From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jesper Dangaard Brouer Subject: Re: [PATCH v2 bpf-net] bpf: Change bpf_fib_lookup to return lookup status Date: Fri, 22 Jun 2018 17:49:14 +0200 Message-ID: <20180622174914.1fec862e@redhat.com> References: <20180621030011.7441-1-dsahern@kernel.org> <20180621170936.2tobn5lu24l6xuo7@kafai-mbp.dhcp.thefacebook.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: brouer@redhat.com, , , , , , David Ahern To: Martin KaFai Lau Return-path: Received: from mx3-rdu2.redhat.com ([66.187.233.73]:40844 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S933762AbeFVPtU (ORCPT ); Fri, 22 Jun 2018 11:49:20 -0400 In-Reply-To: <20180621170936.2tobn5lu24l6xuo7@kafai-mbp.dhcp.thefacebook.com> Sender: netdev-owner@vger.kernel.org List-ID: On Thu, 21 Jun 2018 10:09:36 -0700 Martin KaFai Lau wrote: > On Wed, Jun 20, 2018 at 08:00:11PM -0700, dsahern@kernel.org wrote: > > From: David Ahern > > > > For ACLs implemented using either FIB rules or FIB entries, the BPF > > program needs the FIB lookup status to be able to drop the packet. > > Since the bpf_fib_lookup API has not reached a released kernel yet, > > change the return code to contain an encoding of the FIB lookup > > result and return the nexthop device index in the params struct. > > > > In addition, inform the BPF program of any post FIB lookup reason as > > to why the packet needs to go up the stack. > > > > The fib result for unicast routes must have an egress device, so remove > > the check that it is non-NULL. > Acked-by: Martin KaFai Lau Acked-by: Jesper Dangaard Brouer -- Best regards, Jesper Dangaard Brouer MSc.CS, Principal Kernel Engineer at Red Hat LinkedIn: http://www.linkedin.com/in/brouer