354 				       struct header_pointers *hdr)  in tcp_dissect()  argument
356 	hdr->eth = data;  in tcp_dissect()
357 	if (hdr->eth + 1 > data_end)  in tcp_dissect()
360 	switch (bpf_ntohs(hdr->eth->h_proto)) {  in tcp_dissect()
362 		hdr->ipv6 = NULL;  in tcp_dissect()
364 		hdr->ipv4 = (void *)hdr->eth + sizeof(*hdr->eth);  in tcp_dissect()
365 		if (hdr->ipv4 + 1 > data_end)  in tcp_dissect()
367 		if (hdr->ipv4->ihl * 4 < sizeof(*hdr->ipv4))  in tcp_dissect()
369 		if (hdr->ipv4->version != 4)  in tcp_dissect()
372 		if (hdr->ipv4->protocol != IPPROTO_TCP)  in tcp_dissect()
375 		hdr->tcp = (void *)hdr->ipv4 + hdr->ipv4->ihl * 4;  in tcp_dissect()
378 		hdr->ipv4 = NULL;  in tcp_dissect()
380 		hdr->ipv6 = (void *)hdr->eth + sizeof(*hdr->eth);  in tcp_dissect()
381 		if (hdr->ipv6 + 1 > data_end)  in tcp_dissect()
383 		if (hdr->ipv6->version != 6)  in tcp_dissect()
389 		if (hdr->ipv6->nexthdr != NEXTHDR_TCP)  in tcp_dissect()
392 		hdr->tcp = (void *)hdr->ipv6 + sizeof(*hdr->ipv6);  in tcp_dissect()
399 	if (hdr->tcp + 1 > data_end)  in tcp_dissect()
401 	hdr->tcp_len = hdr->tcp->doff * 4;  in tcp_dissect()
402 	if (hdr->tcp_len < sizeof(*hdr->tcp))  in tcp_dissect()
408 static __always_inline int tcp_lookup(void *ctx, struct header_pointers *hdr, bool xdp)  in tcp_lookup()  argument
418 	if (hdr->ipv4) {  in tcp_lookup()
422 		if ((hdr->ipv4->frag_off & bpf_htons(IP_DF | IP_MF | IP_OFFSET)) != bpf_htons(IP_DF))  in tcp_lookup()
425 		tup.ipv4.saddr = hdr->ipv4->saddr;  in tcp_lookup()
426 		tup.ipv4.daddr = hdr->ipv4->daddr;  in tcp_lookup()
427 		tup.ipv4.sport = hdr->tcp->source;  in tcp_lookup()
428 		tup.ipv4.dport = hdr->tcp->dest;  in tcp_lookup()
430 	} else if (hdr->ipv6) {  in tcp_lookup()
431 		__builtin_memcpy(tup.ipv6.saddr, &hdr->ipv6->saddr, sizeof(tup.ipv6.saddr));  in tcp_lookup()
432 		__builtin_memcpy(tup.ipv6.daddr, &hdr->ipv6->daddr, sizeof(tup.ipv6.daddr));  in tcp_lookup()
433 		tup.ipv6.sport = hdr->tcp->source;  in tcp_lookup()
434 		tup.ipv6.dport = hdr->tcp->dest;  in tcp_lookup()
513 static __always_inline void tcpv4_gen_synack(struct header_pointers *hdr,  in tcpv4_gen_synack()  argument
522 	swap_eth_addr(hdr->eth->h_source, hdr->eth->h_dest);  in tcpv4_gen_synack()
524 	swap(hdr->ipv4->saddr, hdr->ipv4->daddr);  in tcpv4_gen_synack()
525 	hdr->ipv4->check = 0; /* Calculate checksum later. */  in tcpv4_gen_synack()
526 	hdr->ipv4->tos = 0;  in tcpv4_gen_synack()
527 	hdr->ipv4->id = 0;  in tcpv4_gen_synack()
528 	hdr->ipv4->ttl = ttl;  in tcpv4_gen_synack()
530 	tcp_gen_synack(hdr->tcp, cookie, tsopt, mss, wscale);  in tcpv4_gen_synack()
532 	hdr->tcp_len = hdr->tcp->doff * 4;  in tcpv4_gen_synack()
533 	hdr->ipv4->tot_len = bpf_htons(sizeof(*hdr->ipv4) + hdr->tcp_len);  in tcpv4_gen_synack()
536 static __always_inline void tcpv6_gen_synack(struct header_pointers *hdr,  in tcpv6_gen_synack()  argument
545 	swap_eth_addr(hdr->eth->h_source, hdr->eth->h_dest);  in tcpv6_gen_synack()
547 	swap(hdr->ipv6->saddr, hdr->ipv6->daddr);  in tcpv6_gen_synack()
