diff options
| author | David S. Miller <davem@davemloft.net> | 2012-08-31 20:43:37 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2012-08-31 20:43:37 -0400 |
| commit | 1bed966cc3bd4042110129f0fc51aeeb59c5b200 (patch) | |
| tree | 0d5b9181b840c9b6b08b1452004f0746e8eebab8 /net/ipv4/tcp_output.c | |
| parent | 2a35cfa591ac63f17815c2d9432b799e37527980 (diff) | |
| parent | 168a8f58059a22feb9e9a2dcc1b8053dbbbc12ef (diff) | |
Merge branch 'tcp_fastopen_server'
Jerry Chu says:
====================
This patch series provides the server (passive open) side code
for TCP Fast Open. Together with the earlier client side patches
it completes the TCP Fast Open implementation.
The server side Fast Open code accepts data carried in the SYN
packet with a valid Fast Open cookie, and passes it to the
application right away, allowing application to send back response
data, all before TCP's 3-way handshake finishes.
A simple cookie scheme together with capping the number of
outstanding TFO requests (still in TCP_SYN_RECV state) to a limit
per listener forms the main line of defense against spoofed SYN
attacks.
For more details about TCP Fast Open see our IETF internet draft
at http://www.ietf.org/id/draft-ietf-tcpm-fastopen-01.txt
and a research paper at
http://conferences.sigcomm.org/co-next/2011/papers/1569470463.pdf
A prototype implementation was first developed by Sivasankar
Radhakrishnan (sivasankar@cs.ucsd.edu).
A patch based on an older version of Linux kernel has been
undergoing internal tests at Google for the past few months.
Jerry Chu (3):
tcp: TCP Fast Open Server - header & support functions
tcp: TCP Fast Open Server - support TFO listeners
tcp: TCP Fast Open Server - main code path
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/tcp_output.c')
| -rw-r--r-- | net/ipv4/tcp_output.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index d04632673a9e..9383b51f3efc 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c | |||
| @@ -702,7 +702,8 @@ static unsigned int tcp_synack_options(struct sock *sk, | |||
| 702 | unsigned int mss, struct sk_buff *skb, | 702 | unsigned int mss, struct sk_buff *skb, |
| 703 | struct tcp_out_options *opts, | 703 | struct tcp_out_options *opts, |
| 704 | struct tcp_md5sig_key **md5, | 704 | struct tcp_md5sig_key **md5, |
| 705 | struct tcp_extend_values *xvp) | 705 | struct tcp_extend_values *xvp, |
| 706 | struct tcp_fastopen_cookie *foc) | ||
| 706 | { | 707 | { |
| 707 | struct inet_request_sock *ireq = inet_rsk(req); | 708 | struct inet_request_sock *ireq = inet_rsk(req); |
| 708 | unsigned int remaining = MAX_TCP_OPTION_SPACE; | 709 | unsigned int remaining = MAX_TCP_OPTION_SPACE; |
| @@ -747,7 +748,15 @@ static unsigned int tcp_synack_options(struct sock *sk, | |||
| 747 | if (unlikely(!ireq->tstamp_ok)) | 748 | if (unlikely(!ireq->tstamp_ok)) |
| 748 | remaining -= TCPOLEN_SACKPERM_ALIGNED; | 749 | remaining -= TCPOLEN_SACKPERM_ALIGNED; |
| 749 | } | 750 | } |
| 750 | 751 | if (foc != NULL) { | |
| 752 | u32 need = TCPOLEN_EXP_FASTOPEN_BASE + foc->len; | ||
| 753 | need = (need + 3) & ~3U; /* Align to 32 bits */ | ||
| 754 | if (remaining >= need) { | ||
| 755 | opts->options |= OPTION_FAST_OPEN_COOKIE; | ||
| 756 | opts->fastopen_cookie = foc; | ||
| 757 | remaining -= need; | ||
| 758 | } | ||
| 759 | } | ||
| 751 | /* Similar rationale to tcp_syn_options() applies here, too. | 760 | /* Similar rationale to tcp_syn_options() applies here, too. |
| 752 | * If the <SYN> options fit, the same options should fit now! | 761 | * If the <SYN> options fit, the same options should fit now! |
| 753 | */ | 762 | */ |
| @@ -2658,7 +2667,8 @@ int tcp_send_synack(struct sock *sk) | |||
| 2658 | */ | 2667 | */ |
| 2659 | struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst, | 2668 | struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst, |
| 2660 | struct request_sock *req, | 2669 | struct request_sock *req, |
| 2661 | struct request_values *rvp) | 2670 | struct request_values *rvp, |
| 2671 | struct tcp_fastopen_cookie *foc) | ||
| 2662 | { | 2672 | { |
| 2663 | struct tcp_out_options opts; | 2673 | struct tcp_out_options opts; |
| 2664 | struct tcp_extend_values *xvp = tcp_xv(rvp); | 2674 | struct tcp_extend_values *xvp = tcp_xv(rvp); |
| @@ -2718,7 +2728,7 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst, | |||
| 2718 | #endif | 2728 | #endif |
| 2719 | TCP_SKB_CB(skb)->when = tcp_time_stamp; | 2729 | TCP_SKB_CB(skb)->when = tcp_time_stamp; |
| 2720 | tcp_header_size = tcp_synack_options(sk, req, mss, | 2730 | tcp_header_size = tcp_synack_options(sk, req, mss, |
| 2721 | skb, &opts, &md5, xvp) | 2731 | skb, &opts, &md5, xvp, foc) |
| 2722 | + sizeof(*th); | 2732 | + sizeof(*th); |
| 2723 | 2733 | ||
| 2724 | skb_push(skb, tcp_header_size); | 2734 | skb_push(skb, tcp_header_size); |
| @@ -2772,7 +2782,8 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst, | |||
| 2772 | } | 2782 | } |
| 2773 | 2783 | ||
| 2774 | th->seq = htonl(TCP_SKB_CB(skb)->seq); | 2784 | th->seq = htonl(TCP_SKB_CB(skb)->seq); |
| 2775 | th->ack_seq = htonl(tcp_rsk(req)->rcv_isn + 1); | 2785 | /* XXX data is queued and acked as is. No buffer/window check */ |
| 2786 | th->ack_seq = htonl(tcp_rsk(req)->rcv_nxt); | ||
| 2776 | 2787 | ||
| 2777 | /* RFC1323: The window in SYN & SYN/ACK segments is never scaled. */ | 2788 | /* RFC1323: The window in SYN & SYN/ACK segments is never scaled. */ |
| 2778 | th->window = htons(min(req->rcv_wnd, 65535U)); | 2789 | th->window = htons(min(req->rcv_wnd, 65535U)); |