mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-16 01:54:00 +00:00
selftests/bpf: remove xdp_synproxy IP_DF check
In real world production websites, the IP_DF flag is not always set for each packet from these websites. the IP_DF flag check breaks Internet connection to these websites for home based firewall like BPFire when XDP synproxy program is attached to firewall Internet facing side interface. see [0] [0] https://github.com/vincentmli/BPFire/issues/59 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com> Link: https://lore.kernel.org/r/20241025031952.1351150-1-vincent.mc.li@gmail.com Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
This commit is contained in:
parent
97e9053998
commit
0ab7cd1f18
@ -21,7 +21,6 @@
|
||||
|
||||
#define tcp_flag_word(tp) (((union tcp_word_hdr *)(tp))->words[3])
|
||||
|
||||
#define IP_DF 0x4000
|
||||
#define IP_MF 0x2000
|
||||
#define IP_OFFSET 0x1fff
|
||||
|
||||
@ -442,7 +441,7 @@ static __always_inline int tcp_lookup(void *ctx, struct header_pointers *hdr, bo
|
||||
/* TCP doesn't normally use fragments, and XDP can't reassemble
|
||||
* them.
|
||||
*/
|
||||
if ((hdr->ipv4->frag_off & bpf_htons(IP_DF | IP_MF | IP_OFFSET)) != bpf_htons(IP_DF))
|
||||
if ((hdr->ipv4->frag_off & bpf_htons(IP_MF | IP_OFFSET)) != 0)
|
||||
return XDP_DROP;
|
||||
|
||||
tup.ipv4.saddr = hdr->ipv4->saddr;
|
||||
|
Loading…
x
Reference in New Issue
Block a user