aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4/tcp_output.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv4/tcp_output.c')
-rw-r--r--net/ipv4/tcp_output.c311
1 files changed, 259 insertions, 52 deletions
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index fcd278a7080e..383ce237640f 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -59,6 +59,10 @@ int sysctl_tcp_base_mss __read_mostly = 512;
59/* By default, RFC2861 behavior. */ 59/* By default, RFC2861 behavior. */
60int sysctl_tcp_slow_start_after_idle __read_mostly = 1; 60int sysctl_tcp_slow_start_after_idle __read_mostly = 1;
61 61
62int sysctl_tcp_cookie_size __read_mostly = 0; /* TCP_COOKIE_MAX */
63EXPORT_SYMBOL_GPL(sysctl_tcp_cookie_size);
64
65
62/* Account for new data that has been sent to the network. */ 66/* Account for new data that has been sent to the network. */
63static void tcp_event_new_data_sent(struct sock *sk, struct sk_buff *skb) 67static void tcp_event_new_data_sent(struct sock *sk, struct sk_buff *skb)
64{ 68{
@@ -362,15 +366,45 @@ static inline int tcp_urg_mode(const struct tcp_sock *tp)
362#define OPTION_TS (1 << 1) 366#define OPTION_TS (1 << 1)
363#define OPTION_MD5 (1 << 2) 367#define OPTION_MD5 (1 << 2)
364#define OPTION_WSCALE (1 << 3) 368#define OPTION_WSCALE (1 << 3)
369#define OPTION_COOKIE_EXTENSION (1 << 4)
365 370
366struct tcp_out_options { 371struct tcp_out_options {
367 u8 options; /* bit field of OPTION_* */ 372 u8 options; /* bit field of OPTION_* */
368 u8 ws; /* window scale, 0 to disable */ 373 u8 ws; /* window scale, 0 to disable */
369 u8 num_sack_blocks; /* number of SACK blocks to include */ 374 u8 num_sack_blocks; /* number of SACK blocks to include */
375 u8 hash_size; /* bytes in hash_location */
370 u16 mss; /* 0 to disable */ 376 u16 mss; /* 0 to disable */
371 __u32 tsval, tsecr; /* need to include OPTION_TS */ 377 __u32 tsval, tsecr; /* need to include OPTION_TS */
378 __u8 *hash_location; /* temporary pointer, overloaded */
372}; 379};
373 380
381/* The sysctl int routines are generic, so check consistency here.
382 */
383static u8 tcp_cookie_size_check(u8 desired)
384{
385 if (desired > 0) {
386 /* previously specified */
387 return desired;
388 }
389 if (sysctl_tcp_cookie_size <= 0) {
390 /* no default specified */
391 return 0;
392 }
393 if (sysctl_tcp_cookie_size <= TCP_COOKIE_MIN) {
394 /* value too small, specify minimum */
395 return TCP_COOKIE_MIN;
396 }
397 if (sysctl_tcp_cookie_size >= TCP_COOKIE_MAX) {
398 /* value too large, specify maximum */
399 return TCP_COOKIE_MAX;
400 }
401 if (0x1 & sysctl_tcp_cookie_size) {
402 /* 8-bit multiple, illegal, fix it */
403 return (u8)(sysctl_tcp_cookie_size + 0x1);
404 }
405 return (u8)sysctl_tcp_cookie_size;
406}
407
374/* Write previously computed TCP options to the packet. 408/* Write previously computed TCP options to the packet.
375 * 409 *
376 * Beware: Something in the Internet is very sensitive to the ordering of 410 * Beware: Something in the Internet is very sensitive to the ordering of
@@ -385,17 +419,34 @@ struct tcp_out_options {
385 * (but it may well be that other scenarios fail similarly). 419 * (but it may well be that other scenarios fail similarly).
