diff options
| author | Yuchung Cheng <ycheng@google.com> | 2014-05-11 23:22:10 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-05-13 17:53:02 -0400 |
| commit | 89278c9dc922272df921042aafa18311f3398c6c (patch) | |
| tree | 0138bbfdcd757b29f89a999d8f7c84260b68f505 | |
| parent | 5b7ed0892f2af4e60b9a8d2c71c77774512a6cb9 (diff) | |
tcp: simplify fast open cookie processing
Consolidate various cookie checking and generation code to simplify
the fast open processing. The main goal is to reduce code duplication
in tcp_v4_conn_request() for IPv6 support.
Removes two experimental sysctl flags TFO_SERVER_ALWAYS and
TFO_SERVER_COOKIE_NOT_CHKD used primarily for developmental debugging
purposes.
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: Daniel Lee <longinus00@gmail.com>
Signed-off-by: Jerry Chu <hkchu@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/linux/tcp.h | 5 | ||||
| -rw-r--r-- | include/net/tcp.h | 9 | ||||
| -rw-r--r-- | net/ipv4/tcp_fastopen.c | 71 | ||||
| -rw-r--r-- | net/ipv4/tcp_ipv4.c | 10 | ||||
| -rw-r--r-- | net/ipv4/tcp_output.c | 2 |
5 files changed, 33 insertions, 64 deletions
diff --git a/include/linux/tcp.h b/include/linux/tcp.h index 4e37c71ecd74..bc35e4709e8e 100644 --- a/include/linux/tcp.h +++ b/include/linux/tcp.h | |||
| @@ -366,11 +366,6 @@ static inline bool tcp_passive_fastopen(const struct sock *sk) | |||
| 366 | tcp_sk(sk)->fastopen_rsk != NULL); | 366 | tcp_sk(sk)->fastopen_rsk != NULL); |
| 367 | } | 367 | } |
| 368 | 368 | ||
| 369 | static inline bool fastopen_cookie_present(struct tcp_fastopen_cookie *foc) | ||
| 370 | { | ||
| 371 | return foc->len != -1; | ||
| 372 | } | ||
| 373 | |||
| 374 | extern void tcp_sock_destruct(struct sock *sk); | 369 | extern void tcp_sock_destruct(struct sock *sk); |
| 375 | 370 | ||
| 376 | static inline int fastopen_init_queue(struct sock *sk, int backlog) | 371 | static inline int fastopen_init_queue(struct sock *sk, int backlog) |
diff --git a/include/net/tcp.h b/include/net/tcp.h index 012236838583..17d7c6a3d037 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h | |||
| @@ -220,8 +220,6 @@ void tcp_time_wait(struct sock *sk, int state, int timeo); | |||
| 220 | #define TFO_SERVER_ENABLE 2 | 220 | #define TFO_SERVER_ENABLE 2 |
| 221 | #define TFO_CLIENT_NO_COOKIE 4 /* Data in SYN w/o cookie option */ | 221 | #define TFO_CLIENT_NO_COOKIE 4 /* Data in SYN w/o cookie option */ |
| 222 | 222 | ||
| 223 | /* Process SYN data but skip cookie validation */ | ||
| 224 | #define TFO_SERVER_COOKIE_NOT_CHKED 0x100 | ||
| 225 | /* Accept SYN data w/o any cookie option */ | 223 | /* Accept SYN data w/o any cookie option */ |
| 226 | #define TFO_SERVER_COOKIE_NOT_REQD 0x200 | 224 | #define TFO_SERVER_COOKIE_NOT_REQD 0x200 |
| 227 | 225 | ||
| @@ -230,10 +228,6 @@ void tcp_time_wait(struct sock *sk, int state, int timeo); | |||
| 230 | */ | 228 | */ |
| 231 | #define TFO_SERVER_WO_SOCKOPT1 0x400 | 229 | #define TFO_SERVER_WO_SOCKOPT1 0x400 |
| 232 | #define TFO_SERVER_WO_SOCKOPT2 0x800 | 230 | #define TFO_SERVER_WO_SOCKOPT2 0x800 |
