On 6/8/21 4:59 PM, Rumen Telbizov wrote: > Dear BPF list, > > I am new to eBPF so go easy on me. > It seems to me that currently eBPF has no support for route table > lookups including firewall marks. The bpf_fib_lookup structure itself > has no mark field as per > https://elixir.bootlin.com/linux/v5.10.28/source/include/uapi/linux/bpf.h#L4864 > > Additionally bpf_fib_lookup() function does not incorporate the > firewall mark in its route lookup. It explicitly sets it to 0 as per > https://elixir.bootlin.com/linux/v5.10.28/source/net/core/filter.c#L5329 > along with other fields which are used during the regular routing > policy database lookup. > > Thus lookups from within eBPF and outside of it result in different > outcomes if there are rules directing traffic based on fwmark. > Can you please advise what the rationale for this is or if there > anything that I might be missing. > > Let me know if I can provide any further information. > The API (struct bpf_fib_lookup) is constrained to 64B for performance. It is not possible to support all of the policy routing options that Linux has in 64B. Choices had to be made.
