eBPF and ubuntu image (for traffic filtering and statistics)


I’m looking at a banana pi w2 as a filtering/logging front end to my home network. The maximum throughput on our satellite WAN link is only 25Mbps, but I’m still worried about whether the w2 can handle the load (and anyway don’t want to get into building my own kernel to add iptables-required modules). So I’m looking at an eBPF-based solution as an alternative.

My understanding is that eBPF support is built directly into the kernel, rather than as a module, so would automatically be part of the ubuntu-minimal-based image. Can anyone confirm whether this is correct?

Would use of eBPF for simple packet filtering and logging make sense, in terms of reducing load on the W2 by comparison with iptables or nftables? My purpose is to shape our network use to fit the very tight download restrictions of our connection. I aim to do this by disabling connections to a relatively small number of update servers except in off-peak periods, by rate-limiting some streaming connections, and by logging bandwidth use per LAN address to pick up any network hogs that I’m not currently aware of.

Thanks for any comments