Re: [PATCH bpf-next 10/10] bpf: Add sample for raw syncookie helpers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2021-10-21 04:06, Alexei Starovoitov wrote:

On Tue, Oct 19, 2021 at 05:46:55PM +0300, Maxim Mikityanskiy wrote:

This commit adds a sample for the new BPF helpers: bpf_ct_lookup_tcp,
bpf_tcp_raw_gen_syncookie and bpf_tcp_raw_check_syncookie.

samples/bpf/syncookie_kern.c is a BPF program that generates SYN cookies
on allowed TCP ports and sends SYNACKs to clients, accelerating synproxy
iptables module.

samples/bpf/syncookie_user.c is a userspace control application that
allows to configure the following options in runtime: list of allowed
ports, MSS, window scale, TTL.

samples/bpf/syncookie_test.sh is a script that demonstrates the setup of
synproxy with XDP acceleration.

Signed-off-by: Maxim Mikityanskiy <maximmi@xxxxxxxxxx>
Reviewed-by: Tariq Toukan <tariqt@xxxxxxxxxx>
---
  samples/bpf/.gitignore        |   1 +
  samples/bpf/Makefile          |   3 +
  samples/bpf/syncookie_kern.c  | 591 ++++++++++++++++++++++++++++++++++
  samples/bpf/syncookie_test.sh |  55 ++++
  samples/bpf/syncookie_user.c  | 388 ++++++++++++++++++++++
  5 files changed, 1038 insertions(+)
  create mode 100644 samples/bpf/syncookie_kern.c
  create mode 100755 samples/bpf/syncookie_test.sh
  create mode 100644 samples/bpf/syncookie_user.c


Tests should be in selftests/bpf.
Samples are for samples only.
It's not a test, please don't be confused by the name of syncookie_test.sh - it's more like a demo script.
syncookie_user.c and syncookie_kern.c are 100% a sample, they show how to use the new helpers and are themselves a more or less feature-complete solution to protect from SYN flood. syncookie_test.sh should probably be named syncookie_demo.sh, it demonstrates how to bring pieces together.
These files aren't aimed to be a unit test for the new helpers, their purpose is to show the usage. 




+// SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB


Isn't it deprecated?
LICENSES/deprecated/Linux-OpenIB
Honestly, I had no idea, I just used our template. I'll ask whoever is responsible for the license. 

If it's deprecated, what should be used instead?




+	// Don't combine additions to avoid 32-bit overflow.


c++ style comment?
did you run checkpatch?
Sure I did, and it doesn't complain on such comments. If such comments are a problem, please tell me, but I also saw them in other BPF samples. 

Thanks for reviewing!
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux