On Fri, Mar 22, 2019 at 09:54:02AM +0800, Lorenz Bauer wrote:
> Using bpf_skc_lookup_tcp it's possible to ascertain whether a packet
> belongs to a known connection. However, there is one corner case: no
> sockets are created if SYN cookies are active. This means that the final
> ACK in the 3WHS is misclassified.
>
> Using the helper, we can look up the listening socket via
> bpf_skc_lookup_tcp and then check whether a packet is a valid SYN
> cookie ACK.
>
> Signed-off-by: Lorenz Bauer <lmb@xxxxxxxxxxxxxx>
...
> +static const struct bpf_func_proto bpf_tcp_check_syncookie_proto = {
> + .func = bpf_tcp_check_syncookie,
> + .gpl_only = true,
you really want your employer to open source the load balancer :)
Fine by me.
The series applied to bpf-next.