386 */ 420 */
387static void tcp_options_write(__be32 *ptr, struct tcp_sock *tp, 421static void tcp_options_write(__be32 *ptr, struct tcp_sock *tp,
388 const struct tcp_out_options *opts, 422 struct tcp_out_options *opts)
389 __u8 **md5_hash) { 423{
390 if (unlikely(OPTION_MD5 & opts->options)) { 424 u8 options = opts->options; /* mungable copy */
391 *ptr++ = htonl((TCPOPT_NOP << 24) | 425
392 (TCPOPT_NOP << 16) | 426 /* Having both authentication and cookies for security is redundant,
393 (TCPOPT_MD5SIG << 8) | 427 * and there's certainly not enough room. Instead, the cookie-less
394 TCPOLEN_MD5SIG); 428 * extension variant is proposed.
395 *md5_hash = (__u8 *)ptr; 429 *
430 * Consider the pessimal case with authentication. The options
431 * could look like:
432 * COOKIE|MD5(20) + MSS(4) + SACK|TS(12) + WSCALE(4) == 40
433 */
434 if (unlikely(OPTION_MD5 & options)) {
435 if (unlikely(OPTION_COOKIE_EXTENSION & options)) {
436 *ptr++ = htonl((TCPOPT_COOKIE << 24) |
437 (TCPOLEN_COOKIE_BASE << 16) |
438 (TCPOPT_MD5SIG << 8) |
439 TCPOLEN_MD5SIG);
440 } else {
441 *ptr++ = htonl((TCPOPT_NOP << 24) |
442 (TCPOPT_NOP << 16) |
443 (TCPOPT_MD5SIG << 8) |
444 TCPOLEN_MD5SIG);
445 }
446 options &= ~OPTION_COOKIE_EXTENSION;
447 /* overload cookie hash location */
448 opts->hash_location = (__u8 *)ptr;
396 ptr += 4; 449 ptr += 4;
397 } else {
398 *md5_hash = NULL;
399 } 450 }
400 451
401 if (unlikely(opts->mss)) { 452 if (unlikely(opts->mss)) {
@@ -404,12 +455,13 @@ static void tcp_options_write(__be32 *ptr, struct tcp_sock *tp,
404 opts->mss); 455 opts->mss);
405 } 456 }
406 457
407 if (likely(OPTION_TS & opts->options)) { 458 if (likely(OPTION_TS & options)) {
408 if (unlikely(OPTION_SACK_ADVERTISE & opts->options)) { 459 if (unlikely(OPTION_SACK_ADVERTISE & options)) {
409 *ptr++ = htonl((TCPOPT_SACK_PERM << 24) | 460 *ptr++ = htonl((TCPOPT_SACK_PERM << 24) |
410 (TCPOLEN_SACK_PERM << 16) | 461 (TCPOLEN_SACK_PERM << 16) |
411 (TCPOPT_TIMESTAMP << 8) | 462 (TCPOPT_TIMESTAMP << 8) |
412 TCPOLEN_TIMESTAMP); 463 TCPOLEN_TIMESTAMP);
464 options &= ~OPTION_SACK_ADVERTISE;
413 } else { 465 } else {
414 *ptr++ = htonl((TCPOPT_NOP << 24) | 466 *ptr++ = htonl((TCPOPT_NOP << 24) |
415 (TCPOPT_NOP << 16) | 467 (TCPOPT_NOP << 16) |
@@ -420,15 +472,52 @@ static void tcp_options_write(__be32 *ptr, struct tcp_sock *tp,
420 *ptr++ = htonl(opts->tsecr); 472 *ptr++ = htonl(opts->tsecr);
421 } 473 }
422 474
423 if (unlikely(OPTION_SACK_ADVERTISE & opts->options && 475 /* Specification requires after timestamp, so do it now.
424 !(OPTION_TS & opts->options))) { 476 *
477 * Consider the pessimal case without authentication. The options
478 * could look like:
479 * MSS(4) + SACK|TS(12) + COOKIE(20) + WSCALE(4) == 40
480 */
481 if (unlikely(OPTION_COOKIE_EXTENSION & options)) {
482 __u8 *cookie_copy = opts->hash_location;
483 u8 cookie_size = opts->hash_size;
484
485 /* 8-bit multiple handled in tcp_cookie_size_check() above,
486 * and elsewhere.
