Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filter IP addresses (v4 and v6) using longest prefix match #178

Open
qdeslandes opened this issue Jan 20, 2025 · 0 comments
Open

Filter IP addresses (v4 and v6) using longest prefix match #178

qdeslandes opened this issue Jan 20, 2025 · 0 comments
Labels
area: codegen BPF bytecode generation
Milestone
2025 H1 Roadmap

Comments

@qdeslandes
Copy link
Contributor

Sets are used to filter a multiple IP addresses in constant time. Each IP address to filter it inserted into a BPF map, and the program performs a lookup of the packet's IP into the map. This behaviour doesn't work well with subnets filtering: all the IP addresses of the subnet should be inserted into the set for the program to be able to filter the subnet.

# IPs to filter
192.168.1.1
192.168.1.2
192.168.2.0/24

# IPs in the set
192.168.1.1
192.168.1.2
192.168.2.0
192.168.2.1
[...]
192.168.2.254
192.168.2.255

An alternative is to implement subnets filtering using the Longest Prefix Match algorithm. Thankfully, BPF supports BPF_MAP_TYPE_LPM_TRIE maps.
@qdeslandes qdeslandes added this to the 2025 H1 Roadmap milestone Jan 20, 2025
@qdeslandes qdeslandes moved this to To do in bpfilter's roadmap Jan 20, 2025
@qdeslandes qdeslandes added the area: codegen BPF bytecode generation label Jan 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area: codegen BPF bytecode generation
Projects
bpfilter's roadmap
Status: To do
Milestone
2025 H1 Roadmap
Development

No branches or pull requests
1 participant
@qdeslandes