tcp: avoid reorders for TFO passive connections

We found that a TCP Fast Open passive connection was vulnerable to reorders, as the exchange might look like [1] C -> S S <FO ...> <request> [2] S -> C S. ack request <options> [3] S -> C . <answer> packets [2] and [3] can be generated at almost the same time. If C receives the 3rd packet before the 2nd, it will drop it as the socket is in SYN_SENT state and expects a SYNACK. S will have to retransmit the answer. Current OOO avoidance in linux is defeated because SYNACK packets are attached to the LISTEN socket, while DATA packets are attached to the children. They might be sent by different cpus, and different TX queues might be selected. It turns out that for TFO, we created a child, which is a full blown socket in TCP_SYN_RECV state, and we simply can attach the SYNACK packet to this socket. This means that at the time tcp_sendmsg() pushes DATA packet, skb->ooo_okay will be set iff the SYNACK packet had been sent and TX completed. This removes the reorder source at the host level. We also removed the export of tcp_try_fastopen(), as it is no longer called from IPv6. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Yuchung Cheng <ycheng@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Eric Dumazet <edumazet@google.com> 2015-09-24 20:16:05 -0400
committer: David S. Miller <davem@davemloft.net> 2015-09-29 01:11:19 -0400
commit: 7c85af8810448d8ef59331be51e482413b5f503d (patch)
tree: 25beda8e7a35a221e3f43dfabd0225ac3c01c6c8 /net/ipv4/tcp_fastopen.c
parent: eae93fe4ff88ec0979a00c440a1aa63f92c8f367 (diff)
1 files changed, 19 insertions, 16 deletions
diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c
index f9c0fb84e435..db43c6286cf7 100644
--- a/net/ipv4/tcp_fastopen.c
+++ b/net/ipv4/tcp_fastopen.c
@@ -124,10 +124,10 @@ static bool tcp_fastopen_cookie_gen(struct request_sock *req,
        return false;
 }
-static bool tcp_fastopen_create_child(struct sock *sk,
+static struct sock *tcp_fastopen_create_child(struct sock *sk,
-                                      struct sk_buff *skb,
+                                              struct sk_buff *skb,
-                                      struct dst_entry *dst,
+                                              struct dst_entry *dst,
-                                      struct request_sock *req)
+                                              struct request_sock *req)
 {
        struct tcp_sock *tp;
        struct request_sock_queue *queue = &inet_csk(sk)->icsk_accept_queue;
@@ -140,7 +140,7 @@ static bool tcp_fastopen_create_child(struct sock *sk,
        child = inet_csk(sk)->icsk_af_ops->syn_recv_sock(sk, skb, req, NULL);
        if (!child)
-                return false;
+                return NULL;
        spin_lock(&queue->fastopenq->lock);
        queue->fastopenq->qlen++;
@@ -216,9 +216,11 @@ static bool tcp_fastopen_create_child(struct sock *sk,
        tcp_rsk(req)->rcv_nxt = tp->rcv_nxt = end_seq;
        sk->sk_data_ready(sk);
        bh_unlock_sock(child);
-        sock_put(child);
+        /* Note: sock_put(child) will be done by tcp_conn_request()
+         * after SYNACK packet is sent.
+         */
        WARN_ON(!req->sk);
-        return true;
+        return child;
 }
 static bool tcp_fastopen_queue_check(struct sock *sk)
@@ -261,13 +263,14 @@ static bool tcp_fastopen_queue_check(struct sock *sk)
 * may be updated and return the client in the SYN-ACK later. E.g., Fast Open
 * cookie request (foc->len == 0).
 */
-bool tcp_try_fastopen(struct sock *sk, struct sk_buff *skb,
+struct sock *tcp_try_fastopen(struct sock *sk, struct sk_buff *skb,
-                      struct request_sock *req,
+                              struct request_sock *req,
-                      struct tcp_fastopen_cookie *foc,
+                              struct tcp_fastopen_cookie *foc,
-                      struct dst_entry *dst)
+                              struct dst_entry *dst)
 {
        struct tcp_fastopen_cookie valid_foc = { .len = -1 };
        bool syn_data = TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq + 1;
+        struct sock *child;
        if (foc->len == 0) /* Client requests a cookie */
                NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPFASTOPENCOOKIEREQD);
@@ -276,7 +279,7 @@ bool tcp_try_fastopen(struct sock *sk, struct sk_buff *skb,
              (syn_data || foc->len >= 0) &&
              tcp_fastopen_queue_check(sk))) {
                foc->len = -1;
-                return false;
+                return NULL;
        }
        if (syn_data && (sysctl_tcp_fastopen & TFO_SERVER_COOKIE_NOT_REQD))
@@ -296,11 +299,12 @@ bool tcp_try_fastopen(struct sock *sk, struct sk_buff *skb,
                 * data in SYN_RECV state.
                 */
 fastopen:
-                if (tcp_fastopen_create_child(sk, skb, dst, req)) {
+                child = tcp_fastopen_create_child(sk, skb, dst, req);
+                if (child) {
                        foc->len = -1;
                        NET_INC_STATS_BH(sock_net(sk),
                                         LINUX_MIB_TCPFASTOPENPASSIVE);
-                        return true;
+                        return child;
                }
                NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPFASTOPENPASSIVEFAIL);
        } else if (foc->len > 0) /* Client presents an invalid cookie */
@@ -308,6 +312,5 @@ fastopen:
        valid_foc.exp = foc->exp;
        *foc = valid_foc;
-        return false;
+        return NULL;
 }
-EXPORT_SYMBOL(tcp_try_fastopen);
author	Eric Dumazet <edumazet@google.com>	2015-09-24 20:16:05 -0400
committer	David S. Miller <davem@davemloft.net>	2015-09-29 01:11:19 -0400
commit	7c85af8810448d8ef59331be51e482413b5f503d (patch)
tree	25beda8e7a35a221e3f43dfabd0225ac3c01c6c8 /net/ipv4/tcp_fastopen.c
parent	eae93fe4ff88ec0979a00c440a1aa63f92c8f367 (diff)