feat: Support ip and port flow control capabilities

[kaori-seasons]

@Forsworns @sczyh30

Can you take a look at this project? The bottom layer of this project creates an eBPF map in the kernel program, which is used to communicate between the user-mode program and the XDP program in the kernel. The following code is based on the encapsulated data plane program. ip, port and other information load the XDP program and inject it into the network card

calico is a cloud native network and network security data plane control platform.

• 1. it's provides ebpf for data control plane request interception, calling kernel API for acceleration, I think we should refer to the code here first, encapsulate the data plane first.
• 2. For the traffic dimension, there is a ctlbWorkaroundEnabled switch in the following files, you can try to adapt the interface of sentinel-golang, and encapsulate some necessary information (requestTime, MTU, onStillAlive) for requesting traffic resources into a bpfEndpointManager instance context,

Related to bpf_ep_mgr

[LXPWing]

A good direction for research

[Forsworns]

In fact, I'm not clear about the roadmap of this repository. It seems a project in summer-ospp.

As for the feature you mentioned,

Support ip and port flow control capabilities

I did try building a short example for the rust version Sentinel.
See its kernel space part and userspace part. But I didn't find a good idea to encapsulate a unified interface. As you can find, most eBPF programs are very short indeed, and it is easy to fulfill these demands without much efforts.

[Forsworns]

For the calico, it seems a different topic with respect to the title of this issue. Maybe the title should be revised :)

Sure, it's a good idea to build extensions for projects like calico, cilium. linkerd2, envoy, etc. Again, I don't know whether it's the goal of this repo. It depends on sczyh30 and the student from summer-ospp.