NACK/Cmnt: [SRU][F:linux-bluefield][PATCH 00/21] New BPF helpers for SYN cookies for forwarded traffic

Stefan Bader stefan.bader at canonical.com
Wed Jul 7 06:39:30 UTC 2021 

On 07.07.21 01:50, Bodong Wang wrote:
> On 7/6/2021 1:42 AM, Stefan Bader wrote:
>> On 05.07.21 17:39, Bodong Wang wrote:
>>> New BPF helpers for SYN cookies for forwarded traffic
>>>
>>> BugLink: https://bugs.launchpad.net/bugs/1934499
>>>
>>> This series first cherry picked multiple upstream patches from xdp/bpf
>>> to support the new BPF helpers.
>>>
>>> Then it adds new BPF helpers on top of those upstream patches.
>>>
>>> * bpf_ct_lookup_tcp to lookup CT status of a TCP connection.
>>>
>>> * bpf_tcp_raw_gen_syncookie to generate SYN cookies without a listening
>>> socket on the same host (to be used with iptables synproxy module).
>>>
>>> * bpf_tcp_raw_check_syncookie to check SYN cookies generated by the
>>> previos helper (to be used with iptables synproxy module).
>>>
>>> * bpf_tcp_raw_gen_tscookie to generate timestamp cookies, which encode
>>> additional information like SACK permission, ECN support, window scale.
>>> The format is compatible with iptables synproxy module.
>>>
>>> These new helpers allow user to accelerate the iptables synproxy module.
>>>
>>> Signed-off-by: Maxim Mikityanskiy <maximmi at nvidia.com>
>>> Signed-off-by: Bodong Wang <bodong at nvidia.com>
>>>
>>> Björn Töpel (1):
>>>    xsk: Fix xsk_umem_xdp_frame_sz()
>>>
>>> Hangbin Liu (1):
>>>    xdp: Handle frame_sz in xdp_convert_zc_to_xdp_frame()
>>>
>>> Jesper Dangaard Brouer (14):
>>>    xdp: Add frame size to xdp_buff
>>>    net: XDP-generic determining XDP frame size
>>>    xdp: Xdp_frame add member frame_sz and handle in convert_to_xdp_frame
>>>    xdp: Cpumap redirect use frame_sz and increase skb_tailroom
>>>    veth: Xdp using frame_sz in veth driver
>>>    tun: Add XDP frame size
>>>    vhost_net: Also populate XDP frame size
>>>    virtio_net: Add XDP frame size in two code paths
>>>    xdp: For Intel AF_XDP drivers add XDP frame_sz
>>>    mlx5: Rx queue setup time determine frame_sz for XDP
>>>    xdp: Allow bpf_xdp_adjust_tail() to grow packet size
>>>    xdp: Clear grow memory in bpf_xdp_adjust_tail()
>>>    bpf: Add xdp.frame_sz in bpf_prog_test_run_xdp().
>>>    bpf: Fix too large copy from user in bpf_test_init
>>>
>>> Maxim Mikityanskiy (5):
>>>    netfilter: synproxy: Fix out of bounds when parsing TCP options
>>>    sch_cake: Fix out of bounds when parsing TCP options and header
>>>    UBUNTU: SAUCE: bpf: Add a helper to query TCP conntrack information in
>>>      XDP
>>>    UBUNTU: SAUCE: bpf: Add helpers to issue and check SYN cookies in XDP
>>>    UBUNTU: SAUCE: bpf: Add a helper to issue timestamp cookies in XDP
>>>
>>>   drivers/net/ethernet/mellanox/mlx5/core/en.h      |   1 +
>>>   drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c  |   1 +
>>>   drivers/net/ethernet/mellanox/mlx5/core/en_main.c |   6 +
>>>   drivers/net/ethernet/mellanox/mlx5/core/en_rx.c   |   2 +
>>>   drivers/net/tun.c                                 |   2 +
>>>   drivers/net/veth.c                                |  22 +-
>>>   drivers/net/virtio_net.c                          |  15 +-
>>>   drivers/vhost/net.c                               |   1 +
>>>   include/net/tcp.h                                 |   2 +
>>>   include/net/xdp.h                                 |  27 ++-
>>>   include/net/xdp_sock.h                            |  11 +
>>>   include/uapi/linux/bpf.h                          | 102 ++++++++-
>>>   kernel/bpf/cpumap.c                               |  21 +-
>>>   net/bpf/test_run.c                                |  20 +-
>>>   net/core/dev.c                                    |  14 +-
>>>   net/core/filter.c                                 | 243 +++++++++++++++++++++-
>>>   net/core/xdp.c                                    |   9 +
>>>   net/ipv4/syncookies.c                             |  60 ++++++
>>>   net/ipv4/tcp_input.c                              |   3 +-
>>>   net/netfilter/nf_synproxy_core.c                  |   5 +
>>>   net/sched/sch_cake.c                              |   6 +-
>>>   tools/include/uapi/linux/bpf.h                    |  96 ++++++++-
>>>   tools/testing/selftests/bpf/bpf_helpers.h         |  12 ++
>>>   23 files changed, 631 insertions(+), 50 deletions(-)
>>>
>>
>> There is a limit on the number of patches which make sense in direct 
>> submission. IMO around 5. Please submit this again as a pull request. I 
>> believe it is Daniel who should be able to help you with info about how to do 
>> this.
>>
>> -Stefan
>>
> Hi Stefan,
> 
> I created a merge request at 
> https://code.launchpad.net/~bodong-wang/ubuntu/+source/linux-bluefield/+git/version-seeds/+merge/405286 
> 
> 
> Please let me know if it works or not.
> 
> Bodong
> 
Not quite. Start a new thread (send new email to kernel-team) as

[SRU][F:linux-bluefield][Pull (or Merge) Request] ...

where you point to the merge (a pull request like for upstream would be ok as 
well). It would simplify things for us if you have a link to the bug report in 
that email. That does not need to follow the same format that commit messages do.
Reason for this is that old threads, especially those which got NACKed are 
rather ignored.

-Stefan


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20210707/9dada914/attachment-0001.sig>

More information about the kernel-team mailing list