Re: [PATCH] samples/bpf: Add sample usage for BPF_PROG_TYPE_NETFILTER

[David Wang]

At 2023-09-05 05:01:14, "Alexei Starovoitov" <alexei.starovoitov@xxxxxxxxx> wrote:
>On Mon, Sep 4, 2023 at 3:49 AM Florian Westphal <fw@xxxxxxxxx> wrote:
>>
>> David Wang <00107082@xxxxxxx> wrote:
>> > This sample code implements a simple ipv4
>> > blacklist via the new bpf type BPF_PROG_TYPE_NETFILTER,
>> > which was introduced in 6.4.
>> >
>> > The bpf program drops package if destination ip address
>> > hits a match in the map of type BPF_MAP_TYPE_LPM_TRIE,
>> >
>> > The userspace code would load the bpf program,
>> > attach it to netfilter's FORWARD/OUTPUT hook,
>> > and then write ip patterns into the bpf map.
>>
>> Thanks, I think its good to have this.
>
>Yes, but only in selftests/bpf.
>samples/bpf/ are not tested and bit rot heavily.

My purpose is to demonstrate the basic usage of BPF_PROG_TYPE_NETFILTER ,  showing what bpf program and userspace program should do to make it work.
The code is neither  thorough  enough to make a valid test suite,  nor  detailed enough to make out a tool (Could be a start for a tool)

samples/bpf is a good  place to start for  beginners to get along  with bpf quickly,   those  sample/bpf codes do help me a lot,
  but selftests/bpf is not that  friendly, at least not friendly for beginners, I think.   
There are already test codes for   BPF_PROG_TYPE_NETFILTER in selftests/bpf,  actually I did refer to those code  when I made this sample.

Get a feeling samples/bpf would be deprecated sooner or later, hope that would not happen.

Anyway, this sample code is not meant to test.