NACK/Cmnt: [SRU][F:linux-bluefield][PATCH 00/21] New BPF helpers for SYN cookies for forwarded traffic

Stefan Bader stefan.bader at canonical.com
Tue Jul 6 06:42:00 UTC 2021


On 05.07.21 17:39, Bodong Wang wrote:
> New BPF helpers for SYN cookies for forwarded traffic
> 
> BugLink: https://bugs.launchpad.net/bugs/1934499
> 
> This series first cherry picked multiple upstream patches from xdp/bpf
> to support the new BPF helpers.
> 
> Then it adds new BPF helpers on top of those upstream patches.
> 
> * bpf_ct_lookup_tcp to lookup CT status of a TCP connection.
> 
> * bpf_tcp_raw_gen_syncookie to generate SYN cookies without a listening
> socket on the same host (to be used with iptables synproxy module).
> 
> * bpf_tcp_raw_check_syncookie to check SYN cookies generated by the
> previos helper (to be used with iptables synproxy module).
> 
> * bpf_tcp_raw_gen_tscookie to generate timestamp cookies, which encode
> additional information like SACK permission, ECN support, window scale.
> The format is compatible with iptables synproxy module.
> 
> These new helpers allow user to accelerate the iptables synproxy module.
> 
> Signed-off-by: Maxim Mikityanskiy <maximmi at nvidia.com>
> Signed-off-by: Bodong Wang <bodong at nvidia.com>
> 
> Björn Töpel (1):
>    xsk: Fix xsk_umem_xdp_frame_sz()
> 
> Hangbin Liu (1):
>    xdp: Handle frame_sz in xdp_convert_zc_to_xdp_frame()
> 
> Jesper Dangaard Brouer (14):
>    xdp: Add frame size to xdp_buff
>    net: XDP-generic determining XDP frame size
>    xdp: Xdp_frame add member frame_sz and handle in convert_to_xdp_frame
>    xdp: Cpumap redirect use frame_sz and increase skb_tailroom
>    veth: Xdp using frame_sz in veth driver
>    tun: Add XDP frame size
>    vhost_net: Also populate XDP frame size
>    virtio_net: Add XDP frame size in two code paths
>    xdp: For Intel AF_XDP drivers add XDP frame_sz
>    mlx5: Rx queue setup time determine frame_sz for XDP
>    xdp: Allow bpf_xdp_adjust_tail() to grow packet size
>    xdp: Clear grow memory in bpf_xdp_adjust_tail()
>    bpf: Add xdp.frame_sz in bpf_prog_test_run_xdp().
>    bpf: Fix too large copy from user in bpf_test_init
> 
> Maxim Mikityanskiy (5):
>    netfilter: synproxy: Fix out of bounds when parsing TCP options
>    sch_cake: Fix out of bounds when parsing TCP options and header
>    UBUNTU: SAUCE: bpf: Add a helper to query TCP conntrack information in
>      XDP
>    UBUNTU: SAUCE: bpf: Add helpers to issue and check SYN cookies in XDP
>    UBUNTU: SAUCE: bpf: Add a helper to issue timestamp cookies in XDP
> 
>   drivers/net/ethernet/mellanox/mlx5/core/en.h      |   1 +
>   drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c  |   1 +
>   drivers/net/ethernet/mellanox/mlx5/core/en_main.c |   6 +
>   drivers/net/ethernet/mellanox/mlx5/core/en_rx.c   |   2 +
>   drivers/net/tun.c                                 |   2 +
>   drivers/net/veth.c                                |  22 +-
>   drivers/net/virtio_net.c                          |  15 +-
>   drivers/vhost/net.c                               |   1 +
>   include/net/tcp.h                                 |   2 +
>   include/net/xdp.h                                 |  27 ++-
>   include/net/xdp_sock.h                            |  11 +
>   include/uapi/linux/bpf.h                          | 102 ++++++++-
>   kernel/bpf/cpumap.c                               |  21 +-
>   net/bpf/test_run.c                                |  20 +-
>   net/core/dev.c                                    |  14 +-
>   net/core/filter.c                                 | 243 +++++++++++++++++++++-
>   net/core/xdp.c                                    |   9 +
>   net/ipv4/syncookies.c                             |  60 ++++++
>   net/ipv4/tcp_input.c                              |   3 +-
>   net/netfilter/nf_synproxy_core.c                  |   5 +
>   net/sched/sch_cake.c                              |   6 +-
>   tools/include/uapi/linux/bpf.h                    |  96 ++++++++-
>   tools/testing/selftests/bpf/bpf_helpers.h         |  12 ++
>   23 files changed, 631 insertions(+), 50 deletions(-)
> 

There is a limit on the number of patches which make sense in direct submission. 
IMO around 5. Please submit this again as a pull request. I believe it is Daniel 
who should be able to help you with info about how to do this.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20210706/5f8cd5d3/attachment.sig>


More information about the kernel-team mailing list