net-tcp: Fast Open client - cookie-less mode

In trusted networks, e.g., intranet, data-center, the client does not need to use Fast Open cookie to mitigate DoS attacks. In cookie-less mode, sendmsg() with MSG_FASTOPEN flag will send SYN-data regardless of cookie availability. Signed-off-by: Yuchung Cheng <ycheng@google.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Yuchung Cheng <ycheng@google.com> 2012-07-19 02:43:11 -0400
committer: David S. Miller <davem@davemloft.net> 2012-07-19 14:02:03 -0400
commit: 67da22d23fa6f3324e03bcd0580b914b2e4afbf3 (patch)
tree: e794826d1dd7e30cf0885cbe93f22bc050c62359 /net
parent: aab4874355679c70f93993cf3b3fd74643b9ac33 (diff)
2 files changed, 11 insertions, 3 deletions
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index c49a4fc175b..e67d685a6c0 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -5650,7 +5650,7 @@ static bool tcp_rcv_fastopen_synack(struct sock *sk, struct sk_buff *synack,
                                    struct tcp_fastopen_cookie *cookie)
 {
        struct tcp_sock *tp = tcp_sk(sk);
-        struct sk_buff *data = tcp_write_queue_head(sk);
+        struct sk_buff *data = tp->syn_data ? tcp_write_queue_head(sk) : NULL;
        u16 mss = tp->rx_opt.mss_clamp;
        bool syn_drop;
@@ -5665,6 +5665,9 @@ static bool tcp_rcv_fastopen_synack(struct sock *sk, struct sk_buff *synack,
                mss = opt.mss_clamp;
        }
+        if (!tp->syn_fastopen)  /* Ignore an unsolicited cookie */
+                cookie->len = -1;
        /* The SYN-ACK neither has cookie nor acknowledges the data. Presumably
         * the remote receives only the retransmitted (regular) SYNs: either
         * the original SYN-data or the corresponding SYN-ACK is lost.
@@ -5816,7 +5819,8 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb,
                tcp_finish_connect(sk, skb);
-                if (tp->syn_fastopen && tcp_rcv_fastopen_synack(sk, skb, &foc))
+                if ((tp->syn_fastopen || tp->syn_data) &&
+                    tcp_rcv_fastopen_synack(sk, skb, &foc))
                        return -1;
                if (sk->sk_write_pending ||
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index c5cfd5ec318..27a32acfdb6 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -2864,6 +2864,7 @@ static int tcp_send_syn_data(struct sock *sk, struct sk_buff *syn)
        struct sk_buff *syn_data = NULL, *data;
        unsigned long last_syn_loss = 0;
+        tp->rx_opt.mss_clamp = tp->advmss;  /* If MSS is not cached */
        tcp_fastopen_cache_get(sk, &tp->rx_opt.mss_clamp, &fo->cookie,
                               &syn_loss, &last_syn_loss);
        /* Recurring FO SYN losses: revert to regular handshake temporarily */
@@ -2873,7 +2874,9 @@ static int tcp_send_syn_data(struct sock *sk, struct sk_buff *syn)
                goto fallback;
        }
-        if (fo->cookie.len <= 0)
+        if (sysctl_tcp_fastopen & TFO_CLIENT_NO_COOKIE)
+                fo->cookie.len = -1;
+        else if (fo->cookie.len <= 0)
                goto fallback;
        /* MSS for SYN-data is based on cached MSS and bounded by PMTU and
@@ -2916,6 +2919,7 @@ static int tcp_send_syn_data(struct sock *sk, struct sk_buff *syn)
        fo->copied = data->len;
        if (tcp_transmit_skb(sk, syn_data, 0, sk->sk_allocation) == 0) {
+                tp->syn_data = (fo->copied > 0);
                NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPFASTOPENACTIVE);
                goto done;
        }
author	Yuchung Cheng <ycheng@google.com>	2012-07-19 02:43:11 -0400
committer	David S. Miller <davem@davemloft.net>	2012-07-19 14:02:03 -0400
commit	67da22d23fa6f3324e03bcd0580b914b2e4afbf3 (patch)
tree	e794826d1dd7e30cf0885cbe93f22bc050c62359 /net
parent	aab4874355679c70f93993cf3b3fd74643b9ac33 (diff)