On Mon, Nov 28, 2022 at 05:58:23PM -0800, Martin KaFai Lau wrote:
On 11/28/22 8:05 AM, Eyal Birger wrote:
This change adds xfrm metadata helpers using the unstable kfunc call interface for the TC-BPF hooks. This allows steering traffic towards different IPsec connections based on logic implemented in bpf programs.
This object is built based on the availabilty of BTF debug info.
The metadata percpu dsts used on TX take ownership of the original skb dsts so that they may be used as part of the xfrm transmittion logic - e.g. for MTU calculations.
A few quick comments and questions:
Signed-off-by: Eyal Birger eyal.birger@gmail.com
include/net/dst_metadata.h | 1 + include/net/xfrm.h | 20 ++++++++ net/core/dst.c | 4 ++ net/xfrm/Makefile | 6 +++ net/xfrm/xfrm_interface_bpf.c | 92 ++++++++++++++++++++++++++++++++++
Please tag for bpf-next
This is a change to xfrm ipsec, so it should go through the ipsec-next tree, unless there is a good reason for handling that different.