"David Wang" <00107082@xxxxxxx> writes: > At 2023-09-05 05:01:14, "Alexei Starovoitov" <alexei.starovoitov@xxxxxxxxx> wrote: >>On Mon, Sep 4, 2023 at 3:49 AM Florian Westphal <fw@xxxxxxxxx> wrote: >>> >>> David Wang <00107082@xxxxxxx> wrote: >>> > This sample code implements a simple ipv4 >>> > blacklist via the new bpf type BPF_PROG_TYPE_NETFILTER, >>> > which was introduced in 6.4. >>> > >>> > The bpf program drops package if destination ip address >>> > hits a match in the map of type BPF_MAP_TYPE_LPM_TRIE, >>> > >>> > The userspace code would load the bpf program, >>> > attach it to netfilter's FORWARD/OUTPUT hook, >>> > and then write ip patterns into the bpf map. >>> >>> Thanks, I think its good to have this. >> >>Yes, but only in selftests/bpf. >>samples/bpf/ are not tested and bit rot heavily. > > My purpose is to demonstrate the basic usage of BPF_PROG_TYPE_NETFILTER , showing what bpf program and userspace program should do to make it work. > The code is neither thorough enough to make a valid test suite, nor detailed enough to make out a tool (Could be a start for a tool) > > samples/bpf is a good place to start for beginners to get along with bpf quickly, those sample/bpf codes do help me a lot, > but selftests/bpf is not that friendly, at least not friendly for beginners, I think. > There are already test codes for BPF_PROG_TYPE_NETFILTER in selftests/bpf, actually I did refer to those code when I made this sample. > > Get a feeling samples/bpf would be deprecated sooner or later, hope that would not happen. > > Anyway, this sample code is not meant to test. FYI, we maintain a Github repository with BPF example programs of various types at https://github.com/xdp-project/bpf-examples Happy to include this example there as an alternative to the in-tree samples/bpf :) -Toke
