L3afd supports artifacts in tar.gz format. This is not a default format for windows, we need to support zip format along with tar.gz.

In a few instances, we have noticed that although the BPF file system (/sys/fs/bpf) is being mounted appropriately, the complete path (/sys/fs/bpf/tc/globals/) for the BPF maps does not exist. As most of the program the /sys/fs/bpf/tc/globals directory for creation of maps, the program will fail if the complete directory path is not present. Hence, L3AFD needs to make sure that complete path for the maps creation exists, or creates them, such that the programs do not fail.

Code block to fix: https://github.com/l3af-project/l3afd/blob/main/kf/nfconfig.go#L143-L156

Out of all the use cases listed, where can i find the load balancer code?

Update xdp and tc eBPF programs loading from l3afd and chaining.

make install seems to fail with the following logs:

2023/04/19 11:09:33 Generate swagger docs....
2023/04/19 11:09:33 Generate general API Info, search dir:./
2023/04/19 11:09:33 Generating models.L3afBPFPrograms
2023/04/19 11:09:33 Generating models.BPFPrograms
2023/04/19 11:09:33 Generating models.BPFProgram
2023/04/19 11:09:33 Generating models.L3afDNFArgs
2023/04/19 11:09:33 Generating models.L3afDNFMetricsMap
2023/04/19 11:09:33 Generating models.L3afBPFProgramNames
2023/04/19 11:09:33 Generating models.BPFProgramNames
2023/04/19 11:09:33 create docs.go at docs/docs.go
2023/04/19 11:09:33 create swagger.json at docs/swagger.json
2023/04/19 11:09:33 create swagger.yaml at docs/swagger.yaml
# github.com/l3af-project/l3afd/docs
Error: docs/docs.go:4[21](https://github.com/l3af-project/l3afd/actions/runs/4742594136/jobs/8421057747?pr=224#step:11:22):2: unknown field 'LeftDelim' in struct literal of type "github.com/swaggo/swag".Spec
Error: docs/docs.go:4[22](https://github.com/l3af-project/l3afd/actions/runs/4742594136/jobs/8421057747?pr=224#step:11:23):2: unknown field 'RightDelim' in struct literal of type "github.com/swaggo/swag".Spec

CI build failure: https://github.com/l3af-project/l3afd/actions/runs/4742594136/jobs/8421057747?pr=224#step:11:34

• token based with pub/private key auth
• Support for admin or read-only roles

The delete api to remove ebpf program used to respond 200 OK but on the host ebpf programs are still running. L3afd is failing to remove running ebpf programs from the tc egress chain.

L3afd supports file to store persistent configs, it's good to support different backends like db and kv store.

Hi everyone we are making xdp code redirecting, and while trying to send send TCP packets we face some problem while we ping packets from one container to another.
I tried redirecting packets send to one docker instance to another container using xdp. I followed xdp_tutorial to reroute packet, and created 2 dockers to redirect packet from one docker to another. I am getting the packet at target docker but when i run ping 172.17.0.2 on source machine/sender ,I got Destination Host Unreachable on system.

For system details and output refer issue i raised at xdp_tutorial repo.

What additions should i make to get TCP rerouting to work

Hi,

I have been evaluating L3AFD for some project work and thought of a new feature that might be useful.



I developed a tool that uses BTF info in the ebpf binary to generate map access APIs. It could potentially replace the need for user-space programs for ebpf modules that only need basic CRUD functionality on maps. Plus, with BTF info, the tool can also handle data manipulation for key and value which have complex types like structs or unions.

Such a capability would eliminate the need for a separate user-space program. I've already tested it on a version of the rate-limiter NF in L3AF's ebpf repo.

I was wondering if such a tool will of interest to L3AF community? I can provide more details if needed in a meeting. Please let me know.

L3AFD running on Azure Windows VM

L3AFD should be extended to include a new metric that reports the ebpf_program version running on the node. In this way, the details of the ebpf_program version can be monitored.

l3afd_NFRunning{direction="egress",ebpf_program="traffic-mirroring",host="l3af-local-test",interface_name="enp0s3"} 1
l3afd_NFRunning{direction="ingress",ebpf_program="traffic-mirroring",host="l3af-local-test",interface_name="enp0s3"} 1

Add new tag version.

