tcp: avoid reorders for TFO passive connections

We found that a TCP Fast Open passive connection was vulnerable to reorders, as the exchange might look like [1] C -> S S <FO ...> <request> [2] S -> C S. ack request <options> [3] S -> C . <answer> packets [2] and [3] can be generated at almost the same time. If C receives the 3rd packet before the 2nd, it will drop it as the socket is in SYN_SENT state and expects a SYNACK. S will have to retransmit the answer. Current OOO avoidance in linux is defeated because SYNACK packets are attached to the LISTEN socket, while DATA packets are attached to the children. They might be sent by different cpus, and different TX queues might be selected. It turns out that for TFO, we created a child, which is a full blown socket in TCP_SYN_RECV state, and we simply can attach the SYNACK packet to this socket. This means that at the time tcp_sendmsg() pushes DATA packet, skb->ooo_okay will be set iff the SYNACK packet had been sent and TX completed. This removes the reorder source at the host level. We also removed the export of tcp_try_fastopen(), as it is no longer called from IPv6. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Yuchung Cheng <ycheng@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Eric Dumazet <edumazet@google.com> 2015-09-24 20:16:05 -0400
committer: David S. Miller <davem@davemloft.net> 2015-09-29 01:11:19 -0400
commit: 7c85af8810448d8ef59331be51e482413b5f503d (patch)
tree: 25beda8e7a35a221e3f43dfabd0225ac3c01c6c8 /include/net/tcp.h
parent: eae93fe4ff88ec0979a00c440a1aa63f92c8f367 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/include/net/tcp.h b/include/net/tcp.h
index 6630ab180f5c..cdbf63d3c5cf 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -1422,10 +1422,10 @@ void tcp_free_fastopen_req(struct tcp_sock *tp);
 extern struct tcp_fastopen_context __rcu *tcp_fastopen_ctx;
 int tcp_fastopen_reset_cipher(void *key, unsigned int len);
-bool tcp_try_fastopen(struct sock *sk, struct sk_buff *skb,
+struct sock *tcp_try_fastopen(struct sock *sk, struct sk_buff *skb,
-                      struct request_sock *req,
+                              struct request_sock *req,
-                      struct tcp_fastopen_cookie *foc,
+                              struct tcp_fastopen_cookie *foc,
-                      struct dst_entry *dst);
+                              struct dst_entry *dst);
 void tcp_fastopen_init_key_once(bool publish);
 #define TCP_FASTOPEN_KEY_LENGTH 16
author	Eric Dumazet <edumazet@google.com>	2015-09-24 20:16:05 -0400
committer	David S. Miller <davem@davemloft.net>	2015-09-29 01:11:19 -0400
commit	7c85af8810448d8ef59331be51e482413b5f503d (patch)
tree	25beda8e7a35a221e3f43dfabd0225ac3c01c6c8 /include/net/tcp.h
parent	eae93fe4ff88ec0979a00c440a1aa63f92c8f367 (diff)

diff --git a/include/net/tcp.h b/include/net/tcp.h index 6630ab180f5c..cdbf63d3c5cf 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h
@@ -1422,10 +1422,10 @@ void tcp_free_fastopen_req(struct tcp_sock *tp);
1422		1422
1423	extern struct tcp_fastopen_context __rcu *tcp_fastopen_ctx;	1423	extern struct tcp_fastopen_context __rcu *tcp_fastopen_ctx;
1424	int tcp_fastopen_reset_cipher(void *key, unsigned int len);	1424	int tcp_fastopen_reset_cipher(void *key, unsigned int len);
1425	bool tcp_try_fastopen(struct sock sk, struct sk_buff skb,	1425	struct sock tcp_try_fastopen(struct sock sk, struct sk_buff *skb,
1426	struct request_sock *req,	1426	struct request_sock *req,
1427	struct tcp_fastopen_cookie *foc,	1427	struct tcp_fastopen_cookie *foc,
1428	struct dst_entry *dst);	1428	struct dst_entry *dst);
1429	void tcp_fastopen_init_key_once(bool publish);	1429	void tcp_fastopen_init_key_once(bool publish);
1430	#define TCP_FASTOPEN_KEY_LENGTH 16	1430	#define TCP_FASTOPEN_KEY_LENGTH 16
1431		1431