diff options
| author | William Allen Simpson <william.allen.simpson@gmail.com> | 2009-12-02 13:14:19 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2009-12-03 01:07:24 -0500 |
| commit | 519855c508b9a17878c0977a3cdefc09b59b30df (patch) | |
| tree | df6840c5c1560a84cb777b1855ec22c90c3df8d9 | |
| parent | da5c78c82629a167794436e4306b4cf1faddea90 (diff) | |
TCPCT part 1c: sysctl_tcp_cookie_size, socket option TCP_COOKIE_TRANSACTIONS
Define sysctl (tcp_cookie_size) to turn on and off the cookie option
default globally, instead of a compiled configuration option.
Define per socket option (TCP_COOKIE_TRANSACTIONS) for setting constant
data values, retrieving variable cookie values, and other facilities.
Move inline tcp_clear_options() unchanged from net/tcp.h to linux/tcp.h,
near its corresponding struct tcp_options_received (prior to changes).
This is a straightforward re-implementation of an earlier (year-old)
patch that no longer applies cleanly, with permission of the original
author (Adam Langley):
http://thread.gmane.org/gmane.linux.network/102586
These functions will also be used in subsequent patches that implement
additional features.
Requires:
net: TCP_MSS_DEFAULT, TCP_MSS_DESIRED
Signed-off-by: William.Allen.Simpson@gmail.com
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | Documentation/networking/ip-sysctl.txt | 8 | ||||
| -rw-r--r-- | include/linux/tcp.h | 33 | ||||
| -rw-r--r-- | include/net/tcp.h | 6 | ||||
| -rw-r--r-- | net/ipv4/sysctl_net_ipv4.c | 8 | ||||
| -rw-r--r-- | net/ipv4/tcp_output.c | 3 |
5 files changed, 52 insertions, 6 deletions
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt index 554440af675c..989f5538b8dd 100644 --- a/Documentation/networking/ip-sysctl.txt +++ b/Documentation/networking/ip-sysctl.txt | |||
| @@ -164,6 +164,14 @@ tcp_congestion_control - STRING | |||
| 164 | additional choices may be available based on kernel configuration. | 164 | additional choices may be available based on kernel configuration. |
| 165 | Default is set as part of kernel configuration. | 165 | Default is set as part of kernel configuration. |
| 166 | 166 | ||
| 167 | tcp_cookie_size - INTEGER | ||
| 168 | Default size of TCP Cookie Transactions (TCPCT) option, that may be | ||
| 169 | overridden on a per socket basis by the TCPCT socket option. | ||
| 170 | Values greater than the maximum (16) are interpreted as the maximum. | ||
| 171 | Values greater than zero and less than the minimum (8) are interpreted | ||
| 172 | as the minimum. Odd values are interpreted as the next even value. | ||
| 173 | Default: 0 (off). | ||
| 174 | |||
| 167 | tcp_dsack - BOOLEAN | 175 | tcp_dsack - BOOLEAN |
| 168 | Allows TCP to send "duplicate" SACKs. | 176 | Allows TCP to send "duplicate" SACKs. |
| 169 | 177 | ||
diff --git a/include/linux/tcp.h b/include/linux/tcp.h index 32d7d77b4a01..eaa3113b3786 100644 --- a/include/linux/tcp.h +++ b/include/linux/tcp.h | |||
| @@ -102,7 +102,9 @@ enum { | |||
| 102 | #define TCP_QUICKACK 12 /* Block/reenable quick acks */ | 102 | #define TCP_QUICKACK 12 /* Block/reenable quick acks */ |
| 103 | #define TCP_CONGESTION 13 /* Congestion control algorithm */ | 103 | #define TCP_CONGESTION 13 /* Congestion control algorithm */ |
