From patchwork Mon Dec 18 21:51:02 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Paasch X-Patchwork-Id: 850422 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=apple.com header.i=@apple.com header.b="lyMj4Gds"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3z0vrH09qDz9s7v for ; Tue, 19 Dec 2017 08:51:43 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S937544AbdLRVvk (ORCPT ); Mon, 18 Dec 2017 16:51:40 -0500 Received: from mail-out2.apple.com ([17.151.62.25]:53894 "EHLO mail-in2.apple.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S935637AbdLRVvf (ORCPT ); Mon, 18 Dec 2017 16:51:35 -0500 DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1513633895; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-Version:Content-Type: Content-transfer-encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=YlqlFzMELmpKfItrd7vndKjdOLokdH5nbOSjQTavg9E=; b=lyMj4GdsRlmL1dlkWGeifni75QLWny7xezzo23J49fLt5n44oH/27lfj82nCtMyl BX39Od6YOlKuq8H/tlCJwAd0RIhO5oQ5x5Sa8SVkfBo45/hOnpE2RtM6i6O6GFVY iTt8TcOTSKpQsXBd2QmCgkaWqkCX+tAe7xQjyRgdrgynTm62FRs8BGL+VmnI4u2X XSJByI2jxDZMyBAp/oVTJf+/X30LCPcgHdotfO8LQ6wmAQXCy4KgAz3G4d6eXqfP CL+I/ANNw3zLLH6j6Oa5YYbifueesEGx+N4M3XY6uLTNOfGANZNQ2VRAu88hHi1o zQw7Vcsxn6EMVq6yn4UgpQ==; Received: from relay8.apple.com (relay8.apple.com [17.128.113.102]) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail-in2.apple.com (Apple Secure Mail Relay) with SMTP id 99.62.22347.768383A5; Mon, 18 Dec 2017 13:51:35 -0800 (PST) X-AuditID: 11973e11-163b19c00000574b-e0-5a38386794cd Received: from nwk-mmpp-sz13.apple.com (nwk-mmpp-sz13.apple.com [17.128.115.216]) by relay8.apple.com (Apple SCV relay) with SMTP id A7.0F.22651.768383A5; Mon, 18 Dec 2017 13:51:35 -0800 (PST) Content-transfer-encoding: 7BIT Received: from localhost ([17.226.23.135]) by nwk-mmpp-sz13.apple.com (Oracle Communications Messaging Server 8.0.2.1.20171204 64bit (built Dec 4 2017)) with ESMTPSA id <0P1600LC9FDZYT00@nwk-mmpp-sz13.apple.com>; Mon, 18 Dec 2017 13:51:35 -0800 (PST) From: Christoph Paasch To: netdev@vger.kernel.org Cc: Eric Dumazet , Mat Martineau , Alexei Starovoitov Subject: [RFC 07/14] tcp_md5: Don't pass along md5-key Date: Mon, 18 Dec 2017 13:51:02 -0800 Message-id: <20171218215109.38700-8-cpaasch@apple.com> X-Mailer: git-send-email 2.15.0 In-reply-to: <20171218215109.38700-1-cpaasch@apple.com> References: <20171218215109.38700-1-cpaasch@apple.com> X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprFLMWRmVeSWpSXmKPExsUi2FCYpptuYRFlsOqLusWXn7fZLZ4ee8Ru 8beln8Xi2AIxBxaPBZtKPTat6mTzmHcy0OPzJrkAligum5TUnMyy1CJ9uwSujHmfLrIV/Dev +P8mo4Fxqm4XIyeHhICJxPUHr9m6GLk4hATWMEl0/D7HDpP4vvMBVOIQo8SEz1OAHA4OZgF5 iYPnZSHijUwS+yccZQVpEBaQlOi+c4cZxGYT0JJ4e7sdLC4iICXxccd2sKHMAs2MEjvniEDU m0m8nP8DrJ5FQFVi6acWFhCbFyje2LMV6gh5icXfd7KB2JwC5hI9Xx+BxYWAas7/fMkEcoSE wAE2iUM/7jFPYBSchXDfAkbGVYxCuYmZObqZeUZ6iQUFOal6yfm5mxhBgTndTnAH4/FVVocY BTgYlXh4Z1w1jxJiTSwrrsw9xCjNwaIkznux2iRKSCA9sSQ1OzW1ILUovqg0J7X4ECMTB6dU A6MHl4OicKMN0/GrG6q/VrDX/85aUtbsOveeRfmHb0qvPuyfd2ypz/G9qZMObWj1FFpZ5/Az m7+CyeDuDqdj9rP3/lDp2/njyAuPnfn1jS3fGcrTL7988iM801XoLcOGQ7asIh0Hj2jcDklV tvm/rsiIy0155k+mVSvVplxYGJiSV/3c/hsD9w0lluKMREMt5qLiRABDXXqPLQIAAA== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrKLMWRmVeSWpSXmKPExsUi2FB8QzfdwiLK4MIKVYsvP2+zWzw99ojd 4m9LP4vFsQViDiweCzaVemxa1cnmMe9koMfnTXIBLFGGNmn5ReWJRSkKRckFJbZKxRmJKfnl 8ZbGRqYOiQUFOal6yfm5Svp2NimpOZllqUX6dgmGGfM+XWQr+G9e8f9NRgPjVN0uRk4OCQET ie87H7B1MXJxCAkcYpSY8HkKkMPBwSwgL3HwvCxEvJFJYv+Eo6wgDcICkhLdd+4wg9hsAloS