Merge branch 'bpf-xfrm-states'
Eyal Birger says:
====================
This patchset adds support for fetching XFRM state information from
an eBPF program called from TC.
The first patch introduces a helper for fetching an XFRM state from the
skb's secpath. The XFRM state is modeled using a new virtual struct which
contains the SPI, peer address, and reqid values of the state; This struct
can be extended in the future to provide additional state information.
The second patch adds a test example in test_tunnel_bpf.sh. The sample
validates the correct extraction of state information by the eBPF program.
v3:
- Kept SPI and peer IPv4 address in state in network byte order
following suggestion from Alexei Starovoitov
v2:
- Fixed two comments by Daniel Borkmann:
- disallow reserved flags in helper call
- avoid compiling in helper code when CONFIG_XFRM is off
====================
Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
Showing
想要评论请 注册 或 登录