bpf: Add helpers to issue and check SYN cookies in XDP

The new helpers bpf_tcp_raw_{gen,check}_syncookie_ipv{4,6} allow an XDP program to generate SYN cookies in response to TCP SYN packets and to check those cookies upon receiving the first ACK packet (the final packet of the TCP handshake). Unlike bpf_tcp_{gen,check}_syncookie these new helpers don't need a listening socket on the local machine, which allows to use them together with synproxy to accelerate SYN cookie generation. Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com> Reviewed-by: Tariq Toukan <tariqt@nvidia.com> Link: https://lore.kernel.org/r/20220615134847.3753567-4-maximmi@nvidia.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2025-04-24 14:07:52 -04:00 · 2022-06-15 16:48:44 +03:00 · 2022-06-15 16:48:44 +03:00 · 33bf988504
commit 33bf988504
parent 508362ac66
6 changed files with 281 additions and 1 deletions
--- a/scripts/bpf_doc.py
+++ b/scripts/bpf_doc.py
@ -635,6 +635,8 @@ class PrinterHelpers(Printer):
            'struct bpf_timer',
            'struct mptcp_sock',
            'struct bpf_dynptr',
+            'struct iphdr',
+            'struct ipv6hdr',
    ]
    known_types = {
            '...',
@ -686,6 +688,8 @@ class PrinterHelpers(Printer):
            'struct bpf_timer',
            'struct mptcp_sock',
            'struct bpf_dynptr',
+            'struct iphdr',
+            'struct ipv6hdr',
    }
    mapped_types = {
            'u8': '__u8',