[$] Using eBPF and XDP in Suricata

Much software that uses the Linux kernel does so at comparativearms-length: when it needs the kernel, perhaps for a read or write, itperforms a system call, then (at least from its point of view) continuesoperation later, with whatever the kernel chooses to give it in reply. Somesoftware, however, gets pretty intimately involved with the kernel as partof its normal operation, for example by using eBPF for low-level packetprocessing. Suricata is such a program; Eric Leblondspoke about it at Kernel Recipes 2017 in a talk entitled "eBPF and XDPseen from the eyes of a meerkat".