Sample monitor map promQL format:

l3afd_NFMonitorMap{host="l3af-local-test",map_name="rl_drop_count_map_0_scalar",network_function="ratelimiting"} 1
l3afd_NFMonitorMap{host="l3af-local-test",map_name="rl_recv_count_map_0_max-rate",network_function="ratelimiting"} 21

1. Update monitor map with interface name tags.
2. Rename network_function to ebpf_program.

L3AFD currently has a GRPC API and an HTTP API, both of which are insecure for historical reasons (i.e., at Walmart we call the API only from localhost). However, going forward we want to be able to securely call the L3AFD API from a remote client (perhaps a centralized configuration service, for example).

Our current thoughts for the best way to do this would be to replace the HTTP API with a web API using mTLS.

• Verify client certs with server Root CA.
• Validating Client Certificate SANs.
• Token-based authentication

Data model enhancements to load eBPF program from l3afd. This stores object file name of the ebpf program and entry function name.

NOTICE: The current structure of the API payload is due to historical reasons. We should restructure he payload such that the string values are unpacked to valid JSON objects. For example, instead of:

json { "key": "l3af-local-test", "value":"{\"bpf_programs\":{\"enp0s3\":{\"xdpingress\":{\"1\":{\"name\":\"ratelimiting\",\"seq_id\":1,\"artifact\":\"l3af_ratelimiting.tar.gz\",\"map_name\":\"/sys/fs/bpf/xdp_rl_ingress_next_prog\",\"cmd_start\":\"ratelimiting\",\"version\":\"latest\",\"is_user_program\":true,\"admin_status\":\"enabled\",\"ebpf_type\":\"xdp\",\"cfg_version\":1,\"start_args\":[{\"key\":\"ports\",\"value\":\"8080,8081\"},{\"key\":\"rate\",\"value\":\"2\"}],\"monitor_maps\":[{\"name\":\"rl_drop_count_map\",\"key\":0,\"aggregator\":\"scalar\"},{\"name\":\"rl_recv_count_map\",\"key\":0,\"aggregator\":\"max-rate\"}]}}}}}" }

The payload will look more like this standard JSON:

{
  "hostname": "l3af-local-test",
  "bpf_programs": {
    "enp0s3": {
      "xdpingress": [
        {
          "name": "ratelimiting",
          "artifact": "l3af_ratelimiting.tar.gz",
          "map_name": "/sys/fs/bpf/xdp_rl_ingress_next_prog",
          "...": "..."
        }
      ],
      "monitor_maps": [
        {
          "...": "..."
        }
      ]
    }
  }
}

See https://github.com/l3af-project/l3afd/tree/main/docs/api for more information on the L3AFD API.

Dynamic update of eBPF maps. L3afd supports array and hashmaps updates. Need to support json/struct objects into eBPF maps.