487 */
488 if (0x2 & cookie_size) {
489 __u8 *p = (__u8 *)ptr;
490
491 /* 16-bit multiple */
492 *p++ = TCPOPT_COOKIE;
493 *p++ = TCPOLEN_COOKIE_BASE + cookie_size;
494 *p++ = *cookie_copy++;
495 *p++ = *cookie_copy++;
496 ptr++;
497 cookie_size -= 2;
498 } else {
499 /* 32-bit multiple */
500 *ptr++ = htonl(((TCPOPT_NOP << 24) |
501 (TCPOPT_NOP << 16) |
502 (TCPOPT_COOKIE << 8) |
503 TCPOLEN_COOKIE_BASE) +
504 cookie_size);
505 }
506
507 if (cookie_size > 0) {
508 memcpy(ptr, cookie_copy, cookie_size);
509 ptr += (cookie_size / 4);
510 }
511 }
512
513 if (unlikely(OPTION_SACK_ADVERTISE & options)) {
425 *ptr++ = htonl((TCPOPT_NOP << 24) | 514 *ptr++ = htonl((TCPOPT_NOP << 24) |
426 (TCPOPT_NOP << 16) | 515 (TCPOPT_NOP << 16) |
427 (TCPOPT_SACK_PERM << 8) | 516 (TCPOPT_SACK_PERM << 8) |
428 TCPOLEN_SACK_PERM); 517 TCPOLEN_SACK_PERM);
429 } 518 }
430 519
431 if (unlikely(OPTION_WSCALE & opts->options)) { 520 if (unlikely(OPTION_WSCALE & options)) {
432 *ptr++ = htonl((TCPOPT_NOP << 24) | 521 *ptr++ = htonl((TCPOPT_NOP << 24) |
433 (TCPOPT_WINDOW << 16) | 522 (TCPOPT_WINDOW << 16) |
434 (TCPOLEN_WINDOW << 8) | 523 (TCPOLEN_WINDOW << 8) |
@@ -463,13 +552,17 @@ static unsigned tcp_syn_options(struct sock *sk, struct sk_buff *skb,
463 struct tcp_out_options *opts, 552 struct tcp_out_options *opts,
464 struct tcp_md5sig_key **md5) { 553 struct tcp_md5sig_key **md5) {
465 struct tcp_sock *tp = tcp_sk(sk); 554 struct tcp_sock *tp = tcp_sk(sk);
466 unsigned size = 0; 555 struct tcp_cookie_values *cvp = tp->cookie_values;
556 unsigned remaining = MAX_TCP_OPTION_SPACE;
557 u8 cookie_size = (!tp->rx_opt.cookie_out_never && cvp != NULL) ?
558 tcp_cookie_size_check(cvp->cookie_desired) :
559 0;
467 560
468#ifdef CONFIG_TCP_MD5SIG 561#ifdef CONFIG_TCP_MD5SIG
469 *md5 = tp->af_specific->md5_lookup(sk, sk); 562 *md5 = tp->af_specific->md5_lookup(sk, sk);
470 if (*md5) { 563 if (*md5) {
471 opts->options |= OPTION_MD5; 564 opts->options |= OPTION_MD5;
472 size += TCPOLEN_MD5SIG_ALIGNED; 565 remaining -= TCPOLEN_MD5SIG_ALIGNED;
473 } 566 }
474#else 567#else
475 *md5 = NULL; 568 *md5 = NULL;
@@ -485,26 +578,72 @@ static unsigned tcp_syn_options(struct sock *sk, struct sk_buff *skb,
485 * SACKs don't matter, we never delay an ACK when we have any of those 578 * SACKs don't matter, we never delay an ACK when we have any of those
486 * going out. */ 579 * going out. */
487 opts->mss = tcp_advertise_mss(sk); 580 opts->mss = tcp_advertise_mss(sk);
488 size += TCPOLEN_MSS_ALIGNED; 581 remaining -= TCPOLEN_MSS_ALIGNED;
489 582
490 if (likely(sysctl_tcp_timestamps && *md5 == NULL)) { 583 if (likely(sysctl_tcp_timestamps && *md5 == NULL)) {
491 opts->options |= OPTION_TS; 584 opts->options |= OPTION_TS;
492 opts->tsval = TCP_SKB_CB(skb)->when; 585 opts->tsval = TCP_SKB_CB(skb)->when;
493 opts->tsecr = tp->rx_opt.ts_recent; 586 opts->tsecr = tp->rx_opt.ts_recent;
494 size += TCPOLEN_TSTAMP_ALIGNED; 587 remaining -= TCPOLEN_TSTAMP_ALIGNED;
495 } 588 }
496 if (likely(sysctl_tcp_window_scaling)) { 589 if (likely(sysctl_tcp_window_scaling)) {
497 opts->ws = tp->rx_opt.rcv_wscale; 590 opts->ws = tp->rx_opt.rcv_wscale;
498 opts->options |= OPTION_WSCALE; 591 opts->options |= OPTION_WSCALE;
499 size += TCPOLEN_WSCALE_ALIGNED; 592 remaining -= TCPOLEN_WSCALE_ALIGNED;
500 } 593 }
501 if (likely(sysctl_tcp_sack)) { 594 if (likely(sysctl_tcp_sack)) {
502 opts->options |= OPTION_SACK_ADVERTISE; 595 opts->options |= OPTION_SACK_ADVERTISE;
503 if (unlikely(!(OPTION_TS & opts->options))) 596 if (unlikely(!(OPTION_TS & opts->options)))
504 size += TCPOLEN_SACKPERM_ALIGNED; 597 remaining -= TCPOLEN_SACKPERM_ALIGNED;
505 } 598 }
506 599
507 return size; 600 /* Note that timestamps are required by the specification.
