net-tcp: Fast Open client - cookie-less mode

In trusted networks, e.g., intranet, data-center, the client does not
need to use Fast Open cookie to mitigate DoS attacks. In cookie-less
mode, sendmsg() with MSG_FASTOPEN flag will send SYN-data regardless
of cookie availability.

Signed-off-by: Yuchung Cheng <ycheng@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 6 insertions, 2 deletions

diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index c49a4fc175bd..e67d685a6c0e 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -5650,7 +5650,7 @@ static bool tcp_rcv_fastopen_synack(struct sock *sk, struct sk_buff *synack,
                                     struct tcp_fastopen_cookie *cookie)
 {
         struct tcp_sock *tp = tcp_sk(sk);
-        struct sk_buff *data = tcp_write_queue_head(sk);
+        struct sk_buff *data = tp->syn_data ? tcp_write_queue_head(sk) : NULL;
         u16 mss = tp->rx_opt.mss_clamp;
         bool syn_drop;
 
@@ -5665,6 +5665,9 @@ static bool tcp_rcv_fastopen_synack(struct sock *sk, struct sk_buff *synack,
                 mss = opt.mss_clamp;
         }
 
+        if (!tp->syn_fastopen)  /* Ignore an unsolicited cookie */
+                cookie->len = -1;
+
         /* The SYN-ACK neither has cookie nor acknowledges the data. Presumably
          * the remote receives only the retransmitted (regular) SYNs: either
          * the original SYN-data or the corresponding SYN-ACK is lost.
@@ -5816,7 +5819,8 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb,
 
                 tcp_finish_connect(sk, skb);
 
-                if (tp->syn_fastopen && tcp_rcv_fastopen_synack(sk, skb, &foc))
+                if ((tp->syn_fastopen || tp->syn_data) &&
+                    tcp_rcv_fastopen_synack(sk, skb, &foc))
                         return -1;
 
                 if (sk->sk_write_pending ||