go vet command is failing on windows for ebpf/link pkg

Image: windows-2022
Version: 20230226.1

Go version: 1.18.6

  go vet -tags WINDOWS ./...
  shell: C:\Program Files\PowerShell\7\pwsh.EXE -command ". '{0}'"
  env:
    GOPATH: C:\Users\runneradmin\go
go: downloading github.com/rs/zerolog v1.[2](https://github.com/l3af-project/l3afd/actions/runs/4365841805/jobs/7635025497#step:8:2)8.0
go: downloading github.com/swaggo/http-swagger v1.[3](https://github.com/l3af-project/l3afd/actions/runs/4365841805/jobs/7635025497#step:8:3).3
go: downloading github.com/robfig/config v0.0.0-201[4](https://github.com/l3af-project/l3afd/actions/runs/4365841805/jobs/7635025497#step:8:4)1207224736-0f78[5](https://github.com/l3af-project/l3afd/actions/runs/4365841805/jobs/7635025497#step:8:5)29c8c7e
go: downloading github.com/go-chi/chi/v5 v5.0.8
go: downloading github.com/swaggo/swag v1.8.7
go: downloading github.com/golang/mock v1.[6](https://github.com/l3af-project/l3afd/actions/runs/4365841805/jobs/7635025497#step:8:7).0
go: downloading github.com/prometheus/client_golang v1.14.0
go: downloading github.com/cilium/ebpf v0.10.0
go: downloading github.com/florianl/go-tc v0.4.1
go: downloading github.com/mitchellh/go-ps v1.0.0
go: downloading golang.org/x/sys v0.2.0
go: downloading github.com/swaggo/files v0.0.0-20220610200504-28940afbdbfe
go: downloading github.com/mattn/go-colorable v0.1.12
go: downloading github.com/KyleBanks/depth v1.2.1
go: downloading github.com/go-openapi/jsonreference v0.20.0
go: downloading github.com/go-openapi/spec v0.20.6
go: downloading golang.org/x/tools v0.1.12
go: downloading github.com/prometheus/client_model v0.3.0
go: downloading github.com/prometheus/common v0.3[7](https://github.com/l3af-project/l3afd/actions/runs/4365841805/jobs/7635025497#step:8:8).0
go: downloading github.com/beorn7/perks v1.0.1
go: downloading github.com/cespare/xxhash/v2 v2.1.2
go: downloading github.com/golang/protobuf v1.5.2
go: downloading google.golang.org/protobuf v1.2[8](https://github.com/l3af-project/l3afd/actions/runs/4365841805/jobs/7635025497#step:8:9).1
go: downloading github.com/josharian/native v1.0.0
go: downloading github.com/mdlayher/netlink v1.6.0
go: downloading github.com/mattn/go-isatty v0.0.14
go: downloading github.com/go-openapi/jsonpointer v0.1[9](https://github.com/l3af-project/l3afd/actions/runs/4365841805/jobs/7635025497#step:8:10).5
go: downloading golang.org/x/net v0.0.0-20220722155237-a158d28d115b
go: downloading github.com/go-openapi/swag v0.19.15
go: downloading github.com/matttproud/golang_protobuf_extensions v1.0.1
go: downloading github.com/mailru/easyjson v0.7.6
go: downloading gopkg.in/yaml.v2 v2.4.0
go: downloading github.com/josharian/intern v1.0.0
# github.com/cilium/ebpf/link
Error: C:\Users\runneradmin\go\pkg\mod\github.com\cilium\ebpf@v0.[10](https://github.com/l3af-project/l3afd/actions/runs/4365841805/jobs/7635025497#step:8:11).0\link\socket_filter.go:[18](https://github.com/l3af-project/l3afd/actions/runs/4365841805/jobs/7635025497#step:8:19):[34](https://github.com/l3af-project/l3afd/actions/runs/4365841805/jobs/7635025497#step:8:35): cannot use int(fd) (value of type int) as type syscall.Handle in argument to syscall.SetsockoptInt
Error: C:\Users\runneradmin\go\pkg\mod\github.com\cilium\[email protected]\link\socket_filter.go:34:34: cannot use int(fd) (value of type int) as type syscall.Handle in argument to syscall.SetsockoptInt
Error: Process completed with exit code 1.

There is no "getting started" text that says how to build.
The github workflow does "go build ." and "go test ./..." but there's nothing in the readme that says you can do these.

Currently doing "go build ." on Windows gives:

>go build .
# github.com/safchain/ethtool
..\..\go\pkg\mod\github.com\safchain\[email protected]\ethtool.go:362:14: undefined: unix.Syscall
..\..\go\pkg\mod\github.com\safchain\[email protected]\ethtool.go:362:27: undefined: unix.SYS_IOCTL
..\..\go\pkg\mod\github.com\safchain\[email protected]\ethtool.go:632:2: undefined: unix.Close
..\..\go\pkg\mod\github.com\safchain\[email protected]\ethtool.go:637:13: undefined: unix.Socket
..\..\go\pkg\mod\github.com\safchain\[email protected]\ethtool.go:637:25: undefined: unix.AF_INET
..\..\go\pkg\mod\github.com\safchain\[email protected]\ethtool.go:637:39: undefined: unix.SOCK_DGRAM
..\..\go\pkg\mod\github.com\safchain\[email protected]\ethtool.go:637:56: undefined: unix.IPPROTO_IP
..\..\go\pkg\mod\github.com\safchain\[email protected]\ethtool_cmd.go:125:14: undefined: unix.Syscall
..\..\go\pkg\mod\github.com\safchain\[email protected]\ethtool_cmd.go:125:27: undefined: unix.SYS_IOCTL
..\..\go\pkg\mod\github.com\safchain\[email protected]\ethtool_cmd.go:153:14: undefined: unix.Syscall
..\..\go\pkg\mod\github.com\safchain\[email protected]\ethtool_cmd.go:153:14: too many errors
# github.com/l3af-project/l3afd/pidfile
pidfile\pidfile.go:45:11: undefined: syscall.Kill

This illustrates two issues:

• pidfile.go is not cross-plat because it uses syscall.Kill
• The ethtool dependency is not cross-plat

There may be additional issues beyond the above.

