94151f5aa9
This change adds xfrm metadata helpers using the unstable kfunc call interface for the TC-BPF hooks. This allows steering traffic towards different IPsec connections based on logic implemented in bpf programs. This object is built based on the availability of BTF debug info. When setting the xfrm metadata, percpu metadata dsts are used in order to avoid allocating a metadata dst per packet. In order to guarantee safe module unload, the percpu dsts are allocated on first use and never freed. The percpu pointer is stored in net/core/filter.c so that it can be reused on module reload. The metadata percpu dsts take ownership of the original skb dsts so that they may be used as part of the xfrm transmission logic - e.g. for MTU calculations. Signed-off-by: Eyal Birger <eyal.birger@gmail.com> Link: https://lore.kernel.org/r/20221203084659.1837829-3-eyal.birger@gmail.com Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
24 lines
812 B
Makefile
24 lines
812 B
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# Makefile for the XFRM subsystem.
|
|
#
|
|
|
|
xfrm_interface-$(CONFIG_XFRM_INTERFACE) += xfrm_interface_core.o
|
|
|
|
ifeq ($(CONFIG_XFRM_INTERFACE),m)
|
|
xfrm_interface-$(CONFIG_DEBUG_INFO_BTF_MODULES) += xfrm_interface_bpf.o
|
|
else ifeq ($(CONFIG_XFRM_INTERFACE),y)
|
|
xfrm_interface-$(CONFIG_DEBUG_INFO_BTF) += xfrm_interface_bpf.o
|
|
endif
|
|
|
|
obj-$(CONFIG_XFRM) := xfrm_policy.o xfrm_state.o xfrm_hash.o \
|
|
xfrm_input.o xfrm_output.o \
|
|
xfrm_sysctl.o xfrm_replay.o xfrm_device.o
|
|
obj-$(CONFIG_XFRM_STATISTICS) += xfrm_proc.o
|
|
obj-$(CONFIG_XFRM_ALGO) += xfrm_algo.o
|
|
obj-$(CONFIG_XFRM_USER) += xfrm_user.o
|
|
obj-$(CONFIG_XFRM_USER_COMPAT) += xfrm_compat.o
|
|
obj-$(CONFIG_XFRM_IPCOMP) += xfrm_ipcomp.o
|
|
obj-$(CONFIG_XFRM_INTERFACE) += xfrm_interface.o
|
|
obj-$(CONFIG_XFRM_ESPINTCP) += espintcp.o
|