selftests/bpf: Fix erroneous bitmask operation

xdp_synproxy_kern.c is a BPF program that generates SYN cookies on
allowed TCP ports and sends SYNACKs to clients, accelerating synproxy
iptables module.

Fix the bitmask operation when checking the status of an existing
conntrack entry within tcp_lookup() function. Do not AND with the bit
position number, but with the bitmask value to check whether the entry
found has the IPS_CONFIRMED flag set.

Fixes: fb5cd0ce70d4 ("selftests/bpf: Add selftests for raw syncookie helpers")
Signed-off-by: Jeroen van Ingen Schenau <jeroen.vaningenschenau@novoserve.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Tested-by: Minh Le Hoang <minh.lehoang@novoserve.com>
Link: https://lore.kernel.org/xdp-newbies/CAAi1gX7owA+Tcxq-titC-h-KPM7Ri-6ZhTNMhrnPq5gmYYwKow@mail.gmail.com/T/#u
Link: https://lore.kernel.org/bpf/20231130120353.3084-1-jeroen.vaningenschenau@novoserve.com

diff --git a/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c b/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c
index 80f620602d50ffc1e4598e6c5e45c5dfa4880412..518329c666e93fa9d55b628d25a5e8919e3d5af1 100644 (file)
--- a/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c
+++ b/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c
@@ -467,13 +467,13 @@ static __always_inline int tcp_lookup(void *ctx, struct header_pointers *hdr, bo
                unsigned long status = ct->status;
 
                bpf_ct_release(ct);
-               if (status & IPS_CONFIRMED_BIT)
+               if (status & IPS_CONFIRMED)
                        return XDP_PASS;
        } else if (ct_lookup_opts.error != -ENOENT) {
                return XDP_ABORTED;
        }
 
-       /* error == -ENOENT || !(status & IPS_CONFIRMED_BIT) */
+       /* error == -ENOENT || !(status & IPS_CONFIRMED) */
        return XDP_TX;
 }