Open thatjiaozi opened 3 months ago
Currently we only support programs attached to a Socket.
However the list of types of programs that ebpf supports is huge https://docs.kernel.org/bpf/libbpf/program_types.html and some of them might touch areas of the verifier that a network filter wouldn't.
I propose we extend the number of supported programs as much as we can.
Roughly we could refactor the FFI layer to introduce a type of executor per program type.
Currently we only support programs attached to a Socket.
However the list of types of programs that ebpf supports is huge https://docs.kernel.org/bpf/libbpf/program_types.html and some of them might touch areas of the verifier that a network filter wouldn't.
I propose we extend the number of supported programs as much as we can.
Roughly we could refactor the FFI layer to introduce a type of executor per program type.