On Mon, Sep 4, 2023 at 3:49 AM Florian Westphal <fw@xxxxxxxxx> wrote: > > David Wang <00107082@xxxxxxx> wrote: > > This sample code implements a simple ipv4 > > blacklist via the new bpf type BPF_PROG_TYPE_NETFILTER, > > which was introduced in 6.4. > > > > The bpf program drops package if destination ip address > > hits a match in the map of type BPF_MAP_TYPE_LPM_TRIE, > > > > The userspace code would load the bpf program, > > attach it to netfilter's FORWARD/OUTPUT hook, > > and then write ip patterns into the bpf map. > > Thanks, I think its good to have this. Yes, but only in selftests/bpf. samples/bpf/ are not tested and bit rot heavily.
