Overview
========

``bpfilter`` is a framework to convert packet filtering rules into BPF programs.

When ``bpfilter`` is started, the daemon will check if ``/run/bpfilter`` exists, if it doesn't, the daemon will try to create it. The content of this directory depends on which mode ``bpfilter`` has been started in: **standard** or **transient**.

In **standard** mode, the BPF packet filtering programs generated by ``bpfilter`` will remain on the system when the daemon is stopped. The daemon can be restarted without affecting the packet filtering. ``/run/bpfilter`` will contain the daemon's socket file and the daemon's serialized runtime context. When the daemon is started, it will try to restore its runtime context from ``/run/bpfilter``, if available. If there is no serialized runtime context on the disk, a new empty context will be created. If ``bpfilter`` fails to restore the serialized runtime context, the daemon will print an error message and return.

In **transient** mode (``--transient``), ``bpfilter`` will ensure any BPF program, map, or object it has created is destroyed before the daemon is stopped. This means ``bpfilter`` won't filter any network packet once it's stopped. ``/run/bpfilter`` will only contain the daemon's socket file.