| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20260204-afabre-bpf_tcp_sock-v1-1-a22b40c630c0@cloudflare.com> Date: Wed, 04 Feb 2026 13:24:56 +0100 From: Arthur Fabre <afabre@...udflare.com> To: Martin KaFai Lau <martin.lau@...ux.dev>, Daniel Borkmann <daniel@...earbox.net>, John Fastabend <john.fastabend@...il.com>, Stanislav Fomichev <sdf@...ichev.me>, Alexei Starovoitov <ast@...nel.org>, Andrii Nakryiko <andrii@...nel.org>, Eduard Zingerman <eddyz87@...il.com>, Song Liu <song@...nel.org>, Yonghong Song <yonghong.song@...ux.dev>, KP Singh <kpsingh@...nel.org>, Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org> Cc: bpf@...r.kernel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, kernel-team@...udflare.com, wferguson@...udflare.com, Arthur Fabre <afabre@...udflare.com> Subject: [PATCH bpf-next] bpf: Allow bpf_tcp_sock() helper in XDP We can already lookup sockets in XDP via the bpf_sk(c)_lookup_(udp|tcp) helpers. This can be used to determine if a received packet is for an established socket or not, for example in a load balancer. But the TCP TIME-WAIT state needs special handling for this: packets received for a TIME-WAIT socket can either belong to the current incarnation of the connection, or a new incarnation. The only way to determine this is to compare the sequence numbers. Add the bpf_tcp_sock() helper in XDP to allow the socket sequence numbers to be read. --- Signed-off-by: Arthur Fabre <afabre@...udflare.com> --- net/core/filter.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/core/filter.c b/net/core/filter.c index f04982d79d72e92f1b46ccd87633391e38c3da81..5e3a1951130369f070c3a373ea649bd10db412b6 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -8506,6 +8506,8 @@ xdp_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) return &bpf_sk_release_proto; case BPF_FUNC_skc_lookup_tcp: return &bpf_xdp_skc_lookup_tcp_proto; + case BPF_FUNC_tcp_sock: + return &bpf_tcp_sock_proto; case BPF_FUNC_tcp_check_syncookie: return &bpf_tcp_check_syncookie_proto; case BPF_FUNC_tcp_gen_syncookie: --- base-commit: d95d76aa772bf94df353b015b1cb38303d4a415d change-id: 20260204-afabre-bpf_tcp_sock-117d03c6f0e3 Best regards, -- Arthur Fabre <afabre@...udflare.com>
Powered by blists - more mailing lists