601 *
602 * Odd numbers of bytes are prohibited by the specification, ensuring
603 * that the cookie is 16-bit aligned, and the resulting cookie pair is
604 * 32-bit aligned.
605 */
606 if (*md5 == NULL &&
607 (OPTION_TS & opts->options) &&
608 cookie_size > 0) {
609 int need = TCPOLEN_COOKIE_BASE + cookie_size;
610
611 if (0x2 & need) {
612 /* 32-bit multiple */
613 need += 2; /* NOPs */
614
615 if (need > remaining) {
616 /* try shrinking cookie to fit */
617 cookie_size -= 2;
618 need -= 4;
619 }
620 }
621 while (need > remaining && TCP_COOKIE_MIN <= cookie_size) {
622 cookie_size -= 4;
623 need -= 4;
624 }
625 if (TCP_COOKIE_MIN <= cookie_size) {
626 opts->options |= OPTION_COOKIE_EXTENSION;
627 opts->hash_location = (__u8 *)&cvp->cookie_pair[0];
628 opts->hash_size = cookie_size;
629
630 /* Remember for future incarnations. */
631 cvp->cookie_desired = cookie_size;
632
633 if (cvp->cookie_desired != cvp->cookie_pair_size) {
634 /* Currently use random bytes as a nonce,
635 * assuming these are completely unpredictable
636 * by hostile users of the same system.
637 */
638 get_random_bytes(&cvp->cookie_pair[0],
639 cookie_size);
640 cvp->cookie_pair_size = cookie_size;
641 }
642
643 remaining -= need;
644 }
645 }
646 return MAX_TCP_OPTION_SPACE - remaining;
508} 647}
509 648
510/* Set up TCP options for SYN-ACKs. */ 649/* Set up TCP options for SYN-ACKs. */
@@ -512,48 +651,77 @@ static unsigned tcp_synack_options(struct sock *sk,
512 struct request_sock *req, 651 struct request_sock *req,
513 unsigned mss, struct sk_buff *skb, 652 unsigned mss, struct sk_buff *skb,
514 struct tcp_out_options *opts, 653 struct tcp_out_options *opts,
515 struct tcp_md5sig_key **md5) { 654 struct tcp_md5sig_key **md5,
516 unsigned size = 0; 655 struct tcp_extend_values *xvp)
656{
517 struct inet_request_sock *ireq = inet_rsk(req); 657 struct inet_request_sock *ireq = inet_rsk(req);
518 char doing_ts; 658 unsigned remaining = MAX_TCP_OPTION_SPACE;
659 u8 cookie_plus = (xvp != NULL && !xvp->cookie_out_never) ?
660 xvp->cookie_plus :
661 0;
662 bool doing_ts = ireq->tstamp_ok;
519 663
520#ifdef CONFIG_TCP_MD5SIG 664#ifdef CONFIG_TCP_MD5SIG
521 *md5 = tcp_rsk(req)->af_specific->md5_lookup(sk, req); 665 *md5 = tcp_rsk(req)->af_specific->md5_lookup(sk, req);
522 if (*md5) { 666 if (*md5) {
523 opts->options |= OPTION_MD5; 667 opts->options |= OPTION_MD5;
524 size += TCPOLEN_MD5SIG_ALIGNED; 668 remaining -= TCPOLEN_MD5SIG_ALIGNED;
669
670 /* We can't fit any SACK blocks in a packet with MD5 + TS
671 * options. There was discussion about disabling SACK
672 * rather than TS in order to fit in better with old,
673 * buggy kernels, but that was deemed to be unnecessary.
