374 				       struct header_pointers *hdr)  in tcp_dissect()  argument
376 	hdr->eth = data;  in tcp_dissect()
377 	if (hdr->eth + 1 > data_end)  in tcp_dissect()
380 	switch (bpf_ntohs(hdr->eth->h_proto)) {  in tcp_dissect()
382 		hdr->ipv6 = NULL;  in tcp_dissect()
384 		hdr->ipv4 = (void *)hdr->eth + sizeof(*hdr->eth);  in tcp_dissect()
385 		if (hdr->ipv4 + 1 > data_end)  in tcp_dissect()
387 		if (hdr->ipv4->ihl * 4 < sizeof(*hdr->ipv4))  in tcp_dissect()
389 		if (hdr->ipv4->version != 4)  in tcp_dissect()
392 		if (hdr->ipv4->protocol != IPPROTO_TCP)  in tcp_dissect()
395 		hdr->tcp = (void *)hdr->ipv4 + hdr->ipv4->ihl * 4;  in tcp_dissect()
398 		hdr->ipv4 = NULL;  in tcp_dissect()
400 		hdr->ipv6 = (void *)hdr->eth + sizeof(*hdr->eth);  in tcp_dissect()
401 		if (hdr->ipv6 + 1 > data_end)  in tcp_dissect()
403 		if (hdr->ipv6->version != 6)  in tcp_dissect()
409 		if (hdr->ipv6->nexthdr != NEXTHDR_TCP)  in tcp_dissect()
412 		hdr->tcp = (void *)hdr->ipv6 + sizeof(*hdr->ipv6);  in tcp_dissect()
419 	if (hdr->tcp + 1 > data_end)  in tcp_dissect()
421 	hdr->tcp_len = hdr->tcp->doff * 4;  in tcp_dissect()
422 	if (hdr->tcp_len < sizeof(*hdr->tcp))  in tcp_dissect()
428 static __always_inline int tcp_lookup(void *ctx, struct header_pointers *hdr, bool xdp)  in tcp_lookup()  argument
438 	if (hdr->ipv4) {  in tcp_lookup()
442 		if ((hdr->ipv4->frag_off & bpf_htons(IP_DF | IP_MF | IP_OFFSET)) != bpf_htons(IP_DF))  in tcp_lookup()
445 		tup.ipv4.saddr = hdr->ipv4->saddr;  in tcp_lookup()
446 		tup.ipv4.daddr = hdr->ipv4->daddr;  in tcp_lookup()
447 		tup.ipv4.sport = hdr->tcp->source;  in tcp_lookup()
448 		tup.ipv4.dport = hdr->tcp->dest;  in tcp_lookup()
450 	} else if (hdr->ipv6) {  in tcp_lookup()
451 		__builtin_memcpy(tup.ipv6.saddr, &hdr->ipv6->saddr, sizeof(tup.ipv6.saddr));  in tcp_lookup()
452 		__builtin_memcpy(tup.ipv6.daddr, &hdr->ipv6->daddr, sizeof(tup.ipv6.daddr));  in tcp_lookup()
453 		tup.ipv6.sport = hdr->tcp->source;  in tcp_lookup()
454 		tup.ipv6.dport = hdr->tcp->dest;  in tcp_lookup()
533 static __always_inline void tcpv4_gen_synack(struct header_pointers *hdr,  in tcpv4_gen_synack()  argument
542 	swap_eth_addr(hdr->eth->h_source, hdr->eth->h_dest);  in tcpv4_gen_synack()
544 	swap(hdr->ipv4->saddr, hdr->ipv4->daddr);  in tcpv4_gen_synack()
545 	hdr->ipv4->check = 0; /* Calculate checksum later. */  in tcpv4_gen_synack()
546 	hdr->ipv4->tos = 0;  in tcpv4_gen_synack()
547 	hdr->ipv4->id = 0;  in tcpv4_gen_synack()
548 	hdr->ipv4->ttl = ttl;  in tcpv4_gen_synack()
550 	tcp_gen_synack(hdr->tcp, cookie, tsopt, mss, wscale);  in tcpv4_gen_synack()
552 	hdr->tcp_len = hdr->tcp->doff * 4;  in tcpv4_gen_synack()
553 	hdr->ipv4->tot_len = bpf_htons(sizeof(*hdr->ipv4) + hdr->tcp_len);  in tcpv4_gen_synack()
556 static __always_inline void tcpv6_gen_synack(struct header_pointers *hdr,  in tcpv6_gen_synack()  argument
565 	swap_eth_addr(hdr->eth->h_source, hdr->eth->h_dest);  in tcpv6_gen_synack()
567 	swap(hdr->ipv6->saddr, hdr->ipv6->daddr);  in tcpv6_gen_synack()
