On Thu, 21 Jun 2018 10:09:36 -0700 Martin KaFai Lau <ka...@fb.com> wrote:
> On Wed, Jun 20, 2018 at 08:00:11PM -0700, dsah...@kernel.org wrote: > > From: David Ahern <dsah...@gmail.com> > > > > For ACLs implemented using either FIB rules or FIB entries, the BPF > > program needs the FIB lookup status to be able to drop the packet. > > Since the bpf_fib_lookup API has not reached a released kernel yet, > > change the return code to contain an encoding of the FIB lookup > > result and return the nexthop device index in the params struct. > > > > In addition, inform the BPF program of any post FIB lookup reason as > > to why the packet needs to go up the stack. > > > > The fib result for unicast routes must have an egress device, so remove > > the check that it is non-NULL. > Acked-by: Martin KaFai Lau <ka...@fb.com> Acked-by: Jesper Dangaard Brouer <bro...@redhat.com> -- Best regards, Jesper Dangaard Brouer MSc.CS, Principal Kernel Engineer at Red Hat LinkedIn: http://www.linkedin.com/in/brouer