b2+3g8VFBKQkPu7Yzg5iMws0M0rsnCMCUW8m8XL+D7B6FgFViaWfWlhAbF6geGPPVnaII+Ql Fn/fyQZicwqYS/R8fQQWFwKqOf/zJdMERr5ZCCctYGRcxShQlJqTWGmhB/frJkZwWBam7WBs Wm51iFGAg1GJh3fGVfMoIdbEsuLKXKDfOJiVRHj9zgKFeFMSK6tSi/Lji0pzUosPMfoA3TaR WUo0OR8YM3kl8YbGFsaWJhYGBiaWZiY4hJXEeT1WAc0SSE8sSc1OTS1ILYIZx8TBKdXAGJge VPNzOaugYAfrr9RP/G27TnhwXpF7JXr46O09HlNfPtNPeGLkrNO6+Har2GRnhkTxoA8e6ytY 7T3ljfXy9pz4U7k15bVQ/ZRXXBNz2YSv67ZEOX0I4zqdref7XTnysv6cVbMC7l89pCzrcPNN sMIb8ctZ2h1qHy98OvvSKivNLnr1pCvXlFiAqcJQi7moOBEAeei0zHgCAAA= Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org It is much cleaner to store the key-pointer in tcp_out_options. It allows to remove some MD5-specific code out of the function-arguments and paves the way to adopting the TCP-option framework with TCP-MD5. Signed-off-by: Christoph Paasch Reviewed-by: Mat Martineau --- include/linux/tcp.h | 1 + net/ipv4/tcp_output.c | 46 +++++++++++++++++++--------------------------- 2 files changed, 20 insertions(+), 27 deletions(-) diff --git a/include/linux/tcp.h b/include/linux/tcp.h index 231b352f587f..b0b38f7100a4 100644 --- a/include/linux/tcp.h +++ b/include/linux/tcp.h @@ -131,6 +131,7 @@ struct tcp_out_options { __u8 *hash_location; /* temporary pointer, overloaded */ __u32 tsval, tsecr; /* need to include OPTION_TS */ struct tcp_fastopen_cookie *fastopen_cookie; /* Fast open cookie */ + struct tcp_md5sig_key *md5; /* TCP_MD5 signature key */ }; /* This is the max number of SACKS that we'll generate and process. It's safe diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index baf1c913ca7f..43849ed73b03 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -520,21 +520,18 @@ static void tcp_options_write(__be32 *ptr, struct sk_buff *skb, struct sock *sk, * network wire format yet. */ static unsigned int tcp_syn_options(struct sock *sk, struct sk_buff *skb, - struct tcp_out_options *opts, - struct tcp_md5sig_key **md5) + struct tcp_out_options *opts) { struct tcp_sock *tp = tcp_sk(sk); unsigned int remaining = MAX_TCP_OPTION_SPACE; struct tcp_fastopen_request *fastopen = tp->fastopen_req; #ifdef CONFIG_TCP_MD5SIG - *md5 = tp->af_specific->md5_lookup(sk, sk); - if (*md5) { + opts->md5 = tp->af_specific->md5_lookup(sk, sk); + if (opts->md5) { opts->options |= OPTION_MD5; remaining -= TCPOLEN_MD5SIG_ALIGNED; } -#else - *md5 = NULL; #endif /* We always get an MSS option. The option bytes which will be seen in @@ -549,7 +546,7 @@ static unsigned int tcp_syn_options(struct sock *sk, struct sk_buff *skb, opts->mss = tcp_advertise_mss(sk); remaining -= TCPOLEN_MSS_ALIGNED; - if (likely(sock_net(sk)->ipv4.sysctl_tcp_timestamps && !*md5)) { + if (likely(sock_net(sk)->ipv4.sysctl_tcp_timestamps && !opts->md5)) { opts->options |= OPTION_TS; opts->tsval = tcp_skb_timestamp(skb) + tp->tsoffset; opts->tsecr = tp->rx_opt.ts_recent; @@ -593,14 +590,13 @@ static unsigned int tcp_synack_options(const struct sock *sk, struct request_sock *req, unsigned int mss, struct sk_buff *skb, struct tcp_out_options *opts, - const struct tcp_md5sig_key *md5, struct tcp_fastopen_cookie *foc) { struct inet_request_sock *ireq = inet_rsk(req); unsigned int remaining = MAX_TCP_OPTION_SPACE; #ifdef CONFIG_TCP_MD5SIG - if (md5) { + if (opts->md5) { opts->options |= OPTION_MD5; remaining -= TCPOLEN_MD5SIG_ALIGNED; @@ -658,8 +654,7 @@ static unsigned int tcp_synack_options(const struct sock *sk, * final wire format yet. */ static unsigned int tcp_established_options(struct sock *sk, struct sk_buff *skb, - struct