Daniel Borkmann <daniel@xxxxxxxxxxxxx> writes: > On 10/20/20 3:49 PM, David Ahern wrote: >> On 10/20/20 4:51 AM, Toke Høiland-Jørgensen wrote: >>> From: Toke Høiland-Jørgensen <toke@xxxxxxxxxx> >>> >>> The bpf_fib_lookup() helper performs a neighbour lookup for the destination >>> IP and returns BPF_FIB_LKUP_NO_NEIGH if this fails, with the expectation >>> that the BPF program will deal with this condition, either by passing the >>> packet up the stack, or by using bpf_redirect_neigh(). >>> >>> The neighbour lookup is done via a hash table (through ___neigh_lookup_noref()), >>> which incurs some overhead. If the caller knows this is likely to fail >>> anyway, it may want to skip that and go unconditionally to >>> bpf_redirect_neigh(). For this use case, add a flag to bpf_fib_lookup() >>> that will make it skip the neighbour lookup and instead always return >>> BPF_FIB_LKUP_RET_NO_NEIGH (but still populate the gateway and target >>> ifindex). >>> >>> Signed-off-by: Toke Høiland-Jørgensen <toke@xxxxxxxxxx> >>> --- >>> include/uapi/linux/bpf.h | 10 ++++++---- >>> net/core/filter.c | 16 ++++++++++++++-- >>> tools/include/uapi/linux/bpf.h | 10 ++++++---- >>> 3 files changed, 26 insertions(+), 10 deletions(-) >> >> Nack. Please don't. >> >> As I mentioned in my reply to Daniel, I would prefer such logic be >> pushed to the bpf programs. There is no reason for rare run time events >> to warrant a new flag and new check in the existing FIB helpers. The bpf >> programs can take the hit of the extra lookup. > > Fair enough, lets push it to progs then. OK, with this and the other comments, this goes back to v1 + the compilation fix. Will send that as v3... -Toke
