Hi, I am playing around with eBPF + TC and wrote some eBPF code to intercept egress and ingress traffic (clsact qdisc) . All works great but while the eBPF program is still attached I can via command line remove the associated clsact qdisc (tc qdisc del dev <interface> clsact) and the eBPF program no longer receives the traffic. It is kind of expected but any root user can silently disable it. Is there any better approach? eBPF program only allows traffic to/from some preconfigured IP & Ports. Thanks & regard, Dominic
