Re: [PATCH bpf-next 10/10] bpf: Add sample for raw syncookie helpers
From: Maxim Mikityanskiy <hidden>
Date: 2021-10-21 17:31:29
Also in:
bpf
On 2021-10-21 04:06, Alexei Starovoitov wrote:
On Tue, Oct 19, 2021 at 05:46:55PM +0300, Maxim Mikityanskiy wrote:quoted
This commit adds a sample for the new BPF helpers: bpf_ct_lookup_tcp, bpf_tcp_raw_gen_syncookie and bpf_tcp_raw_check_syncookie. samples/bpf/syncookie_kern.c is a BPF program that generates SYN cookies on allowed TCP ports and sends SYNACKs to clients, accelerating synproxy iptables module. samples/bpf/syncookie_user.c is a userspace control application that allows to configure the following options in runtime: list of allowed ports, MSS, window scale, TTL. samples/bpf/syncookie_test.sh is a script that demonstrates the setup of synproxy with XDP acceleration. Signed-off-by: Maxim Mikityanskiy <redacted> Reviewed-by: Tariq Toukan <tariqt@nvidia.com> --- samples/bpf/.gitignore | 1 + samples/bpf/Makefile | 3 + samples/bpf/syncookie_kern.c | 591 ++++++++++++++++++++++++++++++++++ samples/bpf/syncookie_test.sh | 55 ++++ samples/bpf/syncookie_user.c | 388 ++++++++++++++++++++++ 5 files changed, 1038 insertions(+) create mode 100644 samples/bpf/syncookie_kern.c create mode 100755 samples/bpf/syncookie_test.sh create mode 100644 samples/bpf/syncookie_user.cTests should be in selftests/bpf. Samples are for samples only.
It's not a test, please don't be confused by the name of syncookie_test.sh - it's more like a demo script. syncookie_user.c and syncookie_kern.c are 100% a sample, they show how to use the new helpers and are themselves a more or less feature-complete solution to protect from SYN flood. syncookie_test.sh should probably be named syncookie_demo.sh, it demonstrates how to bring pieces together. These files aren't aimed to be a unit test for the new helpers, their purpose is to show the usage.
quoted
+// SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIBIsn't it deprecated? LICENSES/deprecated/Linux-OpenIB
Honestly, I had no idea, I just used our template. I'll ask whoever is responsible for the license. If it's deprecated, what should be used instead?
quoted
+ // Don't combine additions to avoid 32-bit overflow.c++ style comment? did you run checkpatch?
Sure I did, and it doesn't complain on such comments. If such comments are a problem, please tell me, but I also saw them in other BPF samples. Thanks for reviewing!