From patchwork Fri Dec 14 22:40:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Paasch X-Patchwork-Id: 1013752 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=apple.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=apple.com header.i=@apple.com header.b="mpMaxkJa"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 43GlrC5NQpz9s47 for ; Sat, 15 Dec 2018 09:40:43 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730521AbeLNWkm (ORCPT ); Fri, 14 Dec 2018 17:40:42 -0500 Received: from nwk-aaemail-lapp02.apple.com ([17.151.62.67]:49968 "EHLO nwk-aaemail-lapp02.apple.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730290AbeLNWkl (ORCPT ); Fri, 14 Dec 2018 17:40:41 -0500 Received: from pps.filterd (nwk-aaemail-lapp02.apple.com [127.0.0.1]) by nwk-aaemail-lapp02.apple.com (8.16.0.22/8.16.0.22) with SMTP id wBEMVwMQ033711; Fri, 14 Dec 2018 14:40:37 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=content-transfer-encoding : sender : from : to : cc : subject : date : message-id : in-reply-to : references; s=20180706; bh=6X2F39nqN0PbDSZIW3nyX0dhUBwAtf/7Vwh99bA6hWY=; b=mpMaxkJasxAXyqmuyL4kiwdSM5H9e+sqd+y+VfNk9MkH5KZX22U83Hh/3WK+Qpz7QcHH pOfWgDZN/p6ytmtPbilZrlcFHdlL/UpnjN8rSyC6TCSAtjCyjVFEftftZaFPT9Jrz8zF PgAx6Ntkdx5zjr/hUEMXrOnrcz9uuzyZz2vxvcaU6ohb96n9S0wHlNHsxq5264hlmOK0 B7FH7LpS9jGRqOsl16DEPWgwFWIXruTl8C13wKILNrls6GtXe16vHBKtuYxEg7T95pnq Pn55OyWm5kCe+XfkPla0f71s7adGXPq2n8C1C6Q/JktJ3vNfmlQsWuoEy2jvt54VAWbf Sg== Received: from ma1-mtap-s03.corp.apple.com (ma1-mtap-s03.corp.apple.com [17.40.76.7]) by nwk-aaemail-lapp02.apple.com with ESMTP id 2p8bdughae-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 14 Dec 2018 14:40:37 -0800 Content-transfer-encoding: 7BIT Received: from nwk-mmpp-sz09.apple.com (nwk-mmpp-sz09.apple.com [17.128.115.80]) by ma1-mtap-s03.corp.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) with ESMTPS id <0PJR0038Q0BMQOE0@ma1-mtap-s03.corp.apple.com>; Fri, 14 Dec 2018 14:40:37 -0800 (PST) Received: from process_viserion-daemon.nwk-mmpp-sz09.apple.com by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) id <0PJQ00B00Z1EGV00@nwk-mmpp-sz09.apple.com>; Fri, 14 Dec 2018 14:40:35 -0800 (PST) X-Va-A: X-Va-T-CD: 4b1e0bf36502e052fc75ad21b706ed24 X-Va-E-CD: 2220b41b2fa085f978ce4c8f42ce3afe X-Va-R-CD: c27d5d25666a82938630933173ed2f02 X-Va-CD: 0 X-Va-ID: 2ad839ac-0eba-4402-9092-0f2d5640bee4 X-V-A: X-V-T-CD: 5c1d590bbb3e9640019563b4ec412a7e X-V-E-CD: 2220b41b2fa085f978ce4c8f42ce3afe X-V-R-CD: c27d5d25666a82938630933173ed2f02 X-V-CD: 0 X-V-ID: fe3ec399-f104-46f8-8b7b-a221a03aedb1 Received: from process_milters-daemon.nwk-mmpp-sz09.apple.com by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) id <0PJR00F0009AI500@nwk-mmpp-sz09.apple.com>; Fri, 14 Dec 2018 14:40:30 -0800 (PST) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-12-14_13:,, signatures=0 Received: from localhost ([17.192.155.217]) by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) with ESMTPSA id <0PJR00GB00BISV00@nwk-mmpp-sz09.apple.com>; Fri, 14 Dec 2018 14:40:30 -0800 (PST) From: Christoph Paasch To: netdev@vger.kernel.org Cc: Eric Dumazet , Yuchung Cheng , David Miller Subject: [PATCH net-next 1/5] tcp: Create list of TFO-contexts Date: Fri, 14 Dec 2018 14:40:03 -0800 Message-id: <20181214224007.54813-2-cpaasch@apple.com> X-Mailer: git-send-email 2.16.2 In-reply-to: <20181214224007.54813-1-cpaasch@apple.com> References: <20181214224007.54813-1-cpaasch@apple.