| 104 | #define TCP_MD5SIG 14 /* TCP MD5 Signature (RFC2385) */ | 104 | #define TCP_MD5SIG 14 /* TCP MD5 Signature (RFC2385) */ |
| 105 | #define TCP_COOKIE_TRANSACTIONS 15 /* TCP Cookie Transactions */ | ||
| 105 | 106 | ||
| 107 | /* for TCP_INFO socket option */ | ||
| 106 | #define TCPI_OPT_TIMESTAMPS 1 | 108 | #define TCPI_OPT_TIMESTAMPS 1 |
| 107 | #define TCPI_OPT_SACK 2 | 109 | #define TCPI_OPT_SACK 2 |
| 108 | #define TCPI_OPT_WSCALE 4 | 110 | #define TCPI_OPT_WSCALE 4 |
| @@ -174,6 +176,30 @@ struct tcp_md5sig { | |||
| 174 | __u8 tcpm_key[TCP_MD5SIG_MAXKEYLEN]; /* key (binary) */ | 176 | __u8 tcpm_key[TCP_MD5SIG_MAXKEYLEN]; /* key (binary) */ |
| 175 | }; | 177 | }; |
| 176 | 178 | ||
| 179 | /* for TCP_COOKIE_TRANSACTIONS (TCPCT) socket option */ | ||
| 180 | #define TCP_COOKIE_MIN 8 /* 64-bits */ | ||
| 181 | #define TCP_COOKIE_MAX 16 /* 128-bits */ | ||
| 182 | #define TCP_COOKIE_PAIR_SIZE (2*TCP_COOKIE_MAX) | ||
| 183 | |||
| 184 | /* Flags for both getsockopt and setsockopt */ | ||
| 185 | #define TCP_COOKIE_IN_ALWAYS (1 << 0) /* Discard SYN without cookie */ | ||
| 186 | #define TCP_COOKIE_OUT_NEVER (1 << 1) /* Prohibit outgoing cookies, | ||
| 187 | * supercedes everything. */ | ||
| 188 | |||
| 189 | /* Flags for getsockopt */ | ||
| 190 | #define TCP_S_DATA_IN (1 << 2) /* Was data received? */ | ||
| 191 | #define TCP_S_DATA_OUT (1 << 3) /* Was data sent? */ | ||
| 192 | |||
| 193 | /* TCP_COOKIE_TRANSACTIONS data */ | ||
| 194 | struct tcp_cookie_transactions { | ||
| 195 | __u16 tcpct_flags; /* see above */ | ||
| 196 | __u8 __tcpct_pad1; /* zero */ | ||
| 197 | __u8 tcpct_cookie_desired; /* bytes */ | ||
| 198 | __u16 tcpct_s_data_desired; /* bytes of variable data */ | ||
| 199 | __u16 tcpct_used; /* bytes in value */ | ||
| 200 | __u8 tcpct_value[TCP_MSS_DEFAULT]; | ||
| 201 | }; | ||
| 202 | |||
| 177 | #ifdef __KERNEL__ | 203 | #ifdef __KERNEL__ |
| 178 | 204 | ||
| 179 | #include <linux/skbuff.h> | 205 | #include <linux/skbuff.h> |
| @@ -227,6 +253,11 @@ struct tcp_options_received { | |||
| 227 | u16 mss_clamp; /* Maximal mss, negotiated at connection setup */ | 253 | u16 mss_clamp; /* Maximal mss, negotiated at connection setup */ |
| 228 | }; | 254 | }; |
| 229 | 255 | ||
| 256 | static inline void tcp_clear_options(struct tcp_options_received *rx_opt) | ||
| 257 | { | ||
| 258 | rx_opt->tstamp_ok = rx_opt->sack_ok = rx_opt->wscale_ok = rx_opt->snd_wscale = 0; | ||
| 259 | } | ||
| 260 | |||
| 230 | /* This is the max number of SACKS that we'll generate and process. It's safe | 261 | /* This is the max number of SACKS that we'll generate and process. It's safe |
| 231 | * to increse this, although since: | 262 | * to increse this, although since: |
| 232 | * size = TCPOLEN_SACK_BASE_ALIGNED (4) + n * TCPOLEN_SACK_PERBLOCK (8) | 263 | * size = TCPOLEN_SACK_BASE_ALIGNED (4) + n * TCPOLEN_SACK_PERBLOCK (8) |
| @@ -435,6 +466,6 @@ static inline struct tcp_timewait_sock *tcp_twsk(const struct sock *sk) | |||
| 435 | return (struct tcp_timewait_sock *)sk; | 466 | return (struct tcp_timewait_sock *)sk; |
| 436 | } | 467 | } |
| 437 | 468 | ||
| 438 | #endif | 469 | #endif /* __KERNEL__ */ |
| 439 | 470 | ||