tcp_out_options *opts, - struct tcp_md5sig_key **md5) + struct tcp_out_options *opts) { struct tcp_sock *tp = tcp_sk(sk); unsigned int size = 0; @@ -668,13 +663,13 @@ static unsigned int tcp_established_options(struct sock *sk, struct sk_buff *skb opts->options = 0; #ifdef CONFIG_TCP_MD5SIG - *md5 = tp->af_specific->md5_lookup(sk, sk); - if (unlikely(*md5)) { + opts->md5 = tp->af_specific->md5_lookup(sk, sk); + if (unlikely(opts->md5)) { opts->options |= OPTION_MD5; size += TCPOLEN_MD5SIG_ALIGNED; } #else - *md5 = NULL; + opts->md5 = NULL; #endif if (likely(tp->rx_opt.tstamp_ok)) { @@ -992,7 +987,6 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it, struct tcp_out_options opts; unsigned int tcp_options_size, tcp_header_size; struct sk_buff *oskb = NULL; - struct tcp_md5sig_key *md5; struct tcphdr *th; int err; @@ -1021,10 +1015,9 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it, memset(&opts, 0, sizeof(opts)); if (unlikely(tcb->tcp_flags & TCPHDR_SYN)) - tcp_options_size = tcp_syn_options(sk, skb, &opts, &md5); + tcp_options_size = tcp_syn_options(sk, skb, &opts); else - tcp_options_size = tcp_established_options(sk, skb, &opts, - &md5); + tcp_options_size = tcp_established_options(sk, skb, &opts); tcp_header_size = tcp_options_size + sizeof(struct tcphdr); /* if no packet is in qdisc/device queue, then allow XPS to select @@ -1090,10 +1083,10 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it, tcp_options_write((__be32 *)(th + 1), skb, sk, &opts); #ifdef CONFIG_TCP_MD5SIG /* Calculate the MD5 hash, as we have all we need now */ - if (md5) { + if (opts.md5) { sk_nocaps_add(sk, NETIF_F_GSO_MASK); tp->af_specific->calc_md5_hash(opts.hash_location, - md5, sk, skb); + opts.md5, sk, skb); } #endif @@ -1537,7 +1530,6 @@ unsigned int tcp_current_mss(struct sock *sk) u32 mss_now; unsigned int header_len; struct tcp_out_options opts; - struct tcp_md5sig_key *md5; mss_now = tp->mss_cache; @@ -1547,7 +1539,7 @@ unsigned int tcp_current_mss(struct sock *sk) mss_now = tcp_sync_mss(sk, mtu); } - header_len = tcp_established_options(sk, NULL, &opts, &md5) + + header_len = tcp_established_options(sk, NULL, &opts) + sizeof(struct tcphdr); /* The mss_cache is sized based on tp->tcp_header_len, which assumes * some common options. If this is an odd packet (because we have SACK @@ -3123,7 +3115,6 @@ struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst, { struct inet_request_sock *ireq = inet_rsk(req); const struct tcp_sock *tp = tcp_sk(sk); - struct tcp_md5sig_key *md5 = NULL; struct tcp_out_options opts; struct sk_buff *skb; int tcp_header_size; @@ -3169,10 +3160,10 @@ struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst, #ifdef CONFIG_TCP_MD5SIG rcu_read_lock(); - md5 = tcp_rsk(req)->af_specific->req_md5_lookup(sk, req_to_sk(req)); + opts.md5 = tcp_rsk(req)->af_specific->req_md5_lookup(sk, req_to_sk(req)); #endif skb_set_hash(skb, tcp_rsk(req)->txhash, PKT_HASH_TYPE_L4); - tcp_header_size = tcp_synack_options(sk, req, mss, skb, &opts, md5, + tcp_header_size = tcp_synack_options(sk, req, mss, skb, &opts, foc) + sizeof(*th); skb_push(skb, tcp_header_size); @@ -3199,9 +3190,10 @@ struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst, #ifdef CONFIG_TCP_MD5SIG /* Okay, we have all we need - do the md5 hash if needed */ - if (md5) + if (opts.md5) tcp_rsk(req)->af_specific->calc_md5_hash(opts.hash_location, - md5, req_to_sk(req), skb); + opts.md5, + req_to_sk(req), skb); rcu_read_unlock(); #endif