568 	*(__be32 *)hdr->ipv6 = bpf_htonl(0x60000000);  in tcpv6_gen_synack()
569 	hdr->ipv6->hop_limit = ttl;  in tcpv6_gen_synack()
571 	tcp_gen_synack(hdr->tcp, cookie, tsopt, mss, wscale);  in tcpv6_gen_synack()
573 	hdr->tcp_len = hdr->tcp->doff * 4;  in tcpv6_gen_synack()
574 	hdr->ipv6->payload_len = bpf_htons(hdr->tcp_len);  in tcpv6_gen_synack()
577 static __always_inline int syncookie_handle_syn(struct header_pointers *hdr,  in syncookie_handle_syn()  argument
608 	if (hdr->tcp->fin || hdr->tcp->rst)  in syncookie_handle_syn()
614 	if (!check_port_allowed(bpf_ntohs(hdr->tcp->dest)))  in syncookie_handle_syn()
617 	if (hdr->ipv4) {  in syncookie_handle_syn()
619 		value = bpf_csum_diff(0, 0, (void *)hdr->ipv4, hdr->ipv4->ihl * 4, 0);  in syncookie_handle_syn()
625 		value = bpf_csum_diff(0, 0, (void *)hdr->tcp, hdr->tcp_len, 0);  in syncookie_handle_syn()
628 		if (csum_tcpudp_magic(hdr->ipv4->saddr, hdr->ipv4->daddr,  in syncookie_handle_syn()
629 				      hdr->tcp_len, IPPROTO_TCP, value) != 0)  in syncookie_handle_syn()
632 		ip_len = sizeof(*hdr->ipv4);  in syncookie_handle_syn()
634 		value = bpf_tcp_raw_gen_syncookie_ipv4(hdr->ipv4, hdr->tcp,  in syncookie_handle_syn()
635 						       hdr->tcp_len);  in syncookie_handle_syn()
636 	} else if (hdr->ipv6) {  in syncookie_handle_syn()
638 		value = bpf_csum_diff(0, 0, (void *)hdr->tcp, hdr->tcp_len, 0);  in syncookie_handle_syn()
641 		if (csum_ipv6_magic(&hdr->ipv6->saddr, &hdr->ipv6->daddr,  in syncookie_handle_syn()
642 				    hdr->tcp_len, IPPROTO_TCP, value) != 0)  in syncookie_handle_syn()
645 		ip_len = sizeof(*hdr->ipv6);  in syncookie_handle_syn()
647 		value = bpf_tcp_raw_gen_syncookie_ipv6(hdr->ipv6, hdr->tcp,  in syncookie_handle_syn()
648 						       hdr->tcp_len);  in syncookie_handle_syn()
657 	if (tscookie_init((void *)hdr->tcp, hdr->tcp_len,  in syncookie_handle_syn()
665 	if (data + sizeof(*hdr->eth) + ip_len + TCP_MAXLEN > data_end)  in syncookie_handle_syn()
668 	if (hdr->ipv4) {  in syncookie_handle_syn()
669 		if (hdr->ipv4->ihl * 4 > sizeof(*hdr->ipv4)) {  in syncookie_handle_syn()
672 			new_tcp_header = data + sizeof(*hdr->eth) + sizeof(*hdr->ipv4);  in syncookie_handle_syn()
673 			__builtin_memmove(new_tcp_header, hdr->tcp, sizeof(*hdr->tcp));  in syncookie_handle_syn()
674 			hdr->tcp = new_tcp_header;  in syncookie_handle_syn()
676 			hdr->ipv4->ihl = sizeof(*hdr->ipv4) / 4;  in syncookie_handle_syn()
679 		tcpv4_gen_synack(hdr, cookie, tsopt);  in syncookie_handle_syn()
680 	} else if (hdr->ipv6) {  in syncookie_handle_syn()
681 		tcpv6_gen_synack(hdr, cookie, tsopt);  in syncookie_handle_syn()
687 	hdr->tcp->check = 0;  in syncookie_handle_syn()
688 	value = bpf_csum_diff(0, 0, (void *)hdr->tcp, hdr->tcp_len, 0);  in syncookie_handle_syn()
691 	if (hdr->ipv4) {  in syncookie_handle_syn()
692 		hdr->tcp->check = csum_tcpudp_magic(hdr->ipv4->saddr,  in syncookie_handle_syn()
693 						    hdr->ipv4->daddr,  in syncookie_handle_syn()
694 						    hdr->tcp_len,  in syncookie_handle_syn()
