Commit 98e20e5e authored by Quentin Deslandes's avatar Quentin Deslandes Committed by Alexei Starovoitov
Browse files

bpfilter: remove bpfilter 

bpfilter was supposed to convert iptables filtering rules into
BPF programs on the fly, from the kernel, through a usermode
helper. The base code for the UMH was introduced in 2018, and
couple of attempts (2, 3) tried to introduce the BPF program
generate features but were abandoned.

bpfilter now sits in a kernel tree unused and unusable, occasionally
causing confusion amongst Linux users (4, 5).

As bpfilter is now developed in a dedicated repository on GitHub (6),
it was suggested a couple of times this year (LSFMM/BPF 2023,
LPC 2023) to remove the deprecated kernel part of the project. This
is the purpose of this patch.

[1]: https://lore.kernel.org/lkml/20180522022230.2492505-1-ast@kernel.org/
[2]: https://lore.kernel.org/bpf/20210829183608.2297877-1-me@ubique.spb.ru/#t
[3]: https://lore.kernel.org/lkml/20221224000402.476079-1-qde@naccy.de/
[4]: https://dxuuu.xyz/bpfilter.html
[5]: https://github.com/linuxkit/linuxkit/pull/3904
[6]: https://github.com/facebook/bpfilter



Signed-off-by: default avatarQuentin Deslandes <qde@naccy.de>
Link: https://lore.kernel.org/r/20231226130745.465988-1-qde@naccy.de


Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent 9ddf872b

arch/loongarch/configs/loongson3_defconfig

+0 −1
Original line number Diff line number Diff line
@@ -276,7 +276,6 @@ CONFIG_BRIDGE_EBT_T_NAT=m 
CONFIG_BRIDGE_EBT_ARP=m

CONFIG_BRIDGE_EBT_IP=m

CONFIG_BRIDGE_EBT_IP6=m

CONFIG_BPFILTER=y

CONFIG_IP_SCTP=m

CONFIG_RDS=y

CONFIG_L2TP=m

include/linux/bpfilter.h

deleted100644 → 0
+0 −24
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 */

#ifndef _LINUX_BPFILTER_H

#define _LINUX_BPFILTER_H



#include <uapi/linux/bpfilter.h>

#include <linux/usermode_driver.h>

#include <linux/sockptr.h>



struct sock;

int bpfilter_ip_set_sockopt(struct sock *sk, int optname, sockptr_t optval,

			    unsigned int optlen);

int bpfilter_ip_get_sockopt(struct sock *sk, int optname, char __user *optval,

			    int __user *optlen);



struct bpfilter_umh_ops {

	struct umd_info info;

	/* since ip_getsockopt() can run in parallel, serialize access to umh */

	struct mutex lock;

	int (*sockopt)(struct sock *sk, int optname, sockptr_t optval,

		       unsigned int optlen, bool is_set);

	int (*start)(void);

};

extern struct bpfilter_umh_ops bpfilter_ops;

#endif

include/uapi/linux/bpfilter.h

deleted100644 → 0
+0 −21
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */

#ifndef _UAPI_LINUX_BPFILTER_H

#define _UAPI_LINUX_BPFILTER_H



#include <linux/if.h>



enum {

	BPFILTER_IPT_SO_SET_REPLACE = 64,

	BPFILTER_IPT_SO_SET_ADD_COUNTERS = 65,

	BPFILTER_IPT_SET_MAX,

};



enum {

	BPFILTER_IPT_SO_GET_INFO = 64,

	BPFILTER_IPT_SO_GET_ENTRIES = 65,

	BPFILTER_IPT_SO_GET_REVISION_MATCH = 66,

	BPFILTER_IPT_SO_GET_REVISION_TARGET = 67,

	BPFILTER_IPT_GET_MAX,

};



#endif /* _UAPI_LINUX_BPFILTER_H */

net/Kconfig

+0 −2
Original line number Diff line number Diff line
@@ -233,8 +233,6 @@ source "net/bridge/netfilter/Kconfig" 


endif



source "net/bpfilter/Kconfig"



source "net/dccp/Kconfig"

source "net/sctp/Kconfig"

source "net/rds/Kconfig"

net/Makefile

+0 −1
Original line number Diff line number Diff line
@@ -19,7 +19,6 @@ obj-$(CONFIG_TLS) += tls/ 
obj-$(CONFIG_XFRM)		+= xfrm/

obj-$(CONFIG_UNIX_SCM)		+= unix/

obj-y				+= ipv6/

obj-$(CONFIG_BPFILTER)		+= bpfilter/

obj-$(CONFIG_PACKET)		+= packet/

obj-$(CONFIG_NET_KEY)		+= key/

obj-$(CONFIG_BRIDGE)		+= bridge/