| 440 | #endif /* _LINUX_TCP_H */ | 471 | #endif /* _LINUX_TCP_H */ |
diff --git a/include/net/tcp.h b/include/net/tcp.h index 4a99a8e39121..738b65f01e26 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h | |||
| @@ -234,6 +234,7 @@ extern int sysctl_tcp_base_mss; | |||
| 234 | extern int sysctl_tcp_workaround_signed_windows; | 234 | extern int sysctl_tcp_workaround_signed_windows; |
| 235 | extern int sysctl_tcp_slow_start_after_idle; | 235 | extern int sysctl_tcp_slow_start_after_idle; |
| 236 | extern int sysctl_tcp_max_ssthresh; | 236 | extern int sysctl_tcp_max_ssthresh; |
| 237 | extern int sysctl_tcp_cookie_size; | ||
| 237 | 238 | ||
| 238 | extern atomic_t tcp_memory_allocated; | 239 | extern atomic_t tcp_memory_allocated; |
| 239 | extern struct percpu_counter tcp_sockets_allocated; | 240 | extern struct percpu_counter tcp_sockets_allocated; |
| @@ -340,11 +341,6 @@ static inline void tcp_dec_quickack_mode(struct sock *sk, | |||
| 340 | 341 | ||
| 341 | extern void tcp_enter_quickack_mode(struct sock *sk); | 342 | extern void tcp_enter_quickack_mode(struct sock *sk); |
| 342 | 343 | ||
| 343 | static inline void tcp_clear_options(struct tcp_options_received *rx_opt) | ||
| 344 | { | ||
| 345 | rx_opt->tstamp_ok = rx_opt->sack_ok = rx_opt->wscale_ok = rx_opt->snd_wscale = 0; | ||
| 346 | } | ||
| 347 | |||
| 348 | #define TCP_ECN_OK 1 | 344 | #define TCP_ECN_OK 1 |
| 349 | #define TCP_ECN_QUEUE_CWR 2 | 345 | #define TCP_ECN_QUEUE_CWR 2 |
| 350 | #define TCP_ECN_DEMAND_CWR 4 | 346 | #define TCP_ECN_DEMAND_CWR 4 |
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index c00323bae044..13f7ab6ad6a0 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c | |||
| @@ -714,6 +714,14 @@ static struct ctl_table ipv4_table[] = { | |||
| 714 | }, | 714 | }, |
| 715 | { | 715 | { |
| 716 | .ctl_name = CTL_UNNUMBERED, | 716 | .ctl_name = CTL_UNNUMBERED, |
| 717 | .procname = "tcp_cookie_size", | ||
| 718 | .data = &sysctl_tcp_cookie_size, | ||
| 719 | .maxlen = sizeof(int), | ||
| 720 | .mode = 0644, | ||
| 721 | .proc_handler = proc_dointvec | ||
| 722 | }, | ||
| 723 | { | ||
| 724 | .ctl_name = CTL_UNNUMBERED, | ||
| 717 | .procname = "udp_mem", | 725 | .procname = "udp_mem", |
| 718 | .data = &sysctl_udp_mem, | 726 | .data = &sysctl_udp_mem, |
| 719 | .maxlen = sizeof(sysctl_udp_mem), | 727 | .maxlen = sizeof(sysctl_udp_mem), |
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index b8b25049f257..307f318fe931 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c | |||
| @@ -59,6 +59,9 @@ int sysctl_tcp_base_mss __read_mostly = 512; | |||
| 59 | /* By default, RFC2861 behavior. */ | 59 | /* By default, RFC2861 behavior. */ |
| 60 | int sysctl_tcp_slow_start_after_idle __read_mostly = 1; | 60 | int sysctl_tcp_slow_start_after_idle __read_mostly = 1; |
| 61 | 61 | ||
| 62 | int sysctl_tcp_cookie_size __read_mostly = 0; /* TCP_COOKIE_MAX */ | ||
| 63 | |||
| 64 | |||
| 62 | /* Account for new data that has been sent to the network. */ | 65 | /* Account for new data that has been sent to the network. */ |
| 63 | static void tcp_event_new_data_sent(struct sock *sk, struct sk_buff *skb) | 66 | static void tcp_event_new_data_sent(struct sock *sk, struct sk_buff *skb) |
| 64 | { | 67 | { |