674 */
675 doing_ts &= !ireq->sack_ok;
525 } 676 }
526#else 677#else
527 *md5 = NULL; 678 *md5 = NULL;
528#endif 679#endif
529 680
530 /* we can't fit any SACK blocks in a packet with MD5 + TS 681 /* We always send an MSS option. */
531 options. There was discussion about disabling SACK rather than TS in
532 order to fit in better with old, buggy kernels, but that was deemed
533 to be unnecessary. */
534 doing_ts = ireq->tstamp_ok && !(*md5 && ireq->sack_ok);
535
536 opts->mss = mss; 682 opts->mss = mss;
537 size += TCPOLEN_MSS_ALIGNED; 683 remaining -= TCPOLEN_MSS_ALIGNED;
538 684
539 if (likely(ireq->wscale_ok)) { 685 if (likely(ireq->wscale_ok)) {
540 opts->ws = ireq->rcv_wscale; 686 opts->ws = ireq->rcv_wscale;
541 opts->options |= OPTION_WSCALE; 687 opts->options |= OPTION_WSCALE;
542 size += TCPOLEN_WSCALE_ALIGNED; 688 remaining -= TCPOLEN_WSCALE_ALIGNED;
543 } 689 }
544 if (likely(doing_ts)) { 690 if (likely(doing_ts)) {
545 opts->options |= OPTION_TS; 691 opts->options |= OPTION_TS;
546 opts->tsval = TCP_SKB_CB(skb)->when; 692 opts->tsval = TCP_SKB_CB(skb)->when;
547 opts->tsecr = req->ts_recent; 693 opts->tsecr = req->ts_recent;
548 size += TCPOLEN_TSTAMP_ALIGNED; 694 remaining -= TCPOLEN_TSTAMP_ALIGNED;
549 } 695 }
550 if (likely(ireq->sack_ok)) { 696 if (likely(ireq->sack_ok)) {
551 opts->options |= OPTION_SACK_ADVERTISE; 697 opts->options |= OPTION_SACK_ADVERTISE;
552 if (unlikely(!doing_ts)) 698 if (unlikely(!doing_ts))
553 size += TCPOLEN_SACKPERM_ALIGNED; 699 remaining -= TCPOLEN_SACKPERM_ALIGNED;
554 } 700 }
555 701
556 return size; 702 /* Similar rationale to tcp_syn_options() applies here, too.
703 * If the <SYN> options fit, the same options should fit now!
704 */
705 if (*md5 == NULL &&
706 doing_ts &&
707 cookie_plus > TCPOLEN_COOKIE_BASE) {
708 int need = cookie_plus; /* has TCPOLEN_COOKIE_BASE */
709
710 if (0x2 & need) {
711 /* 32-bit multiple */
712 need += 2; /* NOPs */
713 }
714 if (need <= remaining) {
715 opts->options |= OPTION_COOKIE_EXTENSION;
716 opts->hash_size = cookie_plus - TCPOLEN_COOKIE_BASE;
717 remaining -= need;
718 } else {
719 /* There's no error return, so flag it. */
720 xvp->cookie_out_never = 1; /* true */
721 opts->hash_size = 0;
722 }
723 }
724 return MAX_TCP_OPTION_SPACE - remaining;
557} 725}
558 726
559/* Compute TCP options for ESTABLISHED sockets. This is not the 727/* Compute TCP options for ESTABLISHED sockets. This is not the
@@ -619,7 +787,6 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
619 struct tcp_out_options opts; 787 struct tcp_out_options opts;
620 unsigned tcp_options_size, tcp_header_size; 788 unsigned tcp_options_size, tcp_header_size;
621 struct tcp_md5sig_key *md5; 789 struct tcp_md5sig_key *md5;
622 __u8 *md5_hash_location;
623 struct tcphdr *th; 790 struct tcphdr *th;
624 int err; 791 int err;
625 792
@@ -661,8 +828,8 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
661 828
662 /* Build TCP header and checksum it. */ 829 /* Build TCP header and checksum it. */
663 th = tcp_hdr(skb); 830 th = tcp_hdr(skb);
664 th->source = inet->sport; 831 th->source = inet->inet_sport;
665 th->dest = inet->dport; 832 th->dest = inet->inet_dport;