698 		hdr->ipv4->check = 0;  in syncookie_handle_syn()
699 		value = bpf_csum_diff(0, 0, (void *)hdr->ipv4, sizeof(*hdr->ipv4), 0);  in syncookie_handle_syn()
702 		hdr->ipv4->check = csum_fold(value);  in syncookie_handle_syn()
703 	} else if (hdr->ipv6) {  in syncookie_handle_syn()
704 		hdr->tcp->check = csum_ipv6_magic(&hdr->ipv6->saddr,  in syncookie_handle_syn()
705 						  &hdr->ipv6->daddr,  in syncookie_handle_syn()
706 						  hdr->tcp_len,  in syncookie_handle_syn()
715 	new_pkt_size = sizeof(*hdr->eth) + ip_len + hdr->tcp->doff * 4;  in syncookie_handle_syn()
729 static __always_inline int syncookie_handle_ack(struct header_pointers *hdr)  in syncookie_handle_ack()  argument
733 	if (hdr->tcp->rst)  in syncookie_handle_ack()
736 	if (hdr->ipv4)  in syncookie_handle_ack()
737 		err = bpf_tcp_raw_check_syncookie_ipv4(hdr->ipv4, hdr->tcp);  in syncookie_handle_ack()
738 	else if (hdr->ipv6)  in syncookie_handle_ack()
739 		err = bpf_tcp_raw_check_syncookie_ipv6(hdr->ipv6, hdr->tcp);  in syncookie_handle_ack()
749 					   struct header_pointers *hdr, bool xdp)  in syncookie_part1()  argument
753 	ret = tcp_dissect(data, data_end, hdr);  in syncookie_part1()
757 	ret = tcp_lookup(ctx, hdr, xdp);  in syncookie_part1()
763 	if ((hdr->tcp->syn ^ hdr->tcp->ack) != 1)  in syncookie_part1()
766 	/* Grow the TCP header to TCP_MAXLEN to be able to pass any hdr->tcp_len  in syncookie_part1()
770 		if (bpf_xdp_adjust_tail(ctx, TCP_MAXLEN - hdr->tcp_len))  in syncookie_part1()
778 		if (bpf_skb_change_tail(ctx, old_len + TCP_MAXLEN - hdr->tcp_len, 0))  in syncookie_part1()
786 					   struct header_pointers *hdr, bool xdp)  in syncookie_part2()  argument
788 	if (hdr->ipv4) {  in syncookie_part2()
789 		hdr->eth = data;  in syncookie_part2()
790 		hdr->ipv4 = (void *)hdr->eth + sizeof(*hdr->eth);  in syncookie_part2()
794 		if ((void *)hdr->ipv4 + IPV4_MAXLEN > data_end)  in syncookie_part2()
796 		hdr->tcp = (void *)hdr->ipv4 + hdr->ipv4->ihl * 4;  in syncookie_part2()
797 	} else if (hdr->ipv6) {  in syncookie_part2()
798 		hdr->eth = data;  in syncookie_part2()
799 		hdr->ipv6 = (void *)hdr->eth + sizeof(*hdr->eth);  in syncookie_part2()
800 		hdr->tcp = (void *)hdr->ipv6 + sizeof(*hdr->ipv6);  in syncookie_part2()
805 	if ((void *)hdr->tcp + TCP_MAXLEN > data_end)  in syncookie_part2()
811 	hdr->tcp_len = hdr->tcp->doff * 4;  in syncookie_part2()
812 	if (hdr->tcp_len < sizeof(*hdr->tcp))  in syncookie_part2()
815 	return hdr->tcp->syn ? syncookie_handle_syn(hdr, ctx, data, data_end, xdp) :  in syncookie_part2()
816 			       syncookie_handle_ack(hdr);  in syncookie_part2()
824 	struct header_pointers hdr;  in syncookie_xdp()  local
827 	ret = syncookie_part1(ctx, data, data_end, &hdr, true);  in syncookie_xdp()
834 	return syncookie_part2(ctx, data, data_end, &hdr, true);  in syncookie_xdp()
842 	struct header_pointers hdr;  in syncookie_tc()  local
845 	ret = syncookie_part1(skb, data, data_end, &hdr, false);  in syncookie_tc()
852 	ret = syncookie_part2(skb, data, data_end, &hdr, false);  in syncookie_tc()