On Thu, Oct 21, 2021 at 10:31 AM Maxim Mikityanskiy <maximmi@xxxxxxxxxx> wrote: > > On 2021-10-21 04:06, Alexei Starovoitov wrote: > > On Tue, Oct 19, 2021 at 05:46:55PM +0300, Maxim Mikityanskiy wrote: > >> This commit adds a sample for the new BPF helpers: bpf_ct_lookup_tcp, > >> bpf_tcp_raw_gen_syncookie and bpf_tcp_raw_check_syncookie. > >> > >> samples/bpf/syncookie_kern.c is a BPF program that generates SYN cookies > >> on allowed TCP ports and sends SYNACKs to clients, accelerating synproxy > >> iptables module. > >> > >> samples/bpf/syncookie_user.c is a userspace control application that > >> allows to configure the following options in runtime: list of allowed > >> ports, MSS, window scale, TTL. > >> > >> samples/bpf/syncookie_test.sh is a script that demonstrates the setup of > >> synproxy with XDP acceleration. > >> > >> Signed-off-by: Maxim Mikityanskiy <maximmi@xxxxxxxxxx> > >> Reviewed-by: Tariq Toukan <tariqt@xxxxxxxxxx> > >> --- > >> samples/bpf/.gitignore | 1 + > >> samples/bpf/Makefile | 3 + > >> samples/bpf/syncookie_kern.c | 591 ++++++++++++++++++++++++++++++++++ > >> samples/bpf/syncookie_test.sh | 55 ++++ > >> samples/bpf/syncookie_user.c | 388 ++++++++++++++++++++++ > >> 5 files changed, 1038 insertions(+) > >> create mode 100644 samples/bpf/syncookie_kern.c > >> create mode 100755 samples/bpf/syncookie_test.sh > >> create mode 100644 samples/bpf/syncookie_user.c > > > > Tests should be in selftests/bpf. > > Samples are for samples only. > > It's not a test, please don't be confused by the name of > syncookie_test.sh - it's more like a demo script. > > syncookie_user.c and syncookie_kern.c are 100% a sample, they show how > to use the new helpers and are themselves a more or less > feature-complete solution to protect from SYN flood. syncookie_test.sh > should probably be named syncookie_demo.sh, it demonstrates how to bring > pieces together. > > These files aren't aimed to be a unit test for the new helpers, their > purpose is to show the usage. Please convert it to a selftest. Sooner or later we will convert all samples/bpf into tests and delete that dir.
