Native components for running the box proxy on Android: a Rust control CLI
and an eBPF traffic matcher. They are built for aarch64-linux-android and ship
inside the box app / Magisk module.
The repository contains two independent, sibling components:
A Rust command-line tool that drives the proxy on the device. It manages the iptables / eBPF routing rules, the core configuration, the SQLite rules database, Wi-Fi monitoring, and the service lifecycle.
boxctl evolved from the shell scripts of the original
boxproxy/box project — the same logic,
reworked in Rust for speed, atomic batched iptables updates, and a single
self-contained binary with no shell dependencies.
cd boxctl
cargo build --release --target aarch64-linux-android(Set the Android NDK linker via CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER and
the matching CC_/CXX_/AR_aarch64_linux_android toolchain variables.)
A small C tool that assembles, loads, and pins eBPF socket-filter programs
for xt_bpf (iptables -m bpf --object-pinned). The pinned programs match
traffic by CIDR (v4/v6), UID, and a force-proxy direction flag driven by a
runtime-config map.
The programs are hand-assembled bpf_insn arrays loaded through the bpf()
syscall, with a direct-packet-access → skb_load_bytes → BPF_LD_ABS read-mode
fallback so they keep working across the kernels Android devices actually ship.
The matcher design references the eBPF approach in
Asterisk4Magisk/AsteriskNG.
cd boxbpf
make # or: clang -O2 -fPIE -pie main.c loader.c config.c -o boxbpfThis project is licensed under the GNU General Public License v3.0 (GPL-3.0-or-later). See LICENSE.
boxproxy builds upon and credits the following projects:
- boxproxy/box — the original shell-based
box proxy;
boxctlis a Rust evolution of its control logic. - Asterisk4Magisk/AsteriskNG
— referenced for the eBPF
xt_bpfsocket-filter matcher approach used byboxbpf.