diff options
| author | Eyal Birger <eyal.birger@gmail.com> | 2022-12-03 11:46:57 +0300 |
|---|---|---|
| committer | Martin KaFai Lau <martin.lau@kernel.org> | 2022-12-06 08:58:27 +0300 |
| commit | 94151f5aa9667c562281abeaaa5e89b9d5c17729 (patch) | |
| tree | 5bffd7339951e44a3969285a64e17678b4f4acf6 /include/net/dst_metadata.h | |
| parent | ee9a113ab63468137802898bcd2c598998c96938 (diff) | |
| download | linux-94151f5aa9667c562281abeaaa5e89b9d5c17729.tar.xz | |
xfrm: interface: Add unstable helpers for setting/getting XFRM metadata from TC-BPF
This change adds xfrm metadata helpers using the unstable kfunc call
interface for the TC-BPF hooks. This allows steering traffic towards
different IPsec connections based on logic implemented in bpf programs.
This object is built based on the availability of BTF debug info.
When setting the xfrm metadata, percpu metadata dsts are used in order
to avoid allocating a metadata dst per packet.
In order to guarantee safe module unload, the percpu dsts are allocated
on first use and never freed. The percpu pointer is stored in
net/core/filter.c so that it can be reused on module reload.
The metadata percpu dsts take ownership of the original skb dsts so
that they may be used as part of the xfrm transmission logic - e.g.
for MTU calculations.
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Link: https://lore.kernel.org/r/20221203084659.1837829-3-eyal.birger@gmail.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Diffstat (limited to 'include/net/dst_metadata.h')
| -rw-r--r-- | include/net/dst_metadata.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/net/dst_metadata.h b/include/net/dst_metadata.h index a454cf4327fe..1b7fae4c6b24 100644 --- a/include/net/dst_metadata.h +++ b/include/net/dst_metadata.h @@ -26,6 +26,7 @@ struct macsec_info { struct xfrm_md_info { u32 if_id; int link; + struct dst_entry *dst_orig; }; struct metadata_dst { |