]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 44343a4) | patch
bpf: add helper to check for a valid SYN cookie
authorLorenz Bauer <lmb@cloudflare.com>
Fri, 22 Mar 2019 01:54:02 +0000 (09:54 +0800)
committerAlexei Starovoitov <ast@kernel.org>
Fri, 22 Mar 2019 01:59:10 +0000 (18:59 -0700)
commit1e7bc4601ebb38295b46074c740abe519b191ecc
tree6196d57566bf6831d40a83ca95f935b8c11ad167tree | snapshot
parent44343a49bc65a3f00e9ad39af4cdf0978ba6db5bcommit | diff
bpf: add helper to check for a valid SYN cookie

Using bpf_skc_lookup_tcp it's possible to ascertain whether a packet
belongs to a known connection. However, there is one corner case: no
sockets are created if SYN cookies are active. This means that the final
ACK in the 3WHS is misclassified.

Using the helper, we can look up the listening socket via
bpf_skc_lookup_tcp and then check whether a packet is a valid SYN
cookie ACK.

Signed-off-by: Lorenz Bauer <lmb@cloudflare.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
include/uapi/linux/bpf.h diff | blob | history
net/core/filter.c diff | blob | history
Linux Kernel Source Tree.