diff options
| author | Yuchung Cheng <ycheng@google.com> | 2014-05-11 23:22:10 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-05-13 17:53:02 -0400 |
| commit | 89278c9dc922272df921042aafa18311f3398c6c (patch) | |
| tree | 0138bbfdcd757b29f89a999d8f7c84260b68f505 /net/ipv4 | |
| parent | 5b7ed0892f2af4e60b9a8d2c71c77774512a6cb9 (diff) | |
tcp: simplify fast open cookie processing
Consolidate various cookie checking and generation code to simplify
the fast open processing. The main goal is to reduce code duplication
in tcp_v4_conn_request() for IPv6 support.
Removes two experimental sysctl flags TFO_SERVER_ALWAYS and
TFO_SERVER_COOKIE_NOT_CHKD used primarily for developmental debugging
purposes.
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: Daniel Lee <longinus00@gmail.com>
Signed-off-by: Jerry Chu <hkchu@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/tcp_fastopen.c | 71 | ||||
| -rw-r--r-- | net/ipv4/tcp_ipv4.c | 10 | ||||
| -rw-r--r-- | net/ipv4/tcp_output.c | 2 |
3 files changed, 32 insertions, 51 deletions
diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c index 0606c91d9d0b..5a98277b9a82 100644 --- a/net/ipv4/tcp_fastopen.c +++ b/net/ipv4/tcp_fastopen.c | |||
| @@ -228,59 +228,44 @@ static bool tcp_fastopen_queue_check(struct sock *sk) | |||
| 228 | return true; | 228 | return true; |
| 229 | } | 229 | } |
| 230 | 230 | ||
| 231 | /* Returns true if we should perform Fast Open on the SYN. The cookie (foc) | ||
| 232 | * may be updated and return the client in the SYN-ACK later. E.g., Fast Open | ||
| 233 | * cookie request (foc->len == 0). | ||
| 234 | */ | ||
| 231 | bool tcp_fastopen_check(struct sock *sk, struct sk_buff *skb, | 235 | bool tcp_fastopen_check(struct sock *sk, struct sk_buff *skb, |
| 232 | struct request_sock *req, | 236 | struct request_sock *req, |
| 233 | struct tcp_fastopen_cookie *foc, | 237 | struct tcp_fastopen_cookie *foc) |
| 234 | struct tcp_fastopen_cookie *valid_foc) | ||
| 235 | { | 238 | { |
| 236 | bool skip_cookie = false; | 239 | struct tcp_fastopen_cookie valid_foc = { .len = -1 }; |
| 237 | 240 | bool syn_data = TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq + 1; | |
| 238 | if (likely(!fastopen_cookie_present(foc))) { | ||
| 239 | /* See include/net/tcp.h for the meaning of these knobs */ | ||
| 240 | if ((sysctl_tcp_fastopen & TFO_SERVER_ALWAYS) || | ||
| 241 | ((sysctl_tcp_fastopen & TFO_SERVER_COOKIE_NOT_REQD) && | ||
| 242 | (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq + 1))) | ||
| 243 | skip_cookie = true; /* no cookie to validate */ | ||
| 244 | else | ||
| 245 | return false; | ||
| 246 | } | ||
| 247 | /* A FO option is present; bump the counter. */ | ||
| 248 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPFASTOPENPASSIVE); | ||
| 249 | 241 | ||
| 250 | if ((sysctl_tcp_fastopen & TFO_SERVER_ENABLE) == 0 || | 242 | if (!((sysctl_tcp_fastopen & TFO_SERVER_ENABLE) && |
| 251 | !tcp_fastopen_queue_check(sk)) | 243 | (syn_data || foc->len >= 0) && |
| 244 | tcp_fastopen_queue_check(sk))) { | ||
