** Description changed: Ticket for the patch series that adds new BPF helpers to query conntrack and to generate SYN cookies for forwarded connections. + + * Explain the bug(s) + + This patch series aims to accelerate iptables synproxy module with XDP. + The stage that generates and checks SYN cookies is stateless and can be + implemented in XDP. + + * Brief explanation of fixes + + This patch series adds new BPF helpers: + + * bpf_ct_lookup_tcp to lookup CT status of a TCP connection. + + * bpf_tcp_raw_gen_syncookie to generate SYN cookies without a listening + socket on the same host (to be used with iptables synproxy module). + + * bpf_tcp_raw_check_syncookie to check SYN cookies generated by the + previos helper (to be used with iptables synproxy module). + + * bpf_tcp_raw_gen_tscookie to generate timestamp cookies, which encode + additional information like SACK permission, ECN support, window scale. + The format is compatible with iptables synproxy module. + + These new helpers allow to accelerate the iptables synproxy module. This + series also includes some dependency patches backported from upstream. + + * How to test + + Use an XDP application that generates and checks SYN cookies, leveraging + the new helpers. + + * What it could break. + + Nothing should be broken, only new functionality is added, and some + patches are backported from upstream. CONFIG_NF_CONNTRACK is changed + from m to y, which is also not expected to break existing functionality.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1934499 Title: New BPF helpers to query conntrack and to generate/validate SYN cookies To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1934499/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
