[SRU][F:linux-bluefield][Pull Request] New BPF helpers for SYN cookies for forwarded traffic
Bodong Wang
bodong at nvidia.com
Wed Jul 7 14:34:50 UTC 2021
This pull request (21 commits) includes the BPF helpers for SYN cookies series
and prerequisite series.
BugLink: https://bugs.launchpad.net/bugs/1934499
The pull request page can be found at:
https://code.launchpad.net/~bodong-wang/ubuntu/+source/linux-bluefield/+git/version-seeds/+merge/405286
Git repo based on Ubuntu-bluefield-5.4.0-1015.18 can be found at:
https://git.launchpad.net/~bodong-wang/ubuntu/+source/linux-bluefield nvidia-ddos
This series first cherry picked multiple upstream patches from xdp/bpf
to support the new BPF helpers.
Then it adds new BPF helpers on top of those upstream patches.
* bpf_ct_lookup_tcp to lookup CT status of a TCP connection.
* bpf_tcp_raw_gen_syncookie to generate SYN cookies without a listening
socket on the same host (to be used with iptables synproxy module).
* bpf_tcp_raw_check_syncookie to check SYN cookies generated by the
previos helper (to be used with iptables synproxy module).
* bpf_tcp_raw_gen_tscookie to generate timestamp cookies, which encode
additional information like SACK permission, ECN support, window scale.
The format is compatible with iptables synproxy module.
These new helpers allow user to accelerate the iptables synproxy module.
Signed-off-by: Maxim Mikityanskiy <maximmi at nvidia.com>
Signed-off-by: Bodong Wang <bodong at nvidia.com>
Björn Töpel (1):
xsk: Fix xsk_umem_xdp_frame_sz()
Hangbin Liu (1):
xdp: Handle frame_sz in xdp_convert_zc_to_xdp_frame()
Jesper Dangaard Brouer (14):
xdp: Add frame size to xdp_buff
net: XDP-generic determining XDP frame size
xdp: Xdp_frame add member frame_sz and handle in convert_to_xdp_frame
xdp: Cpumap redirect use frame_sz and increase skb_tailroom
veth: Xdp using frame_sz in veth driver
tun: Add XDP frame size
vhost_net: Also populate XDP frame size
virtio_net: Add XDP frame size in two code paths
xdp: For Intel AF_XDP drivers add XDP frame_sz
mlx5: Rx queue setup time determine frame_sz for XDP
xdp: Allow bpf_xdp_adjust_tail() to grow packet size
xdp: Clear grow memory in bpf_xdp_adjust_tail()
bpf: Add xdp.frame_sz in bpf_prog_test_run_xdp().
bpf: Fix too large copy from user in bpf_test_init
Maxim Mikityanskiy (5):
netfilter: synproxy: Fix out of bounds when parsing TCP options
sch_cake: Fix out of bounds when parsing TCP options and header
UBUNTU: SAUCE: bpf: Add a helper to query TCP conntrack information in
XDP
UBUNTU: SAUCE: bpf: Add helpers to issue and check SYN cookies in XDP
UBUNTU: SAUCE: bpf: Add a helper to issue timestamp cookies in XDP
drivers/net/ethernet/mellanox/mlx5/core/en.h | 1 +
drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c | 1 +
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 6 +
drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 2 +
drivers/net/tun.c | 2 +
drivers/net/veth.c | 22 +-
drivers/net/virtio_net.c | 15 +-
drivers/vhost/net.c | 1 +
include/net/tcp.h | 2 +
include/net/xdp.h | 27 ++-
include/net/xdp_sock.h | 11 +
include/uapi/linux/bpf.h | 102 ++++++++-
kernel/bpf/cpumap.c | 21 +-
net/bpf/test_run.c | 20 +-
net/core/dev.c | 14 +-
net/core/filter.c | 243 +++++++++++++++++++++-
net/core/xdp.c | 9 +
net/ipv4/syncookies.c | 60 ++++++
net/ipv4/tcp_input.c | 3 +-
net/netfilter/nf_synproxy_core.c | 5 +
net/sched/sch_cake.c | 6 +-
tools/include/uapi/linux/bpf.h | 96 ++++++++-
tools/testing/selftests/bpf/bpf_helpers.h | 12 ++
23 files changed, 631 insertions(+), 50 deletions(-)
--
1.8.3.1
More information about the kernel-team
mailing list