KFunc bpf_skb_set_xfrm_info
Set XFRM metadata
Definition
Parameters
skb_ctx: Pointer to ctx (__sk_buff) in TC program. Cannot be NULL
from: Pointer to memory from which the metadata will be copied. Cannot be NULL
Members
from.if_id: XFRM if_id:
- Transmit: if_id to be used in policy and state lookups
- Receive: if_id of the state matched for the incoming packet
from.link: Underlying device ifindex:
- Transmit: used as the underlying device in VRF routing
- Receive: the device on which the packet had been received
int bpf_skb_set_xfrm_info(struct __sk_buff *skb_ctx, const struct bpf_xfrm_info *from)
Usage
This kfunc allows steering traffic towards different IPsec connections based on logic implemented in bpf programs.
This object is built based on the availability of BTF debug info.
When setting the xfrm metadata, per-CPU metadata destinations are used in order to avoid allocating a metadata destination per packet.
Program types
The following program types can make use of this kfunc:
Example
// SPDX-License-Identifier: GPL-2.0
#include "vmlinux.h"
#include "bpf_tracing_net.h"
#include <bpf/bpf_helpers.h>
__u32 req_if_id;
__u32 resp_if_id;
int bpf_skb_set_xfrm_info(struct __sk_buff *skb_ctx,
const struct bpf_xfrm_info *from) __ksym;
int bpf_skb_get_xfrm_info(struct __sk_buff *skb_ctx,
struct bpf_xfrm_info *to) __ksym;
SEC("tc")
int set_xfrm_info(struct __sk_buff *skb)
{
struct bpf_xfrm_info info = { .if_id = req_if_id };
return bpf_skb_set_xfrm_info(skb, &info) ? TC_ACT_SHOT : TC_ACT_UNSPEC;
}
SEC("tc")
int get_xfrm_info(struct __sk_buff *skb)
{
struct bpf_xfrm_info info = {};
if (bpf_skb_get_xfrm_info(skb, &info) < 0)
return TC_ACT_SHOT;
resp_if_id = info.if_id;
return TC_ACT_UNSPEC;
}
char _license[] SEC("license") = "GPL";