> - write a bpf filter like this:
..
>
> - compile it:
> $ clang -target bpf -c -o socket_bpf.o socket_bpf.c
>
> - add this to your server.c:
> bpf_load_file("/path/to/socket_bpf.o");
> setsockopt(sock, SOL_SOCKET, SO_ATTACH_BPF, prog_fd,
> sizeof(prog_fd[0]));
>
> - link your server with a couple of libbpf libraries (I'm
> using the kernel ones from samples/bpf) and -lelf
>
> And this is still simplified (since instead of hardcoding the subnet
> into the bpf filter it would be preferable to use maps).
>
>
> thoughts:
> - SO_BINDTOSUBNET is much simpler to configure than BPF
> - BPF requires some external C libraries and I think it would not be
> trivial to get it working with other languages than C/C++.
You can easily write BPF by hand.
See for instance attach_ebpf() in tools/testing/selftests/net/reuseport_bpf.c