666 th->seq = htonl(tcb->seq); 833 th->seq = htonl(tcb->seq);
667 th->ack_seq = htonl(tp->rcv_nxt); 834 th->ack_seq = htonl(tp->rcv_nxt);
668 *(((__be16 *)th) + 6) = htons(((tcp_header_size >> 2) << 12) | 835 *(((__be16 *)th) + 6) = htons(((tcp_header_size >> 2) << 12) |
@@ -690,7 +857,7 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
690 } 857 }
691 } 858 }
692 859
693 tcp_options_write((__be32 *)(th + 1), tp, &opts, &md5_hash_location); 860 tcp_options_write((__be32 *)(th + 1), tp, &opts);
694 if (likely((tcb->flags & TCPCB_FLAG_SYN) == 0)) 861 if (likely((tcb->flags & TCPCB_FLAG_SYN) == 0))
695 TCP_ECN_send(sk, skb, tcp_header_size); 862 TCP_ECN_send(sk, skb, tcp_header_size);
696 863
@@ -698,7 +865,7 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
698 /* Calculate the MD5 hash, as we have all we need now */ 865 /* Calculate the MD5 hash, as we have all we need now */
699 if (md5) { 866 if (md5) {
700 sk->sk_route_caps &= ~NETIF_F_GSO_MASK; 867 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
701 tp->af_specific->calc_md5_hash(md5_hash_location, 868 tp->af_specific->calc_md5_hash(opts.hash_location,
702 md5, sk, NULL, skb); 869 md5, sk, NULL, skb);
703 } 870 }
704#endif 871#endif
@@ -1918,8 +2085,8 @@ int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
1918 * case, when window is shrunk to zero. In this case 2085 * case, when window is shrunk to zero. In this case
1919 * our retransmit serves as a zero window probe. 2086 * our retransmit serves as a zero window probe.
1920 */ 2087 */
1921 if (!before(TCP_SKB_CB(skb)->seq, tcp_wnd_end(tp)) 2088 if (!before(TCP_SKB_CB(skb)->seq, tcp_wnd_end(tp)) &&
1922 && TCP_SKB_CB(skb)->seq != tp->snd_una) 2089 TCP_SKB_CB(skb)->seq != tp->snd_una)
1923 return -EAGAIN; 2090 return -EAGAIN;
1924 2091
1925 if (skb->len > cur_mss) { 2092 if (skb->len > cur_mss) {
@@ -2219,16 +2386,17 @@ int tcp_send_synack(struct sock *sk)
2219 2386
2220/* Prepare a SYN-ACK. */ 2387/* Prepare a SYN-ACK. */
2221struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst, 2388struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
2222 struct request_sock *req) 2389 struct request_sock *req,
2390 struct request_values *rvp)
2223{ 2391{
2392 struct tcp_out_options opts;
2393 struct tcp_extend_values *xvp = tcp_xv(rvp);
2224 struct inet_request_sock *ireq = inet_rsk(req); 2394 struct inet_request_sock *ireq = inet_rsk(req);
2225 struct tcp_sock *tp = tcp_sk(sk); 2395 struct tcp_sock *tp = tcp_sk(sk);
2226 struct tcphdr *th; 2396 struct tcphdr *th;
2227 int tcp_header_size;
2228 struct tcp_out_options opts;
2229 struct sk_buff *skb; 2397 struct sk_buff *skb;
2230 struct tcp_md5sig_key *md5; 2398 struct tcp_md5sig_key *md5;
2231 __u8 *md5_hash_location; 2399 int tcp_header_size;
2232 int mss; 2400 int mss;
2233 2401
2234 skb = sock_wmalloc(sk, MAX_TCP_HEADER + 15, 1, GFP_ATOMIC); 2402 skb = sock_wmalloc(sk, MAX_TCP_HEADER + 15, 1, GFP_ATOMIC);
@@ -2266,8 +2434,8 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
2266#endif 2434#endif
2267 TCP_SKB_CB(skb)->when = tcp_time_stamp; 2435 TCP_SKB_CB(skb)->when = tcp_time_stamp;