| 233 | /* Always create TFO child sockets on a TFO listener even when | ||
| 234 | * cookie/data not present. (For testing purpose!) | ||
| 235 | */ | ||
| 236 | #define TFO_SERVER_ALWAYS 0x1000 | ||
| 237 | 231 | ||
| 238 | extern struct inet_timewait_death_row tcp_death_row; | 232 | extern struct inet_timewait_death_row tcp_death_row; |
| 239 | 233 | ||
| @@ -1335,8 +1329,7 @@ int tcp_fastopen_create_child(struct sock *sk, | |||
| 1335 | struct request_sock *req); | 1329 | struct request_sock *req); |
| 1336 | bool tcp_fastopen_check(struct sock *sk, struct sk_buff *skb, | 1330 | bool tcp_fastopen_check(struct sock *sk, struct sk_buff *skb, |
| 1337 | struct request_sock *req, | 1331 | struct request_sock *req, |
| 1338 | struct tcp_fastopen_cookie *foc, | 1332 | struct tcp_fastopen_cookie *foc); |
| 1339 | struct tcp_fastopen_cookie *valid_foc); | ||
| 1340 | void tcp_fastopen_init_key_once(bool publish); | 1333 | void tcp_fastopen_init_key_once(bool publish); |
| 1341 | #define TCP_FASTOPEN_KEY_LENGTH 16 | 1334 | #define TCP_FASTOPEN_KEY_LENGTH 16 |
| 1342 | 1335 | ||
diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c index 0606c91d9d0b..5a98277b9a82 100644 --- a/net/ipv4/tcp_fastopen.c +++ b/net/ipv4/tcp_fastopen.c | |||
| @@ -228,59 +228,44 @@ static bool tcp_fastopen_queue_check(struct sock *sk) | |||
| 228 | return true; | 228 | return true; |
| 229 | } | 229 | } |
| 230 | 230 | ||
| 231 | /* Returns true if we should perform Fast Open on the SYN. The cookie (foc) | ||
| 232 | * may be updated and return the client in the SYN-ACK later. E.g., Fast Open | ||
| 233 | * cookie request (foc->len == 0). | ||
| 234 | */ | ||
| 231 | bool tcp_fastopen_check(struct sock *sk, struct sk_buff *skb, | 235 | bool tcp_fastopen_check(struct sock *sk, struct sk_buff *skb, |
| 232 | struct request_sock *req, | 236 | struct request_sock *req, |
| 233 | struct tcp_fastopen_cookie *foc, | 237 | struct tcp_fastopen_cookie *foc) |
| 234 | struct tcp_fastopen_cookie *valid_foc) | ||
| 235 | { | 238 | { |
| 236 | bool skip_cookie = false; | 239 | struct tcp_fastopen_cookie valid_foc = { .len = -1 }; |
| 237 | 240 | bool syn_data = TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq + 1; | |
| 238 | if (likely(!fastopen_cookie_present(foc))) { | ||
| 239 | /* See include/net/tcp.h for the meaning of these knobs */ | ||
| 240 | if ((sysctl_tcp_fastopen & TFO_SERVER_ALWAYS) || | ||
| 241 | ((sysctl_tcp_fastopen & TFO_SERVER_COOKIE_NOT_REQD) && | ||
| 242 | (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq + 1))) | ||
| 243 | skip_cookie = true; /* no cookie to validate */ | ||
| 244 | else | ||
| 245 | return false; | ||
| 246 | } | ||
| 247 | /* A FO option is present; bump the counter. */ | ||
| 248 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPFASTOPENPASSIVE); | ||
| 249 | 241 | ||
| 250 | if ((sysctl_tcp_fastopen & TFO_SERVER_ENABLE) == 0 || | 242 | if (!((sysctl_tcp_fastopen & TFO_SERVER_ENABLE) && |
| 251 | !tcp_fastopen_queue_check(sk)) | 243 | (syn_data || foc->len >= 0) && |
