y2="560" class="arrow"/>
+
+  <text x="70" y="810" class="subtitle">Rendered as SVG for crisp display on GitHub and dark/light themes.</text>
+</svg>
--- a/assets/results-overview.svg
+++ b/assets/results-overview.svg
@ -0,0 +1,61 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="1400" height="760" viewBox="0 0 1400 760" role="img" aria-label="Blackwall result cards">
+  <defs>
+    <linearGradient id="bg2" x1="0" y1="0" x2="1" y2="1">
+      <stop offset="0%" stop-color="#08101E"/>
+      <stop offset="100%" stop-color="#141B2F"/>
+    </linearGradient>
+    <linearGradient id="panel" x1="0" y1="0" x2="1" y2="0">
+      <stop offset="0%" stop-color="#111A33"/>
+      <stop offset="100%" stop-color="#1B2442"/>
+    </linearGradient>
+    <style>
+      .h1 { fill:#F3F8FF; font:700 32px 'Segoe UI', Arial, sans-serif; }
+      .label { fill:#9FB5DD; font:600 16px 'Segoe UI', Arial, sans-serif; }
+      .term { fill:url(#panel); stroke:#334B84; stroke-width:2; rx:14; }
+      .mono { fill:#E9F1FF; font:600 16px 'JetBrains Mono', Consolas, monospace; }
+      .ok { fill:#60E7A7; }
+      .warn { fill:#FFC05A; }
+      .err { fill:#FF6E6E; }
+      .dot { rx:6; }
+    </style>
+  </defs>
+
+  <rect width="1400" height="760" fill="url(#bg2)"/>
+  <text x="70" y="68" class="h1">Blackwall - Visual Results</text>
+  <text x="70" y="98" class="label">Terminal-style snapshots (SVG) for README presentation</text>
+
+  <rect x="70" y="130" width="1260" height="260" class="term"/>
+  <rect x="96" y="152" width="12" height="12" class="dot err"/>
+  <rect x="116" y="152" width="12" height="12" class="dot warn"/>
+  <rect x="136" y="152" width="12" height="12" class="dot ok"/>
+  <text x="170" y="164" class="label">test + lint run</text>
+
+  <text x="100" y="205" class="mono">$ cargo clippy --workspace -- -D warnings</text>
+  <text x="100" y="236" class="mono ok">Finished dev [unoptimized + debuginfo] target(s) in 4.81s</text>
+  <text x="100" y="272" class="mono">$ cargo test --workspace</text>
+  <text x="100" y="303" class="mono ok">test result: ok. 123 passed; 0 failed; 0 ignored</text>
+  <text x="100" y="339" class="mono">$ cargo xtask build-ebpf</text>
+  <text x="100" y="370" class="mono ok">eBPF artifacts compiled successfully</text>
+
+  <rect x="70" y="430" width="610" height="260" class="term"/>
+  <rect x="96" y="452" width="12" height="12" class="dot err"/>
+  <rect x="116" y="452" width="12" height="12" class="dot warn"/>
+  <rect x="136" y="452" width="12" height="12" class="dot ok"/>
+  <text x="170" y="464" class="label">runtime status</text>
+  <text x="100" y="506" class="mono">[INFO] blackwall: attaching XDP program to eth0</text>
+  <text x="100" y="537" class="mono">[INFO] feeds: synced 2 feeds, 17,412 indicators</text>
+  <text x="100" y="568" class="mono">[INFO] behavior: suspicious ip=203.0.113.52 score=83</text>
+  <text x="100" y="599" class="mono ok">[INFO] action: redirected to tarpit</text>
+  <text x="100" y="630" class="mono">[INFO] pcap: capture started for flagged ip</text>
+
+  <rect x="720" y="430" width="610" height="260" class="term"/>
+  <rect x="746" y="452" width="12" height="12" class="dot err"/>
+  <rect x="766" y="452" width="12" height="12" class="dot warn"/>
+  <rect x="786" y="452" width="12" height="12" class="dot ok"/>
+  <text x="820" y="464" class="label">tarpit session snapshot</text>
+  <text x="750" y="506" class="mono">Ubuntu 24.04.2 LTS web-prod-03 tty1</text>
+  <text x="750" y="537" class="mono">root@web-prod-03:~# ls -la</text>
+  <text x="750" y="568" class="mono">drwxr-xr-x 2 root root 4096 Apr 01 12:31 .ssh</text>
+  <text x="750" y="599" class="mono">root@web-prod-03:~# cat /etc/passwd</text>
+  <text x="750" y="630" class="mono ok">[deception] full transcript stored</text>
+</svg>
--- a/assets/signal-flow.svg
+++ b/assets/signal-flow.svg
@ -0,0 +1,45 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="1400" height="520" viewBox="0 0 1400 520" role="img" aria-label="Blackwall signal flow">
+  <defs>
+    <linearGradient id="bg3" x1="0" y1="0" x2="1" y2="1">
+      <stop offset="0%" stop-color="#0A1122"/>
+      <stop offset="100%" stop-color="#1B1730"/>
+    </linearGradient>
+    <style>
+      .box { fill:#131E3B; stroke:#3A4E82; stroke-width:2; rx:14; }
+      .txt { fill:#EEF3FF; font:600 18px 'Segoe UI', Arial, sans-serif; }
+      .sub { fill:#9FB1D6; font:500 14px 'Segoe UI', Arial, sans-serif; }
+      .title { fill:#F3F8FF; font:700 30px 'Segoe UI', Arial, sans-serif; }
+      .a { stroke:#74C0FF; stroke-width:3; marker-end:url(#m); }
+    </style>
+    <marker id="m" markerWidth="10" markerHeight="10" refX="8" refY="5" orient="auto">
+      <polygon points="0,0 10,5 0,10" fill="#74C0FF"/>
+    </marker>
+  </defs>
+  <rect width="1400" height="520" fill="url(#bg3)"/>
+  <text x="70" y="70" class="title">Threat Signal Flow</text>
+
+  <rect x="70" y="150" width="220" height="120" class="box"/>
+  <text x="95" y="198" class="txt">Packet Ingress</text>
+  <text x="95" y="224" class="sub">eth0 / xdp path</text>
+
+  <rect x="360" y="150" width="250" height="120" class="box"/>
+  <text x="385" y="198" class="txt">Kernel Detection</text>
+  <text x="385" y="224" class="sub">JA4 + DPI + entropy</text>
+
+  <rect x="680" y="150" width="250" height="120" class="box"/>
+  <text x="705" y="198" class="txt">Event Correlation</text>
+  <text x="705" y="224" class="sub">behavioral state machine</text>
+
+  <rect x="1000" y="80" width="300" height="120" class="box"/>
+  <text x="1025" y="128" class="txt">Mitigation Path</text>
+  <text x="1025" y="154" class="sub">drop / redirect / blocklist</text>
+
+  <rect x="1000" y="240" width="300" height="120" class="box"/>
+  <text x="1025" y="288" class="txt">Intelligence Path</text>
+  <text x="1025" y="314" class="sub">pcap + distributed sync</text>
+
+  <line x1="290" y1="210" x2="360" y2="210" class="a"/>
+  <line x1="610" y1="210" x2="680" y2="210" class="a"/>
+  <line x1="930" y1="190" x2="1000" y2="140" class="a"/>
+  <line x1="930" y1="230" x2="1000" y2="300" class="a"/>
+</svg>