| 245 | foc->len = -1; | ||
| 252 | return false; | 246 | return false; |
| 253 | |||
| 254 | if (skip_cookie) { | ||
| 255 | tcp_rsk(req)->rcv_nxt = TCP_SKB_CB(skb)->end_seq; | ||
| 256 | return true; | ||
| 257 | } | 247 | } |
| 258 | 248 | ||
| 259 | if (foc->len == TCP_FASTOPEN_COOKIE_SIZE) { | 249 | if (syn_data && (sysctl_tcp_fastopen & TFO_SERVER_COOKIE_NOT_REQD)) |
| 260 | if ((sysctl_tcp_fastopen & TFO_SERVER_COOKIE_NOT_CHKED) == 0) { | 250 | goto fastopen; |
| 261 | tcp_fastopen_cookie_gen(ip_hdr(skb)->saddr, | 251 | |
| 262 | ip_hdr(skb)->daddr, valid_foc); | 252 | tcp_fastopen_cookie_gen(ip_hdr(skb)->saddr, |
| 263 | if ((valid_foc->len != TCP_FASTOPEN_COOKIE_SIZE) || | 253 | ip_hdr(skb)->daddr, &valid_foc); |
| 264 | memcmp(&foc->val[0], &valid_foc->val[0], | 254 | |
| 265 | TCP_FASTOPEN_COOKIE_SIZE) != 0) | 255 | if (foc->len == TCP_FASTOPEN_COOKIE_SIZE && |
| 266 | return false; | 256 | foc->len == valid_foc.len && |
| 267 | valid_foc->len = -1; | 257 | !memcmp(foc->val, valid_foc.val, foc->len)) { |
| 268 | } | 258 | fastopen: |
| 269 | /* Acknowledge the data received from the peer. */ | ||
| 270 | tcp_rsk(req)->rcv_nxt = TCP_SKB_CB(skb)->end_seq; | 259 | tcp_rsk(req)->rcv_nxt = TCP_SKB_CB(skb)->end_seq; |
| 260 | foc->len = -1; | ||
| 261 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPFASTOPENPASSIVE); | ||
| 271 | return true; | 262 | return true; |
| 272 | } else if (foc->len == 0) { /* Client requesting a cookie */ | ||
| 273 | tcp_fastopen_cookie_gen(ip_hdr(skb)->saddr, | ||
| 274 | ip_hdr(skb)->daddr, valid_foc); | ||
| 275 | NET_INC_STATS_BH(sock_net(sk), | ||
| 276 | LINUX_MIB_TCPFASTOPENCOOKIEREQD); | ||
| 277 | } else { | ||
| 278 | /* Client sent a cookie with wrong size. Treat it | ||
| 279 | * the same as invalid and return a valid one. | ||
| 280 | */ | ||
| 281 | tcp_fastopen_cookie_gen(ip_hdr(skb)->saddr, | ||
| 282 | ip_hdr(skb)->daddr, valid_foc); | ||
| 283 | } | 263 | } |
| 264 | |||
| 265 | NET_INC_STATS_BH(sock_net(sk), foc->len ? | ||
| 266 | LINUX_MIB_TCPFASTOPENPASSIVEFAIL : | ||
| 267 | LINUX_MIB_TCPFASTOPENCOOKIEREQD); | ||
| 268 | *foc = valid_foc; | ||
| 284 | return false; | 269 | return false; |
| 285 | } | 270 | } |
| 286 | EXPORT_SYMBOL(tcp_fastopen_check); | 271 | EXPORT_SYMBOL(tcp_fastopen_check); |
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 032fcaee164a..5ea0949dadfd 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c | |||
| @@ -1273,7 +1273,6 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb) | |||
| 1273 | bool want_cookie = false; | 1273 | bool want_cookie = false; |
| 1274 | struct flowi4 fl4; | 1274 | struct flowi4 fl4; |
| 1275 | struct tcp_fastopen_cookie foc = { .len = -1 }; | 1275 | struct tcp_fastopen_cookie foc = { .len = -1 }; |
| 1276 | struct tcp_fastopen_cookie valid_foc = { .len = -1 }; | ||
| 1277 | struct sk_buff *skb_synack; | 1276 | struct sk_buff *skb_synack; |
| 1278 | int do_fastopen; | 1277 | int do_fastopen; |
| 1279 | 1278 | ||
| @@ -1381,7 +1380,8 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb) | |||