| 244 | tcp_fastopen_queue_check(sk))) { | ||
| 245 | foc->len = -1; | ||
| 252 | return false; | 246 | return false; |
| 253 | |||
| 254 | if (skip_cookie) { | ||
| 255 | tcp_rsk(req)->rcv_nxt = TCP_SKB_CB(skb)->end_seq; | ||
| 256 | return true; | ||
| 257 | } | 247 | } |
| 258 | 248 | ||
| 259 | if (foc->len == TCP_FASTOPEN_COOKIE_SIZE) { | 249 | if (syn_data && (sysctl_tcp_fastopen & TFO_SERVER_COOKIE_NOT_REQD)) |
| 260 | if ((sysctl_tcp_fastopen & TFO_SERVER_COOKIE_NOT_CHKED) == 0) { | 250 | goto fastopen; |
| 261 | tcp_fastopen_cookie_gen(ip_hdr(skb)->saddr, | 251 | |
| 262 | ip_hdr(skb)->daddr, valid_foc); | 252 | tcp_fastopen_cookie_gen(ip_hdr(skb)->saddr, |
| 263 | if ((valid_foc->len != TCP_FASTOPEN_COOKIE_SIZE) || | 253 | ip_hdr(skb)->daddr, &valid_foc); |
| 264 | memcmp(&foc->val[0], &valid_foc->val[0], | 254 | |
| 265 | TCP_FASTOPEN_COOKIE_SIZE) != 0) | 255 | if (foc->len == TCP_FASTOPEN_COOKIE_SIZE && |
| 266 | return false; | 256 | foc->len == valid_foc.len && |
| 267 | valid_foc->len = -1; | 257 | !memcmp(foc->val, valid_foc.val, foc->len)) { |
| 268 | } | 258 | fastopen: |
| 269 | /* Acknowledge the data received from the peer. */ | ||
| 270 | tcp_rsk(req)->rcv_nxt = TCP_SKB_CB(skb)->end_seq; | 259 | tcp_rsk(req)->rcv_nxt = TCP_SKB_CB(skb)->end_seq; |
| 260 | foc->len = -1; | ||
| 261 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPFASTOPENPASSIVE); | ||
| 271 | return true; | 262 | return true; |
| 272 | } else if (foc->len == 0) { /* Client requesting a cookie */ | ||
| 273 | tcp_fastopen_cookie_gen(ip_hdr(skb)->saddr, | ||
| 274 | ip_hdr(skb)->daddr, valid_foc); | ||
| 275 | NET_INC_STATS_BH(sock_net(sk), | ||
| 276 | LINUX_MIB_TCPFASTOPENCOOKIEREQD); | ||
| 277 | } else { | ||
| 278 | /* Client sent a cookie with wrong size. Treat it | ||
| 279 | * the same as invalid and return a valid one. | ||
| 280 | */ | ||
| 281 | tcp_fastopen_cookie_gen(ip_hdr(skb)->saddr, | ||
| 282 | ip_hdr(skb)->daddr, valid_foc); | ||
| 283 | } | 263 | } |
| 264 | |||
| 265 | NET_INC_STATS_BH(sock_net(sk), foc->len ? | ||
| 266 | LINUX_MIB_TCPFASTOPENPASSIVEFAIL : | ||
| 267 | LINUX_MIB_TCPFASTOPENCOOKIEREQD); | ||
| 268 | *foc = valid_foc; | ||
| 284 | return false; | 269 | return false; |
| 285 | } | 270 | } |
| 286 | EXPORT_SYMBOL(tcp_fastopen_check); | 271 | EXPORT_SYMBOL(tcp_fastopen_check); |
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 032fcaee164a..5ea0949dadfd 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c | |||
| @@ -1273,7 +1273,6 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb) | |||
| 1273 | bool want_cookie = false; | 1273 | bool want_cookie = false; |
| 1274 | struct flowi4 fl4; | 1274 | struct flowi4 fl4; |
| 1275 | struct tcp_fastopen_cookie foc = { .len = -1 }; | 1275 | struct tcp_fastopen_cookie foc = { .len = -1 }; |
| 1276 | struct tcp_fastopen_cookie valid_foc = { .len = -1 }; | ||
| 1277 | struct sk_buff *skb_synack; | 1276 | struct sk_buff *skb_synack; |
| 1278 | int do_fastopen; | 1277 | int do_fastopen; |
| 1279 | 1278 | ||
| @@ -1381,7 +1380,8 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb) | |||