In which Repo can we find the KFs? We see a folders in both L3afd as well as package.Pl clarify

The ebp-chain-debug is configured on 0.0.0.0:8899 in the vagrant dev_environment. However, using curl to fetch, we get an empty JSON response:

root@l3af-local-test:~# curl localhost:8899/kfs/enp0s3
root@l3af-local-test:~# curl -v localhost:8899/kfs/enp0s3
*   Trying 127.0.0.1:8899...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8899 (#0)
> GET /kfs/enp0s3 HTTP/1.1
> Host: localhost:8899
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Content-Type: application/json
< Date: Wed, 12 Apr 2023 04:40:25 GMT
< Content-Length: 0
<
* Connection #0 to host localhost left intact
root@l3af-local-test:~#

We expect a valid JSON response here.

L3AFd blows up on Windows while trying to access the kernel version. There is no /proc filesystem. We need to use the Windows equivalent.

PS C:\Users\dahavey\source\repos\l3afd> .\l3afd.exe --config ..\l3af-arch\dev_environment\cfg\l3afd.cfg
2022-07-19T22:56:56Z INF l3afd started.
2022-07-19T22:56:56Z INF Reading configuration from: ..\l3af-arch\dev_environment\cfg\l3afd.cfg
2022-07-19T22:56:56Z INF Using default value TLS_1.3 after failure to read group:mTLS; field:min-tls-version error="option not found: min-tls-version"
2022-07-19T22:56:56Z INF Using default value /etc/l3afd/certs after failure to read group:mtls; field:cert-dir error="option not found: cert-dir"
2022-07-19T22:56:56Z INF Using default value ca.pem after failure to read group:mtls; field:cacert-filename error="option not found: cacert-filename"
2022-07-19T22:56:56Z INF Using default value server.crt after failure to read group:mtls; field:server-cert-filename error="option not found: server-cert-filename"
2022-07-19T22:56:56Z INF Using default value server.key after failure to read group:mtls; field:server-key-filename error="option not found: server-key-filename"
2022-07-19T22:56:56Z INF Using default value 30 after failure to read group:mtls; field:cert-expiry-warning-days error="option not found: cert-expiry-warning-days"
2022-07-19T22:56:56Z INF Checking for another already running instance (using PID file "./l3afd.pid")...
2022-07-19T22:56:56Z INF Found PID file with PID: 20088; checking if it is this process: PID: 13532
2022-07-19T22:56:56Z INF Found PID file with PID: 20088; checking if process is running...
2022-07-19T22:56:56Z INF Process was not running, removing PID file.
2022-07-19T22:56:56Z INF Writing process ID 13532 to ./l3afd.pid...
2022-07-19T22:56:56Z FTL The unsupported kernel version please upgrade error="failed to find kernel version: failed to read procfs: open /proc/version: The system cannot find the path specified."

Build container for scorecard-action failing -

Ign:8 http://deb.debian.org/debian stretch/main all Packages Err:10 http://deb.debian.org/debian stretch/main amd64 Packages 404 Not Found Ign:11 http://deb.debian.org/debian stretch-updates/main all Packages Err:12 http://deb.debian.org/debian stretch-updates/main amd64 Packages 404 Not Found Reading package lists... W: The repository 'http://deb.debian.org/debian stretch Release' does not have a Release file. W: The repository 'http://security.debian.org/debian-security stretch/updates Release' does not have a Release file. W: The repository 'http://deb.debian.org/debian stretch-updates Release' does not have a Release file. E: Failed to fetch http://deb.debian.org/debian/dists/stretch/main/binary-amd64/Packages 404 Not Found E: Failed to fetch http://security.debian.org/debian-security/dists/stretch/updates/main/binary-amd64/Packages 404 Not Found [IP: 151.101.194.132 80] E: Failed to fetch http://deb.debian.org/debian/dists/stretch-updates/main/binary-amd64/Packages 404 Not Found E: Some index files failed to download. They have been ignored, or old ones used instead. The command '/bin/sh -c apt-get update && apt-get install -y --no-install-recommends jq ca-certificates curl' returned a non-zero code: 100

L3AFD root program map path supports one root program on the host. This limits to attach root programs to one network interface in the chain. L3AFD should orchestrate chaining eBPF programs to multiple interfaces on the host.