548 	*(__be32 *)hdr->ipv6 = bpf_htonl(0x60000000);  in tcpv6_gen_synack()
549 	hdr->ipv6->hop_limit = ttl;  in tcpv6_gen_synack()
551 	tcp_gen_synack(hdr->tcp, cookie, tsopt, mss, wscale);  in tcpv6_gen_synack()
553 	hdr->tcp_len = hdr->tcp->doff * 4;  in tcpv6_gen_synack()
554 	hdr->ipv6->payload_len = bpf_htons(hdr->tcp_len);  in tcpv6_gen_synack()
557 static __always_inline int syncookie_handle_syn(struct header_pointers *hdr,  in syncookie_handle_syn()  argument
588 	if (hdr->tcp->fin || hdr->tcp->rst)  in syncookie_handle_syn()
594 	if (!check_port_allowed(bpf_ntohs(hdr->tcp->dest)))  in syncookie_handle_syn()
597 	if (hdr->ipv4) {  in syncookie_handle_syn()
599 		value = bpf_csum_diff(0, 0, (void *)hdr->ipv4, hdr->ipv4->ihl * 4, 0);  in syncookie_handle_syn()
605 		value = bpf_csum_diff(0, 0, (void *)hdr->tcp, hdr->tcp_len, 0);  in syncookie_handle_syn()
608 		if (csum_tcpudp_magic(hdr->ipv4->saddr, hdr->ipv4->daddr,  in syncookie_handle_syn()
609 				      hdr->tcp_len, IPPROTO_TCP, value) != 0)  in syncookie_handle_syn()
612 		ip_len = sizeof(*hdr->ipv4);  in syncookie_handle_syn()
614 		value = bpf_tcp_raw_gen_syncookie_ipv4(hdr->ipv4, hdr->tcp,  in syncookie_handle_syn()
615 						       hdr->tcp_len);  in syncookie_handle_syn()
616 	} else if (hdr->ipv6) {  in syncookie_handle_syn()
618 		value = bpf_csum_diff(0, 0, (void *)hdr->tcp, hdr->tcp_len, 0);  in syncookie_handle_syn()
621 		if (csum_ipv6_magic(&hdr->ipv6->saddr, &hdr->ipv6->daddr,  in syncookie_handle_syn()
622 				    hdr->tcp_len, IPPROTO_TCP, value) != 0)  in syncookie_handle_syn()
625 		ip_len = sizeof(*hdr->ipv6);  in syncookie_handle_syn()
627 		value = bpf_tcp_raw_gen_syncookie_ipv6(hdr->ipv6, hdr->tcp,  in syncookie_handle_syn()
628 						       hdr->tcp_len);  in syncookie_handle_syn()
637 	if (tscookie_init((void *)hdr->tcp, hdr->tcp_len,  in syncookie_handle_syn()
645 	if (data + sizeof(*hdr->eth) + ip_len + TCP_MAXLEN > data_end)  in syncookie_handle_syn()
648 	if (hdr->ipv4) {  in syncookie_handle_syn()
649 		if (hdr->ipv4->ihl * 4 > sizeof(*hdr->ipv4)) {  in syncookie_handle_syn()
652 			new_tcp_header = data + sizeof(*hdr->eth) + sizeof(*hdr->ipv4);  in syncookie_handle_syn()
653 			__builtin_memmove(new_tcp_header, hdr->tcp, sizeof(*hdr->tcp));  in syncookie_handle_syn()
654 			hdr->tcp = new_tcp_header;  in syncookie_handle_syn()
656 			hdr->ipv4->ihl = sizeof(*hdr->ipv4) / 4;  in syncookie_handle_syn()
659 		tcpv4_gen_synack(hdr, cookie, tsopt);  in syncookie_handle_syn()
660 	} else if (hdr->ipv6) {  in syncookie_handle_syn()
661 		tcpv6_gen_synack(hdr, cookie, tsopt);  in syncookie_handle_syn()
667 	hdr->tcp->check = 0;  in syncookie_handle_syn()
668 	value = bpf_csum_diff(0, 0, (void *)hdr->tcp, hdr->tcp_len, 0);  in syncookie_handle_syn()
671 	if (hdr->ipv4) {  in syncookie_handle_syn()
672 		hdr->tcp->check = csum_tcpudp_magic(hdr->ipv4->saddr,  in syncookie_handle_syn()
673 						    hdr->ipv4->daddr,  in syncookie_handle_syn()
