daemon: support Linux eBPF socket filters with new net.bpf_set(fd) and net.bpf_clear() bindings
This change implements two new Lua bindings on the
net module which allow Linux users to attach/detach loaded eBPF socket filters to Knot's active sockets.
In pseudocode, the implementation is essentially–
function net.bpf_set(bpffd) -- bpffd: file descriptor of a loaded eBPF socket filter for endpoint in endpoints do sockfd = uv_fileno(endpoint) -- sockfd: file descriptor of a listening socket setsockopt(sockfd, SOL_SOCKET, SO_ATTACH_BPF, bpffd, sizeof(int)) end end function net.bpf_clear() for endpoint in endpoints do sockfd = uv_fileno(endpoint) -- sockfd: file descriptor of a listening socket setsockopt(sockfd, SOL_SOCKET, SO_DETACH_BPF, NULL, 0) end end
My intention is to make the smallest number of core changes needed to support eBPF socket filters with Knot. I do not provide a mechanism for loading eBPF programs, accessing maps, or pinning objects to
bpffs, since I believe those operations are more appropriate for modules.