bpf: Add helpers to issue and check SYN cookies in XDP

The new helpers bpf_tcp_raw_{gen,check}_syncookie_ipv{4,6} allow an XDP program to generate SYN cookies in response to TCP SYN packets and to check those cookies upon receiving the first ACK packet (the final packet of the TCP handshake). Unlike bpf_tcp_{gen,check}_syncookie these new helpers don't need a listening socket on the local machine, which allows to use them together with synproxy to accelerate SYN cookie generation. Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com> Reviewed-by: Tariq Toukan <tariqt@nvidia.com> Link: https://lore.kernel.org/r/20220615134847.3753567-4-maximmi@nvidia.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
author: Maxim Mikityanskiy <maximmi@nvidia.com> 2022-06-15 16:48:44 +0300
committer: Alexei Starovoitov <ast@kernel.org> 2022-06-16 21:20:30 -0700
commit: 33bf9885040c399cf6a95bd33216644126728e14 (patch)
tree: 882637b6f7deb157f08d0e3b52e780aae6b793bc /include/net/tcp.h
parent: 508362ac66b0478affb4e52cb8da98478312d72d (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/include/net/tcp.h b/include/net/tcp.h
index 1e99f5c61f84..9a1efe23fab7 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -432,6 +432,7 @@ u16 tcp_v4_get_syncookie(struct sock *sk, struct iphdr *iph,
 			 struct tcphdr *th, u32 *cookie);
 u16 tcp_v6_get_syncookie(struct sock *sk, struct ipv6hdr *iph,
 			 struct tcphdr *th, u32 *cookie);
+u16 tcp_parse_mss_option(const struct tcphdr *th, u16 user_mss);
 u16 tcp_get_syncookie_mss(struct request_sock_ops *rsk_ops,
 			  const struct tcp_request_sock_ops *af_ops,
 			  struct sock *sk, struct tcphdr *th);
author	Maxim Mikityanskiy <maximmi@nvidia.com>	2022-06-15 16:48:44 +0300
committer	Alexei Starovoitov <ast@kernel.org>	2022-06-16 21:20:30 -0700
commit	33bf9885040c399cf6a95bd33216644126728e14 (patch)
tree	882637b6f7deb157f08d0e3b52e780aae6b793bc /include/net/tcp.h
parent	508362ac66b0478affb4e52cb8da98478312d72d (diff)