From patchwork Thu Feb 1 00:07:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Paasch X-Patchwork-Id: 868103 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=apple.com header.i=@apple.com header.b="mKYL3JrG"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3zX0n103JLz9s7M for ; Thu, 1 Feb 2018 11:07:49 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754276AbeBAAHg (ORCPT ); Wed, 31 Jan 2018 19:07:36 -0500 Received: from mail-out4.apple.com ([17.151.62.26]:62940 "EHLO mail-in4.apple.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754305AbeBAAHc (ORCPT ); Wed, 31 Jan 2018 19:07:32 -0500 DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1517443651; x=2381357251; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-Version:Content-Type: Content-transfer-encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=jWiu3hPXeK/aEC2160okeAua7NIIvsUe4bR8+zG9SUM=; b=mKYL3JrGQjGSgcEV39VhGCUrA4UW78HeXOPfN5aU7hD5J3leKdLX/aeY5raqMvzB wMzwk9XQnrEXRUNWBweYMvwLlPk2m40gOM6Rwudetb9/ZK3HMCXrxn9w+eCcJLrl yb+rRsJhl3+LAxBAcKKCUfdRtW8UUV/+OGsnZbsydKFyAgWyiZ0eD7ZNjS3VhXqR EFjwQ9y09ep5lJJRaqiDO13jihHv7HwtWJczjS5OZMdoL/9zJSH2nIKbCi3oBIbU pgErIcxDheyL7a+VT8meN+LkRKtoRJQuYfC93ZiON+HKky19z0N7HypyvhZKAZKv o2mX8wUYpqdVsjMH+19sTQ==; Received: from relay3.apple.com (relay3.apple.com [17.128.113.83]) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail-in4.apple.com (Apple Secure Mail Relay) with SMTP id 87.8A.10621.34A527A5; Wed, 31 Jan 2018 16:07:31 -0800 (PST) X-AuditID: 11973e12-c67d59e00000297d-66-5a725a43da2a Received: from nwk-mmpp-sz13.apple.com (nwk-mmpp-sz13.apple.com [17.128.115.216]) by relay3.apple.com (Apple SCV relay) with SMTP id 8E.7C.12852.34A527A5; Wed, 31 Jan 2018 16:07:31 -0800 (PST) Content-transfer-encoding: 7BIT Received: from localhost ([17.226.23.225]) by nwk-mmpp-sz13.apple.com (Oracle Communications Messaging Server 8.0.2.1.20180104 64bit (built Jan 4 2018)) with ESMTPSA id <0P3G006DW30J15B0@nwk-mmpp-sz13.apple.com>; Wed, 31 Jan 2018 16:07:31 -0800 (PST) From: Christoph Paasch To: netdev@vger.kernel.org Cc: Eric Dumazet , Mat Martineau , Ivan Delalande Subject: [RFC v2 07/14] tcp_md5: Don't pass along md5-key Date: Wed, 31 Jan 2018 16:07:09 -0800 Message-id: <20180201000716.69301-8-cpaasch@apple.com> X-Mailer: git-send-email 2.16.1 In-reply-to: <20180201000716.69301-1-cpaasch@apple.com> References: <20180201000716.69301-1-cpaasch@apple.com> X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprNLMWRmVeSWpSXmKPExsUi2FAYrOscVRRlsK9dx2L33XCLp8cesVv8 belnsTi2QMyBxWP39CZGjwWbSj3mnQz0+LxJLoAlissmJTUnsyy1SN8ugStjbsNy5oLlFhWb F+xmbmDcodvFyMkhIWAicWH5BsYuRi4OIYHVTBJffi1jh0k0HuhhgkgcYpT4+28LcxcjBwez gLzEwfOyEPFGJon1E2aBNQgLSEp037nDDGKzCWhJvL3dzgpiiwhISXzcsZ0dpIFZoIlR4tHC cywQDZYSE9dcBWtgEVCVeHisF8zmFTCTWP9iGTPEFfISh980gQ3iFDCXaNg1B2yZEFDN5+uL mUGGSggcYZNY23iKcQKj4CyEAxcwMq5iFMpNzMzRzcwz0UssKMhJ1UvOz93ECArN6XZCOxhP rbI6xCjAwajEwzvhQmGUEGtiWXFl7iFGaQ4WJXFeL9GiKCGB9MSS1OzU1ILUovii0pzU4kOM TBycUg2M8cIvFeo+J7ltmOUU+nK1mN1CK5W/PF67Jj08s/Iw/92FvZWqaz9xP1xd1Sa5h++a e/u3J4pSh2r2qu3Y6LrcJfmivuTP9Hyhm9zrLVotL5xSNTp7W3Vr0sefsl8NeMvybXOPlGS4 amt/f8jZ/HlKrJhW7LrTLku3eSm/YTaYWB364nTe5s2HlFiKMxINtZiLihMBIKhjvi4CAAA= X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrGLMWRmVeSWpSXmKPExsUi2FB8Q9c5qijKYMUBdYvdd8Mtnh57xG7x t6WfxeLYAjEHFo/d05sYPRZsKvWYdzLQ4/MmuQCWKEObtPyi8sSiFIWi5IISW6XijMSU/PJ4 S2MjU4fEgoKcVL3k/FwlfTublNSczLLUIn27BMOMuQ3LmQuWW1RsXrCbuYFxh24XIyeHhICJ ROOBHqYuRi4OIYFDjBJ//21h7mLk4GAWkJc4eF4WIt7IJLF+wix2kAZhAUmJ7jt3mEFsNgEt