On Fri, Apr 10, 2026 at 6:32 PM Jiayuan Chen <[email protected]> wrote: > > 1. Replace IS_ENABLED(CONFIG_BPF) with CONFIG_BPF_SYSCALL for > cookie_bpf_ok() and cookie_bpf_check(). CONFIG_BPF is selected by > CONFIG_NET unconditionally, so IS_ENABLED(CONFIG_BPF) is always > true and provides no real guard. CONFIG_BPF_SYSCALL is the correct > config for BPF program functionality. > > 2. Remove the CONFIG_BPF_SYSCALL guard around struct bpf_tcp_req_attrs. > This struct is referenced by bpf_sk_assign_tcp_reqsk() in > net/core/filter.c which is compiled unconditionally, so wrapping > the definition in a config guard could cause build failures when > CONFIG_BPF_SYSCALL=n. > > 3. Fix mismatched declaration of cookie_bpf_check() between the > CONFIG_BPF_SYSCALL and stub paths: the real definition takes > 'struct net *net' but the declaration in the header did not. > Add the net parameter to the declaration and all call sites. > > 4. Add missing LINUX_MIB_SYNCOOKIESRECV and LINUX_MIB_SYNCOOKIESFAILED > statistics in cookie_bpf_check(), so that BPF custom syncookie > validation is accounted for in SNMP counters just like the > non-BPF path. > > Compile-tested with CONFIG_BPF_SYSCALL=y and CONFIG_BPF_SYSCALL > not set. > > Signed-off-by: Jiayuan Chen <[email protected]>
Reviewed-by: Kuniyuki Iwashima <[email protected]>
