APPLIED: [SRU][F:linux-bluefield][Pull Request] New BPF helpers for SYN cookies for forwarded traffic

Stefan Bader stefan.bader at canonical.com
Tue Jul 13 07:58:02 UTC 2021 

On 07.07.21 16:34, Bodong Wang wrote:
> This pull request (21 commits) includes the BPF helpers for SYN cookies series
> and prerequisite series.
> 
> BugLink: https://bugs.launchpad.net/bugs/1934499
> 
> The pull request page can be found at:
> 
> https://code.launchpad.net/~bodong-wang/ubuntu/+source/linux-bluefield/+git/version-seeds/+merge/405286
> 
> Git repo based on Ubuntu-bluefield-5.4.0-1015.18 can be found at:
> https://git.launchpad.net/~bodong-wang/ubuntu/+source/linux-bluefield nvidia-ddos
> 
> This series first cherry picked multiple upstream patches from xdp/bpf
> to support the new BPF helpers.
> 
> Then it adds new BPF helpers on top of those upstream patches.
> 
> * bpf_ct_lookup_tcp to lookup CT status of a TCP connection.
> 
> * bpf_tcp_raw_gen_syncookie to generate SYN cookies without a listening
> socket on the same host (to be used with iptables synproxy module).
> 
> * bpf_tcp_raw_check_syncookie to check SYN cookies generated by the
> previos helper (to be used with iptables synproxy module).
> 
> * bpf_tcp_raw_gen_tscookie to generate timestamp cookies, which encode
> additional information like SACK permission, ECN support, window scale.
> The format is compatible with iptables synproxy module.
> 
> These new helpers allow user to accelerate the iptables synproxy module.
> 
> Signed-off-by: Maxim Mikityanskiy <maximmi at nvidia.com>
> Signed-off-by: Bodong Wang <bodong at nvidia.com>
> 
> Björn Töpel (1):
>    xsk: Fix xsk_umem_xdp_frame_sz()
> 
> Hangbin Liu (1):
>    xdp: Handle frame_sz in xdp_convert_zc_to_xdp_frame()
> 
> Jesper Dangaard Brouer (14):
>    xdp: Add frame size to xdp_buff
>    net: XDP-generic determining XDP frame size
>    xdp: Xdp_frame add member frame_sz and handle in convert_to_xdp_frame
>    xdp: Cpumap redirect use frame_sz and increase skb_tailroom
>    veth: Xdp using frame_sz in veth driver
>    tun: Add XDP frame size
>    vhost_net: Also populate XDP frame size
>    virtio_net: Add XDP frame size in two code paths
>    xdp: For Intel AF_XDP drivers add XDP frame_sz
>    mlx5: Rx queue setup time determine frame_sz for XDP
>    xdp: Allow bpf_xdp_adjust_tail() to grow packet size
>    xdp: Clear grow memory in bpf_xdp_adjust_tail()
>    bpf: Add xdp.frame_sz in bpf_prog_test_run_xdp().
>    bpf: Fix too large copy from user in bpf_test_init
> 
> Maxim Mikityanskiy (5):
>    netfilter: synproxy: Fix out of bounds when parsing TCP options
>    sch_cake: Fix out of bounds when parsing TCP options and header
>    UBUNTU: SAUCE: bpf: Add a helper to query TCP conntrack information in
>      XDP
>    UBUNTU: SAUCE: bpf: Add helpers to issue and check SYN cookies in XDP
>    UBUNTU: SAUCE: bpf: Add a helper to issue timestamp cookies in XDP
> 
>   drivers/net/ethernet/mellanox/mlx5/core/en.h      |   1 +
>   drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c  |   1 +
>   drivers/net/ethernet/mellanox/mlx5/core/en_main.c |   6 +
>   drivers/net/ethernet/mellanox/mlx5/core/en_rx.c   |   2 +
>   drivers/net/tun.c                                 |   2 +
>   drivers/net/veth.c                                |  22 +-
>   drivers/net/virtio_net.c                          |  15 +-
>   drivers/vhost/net.c                               |   1 +
>   include/net/tcp.h                                 |   2 +
>   include/net/xdp.h                                 |  27 ++-
>   include/net/xdp_sock.h                            |  11 +
>   include/uapi/linux/bpf.h                          | 102 ++++++++-
>   kernel/bpf/cpumap.c                               |  21 +-
>   net/bpf/test_run.c                                |  20 +-
>   net/core/dev.c                                    |  14 +-
>   net/core/filter.c                                 | 243 +++++++++++++++++++++-
>   net/core/xdp.c                                    |   9 +
>   net/ipv4/syncookies.c                             |  60 ++++++
>   net/ipv4/tcp_input.c                              |   3 +-
>   net/netfilter/nf_synproxy_core.c                  |   5 +
>   net/sched/sch_cake.c                              |   6 +-
>   tools/include/uapi/linux/bpf.h                    |  96 ++++++++-
>   tools/testing/selftests/bpf/bpf_helpers.h         |  12 ++
>   23 files changed, 631 insertions(+), 50 deletions(-)
> 
Applied/merged to focal:linux-bluefield/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20210713/3f3e3f3a/attachment.sig>

More information about the kernel-team mailing list