Suricata

The ebpf xdp_filter.c program does not handle encapsulated flows (with erspan, VXLAN, or some other tunnel)
But it could.

Even if it does, Suricata AFPXDPBypassCallback checks PacketIsTunnel and falls back to local bypass in this case

• Have config options for which kinds of tunnels AFPXDPBypassCallback can handle
• have the example xdp_filter.c handle these

Some other improvements to xdp_filter.c will be proposed : ARP bypass, and tunnel stripping ( related to https://github.com/OISF/suricata/pull/11472 )