From patchwork Thu Feb 1 00:07:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Paasch X-Patchwork-Id: 868110 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=apple.com header.i=@apple.com header.b="We1+aaRr"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3zX15z6GS4z9ryk for ; Thu, 1 Feb 2018 11:22:31 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755843AbeBAAW0 (ORCPT ); Wed, 31 Jan 2018 19:22:26 -0500 Received: from mail-out24.apple.com ([17.171.2.34]:44513 "EHLO mail-in24.apple.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753461AbeBAAWY (ORCPT ); Wed, 31 Jan 2018 19:22:24 -0500 X-Greylist: delayed 901 seconds by postgrey-1.27 at vger.kernel.org; Wed, 31 Jan 2018 19:22:24 EST DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1517443643; x=2381357243; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-Version:Content-Type: Content-transfer-encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=lGyPkW31ncMxzkmliAw02BSW66h7sPFihYhCrHlOAWU=; b=We1+aaRrgt2fwKSrVHpNr1B8UrqGI0UK0KC6vyazFGHq5b5iiRh/8F1bsabbnonP J6IKlD5RlNvYUpsCefpRZvkjVvK+GkayktG4iqbapmH3KfnlwB9H2wOFngCPkhD3 /WNx6hpSSj6Fk8JFf7tBMadMxXuo9YOyl+c+vSalTFxcqUzycVD642o3o2dUM9qq uc+Cre39AysUsz80FwtvU3odVMvn728zygsHTrG3TiApOqF8onBpKa4tFruA71BK r02rpvd2bm208uOLDvDkR6mNQU1GXwPKBd9YjI/94o6KDSvJ+ozhXW9pa2p0tKx6 An58qhDTEJHessNxtrUaxA==; Received: from relay6.apple.com (relay6.apple.com [17.128.113.90]) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail-in24.apple.com (Apple Secure Mail Relay) with SMTP id 87.38.10828.A3A527A5; Wed, 31 Jan 2018 16:07:23 -0800 (PST) X-AuditID: 11ab0218-260a89e000002a4c-62-5a725a3ab466 Received: from nwk-mmpp-sz13.apple.com (nwk-mmpp-sz13.apple.com [17.128.115.216]) by relay6.apple.com (Apple SCV relay) with SMTP id 85.83.05652.A3A527A5; Wed, 31 Jan 2018 16:07:22 -0800 (PST) Content-transfer-encoding: 7BIT Received: from localhost ([17.226.23.225]) by nwk-mmpp-sz13.apple.com (Oracle Communications Messaging Server 8.0.2.1.20180104 64bit (built Jan 4 2018)) with ESMTPSA id <0P3G00BHW30AWZC0@nwk-mmpp-sz13.apple.com>; Wed, 31 Jan 2018 16:07:22 -0800 (PST) From: Christoph Paasch To: netdev@vger.kernel.org Cc: Eric Dumazet , Mat Martineau Subject: [RFC v2 00/14] Generic TCP-option framework and adoption for TCP-SMC and TCP-MD5 Date: Wed, 31 Jan 2018 16:07:02 -0800 Message-id: <20180201000716.69301-1-cpaasch@apple.com> X-Mailer: git-send-email 2.16.1 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrBJMWRmVeSWpSXmKPExsUi2FAYpWsdVRRl0BZn8fTYI3aLvy39LBbH Fog5MHss2FTqMe9koMfnTXIBzFFcNimpOZllqUX6dglcGXPeBhQskKmYMfsiWwPjdNEuRk4O CQETieWfzjN1MXJxCAmsYZJo6n/HBpOYvH8rM0TiEKPEqbfNQFUcHMwC8hIHz8tCxBuZJO7f uc0E0iAsICnRfecOM4jNJqAl8fZ2OyuILSIgJfFxx3Z2EJtZIEbi5exvUPXREgs2fwSLswio Sizd0Q9m8wqYSTz6/p4R4gh5icNvmlhBlkkIzGGTOPPqJdsERv5ZCHcsYGRcxSicm5iZo5uZ Z2Sil1hQkJOql5yfu4kRFFSrmSR2MH55bXiIUYCDUYmHd8KFwigh1sSy4srcQ4zSHCxK4ryR yllRQgLpiSWp2ampBalF8UWlOanFhxiZODilGhj7Vr9j+92W9Wwp68S3LAoHFblsrrb9Obks Loqbe2uk5I8mtvkG9yYHWp28fPSW9WnjnyZqjw41qKxIvuzcvIN95/ut05KWJf+uXyj6/tTM H/KPD62NmsSj9uBnkWrM/S9O9y4sKVC4dnJxxfW4rNsuPrYT34QIvPkX8iTCN/XRyR6N2/0T pltoK7EUZyQaajEXFScCANQsJMYLAgAA X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrMLMWRmVeSWpSXmKPExsUi2FB8Q9cqqijKYNZGNYunxx6xW/xt6Wex OLZAzIHZY8GmUo95JwM9Pm+SC2COMrRJyy8qTyxKUShKLiixVSrOSEzJL4+3NDYydUgsKMhJ 1UvOz1XSt7NJSc3JLEst0rdLMMyY8zagYIFMxYzZF9kaGKeLdjFyckgImEhM3r+VuYuRi0NI 4BCjxKm3zUxdjBwczALyEgfPy0LEG5kk7t+5zQTSICwgKdF95w4ziM0moCXx9nY7K4gtIiAl 8XHHdnYQm1kgRuLl7G9Q9dESCzZ/BIuzCKhKLN3RD2bzCphJPPr+nhHiCHmJw2+aWCcw8sxC WL2AkXEVo0BRak5ipZke3E+bGMEhVRi1g7FhudUhRgEORiUe3heXCqOEWBPLiitzgX7gYFYS 