| 1381 | if (dst == NULL) | 1380 | if (dst == NULL) |
| 1382 | goto drop_and_free; | 1381 | goto drop_and_free; |
| 1383 | } | 1382 | } |
| 1384 | do_fastopen = tcp_fastopen_check(sk, skb, req, &foc, &valid_foc); | 1383 | do_fastopen = !want_cookie && |
| 1384 | tcp_fastopen_check(sk, skb, req, &foc); | ||
| 1385 | 1385 | ||
| 1386 | /* We don't call tcp_v4_send_synack() directly because we need | 1386 | /* We don't call tcp_v4_send_synack() directly because we need |
| 1387 | * to make sure a child socket can be created successfully before | 1387 | * to make sure a child socket can be created successfully before |
| @@ -1394,8 +1394,7 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb) | |||
| 1394 | * latter to remove its dependency on the current implementation | 1394 | * latter to remove its dependency on the current implementation |
| 1395 | * of tcp_v4_send_synack()->tcp_select_initial_window(). | 1395 | * of tcp_v4_send_synack()->tcp_select_initial_window(). |
| 1396 | */ | 1396 | */ |
| 1397 | skb_synack = tcp_make_synack(sk, dst, req, | 1397 | skb_synack = tcp_make_synack(sk, dst, req, &foc); |
| 1398 | fastopen_cookie_present(&valid_foc) ? &valid_foc : NULL); | ||
| 1399 | 1398 | ||
| 1400 | if (skb_synack) { | 1399 | if (skb_synack) { |
| 1401 | __tcp_v4_send_check(skb_synack, ireq->ir_loc_addr, ireq->ir_rmt_addr); | 1400 | __tcp_v4_send_check(skb_synack, ireq->ir_loc_addr, ireq->ir_rmt_addr); |
| @@ -1415,9 +1414,6 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb) | |||
| 1415 | tcp_rsk(req)->listener = NULL; | 1414 | tcp_rsk(req)->listener = NULL; |
| 1416 | /* Add the request_sock to the SYN table */ | 1415 | /* Add the request_sock to the SYN table */ |
| 1417 | inet_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT); | 1416 | inet_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT); |
| 1418 | if (fastopen_cookie_present(&foc) && foc.len != 0) | ||
| 1419 | NET_INC_STATS_BH(sock_net(sk), | ||
| 1420 | LINUX_MIB_TCPFASTOPENPASSIVEFAIL); | ||
| 1421 | } else if (tcp_fastopen_create_child(sk, skb, skb_synack, req)) | 1417 | } else if (tcp_fastopen_create_child(sk, skb, skb_synack, req)) |
| 1422 | goto drop_and_release; | 1418 | goto drop_and_release; |
| 1423 | 1419 | ||
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 694711a140d4..b20fc02920f9 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c | |||
| @@ -627,7 +627,7 @@ static unsigned int tcp_synack_options(struct sock *sk, | |||
| 627 | if (unlikely(!ireq->tstamp_ok)) | 627 | if (unlikely(!ireq->tstamp_ok)) |
| 628 | remaining -= TCPOLEN_SACKPERM_ALIGNED; | 628 | remaining -= TCPOLEN_SACKPERM_ALIGNED; |
| 629 | } | 629 | } |
| 630 | if (foc != NULL) { | 630 | if (foc != NULL && foc->len >= 0) { |
| 631 | u32 need = TCPOLEN_EXP_FASTOPEN_BASE + foc->len; | 631 | u32 need = TCPOLEN_EXP_FASTOPEN_BASE + foc->len; |
| 632 | need = (need + 3) & ~3U; /* Align to 32 bits */ | 632 | need = (need + 3) & ~3U; /* Align to 32 bits */ |
| 633 | if (remaining >= need) { | 633 | if (remaining >= need) { |