On 10/20/20 3:49 PM, David Ahern wrote:
On 10/20/20 4:51 AM, Toke Høiland-Jørgensen wrote:
From: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
The bpf_fib_lookup() helper performs a neighbour lookup for the destination
IP and returns BPF_FIB_LKUP_NO_NEIGH if this fails, with the expectation
that the BPF program will deal with this condition, either by passing the
packet up the stack, or by using bpf_redirect_neigh().
The neighbour lookup is done via a hash table (through ___neigh_lookup_noref()),
which incurs some overhead. If the caller knows this is likely to fail
anyway, it may want to skip that and go unconditionally to
bpf_redirect_neigh(). For this use case, add a flag to bpf_fib_lookup()
that will make it skip the neighbour lookup and instead always return
BPF_FIB_LKUP_RET_NO_NEIGH (but still populate the gateway and target
ifindex).
Signed-off-by: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
---
include/uapi/linux/bpf.h | 10 ++++++----
net/core/filter.c | 16 ++++++++++++++--
tools/include/uapi/linux/bpf.h | 10 ++++++----
3 files changed, 26 insertions(+), 10 deletions(-)
Nack. Please don't.
As I mentioned in my reply to Daniel, I would prefer such logic be
pushed to the bpf programs. There is no reason for rare run time events
to warrant a new flag and new check in the existing FIB helpers. The bpf
programs can take the hit of the extra lookup.
Fair enough, lets push it to progs then.