ibe321lBbBEBKYmPO7azgzQwCzQxSjxaeI4FosFSYuKaq2ANLAKqEg+P9YLZvAJmEutfLGOG uEJe4vCbJrBBnALmEg275oAtEwKq+Xx9MfMERr5ZCDctYGRcxShQlJqTWGmsB/ftJkZwYBYG 72D8s8zqEKMAB6MSD++EC4VRQqyJZcWVuUDPcTArifBuFCmKEuJNSaysSi3Kjy8qzUktPsTo A3TbRGYp0eR8YNTklcQbGlsYW5pYGBiYWJqZ4BBWEuc9ogQ0SyA9sSQ1OzW1ILUIZhwTB6dU A6PaopTmqKv8qd0H+C4pHChiipBq3R8i9usJZ97cWFaDH2lL99qZhkfEnQ69+o7jUULlxWTW N14sqwwdf6/YYtq2lCVP/lmroq/tAi6vFrdnuTkV7pN/LOpJ7FIqPupUyrC5T7KvMZL7WJC+ gpnhlOuRBk8fTt51a6VDX1kAU1CeFfOTqz+dlViA6cJQi7moOBEAEqOy/XkCAAA= Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org It is much cleaner to store the key-pointer in tcp_out_options. It allows to remove some MD5-specific code out of the function-arguments and paves the way to adopting the TCP-option framework with TCP-MD5. Cc: Ivan Delalande Signed-off-by: Christoph Paasch Reviewed-by: Mat Martineau --- include/linux/tcp.h | 1 + net/ipv4/tcp_output.c | 46 +++++++++++++++++++--------------------------- 2 files changed, 20 insertions(+), 27 deletions(-) diff --git a/include/linux/tcp.h b/include/linux/tcp.h index 0958b3760cfc..ef0279194ef9 100644 --- a/include/linux/tcp.h +++ b/include/linux/tcp.h @@ -131,6 +131,7 @@ struct tcp_out_options { __u8 *hash_location; /* temporary pointer, overloaded */ __u32 tsval, tsecr; /* need to include OPTION_TS */ struct tcp_fastopen_cookie *fastopen_cookie; /* Fast open cookie */ + struct tcp_md5sig_key *md5; /* TCP_MD5 signature key */ }; /* This is the max number of SACKS that we'll generate and process. It's safe diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 549e33a30b41..facbdf4fe9be 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -520,21 +520,18 @@ static void tcp_options_write(__be32 *ptr, struct sk_buff *skb, struct sock *sk, * network wire format yet. */ static unsigned int tcp_syn_options(struct sock *sk, struct sk_buff *skb, - struct tcp_out_options *opts, - struct tcp_md5sig_key **md5) + struct tcp_out_options *opts) { struct tcp_sock *tp = tcp_sk(sk); unsigned int remaining = MAX_TCP_OPTION_SPACE; struct tcp_fastopen_request *fastopen = tp->fastopen_req; #ifdef CONFIG_TCP_MD5SIG - *md5 = tp->af_specific->md5_lookup(sk, sk); - if (*md5) { + opts->md5 = tp->af_specific->md5_lookup(sk, sk); + if (opts->md5) { opts->options |= OPTION_MD5; remaining -= TCPOLEN_MD5SIG_ALIGNED; } -#else - *md5 = NULL; #endif /* We always get an MSS option. The option bytes which will be seen in @@ -549,7 +546,7 @@ static unsigned int tcp_syn_options(struct sock *sk, struct sk_buff *skb, opts->mss = tcp_advertise_mss(sk); remaining -= TCPOLEN_MSS_ALIGNED; - if (likely(sock_net(sk)->ipv4.sysctl_tcp_timestamps && !*md5)) { + if (likely(sock_net(sk)->ipv4.sysctl_tcp_timestamps && !opts->md5)) { opts->options |= OPTION_TS; opts->tsval = tcp_skb_timestamp(skb) + tp->tsoffset; opts->tsecr = tp->rx_opt.ts_recent; @@ -593,14 +590,13 @@ static unsigned int tcp_synack_options(const struct sock *sk, struct request_sock *req, unsigned int mss, struct sk_buff *skb, struct tcp_out_options *opts, - const struct tcp_md5sig_key *md5, struct tcp_fastopen_cookie *foc) { struct inet_request_sock *ireq = inet_rsk(req); unsigned int remaining = MAX_TCP_OPTION_SPACE; #ifdef CONFIG_TCP_MD5SIG - if (md5) { + if (opts->md5) { opts->options |= OPTION_MD5; remaining -= TCPOLEN_MD5SIG_ALIGNED; @@ -658,8 +654,7 @@ static unsigned int tcp_synack_options(const struct sock *sk, * final wire format yet. */ static unsigned int tcp_established_options(struct sock *sk, struct sk_buff *skb, - struct tcp_out_options *opts, - struct tcp_md5sig_key **md5) + struct tcp_out_options *opts) { struct tcp_sock *tp = tcp_sk(sk); unsigned int size = 0; @@ -668,13 +663,13 @@ static unsigned int tcp_established_options(struct sock *sk, struct sk_buff *skb opts->options = 0; #ifdef CONFIG_TCP_MD5SIG - *md5 = tp->af_specific->md5_lookup(sk, sk); - if (unlikely(*md5)) { + opts->md5 = tp->af_specific->md5_lookup(sk, sk); + if (unlikely(opts->md5)) { opts->options |= OPTION_MD5; size += TCPOLEN_MD5SIG_ALIGNED; } #else - *md5 = NULL; + opts->md5 = NULL; #endif if (likely(tp->rx_opt.tstamp_ok)) { @@ -992,7 +987,6 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it, struct tcp_out_options opts; unsigned int tcp_options_size, tcp_header_size; struct sk_buff *oskb = NULL; - struct tcp_md5sig_key *md5; struct tcphdr *th; int err; @@ -1021,10 +1015,9 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it, memset(&opts, 0, sizeof(opts)); if (unlikely(tcb->tcp_flags & TCPHDR_SYN)) - tcp_options_size = tcp_syn_options(sk, skb, &opts, &md5); + tcp_options_size = tcp_syn_options(sk, skb, &opts); else - tcp_options_size = tcp_established_options(sk, skb, &opts, - &md5); + tcp_options_size = tcp_established_options(sk, skb, &opts); tcp_header_size = tcp_options_size + sizeof(struct tcphdr); /* if no packet is in qdisc/device queue, then allow XPS to select @@ -1090,10 +1083,10 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it, tcp_options_write((__be32 *)(th + 1), skb, sk, &opts); #ifdef CONFIG_TCP_MD5SIG /* Calculate the MD5 hash, as we have all we need now */ - if (md5) { + if (opts.md5) { sk_nocaps_add(sk, NETIF_F_GSO_MASK); tp->af_specific->calc_md5_hash(opts.hash_location, - md5, sk, skb); + opts.md5, sk, skb); } #endif @@ -1537,7 +1530,6 @@ unsigned int tcp_current_mss(struct sock *sk) u32 mss_now; unsigned int header_len; struct tcp_out_options opts; - struct tcp_md5sig_key *md5; mss_now = tp->mss_cache; @@ -1547,7 +1539,7 @@ unsigned int tcp_current_mss(struct sock *sk) mss_now = tcp_sync_mss(sk, mtu); } - header_len = tcp_established_options(sk, NULL, &opts, &md5) + + header_len = tcp_established_options(sk, NULL, &opts) + sizeof(struct tcphdr); /* The mss_cache is sized based on tp->tcp_header_len, which assumes * some common options. If this is an odd packet (because we have SACK @@ -3128,7 +3120,6 @@ struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst, { struct inet_request_sock *ireq = inet_rsk(req); const struct tcp_sock *tp = tcp_sk(sk); - struct tcp_md5sig_key *md5 = NULL; struct tcp_out_options opts; struct sk_buff *skb; int tcp_header_size; @@ -3174,10 +3165,10 @@ struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst, #ifdef CONFIG_TCP_MD5SIG rcu_read_lock(); - md5 = tcp_rsk(req)->af_specific->req_md5_lookup(sk, req_to_sk(req)); + opts.md5 = tcp_rsk(req)->af_specific->req_md5_lookup(sk, req_to_sk(req)); #endif skb_set_hash(skb, tcp_rsk(req)->txhash, PKT_HASH_TYPE_L4); - tcp_header_size = tcp_synack_options(sk, req, mss, skb, &opts, md5, + tcp_header_size = tcp_synack_options(sk, req, mss, skb, &opts, foc) + sizeof(*th); skb_push(skb, tcp_header_size); @@ -3204,9 +3195,10 @@ struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst, #ifdef CONFIG_TCP_MD5SIG /* Okay, we have all we need - do the md5 hash if needed */ - if (md5) + if (opts.md5) tcp_rsk(req)->af_specific->calc_md5_hash(opts.hash_location, - md5, req_to_sk(req), skb); + opts.md5, + req_to_sk(req), skb); rcu_read_unlock(); #endif