On Wed, Nov 15, 2023 at 9:18 PM Eduard Zingerman <eddyz87@xxxxxxxxx> wrote:
>
> This change prepares syncookie_{tc,xdp} for update in callbakcs
> verification logic. To allow bpf_loop() verification converge when
> multiple callback itreations are considered:
> - track offset inside TCP payload explicitly, not as a part of the
> pointer;
> - make sure that offset does not exceed MAX_PACKET_OFF enforced by
> verifier;
> - make sure that offset is tracked as unbound scalar between
> iterations, otherwise verifier won't be able infer that bpf_loop
> callback reaches identical states.
>
> Signed-off-by: Eduard Zingerman <eddyz87@xxxxxxxxx>
> ---
> .../selftests/bpf/progs/xdp_synproxy_kern.c | 84 ++++++++++++-------
> 1 file changed, 52 insertions(+), 32 deletions(-)
>
LGTM.
Acked-by: Andrii Nakryiko <andrii@xxxxxxxxxx>
[...]
