NACK/Cmnt: [SRU][F:linux-bluefield][PATCH 00/21] New BPF helpers for SYN cookies for forwarded traffic
Bodong Wang
bodong at nvidia.com
Tue Jul 6 23:50:39 UTC 2021
On 7/6/2021 1:42 AM, Stefan Bader wrote:
> On 05.07.21 17:39, Bodong Wang wrote:
>> New BPF helpers for SYN cookies for forwarded traffic
>>
>> BugLink: https://bugs.launchpad.net/bugs/1934499
>>
>> This series first cherry picked multiple upstream patches from xdp/bpf
>> to support the new BPF helpers.
>>
>> Then it adds new BPF helpers on top of those upstream patches.
>>
>> * bpf_ct_lookup_tcp to lookup CT status of a TCP connection.
>>
>> * bpf_tcp_raw_gen_syncookie to generate SYN cookies without a listening
>> socket on the same host (to be used with iptables synproxy module).
>>
>> * bpf_tcp_raw_check_syncookie to check SYN cookies generated by the
>> previos helper (to be used with iptables synproxy module).
>>
>> * bpf_tcp_raw_gen_tscookie to generate timestamp cookies, which encode
>> additional information like SACK permission, ECN support, window scale.
>> The format is compatible with iptables synproxy module.
>>
>> These new helpers allow user to accelerate the iptables synproxy module.
>>
>> Signed-off-by: Maxim Mikityanskiy <maximmi at nvidia.com>
>> Signed-off-by: Bodong Wang <bodong at nvidia.com>
>>
>> Björn Töpel (1):
>> xsk: Fix xsk_umem_xdp_frame_sz()
>>
>> Hangbin Liu (1):
>> xdp: Handle frame_sz in xdp_convert_zc_to_xdp_frame()
>>
>> Jesper Dangaard Brouer (14):
>> xdp: Add frame size to xdp_buff
>> net: XDP-generic determining XDP frame size
>> xdp: Xdp_frame add member frame_sz and handle in convert_to_xdp_frame
>> xdp: Cpumap redirect use frame_sz and increase skb_tailroom
>> veth: Xdp using frame_sz in veth driver
>> tun: Add XDP frame size
>> vhost_net: Also populate XDP frame size
>> virtio_net: Add XDP frame size in two code paths
>> xdp: For Intel AF_XDP drivers add XDP frame_sz
>> mlx5: Rx queue setup time determine frame_sz for XDP
>> xdp: Allow bpf_xdp_adjust_tail() to grow packet size
>> xdp: Clear grow memory in bpf_xdp_adjust_tail()
>> bpf: Add xdp.frame_sz in bpf_prog_test_run_xdp().
>> bpf: Fix too large copy from user in bpf_test_init
>>
>> Maxim Mikityanskiy (5):
>> netfilter: synproxy: Fix out of bounds when parsing TCP options
>> sch_cake: Fix out of bounds when parsing TCP options and header
>> UBUNTU: SAUCE: bpf: Add a helper to query TCP conntrack
>> information in
>> XDP
>> UBUNTU: SAUCE: bpf: Add helpers to issue and check SYN cookies in XDP
>> UBUNTU: SAUCE: bpf: Add a helper to issue timestamp cookies in XDP
>>
>> drivers/net/ethernet/mellanox/mlx5/core/en.h | 1 +
>> drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c | 1 +
>> drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 6 +
>> drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 2 +
>> drivers/net/tun.c | 2 +
>> drivers/net/veth.c | 22 +-
>> drivers/net/virtio_net.c | 15 +-
>> drivers/vhost/net.c | 1 +
>> include/net/tcp.h | 2 +
>> include/net/xdp.h | 27 ++-
>> include/net/xdp_sock.h | 11 +
>> include/uapi/linux/bpf.h | 102 ++++++++-
>> kernel/bpf/cpumap.c | 21 +-
>> net/bpf/test_run.c | 20 +-
>> net/core/dev.c | 14 +-
>> net/core/filter.c | 243
>> +++++++++++++++++++++-
>> net/core/xdp.c | 9 +
>> net/ipv4/syncookies.c | 60 ++++++
>> net/ipv4/tcp_input.c | 3 +-
>> net/netfilter/nf_synproxy_core.c | 5 +
>> net/sched/sch_cake.c | 6 +-
>> tools/include/uapi/linux/bpf.h | 96 ++++++++-
>> tools/testing/selftests/bpf/bpf_helpers.h | 12 ++
>> 23 files changed, 631 insertions(+), 50 deletions(-)
>>
>
> There is a limit on the number of patches which make sense in direct
> submission. IMO around 5. Please submit this again as a pull request.
> I believe it is Daniel who should be able to help you with info about
> how to do this.
>
> -Stefan
>
Hi Stefan,
I created a merge request at
https://code.launchpad.net/~bodong-wang/ubuntu/+source/linux-bluefield/+git/version-seeds/+merge/405286
Please let me know if it works or not.
Bodong
More information about the kernel-team
mailing list