674 						    hdr->tcp_len,  in syncookie_handle_syn()
678 		hdr->ipv4->check = 0;  in syncookie_handle_syn()
679 		value = bpf_csum_diff(0, 0, (void *)hdr->ipv4, sizeof(*hdr->ipv4), 0);  in syncookie_handle_syn()
682 		hdr->ipv4->check = csum_fold(value);  in syncookie_handle_syn()
683 	} else if (hdr->ipv6) {  in syncookie_handle_syn()
684 		hdr->tcp->check = csum_ipv6_magic(&hdr->ipv6->saddr,  in syncookie_handle_syn()
685 						  &hdr->ipv6->daddr,  in syncookie_handle_syn()
686 						  hdr->tcp_len,  in syncookie_handle_syn()
695 	new_pkt_size = sizeof(*hdr->eth) + ip_len + hdr->tcp->doff * 4;  in syncookie_handle_syn()
709 static __always_inline int syncookie_handle_ack(struct header_pointers *hdr)  in syncookie_handle_ack()  argument
713 	if (hdr->tcp->rst)  in syncookie_handle_ack()
716 	if (hdr->ipv4)  in syncookie_handle_ack()
717 		err = bpf_tcp_raw_check_syncookie_ipv4(hdr->ipv4, hdr->tcp);  in syncookie_handle_ack()
718 	else if (hdr->ipv6)  in syncookie_handle_ack()
719 		err = bpf_tcp_raw_check_syncookie_ipv6(hdr->ipv6, hdr->tcp);  in syncookie_handle_ack()
729 					   struct header_pointers *hdr, bool xdp)  in syncookie_part1()  argument
733 	ret = tcp_dissect(data, data_end, hdr);  in syncookie_part1()
737 	ret = tcp_lookup(ctx, hdr, xdp);  in syncookie_part1()
743 	if ((hdr->tcp->syn ^ hdr->tcp->ack) != 1)  in syncookie_part1()
750 		if (bpf_xdp_adjust_tail(ctx, TCP_MAXLEN - hdr->tcp_len))  in syncookie_part1()
758 		if (bpf_skb_change_tail(ctx, old_len + TCP_MAXLEN - hdr->tcp_len, 0))  in syncookie_part1()
766 					   struct header_pointers *hdr, bool xdp)  in syncookie_part2()  argument
768 	if (hdr->ipv4) {  in syncookie_part2()
769 		hdr->eth = data;  in syncookie_part2()
770 		hdr->ipv4 = (void *)hdr->eth + sizeof(*hdr->eth);  in syncookie_part2()
774 		if ((void *)hdr->ipv4 + IPV4_MAXLEN > data_end)  in syncookie_part2()
776 		hdr->tcp = (void *)hdr->ipv4 + hdr->ipv4->ihl * 4;  in syncookie_part2()
777 	} else if (hdr->ipv6) {  in syncookie_part2()
778 		hdr->eth = data;  in syncookie_part2()
779 		hdr->ipv6 = (void *)hdr->eth + sizeof(*hdr->eth);  in syncookie_part2()
780 		hdr->tcp = (void *)hdr->ipv6 + sizeof(*hdr->ipv6);  in syncookie_part2()
785 	if ((void *)hdr->tcp + TCP_MAXLEN > data_end)  in syncookie_part2()
791 	hdr->tcp_len = hdr->tcp->doff * 4;  in syncookie_part2()
792 	if (hdr->tcp_len < sizeof(*hdr->tcp))  in syncookie_part2()
795 	return hdr->tcp->syn ? syncookie_handle_syn(hdr, ctx, data, data_end, xdp) :  in syncookie_part2()
796 			       syncookie_handle_ack(hdr);  in syncookie_part2()
804 	struct header_pointers hdr;  in syncookie_xdp()  local
807 	ret = syncookie_part1(ctx, data, data_end, &hdr, true);  in syncookie_xdp()
814 	return syncookie_part2(ctx, data, data_end, &hdr, true);  in syncookie_xdp()
822 	struct header_pointers hdr;  in syncookie_tc()  local
825 	ret = syncookie_part1(skb, data, data_end, &hdr, false);  in syncookie_tc()
832 	ret = syncookie_part2(skb, data, data_end, &hdr, false);  in syncookie_tc()