selftests/bpf: Fix erroneous bitmask operation

[ Upstream commit b6a3451e0847d5d70fb5fa2b2a80ab9f80bf2c7b ]

xdp_synproxy_kern.c is a BPF program that generates SYN cookies on
allowed TCP ports and sends SYNACKs to clients, accelerating synproxy
iptables module.

Fix the bitmask operation when checking the status of an existing
conntrack entry within tcp_lookup() function. Do not AND with the bit
position number, but with the bitmask value to check whether the entry
found has the IPS_CONFIRMED flag set.

Fixes: fb5cd0ce70d4 ("selftests/bpf: Add selftests for raw syncookie helpers")
Signed-off-by: Jeroen van Ingen Schenau <jeroen.vaningenschenau@novoserve.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Tested-by: Minh Le Hoang <minh.lehoang@novoserve.com>
Link: https://lore.kernel.org/xdp-newbies/CAAi1gX7owA+Tcxq-titC-h-KPM7Ri-6ZhTNMhrnPq5gmYYwKow@mail.gmail.com/T/#u
Link: https://lore.kernel.org/bpf/20231130120353.3084-1-jeroen.vaningenschenau@novoserve.com
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c b/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c
index 80f620602d50ffc1e4598e6c5e45c5dfa4880412..518329c666e93fa9d55b628d25a5e8919e3d5af1 100644 (file)
--- a/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c
+++ b/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c
@@ -467,13 +467,13 @@ static __always_inline int tcp_lookup(void *ctx, struct header_pointers *hdr, bo
                unsigned long status = ct->status;
 
                bpf_ct_release(ct);
-               if (status & IPS_CONFIRMED_BIT)
+               if (status & IPS_CONFIRMED)
                        return XDP_PASS;
        } else if (ct_lookup_opts.error != -ENOENT) {
                return XDP_ABORTED;
        }
 
-       /* error == -ENOENT || !(status & IPS_CONFIRMED_BIT) */
+       /* error == -ENOENT || !(status & IPS_CONFIRMED) */
        return XDP_TX;
 }