| 1381 | if (dst == NULL) | 1380 | if (dst == NULL) |
| 1382 | goto drop_and_free; | 1381 | goto drop_and_free; |
| 1383 | } | 1382 | } |
| 1384 | do_fastopen = tcp_fastopen_check(sk, skb, req, &foc, &valid_foc); | 1383 | do_fastopen = !want_cookie && |
| 1384 | tcp_fastopen_check(sk, skb, req, &foc); | ||
| 1385 | 1385 | ||
| 1386 | /* We don't call tcp_v4_send_synack() directly because we need | 1386 | /* We don't call tcp_v4_send_synack() directly because we need |
| 1387 | * to make sure a child socket can be created successfully before | 1387 | * to make sure a child socket can be created successfully before |
| @@ -1394,8 +1394,7 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb) | |||
| 1394 | * latter to remove its dependency on the current implementation | 1394 | * latter to remove its dependency on the current implementation |
| 1395 | * of tcp_v4_send_synack()->tcp_select_initial_window(). | 1395 | * of tcp_v4_send_synack()->tcp_select_initial_window(). |
| 1396 | */ | 1396 | */ |
| 1397 | skb_synack = tcp_make_synack(sk, dst, req, | 1397 | skb_synack = tcp_make_synack(sk, dst, req, &foc); |
| 1398 | fastopen_cookie_present(&valid_foc) ? &valid_foc : NULL); | ||
| 1399 | 1398 | ||
| 1400 | if (skb_synack) { | 1399 | if (skb_synack) { |
| 1401 | __tcp_v4_send_check(skb_synack, ireq->ir_loc_addr, ireq->ir_rmt_addr); | 1400 | __tcp_v4_send_check(skb_synack, ireq->ir_loc_addr, ireq->ir_rmt_addr); |
| @@ -1415,9 +1414,6 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb) | |||
| 1415 | tcp_rsk(req)->listener = NULL; | 1414 | tcp_rsk(req)->listener = NULL; |
| 1416 | /* Add the request_sock to the SYN table */ | 1415 | /* Add the request_sock to the SYN table */ |
| 1417 | inet_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT); | 1416 | inet_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT); |
| 1418 | if (fastopen_cookie_present(&foc) && foc.len != 0) | ||
| 1419 | NET_INC_STATS_BH(sock_net(sk), | ||
| 1420 | LINUX_MIB_TCPFASTOPENPASSIVEFAIL); | ||
| 1421 | } else if (tcp_fastopen_create_child(sk, skb, skb_synack, req)) | 1417 | } else if (tcp_fastopen_create_child(sk, skb, skb_synack, req)) |
| 1422 | goto drop_and_release; | 1418 | goto drop_and_release; |
| 1423 | 1419 | ||
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 694711a140d4..b20fc02920f9 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c | |||
| @@ -627,7 +627,7 @@ static unsigned int tcp_synack_options(struct sock *sk, | |||
| 627 | if (unlikely(!ireq->tstamp_ok)) | 627 | if (unlikely(!ireq->tstamp_ok)) |
| 628 | remaining -= TCPOLEN_SACKPERM_ALIGNED; | 628 | remaining -= TCPOLEN_SACKPERM_ALIGNED; |
| 629 | } | 629 | } |
| 630 | if (foc != NULL) { | 630 | if (foc != NULL && foc->len >= 0) { |
| 631 | u32 need = TCPOLEN_EXP_FASTOPEN_BASE + foc->len; | 631 | u32 need = TCPOLEN_EXP_FASTOPEN_BASE + foc->len; |
| 632 | need = (need + 3) & ~3U; /* Align to 32 bits */ | 632 | need = (need + 3) & ~3U; /* Align to 32 bits */ |
| 633 | if (remaining >= need) { | 633 | if (remaining >= need) { |