Currently L3AFD supports GET API to get the eBPF programs running on a node and UPDATE API to manage the eBPF programs on a node. Instead of using only UPDATE API for program management, we can segregate the eBPF program orchestration by supporting the below APIs also:

1. ADD: Starts a new eBPF program on a node
2. DELETE: Remove an existing eBPF program from a node

And, we can limit the current scope of UPDATE API to only update/patch configuration of existing eBPF programs on a node.

• Native loading of eBPF program(s) into the kernel using go library (Cilium/eBPF)
• Implement Chaining using tailf with Cilium library

To explain how to contribute to this project. A good article about what to put in it is at
https://mozillascience.github.io/working-open-workshop/contributing/

Hi Team,
We were going through the code and observed that in the ratelimit and connection limit code,flag check are done as below:
if (!(tcph->syn & TCP_FLAGS)) -- this means Syn flag is set on the tcp packet.

This can also be simply checked using
if(!(tcph->syn ==1))
Can you please clarify the difference above two ways?

Is there any documentation through which we can understand how the repos are organized?

L3afd downloads eBPF programs from a the configured kernel function repository ("kf-repo"). These downloads are done over HTTP using a Go client, and TLS is currently not supported. It should be.

We want to improve upon the current units tests (possibly, by covering more edge cases) and add more tests for increased coverage.

Fill out openssf scorecard best practices form
Add badge to main page (like is shown at https://github.com/ebpf-for-windows)

Monitor server side TLS certificates once a day. If the validity of certificates expires within 30 days, log a warning.

If we deploy L3afd will it automatically integrate with all the KFs in the market place?

L3afd is doesn't support downloading artifacts from multiple eBPF Package Repositories, enable l3afd to download from different package repositories by adding repo config into json config, specific to eBPF programs. Also allow local file destination for artifacts.

Add new workflow to enable automated reviews.

bpf.go implements

func (b *BPF) Start(ifaceName, direction string, chain bool) error

which appears to require that the command implement a specific set of command line options (iface, direction, map-name, log-dir, rules-file, etc). However these do not seem to be documented anywhere I can find.

Dev environment throws http: panic error while downloading artifacts.

2022-04-22T08:38:51Z INF Downloading - http://localhost:8000/xdp-root/latest/focal/l3af_xdp_root.tar.gz
2022/04/22 08:38:51 http: panic serving 10.0.2.2:63266: interface conversion: interface {} is *[]uint8, not []uint8
goroutine 69 [running]:
net/http.(*conn).serve.func1(0xc000164500)
/usr/lib/go-1.13/src/net/http/server.go:1767 +0x139
panic(0x9f90e0, 0xc000492240)
/usr/lib/go-1.13/src/runtime/panic.go:679 +0x1b2
github.com/l3af-project/l3afd/kf.(*BPF).GetArtifacts(0xc0000d7340, 0xc00019a000, 0x0, 0x0)
/home/vagrant/code/l3afd/kf/bpf.go:596 +0x1222
github.com/l3af-project/l3afd/kf.(*BPF).VerifyAndGetArtifacts(0xc0000d7340, 0xc00019a000, 0xaaae3c, 0x3)
/home/vagrant/code/l3afd/kf/bpf.go:515 +0x1f5
github.com/l3af-project/l3afd/kf.LoadRootProgram(0xc00043ea70, 0x6, 0xaade0c, 0xa, 0xaaaec9, 0x3, 0xc00019a000, 0x414d51, 0xd0, 0xa3e280)
/home/vagrant/code/l3afd/kf/bpf.go:143 +0x5c2
github.com/l3af-project/l3afd/kf.(*NFConfigs).VerifyAndStartXDPRootProgram(0xc00013fdc0, 0xc00043ea70, 0x6, 0xaade0c, 0xa, 0x101, 0x0)
/home/vagrant/code/l3afd/kf/nfconfig.go:149 +0x1b4
github.com/l3af-project/l3afd/kf.(*NFConfigs).Deploy(0xc00013fdc0, 0xc00043ea70, 0x6, 0xc00043ea60, 0xf, 0xc00042be00, 0x0, 0x0)
/home/vagrant/code/l3afd/kf/nfconfig.go:656 +0x463
github.com/l3af-project/l3afd/kf.(*NFConfigs).DeployeBPFPrograms(0xc00013fdc0, 0xc0001645a0, 0x1, 0x4, 0xc0004294e0, 0x0)
/home/vagrant/code/l3afd/kf/nfconfig.go:710 +0x113
github.com/l3af-project/l3afd/apis/handlers.UpdateConfig.func1(0xb831a0, 0xc0001a6620, 0xc000163600)
/home/vagrant/code/l3afd/apis/handlers/updateconfig.go:52 +0x446
net/http.HandlerFunc.ServeHTTP(0xc00002f8b0, 0xb831a0, 0xc0001a6620, 0xc000163600)
/usr/lib/go-1.13/src/net/http/server.go:2007 +0x44
github.com/go-chi/chi/v5.(*Mux).routeHTTP(0xc000075320, 0xb831a0, 0xc0001a6620, 0xc000163600)
/root/go/pkg/mod/github.com/go-chi/chi/[email protected]/mux.go:442 +0x290
net/http.HandlerFunc.ServeHTTP(0xc00002f8c0, 0xb831a0, 0xc0001a6620, 0xc000163600)
/usr/lib/go-1.13/src/net/http/server.go:2007 +0x44
github.com/go-chi/chi/v5.(*Mux).ServeHTTP(0xc000075320, 0xb831a0, 0xc0001a6620, 0xc000163400)
/root/go/pkg/mod/github.com/go-chi/chi/[email protected]/mux.go:88 +0x300
net/http.serverHandler.ServeHTTP(0xc0001a60e0, 0xb831a0, 0xc0001a6620, 0xc000163400)
/usr/lib/go-1.13/src/net/http/server.go:2802 +0xa4
net/http.(*conn).serve(0xc000164500, 0xb84de0, 0xc000183dc0)
/usr/lib/go-1.13/src/net/http/server.go:1890 +0x875
created by net/http.(*Server).Serve
/usr/lib/go-1.13/src/net/http/server.go:2928 +0x384

