This patch series adds xfrm metadata helpers using the unstable kfunc call interface for the TC-BPF hooks.
This allows steering traffic towards different IPsec connections based on logic implemented in bpf programs.
The helpers are integrated into the xfrm_interface module. For this purpose the main functionality of this module is moved to xfrm_interface_core.c.
---
changes in v6: fix sparse warning in patch 2 changes in v5: - avoid cleanup of percpu dsts as detailed in patch 2 changes in v3: - tag bpf-next tree instead of ipsec-next - add IFLA_XFRM_COLLECT_METADATA sync patch
Eyal Birger (4): xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c xfrm: interface: Add unstable helpers for setting/getting XFRM metadata from TC-BPF tools: add IFLA_XFRM_COLLECT_METADATA to uapi/linux/if_link.h selftests/bpf: add xfrm_info tests
include/net/dst_metadata.h | 1 + include/net/xfrm.h | 17 + net/core/dst.c | 8 +- net/core/filter.c | 9 + net/xfrm/Makefile | 8 + net/xfrm/xfrm_interface_bpf.c | 115 ++++++ ...xfrm_interface.c => xfrm_interface_core.c} | 14 + tools/include/uapi/linux/if_link.h | 1 + tools/testing/selftests/bpf/DENYLIST.s390x | 1 + tools/testing/selftests/bpf/config | 2 + .../selftests/bpf/prog_tests/xfrm_info.c | 365 ++++++++++++++++++ .../selftests/bpf/progs/bpf_tracing_net.h | 3 + tools/testing/selftests/bpf/progs/xfrm_info.c | 35 ++ 13 files changed, 577 insertions(+), 2 deletions(-) create mode 100644 net/xfrm/xfrm_interface_bpf.c rename net/xfrm/{xfrm_interface.c => xfrm_interface_core.c} (98%) create mode 100644 tools/testing/selftests/bpf/prog_tests/xfrm_info.c create mode 100644 tools/testing/selftests/bpf/progs/xfrm_info.c