• David Ahern's avatar
    bpf: Change bpf_fib_lookup to return lookup status · 4c79579b
    David Ahern authored
    For ACLs implemented using either FIB rules or FIB entries, the BPF
    program needs the FIB lookup status to be able to drop the packet.
    Since the bpf_fib_lookup API has not reached a released kernel yet,
    change the return code to contain an encoding of the FIB lookup
    result and return the nexthop device index in the params struct.
    
    In addition, inform the BPF program of any post FIB lookup reason as
    to why the packet needs to go up the stack.
    
    The fib result for unicast routes must have an egress device, so remove
    the check that it is non-NULL.
    Signed-off-by: 's avatarDavid Ahern <dsahern@gmail.com>
    Signed-off-by: 's avatarDaniel Borkmann <daniel@iogearbox.net>
    4c79579b
xdp_fwd_kern.c 3.6 KB