David Wang <00107082@xxxxxxx> writes: > This sample code implements a simple ipv4 > blacklist via the new bpf type BPF_PROG_TYPE_NETFILTER, > which was introduced in 6.4. > > The bpf program drops package if destination ip address > hits a match in the map of type BPF_MAP_TYPE_LPM_TRIE, > > The userspace code would load the bpf program, > attach it to netfilter's FORWARD/OUTPUT hook, > and then write ip patterns into the bpf map. > > Signed-off-by: David Wang <00107082@xxxxxxx> > --- > samples/bpf/Makefile | 3 + > samples/bpf/netfilter_ip4_blacklist.bpf.c | 62 +++++++++++++++ > samples/bpf/netfilter_ip4_blacklist.c | 96 +++++++++++++++++++++++ > 3 files changed, 161 insertions(+) > create mode 100644 samples/bpf/netfilter_ip4_blacklist.bpf.c > create mode 100644 samples/bpf/netfilter_ip4_blacklist.c According to https://docs.kernel.org/process/coding-style.html#naming you should avoid new use of blacklist. You should use somethink like denylist or blocklist instead.
