Hi HN,I’ve been working on Shibuya, a next-generation Web Application Firewall (WAF) built from the ground up in Rust.I wanted to build a WAF that didn't just rely on legacy regex signatures but could understand intent and perform at line-rate using modern kernel features.What makes Shibuya different:Multi-Layer Pipeline: It integrates a high-performance proxy (built on Pingora) with rate limiting, bot detection, and threat intelligence.eBPF Kernel Filtering: For volumetric attacks, Shibuya can drop malicious packets at the kernel level using XDP before they consume userspace resources.Dual ML Engine: It uses an ONNX-based engine for anomaly detection and a Random Forest classifier to identify specific attack classes like SQLi, XSS, and RCE.API & GraphQL Protection: Includes deep inspection for GraphQL (depth and complexity analysis) and OpenAPI schema validation.WASM Extensibility: You can write and hot-load custom security logic using WebAssembly plugins.Ashigaru Lab: The project includes a deliberately vulnerable lab environment with 6 different services and a "Red Team Bot" to test the WAF against 100+ simulated payloads.The Dashboard: The dashboard is built with SvelteKit and offers real-time monitoring (ECharts), a "Panic Mode" for instant hardening, and a visual editor for the YAML configuration.I'm looking for feedback on the architecture and the performance of the Rust-eBPF integration.