Add IPv6 filter tests and implement BPF ALU instruction conversion

[Copilot]

The existing TestFilter function only validates BPF filter expressions against IPv4 packets. This adds equivalent coverage for IPv6 and implements classic BPF to eBPF instruction conversion to support advanced filter expressions.

Changes

IPv6 Filter Tests

• Added TestFilterIPv6 function mirroring the IPv4 test structure
• Tests 18 filter expressions adapted for IPv6 (protocol matching, host/port filters, packet length)
• Validates both L2 (Ethernet) and L3 (IPv6) link types
• Includes negation tests for all expressions

// IPv6 packet with addresses 2001::1 → 2001::2
_, _, _, _, bytes, _ := testPacketV6(
    &layers.Ethernet{...},
    &layers.IPv6{
        SrcIP: net.IP([]byte{0x20, 0x1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}),
        DstIP: net.IP([]byte{0x20, 0x1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2}),
        NextHeader: layers.IPProtocolUDP,
    },
    &layers.UDP{...},
    payload,
)

// Test IPv6-specific filters
{"ip6", true},                                      // matches IPv6
{"host 2001::1 or host 2001::5", true},            // address matching
{"src 2001::1 and dst 2001::2", true},             // directional matching

BPF Instruction Conversion

• Implemented classic BPF to eBPF ALU instruction conversion in cBPF2eBPF function
• Added support for all 11 ALU operations: add, sub, mul, div, or, and, lsh, rsh, neg, mod, xor
• Both immediate (K) and register (X) source operands are supported
• Implemented scratch memory operations (ST, STX, LD MEM, LDX MEM) using stack-based emulation
• Classic BPF scratch memory M[0-15] is emulated using eBPF stack slots

Implementation Details

• Added bpfClassSt and bpfClassStx constants for store instruction classes
• ALU operations properly convert from classic BPF's A/X register model to eBPF's R1/R2 registers
• Scratch memory uses stack offsets: M[K] → [R10 - (K+1)*4]

Known Limitations

The ip6 protochain test still fails due to BPF verifier rejecting loop structures, which is a fundamental limitation when converting classic BPF programs with loops to eBPF without bounded loop support.

Addresses lines 29-144 of felix/bpf/ut/filter_test.go and implements ALU conversion in felix/bpf/filter/filter.go.

Original prompt

On filter_test.go:29-144, Modify this test function or add an equivalent that tests filters that match ipv6 packets.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[tomastigera]

@copilot implement classic bpf to ebpf instruction conversion in function cBPF2eBPF in the class bpfClassAlu branch

[Copilot]

Implemented in commit 53d385f. Added conversion for all 11 ALU operations (add, sub, mul, div, or, and, lsh, rsh, neg, mod, xor) with support for both immediate (K) and register (X) source operands. Also implemented scratch memory operations (ST, STX, LD MEM, LDX MEM) using stack-based emulation.

The protochain test still fails due to BPF verifier rejecting loop structures - this is a known limitation when converting classic BPF loops to eBPF.