• Eyal Birger's avatar
    bpf: add helper for getting xfrm states · 12bed760
    Eyal Birger authored
    This commit introduces a helper which allows fetching xfrm state
    parameters by eBPF programs attached to TC.
    
    Prototype:
    bpf_skb_get_xfrm_state(skb, index, xfrm_state, size, flags)
    
    skb: pointer to skb
    index: the index in the skb xfrm_state secpath array
    xfrm_state: pointer to 'struct bpf_xfrm_state'
    size: size of 'struct bpf_xfrm_state'
    flags: reserved for future extensions
    
    The helper returns 0 on success. Non zero if no xfrm state at the index
    is found - or non exists at all.
    
    struct bpf_xfrm_state currently includes the SPI, peer IPv4/IPv6
    address and the reqid; it can be further extended by adding elements to
    its end - indicating the populated fields by the 'size' argument -
    keeping backwards compatibility.
    
    Typical usage:
    
    struct bpf_xfrm_state x = {};
    bpf_skb_get_xfrm_state(skb, 0, &x, sizeof(x), 0);
    ...
    Signed-off-by: default avatarEyal Birger <eyal.birger@gmail.com>
    Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
    12bed760
bpf.h 37.9 KB