Flags TCP ECE/CWR

[m0zZ3]

Hello, I would like to ask you a question. Why haven't you added the TCP ECE and CWR flags?

I've tried adding them manually and compiling it again, it seems to work, but I'm still not sure, I'm doing some tests.

[gamemann]

Hey!

I apologize for the delay, I've been dealing with personal issues and haven't had the time to work on open-source projects. I planned to add these a while ago, but haven't gotten around to it. I can add it quickly, but since you already have code, I was wondering if you wanted to make a PR request instead.

Thank you!

[m0zZ3]

Hi, I'm not sure I did it right. I don't have as much experience as you in XDP.

The tests seem to work, but I'm not sure.

We are currently getting hit with +5 Gbps with TCP Flood and various flags active including: ECE, CWR, NS, URG, etc.

Can you add these flags when you have time? I understand what in the kernel they are already. It would be necessary to map them, I did that (but I'm not sure I did it right)

I also noticed that if I allow TCP_ENABLE = true and TCP_ACK = TRUE, it allows all the flags that are accompanied by the ACK, example: ACK/PSH, ACK/FIN, ACK/SYN, can this be improved? Or do you have an idea to allow flags according to "validation", i.e. useful flags?

Thank you very much for taking the time to respond, regards

[gamemann]

Hey! I'm sorry for the delayed response, I've been going through a lot the last few months and started working on a big exciting project!

I've implemented the TCP ECE and CWR flags.

https://github.com/gamemann/XDP-Firewall/commit/1c41ac296b91df2aefbad67c766364405c55a8df