fix: erroneous bitmask operation

In kernel selftest/bpf xdp synproxy has:
[0] b6a3451e084 (selftests/bpf: Fix erroneous bitmask operation)
sync the fix here.

It addresses an issue when xdp synproxy need to handle SYNACK
from backend server, see [1].

[0]: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=b6a3451e0847
[1]: https://lore.kernel.org/xdp-newbies/CAK3+h2z1r69Z5g+qTwCaJzgnD5sv93x67TLJ3gVQ70_nFE0AqQ@mail.gmail.com/T/#t

Signed-off-by: Vincent Li <[email protected]>

Author: vincentmli

headers/vmlinux/vmlinux_net.h

@@ -142,6 +142,7 @@ struct nf_conn {
 enum ip_conntrack_status {
 	/* Connection is confirmed: originating packet has left box */
 	IPS_CONFIRMED_BIT = 3,
+	IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT),
 };
 
 #endif /* __VMLINUX_NET_H__ */

xdp-synproxy/xdp_synproxy_kern.c

@@ -447,13 +447,13 @@ static __always_inline int tcp_lookup(void *ctx, struct header_pointers *hdr, bo
 		unsigned long status = ct->status;
 
 		bpf_ct_release(ct);
-		if (status & IPS_CONFIRMED_BIT)
+		if (status & IPS_CONFIRMED)
 			return XDP_PASS;
 	} else if (ct_lookup_opts.error != -ENOENT) {
 		return XDP_ABORTED;
 	}
 
-	/* error == -ENOENT || !(status & IPS_CONFIRMED_BIT) */
+	/* error == -ENOENT || !(status & IPS_CONFIRMED) */
 	return XDP_TX;
 }