Attach XDP and TC root program from l3afd without user program.

There is no documentation that explains what the config options mean

We want to add a code coverage workflow to quantify the testing coverage for the codebase.

The copyright note in ci-build.yaml and codeql.yaml needs to be updated.

The map name looks like the full path, not just the map name itself.
Could we just make it the map name itself (i.e., "xdp_cl_ingress_next_prog" where path "/sys/fs/bpf/" is implied on Linux), since the path will be different between Linux vs Windows. That is, allow relative paths not just absolute paths.

Tracking issue for:

• https://github.com/l3af-project/l3afd/security/code-scanning/1

eBPF programs are handling the SIGTERM signal and not SIGKILL signal, On termination, ebpf program will detach the program from the chain and remove program maps before coming to a complete stop.

L3AFD calls b.Cmd.Process.Kill() while stopping the program, this has to be changed to
syscall.Kill(b.Cmd.Process.Pid,syscall.SIGTERM).

We need to rename "direction" to something more appropriate to handle generic use-cases such as non-network related programs or when a program attaches to tracepoints, kprobes, uprobes, etc...

func (c *NFConfigs) VerifyAndStartXDPRootProgram(ifaceName, direction string)
func (c *NFConfigs) VerifyAndStartTCRootProgram(ifaceName, direction string)
func (c *NFConfigs) PushBackAndStartBPF(bpfProg *models.BPFProgram, ifaceName, direction string)
func (c *NFConfigs) DownloadAndStartBPFProgram(element *list.Element, ifaceName, direction string)
func (c *NFConfigs) StopNRemoveAllBPFPrograms(ifaceName, direction string)
func (c *NFConfigs) VerifyNUpdateBPFProgram(bpfProg *models.BPFProgram, ifaceName, direction string)
func (c *NFConfigs) InsertAndStartBPFProgram(bpfProg *models.BPFProgram, ifaceName, direction string)
func (c *NFConfigs) StopRootProgram(ifaceName, direction string)
func (c *NFConfigs) RemoveMissingBPFProgramsInConfig(bpfProg models.L3afBPFPrograms, ifaceName, direction string)
func (c *NFConfigs) AddAndStartBPF(bpfProg *models.BPFProgram, ifaceName string, direction string)
func (c *NFConfigs) DeleteProgramsOnInterfaceHelper(e *list.Element, ifaceName string, direction string, bpfList *list.List)