On Thu, Aug 20, 2020 at 3:39 PM Mat Martineau
<mathew.j.martineau@xxxxxxxxxxxxxxx> wrote:
>
>
> On Thu, 20 Aug 2020, Martin KaFai Lau wrote:
>
> > The bpf prog needs to parse the SYN header to learn what options have
> > been sent by the peer's bpf-prog before writing its options into SYNACK.
> > This patch adds a "syn_skb" arg to tcp_make_synack() and send_synack().
> > This syn_skb will eventually be made available (as read-only) to the
> > bpf prog. This will be the only SYN packet available to the bpf
> > prog during syncookie. For other regular cases, the bpf prog can
> > also use the saved_syn.
> > diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
> > index 5084333b5ab6..631a5ee0dd4e 100644
> > --- a/net/ipv4/tcp_ipv4.c
> > +++ b/net/ipv4/tcp_ipv4.c
>
> ...
>
> > @@ -826,6 +886,15 @@ static unsigned int tcp_established_options(struct sock *sk, struct sk_buff *skb
> > opts->num_sack_blocks * TCPOLEN_SACK_PERBLOCK;
> > }
> >
> > + if (unlikely(BPF_SOCK_OPS_TEST_FLAG(tp,
> > + BPF_SOCK_OPS_WRITE_HDR_OPT_CB_FLAG))) {
> > + unsigned int remaining = MAX_TCP_OPTION_SPACE - size;
> > +
> > + bpf_skops_hdr_opt_len(sk, skb, NULL, NULL, 0, opts, &remaining);
> > +
> > + size = MAX_TCP_OPTION_SPACE - remaining;
> > + }
> > +
> > return size;
> > }
> >
>
> Since bpf_skops_hdr_opt_len() is called after the SACK code tries to use
> up all remaining option space for SACK blocks, it's less likely that there
> will be sufficient space remaining. Did you consider moving this hunk
> before the SACK option space is allocated to give the bpf prog higher
> priority?
We have tcp_is_sack(tp) returning a bool. We do not want to return a
flaky value.
If you need to limit the number of sack ranges to one, please handle
this separately.