4d0oUhQlxJuSWFmVWpQfX1Sak1p8iNEH6IaJzFKiyfnAcM8riTc0tjC2NLEwMDCxNDPBIawk zntYCWiWQHpiSWp2ampBahHMOCYOTqkGxjLVhPkMjNuPtjqXln0Lqr2dvMbwGtfM0M5wjks3 IxlWRtvNWTtz7cYJB/OKI+Z19bH6f2fcNSk5b6eXbtCci4XVdw/qzeg0iMjX/twXJCX6b172 1o6Ffy/fS/9ZJn32+lzXD78LlR31F8d4zl+cdehr/bLJS/Zt/znnMG+g5zLmr38NH3yr/anE Aox9Qy3mouJEAIiU2rFWAgAA Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Resubmit as v2 RFC to get some feedback before net-next opens up again. Only minor changes (see below). This patchset introduces a generic framework for handling TCP-options. TCP-options like TCP_MD5 and SMC are rather rare use-cases, but their implementation is rather intrusive to the TCP-stack. Other, more recent TCP extensions like TCP-crypt, MPTCP or TCP-AO would make this situation even worse. This new framework allows to add these TCP-options in a modular way. Writing, reading and acting upon these options is done through callbacks that get registered to a TCP-socket. A TCP-socket has a list of "extra" TCP-options that it will use. We make TCP-SMC and TCP-MD5SIG adopt this new framework. As can be seen, there is now no more TCP-SMC code in the TCP-files and the TCP-MD5 code has been reduced to a bare minimum. This patchset is admittedly rather big, but we wanted to show where the framework will lead to and what it enables. Suggestions as to how to better structure the patchset is appreciated. There is still work to be done to more efficiently check for extra TCP options in performance-sensitive code paths. A rate-limited static key would nearly eliminate overhead if no extra TCP options are in use system-wide, or a flag in a likely-hot cache line could work well. For now we opted for a simple if (unlikely(!hlist_empty(...)) check. Feedback is very welcome! Thanks, Mat & Christoph Changelog: === v1 -> v2: * Some minor fixes thanks to the buildbot when certain configs are disabled (Patch 5 and 12) * Add spdx-header in the new files (Patch 11) * Added Ivan Delande to the CC-list as he did some TCP-MD5 changes in the past. Christoph Paasch (13): tcp: Write options after the header has been fully done tcp: Pass sock and skb to tcp_options_write tcp: Allow tcp_fast_parse_options to drop segments tcp_smc: Make smc_parse_options return 1 on success tcp_smc: Make SMC use TCP extra-option framework tcp_md5: Don't pass along md5-key tcp_md5: Detect key inside tcp_v4_send_ack instead of passing it as an argument tcp_md5: Detect key inside tcp_v6_send_response instead of passing it as an argument tcp_md5: Check for TCP_MD5 after TCP Timestamps in tcp_established_options tcp_md5: Move TCP-MD5 code out of TCP itself tcp_md5: Use tcp_extra_options in output path tcp_md5: Cleanup TCP-code tcp_md5: Use TCP extra-options on the input path Mat Martineau (1): tcp: Register handlers for extra TCP options drivers/infiniband/hw/cxgb4/cm.c | 2 +- include/linux/inet_diag.h | 1 + include/linux/tcp.h | 43 +- include/linux/tcp_md5.h | 40 ++ include/net/inet_sock.h | 3 +- include/net/tcp.h | 213 +++--- net/ipv4/Makefile | 1 + net/ipv4/syncookies.c | 6 +- net/ipv4/tcp.c | 391 ++++++++--- net/ipv4/tcp_diag.c | 81 +-- net/ipv4/tcp_input.c | 137 ++-- net/ipv4/tcp_ipv4.c | 556 ++-------------- net/ipv4/tcp_md5.c | 1359 ++++++++++++++++++++++++++++++++++++++ net/ipv4/tcp_minisocks.c | 75 +-- net/ipv4/tcp_output.c | 182 +---- net/ipv6/syncookies.c | 6 +- net/ipv6/tcp_ipv6.c | 390 ++--------- net/smc/af_smc.c | 190 +++++- 18 files changed, 2228 insertions(+), 1448 deletions(-) create mode 100644 include/linux/tcp_md5.h create mode 100644 net/ipv4/tcp_md5.c