Hi,
I have been working on enabling eBPF XDP/TC kernel feature for IPFire, please refer to https://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.sv... for where XDP fit in Linux network datapath, XDP will not interfere with existing IPFire firewall rules. XDP is especially good at DDoS packet filtering at high speed, see https://netdevconf.info/0x15/slides/30/Netdev%200x15%20Accelerating%20synpro...
I think we only need to enable XDP/TC network filtering capability without eBPF tracing capability which some users are concerned about potential host security information leaks.
Please let me know what you think, thanks!
Vincent