At 2023-09-05 05:01:14, "Alexei Starovoitov" <alexei.starovoitov@xxxxxxxxx> wrote: >On Mon, Sep 4, 2023 at 3:49 AM Florian Westphal <fw@xxxxxxxxx> wrote: >> >> David Wang <00107082@xxxxxxx> wrote: >> > This sample code implements a simple ipv4 >> > blacklist via the new bpf type BPF_PROG_TYPE_NETFILTER, >> > which was introduced in 6.4. >> > >> > The bpf program drops package if destination ip address >> > hits a match in the map of type BPF_MAP_TYPE_LPM_TRIE, >> > >> > The userspace code would load the bpf program, >> > attach it to netfilter's FORWARD/OUTPUT hook, >> > and then write ip patterns into the bpf map. >> >> Thanks, I think its good to have this. > >Yes, but only in selftests/bpf. >samples/bpf/ are not tested and bit rot heavily. My purpose is to demonstrate the basic usage of BPF_PROG_TYPE_NETFILTER , showing what bpf program and userspace program should do to make it work. The code is neither thorough enough to make a valid test suite, nor detailed enough to make out a tool (Could be a start for a tool) samples/bpf is a good place to start for beginners to get along with bpf quickly, those sample/bpf codes do help me a lot, but selftests/bpf is not that friendly, at least not friendly for beginners, I think. There are already test codes for BPF_PROG_TYPE_NETFILTER in selftests/bpf, actually I did refer to those code when I made this sample. Get a feeling samples/bpf would be deprecated sooner or later, hope that would not happen. Anyway, this sample code is not meant to test.
