xdp-synproxy: drop IP_DF check

When XDP synproxy receives tcp packet that does not have IP DF flag set, tcp packet is dropped. Not all website has IP DF set for each tcp packet, do drop IP_DF check. fix: vincentmli/BPFire#59 Signed-off-by: Vincent Li <[email protected]>
vincentmli · Oct 25, 2024 · e2a03b1 · e2a03b1
1 parent 37024e2
commit e2a03b1
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/xdp-synproxy/xdp_synproxy.bpf.c b/xdp-synproxy/xdp_synproxy.bpf.c
@@ -443,7 +443,7 @@ static __always_inline int tcp_lookup(void *ctx, struct header_pointers *hdr, bo
 		/* TCP doesn't normally use fragments, and XDP can't reassemble
 		 * them.
 		 */
-		if ((hdr->ipv4->frag_off & bpf_htons(IP_DF | IP_MF | IP_OFFSET)) != bpf_htons(IP_DF))
+		if ((hdr->ipv4->frag_off & bpf_htons(IP_MF | IP_OFFSET)) != 0)
 			return XDP_DROP;
 
 		tup.ipv4.saddr = hdr->ipv4->saddr;