Hi everyone,
We are working on an ebpf project that needs packet filtering based on
user-defined networking policy and wonder whether there is or will be a
bpf map type that supports fuzzy matching.
Fuzzy matching here means that the key of the map, which is a
multi-field structure, can have some fields as general matching, like
'*' in regex.
For example, we set up a map with key-value pair as (struct demo, int
value), where struct demo has three fields: a, b, c.
struct demo {
int a;
int b;
int c;
};
struct {
__uint(type, SOME_TYPE_OF_BPF_MAP);
__type(key, struct demo);
__type(value, int);
......
} DEMO_MAP SEC(".maps");
Then we insert a key-value pair into the map, where the key only has two
fields set, leaving the third field as general matching:
struct demo key1;
key1.a = 1;
key1.b = 1;
int value1 = 1;
map_update_elem(&DEMO_MAP, &key1, &value1,...);
After inserting the entry, we now have a target key that needs to find
whether there is a match in DEMO_MAP. Saying that the target key is
key_target and when we do map lookup, it can match key-value pair (key1,
value1) even though key1's field c is not set.
struct demo key_target;
key_target.a = 1;
key_target.b = 1;
key_target.c = 3;
map_lookup_elem(&DEMO_MAP, &key_target) == 1
If we have another key_target_2 with a = 1, b = 1, c = 5, it can also
match (key1, value1).
This feature is very helpful when setting network policies that we have
some specific port/identity/protocol to take one action and other
general policies to take another action. This feature is also similar to
what DPDK Networking ACL provides:
https://doc.dpdk.org/guides/prog_guide/packet_classif_access_ctrl.html.
We really appreciate any suggestion/discussion here :)
Thanks so much,
Amy
