Re: [PATCH] samples/bpf: Add sample usage for BPF_PROG_TYPE_NETFILTER
From: David Wang
Date: Tue Sep 05 2023 - 12:41:38 EST
At 2023-09-05 17:05:26, "Donald Hunter" <donald.hunter@xxxxxxxxx> wrote:
>David Wang <00107082@xxxxxxx> writes:
>
>> This sample code implements a simple ipv4
>> blacklist via the new bpf type BPF_PROG_TYPE_NETFILTER,
>> which was introduced in 6.4.
>>
>> The bpf program drops package if destination ip address
>> hits a match in the map of type BPF_MAP_TYPE_LPM_TRIE,
>>
>> The userspace code would load the bpf program,
>> attach it to netfilter's FORWARD/OUTPUT hook,
>> and then write ip patterns into the bpf map.
>>
>> Signed-off-by: David Wang <00107082@xxxxxxx>
>> ---
>> samples/bpf/Makefile | 3 +
>> samples/bpf/netfilter_ip4_blacklist.bpf.c | 62 +++++++++++++++
>> samples/bpf/netfilter_ip4_blacklist.c | 96 +++++++++++++++++++++++
>> 3 files changed, 161 insertions(+)
>> create mode 100644 samples/bpf/netfilter_ip4_blacklist.bpf.c
>> create mode 100644 samples/bpf/netfilter_ip4_blacklist.c
>
>According to https://docs.kernel.org/process/coding-style.html#naming
>you should avoid new use of blacklist. You should use somethink like
>denylist or blocklist instead.
Thanks for the information~!
I will make the changes, and resend a patch if samples/bpf is still a good place to put the code.