From patchwork Mon Dec 18 21:50:55 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Paasch X-Patchwork-Id: 850420 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=apple.com header.i=@apple.com header.b="ZRliFWts"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3z0vr56NWjz9s7v for ; Tue, 19 Dec 2017 08:51:33 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S937132AbdLRVva (ORCPT ); Mon, 18 Dec 2017 16:51:30 -0500 Received: from mail-out2.apple.com ([17.151.62.25]:53894 "EHLO mail-in2.apple.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S934193AbdLRVv3 (ORCPT ); Mon, 18 Dec 2017 16:51:29 -0500 DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1513633888; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-Version:Content-Type: Content-transfer-encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=x24N5IagzeVvfnASQycxZCndpJ3pprK5b+fV12a7BJE=; b=ZRliFWtsEThhCy9DptGFJVRxCziiU0Zcln2sU6EsodVO2KKBhx2Zr6YiPyloBjyb VN+lvjEA2CBYg/sYhR4WbC1ZCTnYWOpaQMu7+ZR9DVpji9mTt63wTkPm60A5T8t8 WXjF1WfnA6IZdCQDzMBtpaD8dan7b6Rd0p0U62cVtQE+EC6mKUyvkEIl3wOJmCZ/ IJws00tqJwkhyvOFIQH8W6ZyMQF3hpmpTRoYYN/6xuz4NVAx+XbuQ/s+naq7CxSn qvMuMuqrUDxdBwxcFn/HIRxJ9N7XwOJREomC0W5YcKlxKLL1cSC9BkczXIos4sEE IcGLdXCNUNEip78OWRzHQw==; Received: from relay8.apple.com (relay8.apple.com [17.128.113.102]) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail-in2.apple.com (Apple Secure Mail Relay) with SMTP id 36.62.22347.068383A5; Mon, 18 Dec 2017 13:51:28 -0800 (PST) X-AuditID: 11973e11-cb7ff7000000574b-cc-5a38386053b9 Received: from nwk-mmpp-sz13.apple.com (nwk-mmpp-sz13.apple.com [17.128.115.216]) by relay8.apple.com (Apple SCV relay) with SMTP id 70.0F.22651.068383A5; Mon, 18 Dec 2017 13:51:28 -0800 (PST) Content-transfer-encoding: 7BIT Received: from localhost ([17.226.23.135]) by nwk-mmpp-sz13.apple.com (Oracle Communications Messaging Server 8.0.2.1.20171204 64bit (built Dec 4 2017)) with ESMTPSA id <0P1600LBQFDSYT00@nwk-mmpp-sz13.apple.com>; Mon, 18 Dec 2017 13:51:28 -0800 (PST) From: Christoph Paasch To: netdev@vger.kernel.org Cc: Eric Dumazet , Mat Martineau , Alexei Starovoitov Subject: [RFC 00/14] Generic TCP-option framework and adoption for TCP-SMC and TCP-MD5 Date: Mon, 18 Dec 2017 13:50:55 -0800 Message-id: <20171218215109.38700-1-cpaasch@apple.com> X-Mailer: git-send-email 2.15.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpkluLIzCtJLcpLzFFi42IRbChM002wsIgyeLnA1OLLz9vsFk+PPWK3 +NvSz2JxbIGYA4vHgk2lHptWdbJ5zDsZ6PF5k1wASxSXTUpqTmZZapG+XQJXxvGdR9kKWmQq Pv4Kb2CcLdrFyMkhIWAi8eXyKuYuRi4OIYE1TBKvT09j7WLkAEv8PVwGET/EKHH4+BM2kDiz gLzEwfOyEPFGJon1C98wggwSFpCU6L5zhxnEZhPQknh7u50VxBYRkJL4uGM7O4jNLNDMKLFz jghEfYRE1+4eNhCbRUBV4uS+BUwgNq+AmcTGS3tYII6Tl1j8fScbyDIJgTVsEleer2SfwMg/ C+GOBYyMqxiFchMzc3Qz84z0EgsKclL1kvNzNzGCwmy6neAOxuOrrA4xCnAwKvHwzrhqHiXE mlhWXJl7iFGag0VJnPditUmUkEB6YklqdmpqQWpRfFFpTmrxIUYmDk6pBsaJfmd4Zh3sOfDc 6Hum4qt/58Iersy0PxSy+aik6fUA2Qe9/BIZSdJfPW14goLsBF2bFjPOev2B66L0CufZF01C bKMzOayV2MJymx89evvm2g2v5U//F968kySz4rx31u5Ls7xXn3+Wev//Sk/FO27X45hvqbsc +TNZr/Fxr/l1G53qF1OtvtUqsRRnJBpqMRcVJwIAqD1mWxQCAAA= X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrDLMWRmVeSWpSXmKPExsUi2FB8QzfBwiLK4ONpQ4svP2+zWzw99ojd 4m9LP4vFsQViDiweCzaVemxa1cnmMe9koMfnTXIBLFGGNmn5ReWJRSkKRckFJbZKxRmJKfnl 8ZbGRqYOiQUFOal6yfm5Svp2NimpOZllqUX6dgmGGcd3HmUraJGp+PgrvIFxtmgXIweHhICJ xN/DZV2MXBxCAocYJQ4ff8IGEmcWkJc4eF4WIt7IJLF+4RvGLkZODmEBSYnuO3eYQWw2AS2J t7fbWUFsEQEpiY87trOD2MwCzYwSO+eIQNRHSHTt7mEDsVkEVCVO7lvABGLzCphJbLy0hwXE lgDatfj7TrYJjDyzEFYvYGRcxShQlJqTWGmhB/fSJkZwkBWm7WBsWm51iFGAg1GJh3fGVfMo