Re: [PATCH] samples/bpf: Add sample usage for BPF_PROG_TYPE_NETFILTER

[Donald Hunter]

David Wang <00107082@xxxxxxx> writes:

> This sample code implements a simple ipv4
> blacklist via the new bpf type BPF_PROG_TYPE_NETFILTER,
> which was introduced in 6.4.
>
> The bpf program drops package if destination ip address
> hits a match in the map of type BPF_MAP_TYPE_LPM_TRIE,
>
> The userspace code would load the bpf program,
> attach it to netfilter's FORWARD/OUTPUT hook,
> and then write ip patterns into the bpf map.
>
> Signed-off-by: David Wang <00107082@xxxxxxx>
> ---
>  samples/bpf/Makefile                      |  3 +
>  samples/bpf/netfilter_ip4_blacklist.bpf.c | 62 +++++++++++++++
>  samples/bpf/netfilter_ip4_blacklist.c     | 96 +++++++++++++++++++++++
>  3 files changed, 161 insertions(+)
>  create mode 100644 samples/bpf/netfilter_ip4_blacklist.bpf.c
>  create mode 100644 samples/bpf/netfilter_ip4_blacklist.c

According to https://docs.kernel.org/process/coding-style.html#naming
you should avoid new use of blacklist. You should use somethink like
denylist or blocklist instead.