2268 tcp_header_size = tcp_synack_options(sk, req, mss, 2436 tcp_header_size = tcp_synack_options(sk, req, mss,
2269 skb, &opts, &md5) + 2437 skb, &opts, &md5, xvp)
2270 sizeof(struct tcphdr); 2438 + sizeof(*th);
2271 2439
2272 skb_push(skb, tcp_header_size); 2440 skb_push(skb, tcp_header_size);
2273 skb_reset_transport_header(skb); 2441 skb_reset_transport_header(skb);
@@ -2284,19 +2452,58 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
2284 */ 2452 */
2285 tcp_init_nondata_skb(skb, tcp_rsk(req)->snt_isn, 2453 tcp_init_nondata_skb(skb, tcp_rsk(req)->snt_isn,
2286 TCPCB_FLAG_SYN | TCPCB_FLAG_ACK); 2454 TCPCB_FLAG_SYN | TCPCB_FLAG_ACK);
2455
2456 if (OPTION_COOKIE_EXTENSION & opts.options) {
2457 const struct tcp_cookie_values *cvp = tp->cookie_values;
2458
2459 if (cvp != NULL &&
2460 cvp->s_data_constant &&
2461 cvp->s_data_desired > 0) {
2462 u8 *buf = skb_put(skb, cvp->s_data_desired);
2463
2464 /* copy data directly from the listening socket. */
2465 memcpy(buf, cvp->s_data_payload, cvp->s_data_desired);
2466 TCP_SKB_CB(skb)->end_seq += cvp->s_data_desired;
2467 }
2468
2469 if (opts.hash_size > 0) {
2470 __u32 workspace[SHA_WORKSPACE_WORDS];
2471 u32 *mess = &xvp->cookie_bakery[COOKIE_DIGEST_WORDS];
2472 u32 *tail = &mess[COOKIE_MESSAGE_WORDS-1];
2473
2474 /* Secret recipe depends on the Timestamp, (future)
2475 * Sequence and Acknowledgment Numbers, Initiator
2476 * Cookie, and others handled by IP variant caller.
2477 */
2478 *tail-- ^= opts.tsval;
2479 *tail-- ^= tcp_rsk(req)->rcv_isn + 1;
2480 *tail-- ^= TCP_SKB_CB(skb)->seq + 1;
2481
2482 /* recommended */
2483 *tail-- ^= ((th->dest << 16) | th->source);
2484 *tail-- ^= (u32)(unsigned long)cvp; /* per sockopt */
2485
2486 sha_transform((__u32 *)&xvp->cookie_bakery[0],
2487 (char *)mess,
2488 &workspace[0]);
2489 opts.hash_location =
2490 (__u8 *)&xvp->cookie_bakery[0];
2491 }
2492 }
2493
2287 th->seq = htonl(TCP_SKB_CB(skb)->seq); 2494 th->seq = htonl(TCP_SKB_CB(skb)->seq);
2288 th->ack_seq = htonl(tcp_rsk(req)->rcv_isn + 1); 2495 th->ack_seq = htonl(tcp_rsk(req)->rcv_isn + 1);
2289 2496
2290 /* RFC1323: The window in SYN & SYN/ACK segments is never scaled. */ 2497 /* RFC1323: The window in SYN & SYN/ACK segments is never scaled. */
2291 th->window = htons(min(req->rcv_wnd, 65535U)); 2498 th->window = htons(min(req->rcv_wnd, 65535U));
2292 tcp_options_write((__be32 *)(th + 1), tp, &opts, &md5_hash_location); 2499 tcp_options_write((__be32 *)(th + 1), tp, &opts);
2293 th->doff = (tcp_header_size >> 2); 2500 th->doff = (tcp_header_size >> 2);
2294 TCP_INC_STATS(sock_net(sk), TCP_MIB_OUTSEGS); 2501 TCP_INC_STATS(sock_net(sk), TCP_MIB_OUTSEGS);
2295 2502
2296#ifdef CONFIG_TCP_MD5SIG 2503#ifdef CONFIG_TCP_MD5SIG
2297 /* Okay, we have all we need - do the md5 hash if needed */ 2504 /* Okay, we have all we need - do the md5 hash if needed */
2298 if (md5) { 2505 if (md5) {
2299 tcp_rsk(req)->af_specific->calc_md5_hash(md5_hash_location, 2506 tcp_rsk(req)->af_specific->calc_md5_hash(opts.hash_location,
2300 md5, NULL, req, skb); 2507 md5, NULL, req, skb);
2301 } 2508 }
2302#endif 2509#endif
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-03 10:50:57 -0500