IdbEsuLKXKAfOJiVRHj9zgKFeFMSK6tSi/Lji0pzUosPMfoA3TCRWUo0OR8YAXkl8YbGFsaW JhYGBiaWZiY4hJXEeT1WAc0SSE8sSc1OTS1ILYIZx8TBKdXA2BR+Yr6wwP+/ORE+Tlu+t0zQ MFj1Sni3td9Die8Xt2zJq5ygXK2eoptmZ+gh9VSjdkr+Mv+Nme7i4sV7C65JlAc51cR//6Kl 5PBtH/t3rTVX1mTNLT1XGRaQde12TMDrjVy83lodv43fbePqurI1df9y7wsX6z2eCFw0X8A5 e/f/FjeTiE0MSizAyDfUYi4qTgQAAiWpJl8CAAA= Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This patchset introduces a generic framework for handling TCP-options. TCP-options like TCP_MD5 and SMC are rather rare use-cases, but their implementation is rather intrusive to the TCP-stack. Other, more recent TCP extensions like TCP-crypt, MPTCP or TCP-AO would make this situation even worse. This new framework allows to add these TCP-options in a modular way. Writing, reading and acting upon these options is done through callbacks that get registered to a TCP-socket. A TCP-socket has a list of "extra" TCP-options that it will use. We make TCP-SMC and TCP-MD5SIG adopt this new framework. As can be seen, there is now no more TCP-SMC code in the TCP-files and the TCP-MD5 code has been reduced to a bare minimum. This patchset is admittedly rather big, but we wanted to show where the framework will lead to and what it enables. Suggestions as to how to better structure the patchset is appreciated. One point of discussion might be whether or not we should use static-keys before accessing the tcp_option_list to avoid branching and the additional access to the tcp_sock, request-sock, time-wait-sock structure. The way static keys could be used is that they get incremented each time a socket starts using one of the new TCP-options and decremented when the socket eventually gets destroyed. A caveat of this design would be that if a host keeps on creating/closing these sockets in a sequence, each time we go into the slow path of the static keys occuring potentially a big overhead to update all the jump-labels. For now we opted for a simple if (unlikely(!hlist_empty(...)) check. Feedback is very welcome! Thanks, Mat & Christoph Christoph Paasch (13): tcp: Write options after the header has been fully done tcp: Pass sock and skb to tcp_options_write tcp: Allow tcp_fast_parse_options to drop segments tcp_smc: Make smc_parse_options return 1 on success tcp_smc: Make SMC use TCP extra-option framework tcp_md5: Don't pass along md5-key tcp_md5: Detect key inside tcp_v4_send_ack instead of passing it as an argument tcp_md5: Detect key inside tcp_v6_send_response instead of passing it as an argument tcp_md5: Check for TCP_MD5 after TCP Timestamps in tcp_established_options tcp_md5: Move TCP-MD5 code out of TCP itself tcp_md5: Use tcp_extra_options in output path tcp_md5: Cleanup TCP-code tcp_md5: Use TCP extra-options on the input path Mat Martineau (1): tcp: Register handlers for extra TCP options drivers/infiniband/hw/cxgb4/cm.c | 2 +- include/linux/inet_diag.h | 1 + include/linux/tcp.h | 43 +- include/linux/tcp_md5.h | 39 ++ include/net/inet_sock.h | 3 +- include/net/tcp.h | 213 +++--- net/ipv4/Makefile | 1 + net/ipv4/syncookies.c | 6 +- net/ipv4/tcp.c | 391 ++++++++--- net/ipv4/tcp_diag.c | 81 +-- net/ipv4/tcp_input.c | 137 ++-- net/ipv4/tcp_ipv4.c | 556 ++-------------- net/ipv4/tcp_md5.c | 1359 ++++++++++++++++++++++++++++++++++++++ net/ipv4/tcp_minisocks.c | 77 +-- net/ipv4/tcp_output.c | 182 +---- net/ipv6/syncookies.c | 6 +- net/ipv6/tcp_ipv6.c | 390 ++--------- net/smc/af_smc.c | 190 +++++- 18 files changed, 2227 insertions(+), 1450 deletions(-) create mode 100644 include/linux/tcp_md5.h create mode 100644 net/ipv4/tcp_md5.c