On Mon, Nov 28, 2022 at 05:58:23PM -0800, Martin KaFai Lau wrote: > On 11/28/22 8:05 AM, Eyal Birger wrote: > > This change adds xfrm metadata helpers using the unstable kfunc call > > interface for the TC-BPF hooks. This allows steering traffic towards > > different IPsec connections based on logic implemented in bpf programs. > > > > This object is built based on the availabilty of BTF debug info. > > > > The metadata percpu dsts used on TX take ownership of the original skb > > dsts so that they may be used as part of the xfrm transmittion logic - > > e.g. for MTU calculations. > > A few quick comments and questions: > > > > > Signed-off-by: Eyal Birger <eyal.birger@xxxxxxxxx> > > --- > > include/net/dst_metadata.h | 1 + > > include/net/xfrm.h | 20 ++++++++ > > net/core/dst.c | 4 ++ > > net/xfrm/Makefile | 6 +++ > > net/xfrm/xfrm_interface_bpf.c | 92 ++++++++++++++++++++++++++++++++++ > > Please tag for bpf-next This is a change to xfrm ipsec, so it should go through the ipsec-next tree, unless there is a good reason for handling that different.
