Re: [PATCH] samples/bpf: Add sample usage for BPF_PROG_TYPE_NETFILTER

[Toke Høiland-Jørgensen]

"David Wang" <00107082@xxxxxxx> writes:

> At 2023-09-05 05:01:14, "Alexei Starovoitov" <alexei.starovoitov@xxxxxxxxx> wrote:
>>On Mon, Sep 4, 2023 at 3:49 AM Florian Westphal <fw@xxxxxxxxx> wrote:
>>>
>>> David Wang <00107082@xxxxxxx> wrote:
>>> > This sample code implements a simple ipv4
>>> > blacklist via the new bpf type BPF_PROG_TYPE_NETFILTER,
>>> > which was introduced in 6.4.
>>> >
>>> > The bpf program drops package if destination ip address
>>> > hits a match in the map of type BPF_MAP_TYPE_LPM_TRIE,
>>> >
>>> > The userspace code would load the bpf program,
>>> > attach it to netfilter's FORWARD/OUTPUT hook,
>>> > and then write ip patterns into the bpf map.
>>>
>>> Thanks, I think its good to have this.
>>
>>Yes, but only in selftests/bpf.
>>samples/bpf/ are not tested and bit rot heavily.
>
> My purpose is to demonstrate the basic usage of BPF_PROG_TYPE_NETFILTER ,  showing what bpf program and userspace program should do to make it work.
> The code is neither  thorough  enough to make a valid test suite,  nor  detailed enough to make out a tool (Could be a start for a tool)
>
> samples/bpf is a good  place to start for  beginners to get along  with bpf quickly,   those  sample/bpf codes do help me a lot,
>   but selftests/bpf is not that  friendly, at least not friendly for beginners, I think.   
> There are already test codes for   BPF_PROG_TYPE_NETFILTER in selftests/bpf,  actually I did refer to those code  when I made this sample.
>
> Get a feeling samples/bpf would be deprecated sooner or later, hope that would not happen.
>
> Anyway, this sample code is not meant to test. 

FYI, we maintain a Github repository with BPF example programs of
various types at https://github.com/xdp-project/bpf-examples

Happy to include this example there as an alternative to the in-tree
samples/bpf :)

-Toke