At 2023-09-05 17:05:26, "Donald Hunter" <donald.hunter@xxxxxxxxx> wrote: >David Wang <00107082@xxxxxxx> writes: > >> This sample code implements a simple ipv4 >> blacklist via the new bpf type BPF_PROG_TYPE_NETFILTER, >> which was introduced in 6.4. >> >> The bpf program drops package if destination ip address >> hits a match in the map of type BPF_MAP_TYPE_LPM_TRIE, >> >> The userspace code would load the bpf program, >> attach it to netfilter's FORWARD/OUTPUT hook, >> and then write ip patterns into the bpf map. >> >> Signed-off-by: David Wang <00107082@xxxxxxx> >> --- >> samples/bpf/Makefile | 3 + >> samples/bpf/netfilter_ip4_blacklist.bpf.c | 62 +++++++++++++++ >> samples/bpf/netfilter_ip4_blacklist.c | 96 +++++++++++++++++++++++ >> 3 files changed, 161 insertions(+) >> create mode 100644 samples/bpf/netfilter_ip4_blacklist.bpf.c >> create mode 100644 samples/bpf/netfilter_ip4_blacklist.c > >According to https://docs.kernel.org/process/coding-style.html#naming >you should avoid new use of blacklist. You should use somethink like >denylist or blocklist instead. Thanks for the information~! I will make the changes, and resend a patch if samples/bpf is still a good place to put the code.