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-12-14_13:, , signatures=0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Instead of having a single TFO-context, we now have a list of tcp_fastopen_context, bounded by TCP_FASTOPEN_CTXT_LEN (set to 2). This enables us to do a rolling TFO-key update that allows the server to accept old cookies and at the same time announce new ones to the client (see follow-up patch). Signed-off-by: Christoph Paasch --- include/net/tcp.h | 2 ++ net/ipv4/tcp_fastopen.c | 52 +++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 50 insertions(+), 4 deletions(-) diff --git a/include/net/tcp.h b/include/net/tcp.h index e0a65c067662..e629ea2e6c9d 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -1622,9 +1622,11 @@ bool tcp_fastopen_cookie_check(struct sock *sk, u16 *mss, struct tcp_fastopen_cookie *cookie); bool tcp_fastopen_defer_connect(struct sock *sk, int *err); #define TCP_FASTOPEN_KEY_LENGTH 16 +#define TCP_FASTOPEN_CTXT_LEN 2 /* Fastopen key context */ struct tcp_fastopen_context { + struct tcp_fastopen_context __rcu *next; struct crypto_cipher *tfm; __u8 key[TCP_FASTOPEN_KEY_LENGTH]; struct rcu_head rcu; diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c index 018a48477355..c52d5b8eabf0 100644 --- a/net/ipv4/tcp_fastopen.c +++ b/net/ipv4/tcp_fastopen.c @@ -37,8 +37,14 @@ static void tcp_fastopen_ctx_free(struct rcu_head *head) { struct tcp_fastopen_context *ctx = container_of(head, struct tcp_fastopen_context, rcu); - crypto_free_cipher(ctx->tfm); - kfree(ctx); + + while (ctx) { + struct tcp_fastopen_context *prev = ctx; + /* We own ctx, thus no need to hold the Fastopen-lock */ + ctx = rcu_dereference_protected(ctx->next, 1); + crypto_free_cipher(prev->tfm); + kfree(prev); + } } void tcp_fastopen_destroy_cipher(struct sock *sk) @@ -66,6 +72,35 @@ void tcp_fastopen_ctx_destroy(struct net *net) call_rcu(&ctxt->rcu, tcp_fastopen_ctx_free); } +static struct tcp_fastopen_context * +tcp_fastopen_cut_keypool(struct tcp_fastopen_context *ctx, + spinlock_t *lock) +{ + int cnt = 0; + + while (ctx) { + /* We iterate the list to see if we have more than + * TCP_FASTOPEN_CTXT_LEN contexts. If we do, we remove the rest + * of the list and free it later + */ + + cnt++; + if (cnt >= TCP_FASTOPEN_CTXT_LEN) { + /* It's the last one, return the rest so it gets freed */ + struct tcp_fastopen_context *prev = ctx; + + ctx = rcu_dereference_protected(ctx->next, + lockdep_is_held(lock)); + rcu_assign_pointer(prev->next, NULL); + break; + } + ctx = rcu_dereference_protected(ctx->next, + lockdep_is_held(lock)); + } + + return ctx; +} + int tcp_fastopen_reset_cipher(struct net *net, struct sock *sk, void *key, unsigned int len) { @@ -96,13 +131,22 @@ error: kfree(ctx); spin_lock(&net->ipv4.tcp_fastopen_ctx_lock); if (sk) { q = &inet_csk(sk)->icsk_accept_queue.fastopenq; + rcu_assign_pointer(ctx->next, q->ctx); + rcu_assign_pointer(q->ctx, ctx); + octx = rcu_dereference_protected(q->ctx, lockdep_is_held(&net->ipv4.tcp_fastopen_ctx_lock)); - rcu_assign_pointer(q->ctx, ctx); + + octx = tcp_fastopen_cut_keypool(octx, &net->ipv4.tcp_fastopen_ctx_lock); } else { + rcu_assign_pointer(ctx->next, net->ipv4.tcp_fastopen_ctx); + rcu_assign_pointer(net->ipv4.tcp_fastopen_ctx, ctx); + octx = rcu_dereference_protected(net->ipv4.tcp_fastopen_ctx, lockdep_is_held(&net->ipv4.tcp_fastopen_ctx_lock)); - rcu_assign_pointer(net->ipv4.tcp_fastopen_ctx, ctx); + + octx = tcp_fastopen_cut_keypool(octx, + &net->ipv4.tcp_fastopen_ctx_lock); } spin_unlock(&net->ipv4.tcp_fastopen_ctx_lock); From patchwork Fri Dec 14 22:40:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Paasch X-Patchwork-Id: 1013749 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=apple.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=apple.com header.i=@apple.com header.b="ssfBkqQM"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 43Glr640fwz9s1c for ; Sat, 15 Dec 2018 09:40:38 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730020AbeLNWkg (ORCPT ); Fri, 14 Dec 2018 17:40:36 -0500 Received: from nwk-aaemail-lapp02.apple.com ([17.151.62.67]:49648 "EHLO nwk-aaemail-lapp02.apple.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729789AbeLNWkg (ORCPT ); Fri, 14 Dec 2018 17:40:36 -0500 Received: from pps.filterd (nwk-aaemail-lapp02.apple.com [127.0.0.1]) by nwk-aaemail-lapp02.apple.com (8.16.0.22/8.16.0.22) with SMTP id wBEMW15X033823; Fri, 14 Dec 2018 14:40:33 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=content-transfer-encoding : sender : from : to : cc : subject : date : message-id : in-reply-to : references; s=20180706; bh=DB3btjJbYEVJoQj28S5WiwhdU9YmGcJfSdXwWvEDIKg=; b=ssfBkqQM/QOEWMGYBr0rrrJqJTetuywDWCb6FVtMOo7dZwzvGnYzVl+Wad/9/D2+2YVn MVvR1pXLLFtF0qDw7LIfvC6g5nA54RRhRzgSevTGUXe8zqt1VLoszfyQTUjqUa6eQF7g cfspFHTCuMM27i6yw8bPcYBgx+BHQwCFbuEfEpkT8GfA5v2NwmxxU74ctsPw28zSvWqD 8gAufUagwM0f8wPgzQga9jvzlUKlUvAnbpj/OY2ZXKm5UWHNGE2tfW7Um914FdOIHuJq u/JxiuQVm3UxLiO4GUq6dg3gvvq3FtxMk/yZa8ZXV+cnlm4Yg01TDiQkYnQdMNWsJTm5 cg== Received: from ma1-mtap-s02.corp.apple.com (ma1-mtap-s02.corp.apple.com [17.40.76.6]) by nwk-aaemail-lapp02.apple.com with ESMTP id 2p8bdugh91-4 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 14 Dec 2018 14:40:32 -0800 Content-transfer-encoding: 7BIT Received: from nwk-mmpp-sz09.apple.com (nwk-mmpp-sz09.apple.com [17.128.115.80]) by ma1-mtap-s02.corp.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) with ESMTPS id <0PJR00D760BJJ0J0@ma1-mtap-s02.corp.apple.com>; Fri, 14 Dec 2018 14:40:31 -0800 (PST) Received: from process_viserion-daemon.nwk-mmpp-sz09.apple.com by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) id <0PJQ00B00Z1EGU00@nwk-mmpp-sz09.apple.com>; Fri, 14 Dec 2018 14:40:31 -0800 (PST) X-Va-A: X-Va-T-CD: 4b1e0bf36502e052fc75ad21b706ed24 X-Va-E-CD: e5adcf83639db5aa229108b86e1c1dc8 X-Va-R-CD: ec8d22edb8622147b2063e6e967f4fba X-Va-CD: 0 X-Va-ID: 5843ae77-5e92-4703-a746-17ba99708b7b X-V-A: X-V-T-CD: 5c1d590bbb3e9640019563b4ec412a7e X-V-E-CD: e5adcf83639db5aa229108b86e1c1dc8 X-V-R-CD: ec8d22edb8622147b2063e6e967f4fba X-V-CD: 0 X-V-ID: 4e9b2517-7738-4236-bc50-7e9382acefa9 Received: from process_milters-daemon.nwk-mmpp-sz09.apple.com by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) id <0PJR00F0009AI500@nwk-mmpp-sz09.apple.com>; Fri, 14 Dec 2018 14:40:30 -0800 (PST) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-12-14_13:,, signatures=0 Received: from localhost ([17.192.155.217]) by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) with ESMTPSA id <0PJR00GB30BISV00@nwk-mmpp-sz09.apple.com>; Fri, 14 Dec 2018 14:40:30 -0800 (PST) From: Christoph Paasch To: netdev@vger.kernel.org Cc: Eric Dumazet , Yuchung Cheng , David Miller Subject: [PATCH net-next 2/5] tcp: TFO: search for correct cookie and accept data Date: Fri, 14 Dec 2018 14:40:04 -0800 Message-id: <20181214224007.54813-3-cpaasch@apple.com> X-Mailer: git-send-email 2.16.2 In-reply-to: <20181214224007.54813-1-cpaasch@apple.com> References: <20181214224007.54813-1-cpaasch@apple.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-12-14_13:, , signatures=0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This change allows to search for the right cookie and accepts old ones (announcing a new one if it has changed). __tcp_fastopen_cookie_gen_with_ctx() allows to generate a cookie based on a given TFO-context. A later patch will cleanup the duplicate code. Signed-off-by: Christoph Paasch --- include/uapi/linux/snmp.h | 1 + net/ipv4/proc.c | 1 + net/ipv4/tcp_fastopen.c | 105 +++++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 101 insertions(+), 6 deletions(-) diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h index 86dc24a96c90..74904e9d1b72 100644 --- a/include/uapi/linux/snmp.h +++ b/include/uapi/linux/snmp.h @@ -283,6 +283,7 @@ enum LINUX_MIB_TCPACKCOMPRESSED, /* TCPAckCompressed */ LINUX_MIB_TCPZEROWINDOWDROP, /* TCPZeroWindowDrop */ LINUX_MIB_TCPRCVQDROP, /* TCPRcvQDrop */ + LINUX_MIB_TCPFASTOPENPASSIVEALTKEY, /* TCPFastOpenPassiveAltKey */ __LINUX_MIB_MAX }; diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c index c3610b37bb4c..58daef27a560 100644 --- a/net/ipv4/proc.c +++ b/net/ipv4/proc.c @@ -291,6 +291,7 @@ static const struct snmp_mib snmp4_net_list[] = { SNMP_MIB_ITEM("TCPAckCompressed", LINUX_MIB_TCPACKCOMPRESSED), SNMP_MIB_ITEM("TCPZeroWindowDrop", LINUX_MIB_TCPZEROWINDOWDROP), SNMP_MIB_ITEM("TCPRcvQDrop", LINUX_MIB_TCPRCVQDROP), + SNMP_MIB_ITEM("TCPFastOpenPassiveAltKey", LINUX_MIB_TCPFASTOPENPASSIVEALTKEY), SNMP_MIB_SENTINEL }; diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c index c52d5b8eabf0..e856262ef4c2 100644 --- a/net/ipv4/tcp_fastopen.c +++ b/net/ipv4/tcp_fastopen.c @@ -176,6 +176,41 @@ static bool __tcp_fastopen_cookie_gen(struct sock *sk, const void *path, return ok; } +static void __tcp_fastopen_cookie_gen_with_ctx(struct request_sock *req, + struct sk_buff *syn, + struct tcp_fastopen_cookie *foc, + struct tcp_fastopen_context *ctx) +{ + if (req->rsk_ops->family == AF_INET) { + const struct iphdr *iph = ip_hdr(syn); + __be32 path[4] = { iph->saddr, iph->daddr, 0, 0 }; + + crypto_cipher_encrypt_one(ctx->tfm, foc->val, (void *)path); + foc->len = TCP_FASTOPEN_COOKIE_SIZE; + return; + } + +#if IS_ENABLED(CONFIG_IPV6) + if (req->rsk_ops->family == AF_INET6) { + const struct ipv6hdr *ip6h = ipv6_hdr(syn); + struct tcp_fastopen_cookie tmp; + struct in6_addr *buf; + int i; + + crypto_cipher_encrypt_one(ctx->tfm, tmp.val, (void *)&ip6h->saddr); + + buf = &tmp.addr; + for (i = 0; i < 4; i++) + buf->s6_addr32[i] ^= ip6h->daddr.s6_addr32[i]; + + crypto_cipher_encrypt_one(ctx->tfm, foc->val, (void *)buf); + foc->len = TCP_FASTOPEN_COOKIE_SIZE; + + return; + } +#endif +} + /* Generate the fastopen cookie by doing aes128 encryption on both * the source and destination addresses. Pad 0s for IPv4 or IPv4-mapped-IPv6 * addresses. For the longer IPv6 addresses use CBC-MAC. @@ -256,6 +291,55 @@ void tcp_fastopen_add_skb(struct sock *sk, struct sk_buff *skb) tcp_fin(sk); } +static bool tcp_fastopen_cookie_gen_search(struct sock *sk, + struct request_sock *req, + struct sk_buff *syn, + struct tcp_fastopen_cookie *valid_foc, + struct tcp_fastopen_cookie *orig) +{ + struct tcp_fastopen_cookie search_foc = { .len = -1 }; + struct tcp_fastopen_cookie *foc = &search_foc; + struct tcp_fastopen_context *ctx; + int copied = 0; + + rcu_read_lock(); + + ctx = rcu_dereference(inet_csk(sk)->icsk_accept_queue.fastopenq.ctx); + if (!ctx) + ctx = rcu_dereference(sock_net(sk)->ipv4.tcp_fastopen_ctx); + + while (ctx) { + __tcp_fastopen_cookie_gen_with_ctx(req, syn, foc, ctx); + + if (foc->len == orig->len && + !memcmp(foc->val, orig->val, foc->len)) { + rcu_read_unlock(); + + if (copied) { + struct net *net = read_pnet(&inet_rsk(req)->ireq_net); + + NET_INC_STATS(net, + LINUX_MIB_TCPFASTOPENPASSIVEALTKEY); + } + return true; + } + + /* We need to check older possible cookies, thus set valid_foc + * so that the latest one will be announced to the peer. + */ + if (!copied) { + memcpy(valid_foc, foc, sizeof(*foc)); + copied = 1; + } + + ctx = rcu_dereference(ctx->next); + } + + rcu_read_unlock(); + + return false; +} + static struct sock *tcp_fastopen_create_child(struct sock *sk, struct sk_buff *skb, struct request_sock *req) @@ -390,11 +474,11 @@ struct sock *tcp_try_fastopen(struct sock *sk, struct sk_buff *skb, tcp_fastopen_no_cookie(sk, dst, TFO_SERVER_COOKIE_NOT_REQD)) goto fastopen; - if (foc->len >= 0 && /* Client presents or requests a cookie */ - tcp_fastopen_cookie_gen(sk, req, skb, &valid_foc) && - foc->len == TCP_FASTOPEN_COOKIE_SIZE && - foc->len == valid_foc.len && - !memcmp(foc->val, valid_foc.val, foc->len)) { + if (foc->len == 0) { + /* Client requests a cookie. */ + tcp_fastopen_cookie_gen(sk, req, skb, &valid_foc); + } else if (foc->len > 0 && + tcp_fastopen_cookie_gen_search(sk, req, skb, &valid_foc, foc)) { /* Cookie is valid. Create a (full) child socket to accept * the data in SYN before returning a SYN-ACK to ack the * data. If we fail to create the socket, fall back and @@ -406,7 +490,16 @@ struct sock *tcp_try_fastopen(struct sock *sk, struct sk_buff *skb, fastopen: child = tcp_fastopen_create_child(sk, skb, req); if (child) { - foc->len = -1; + if (valid_foc.len != -1) { + /* Client used an old cookie, we announce the + * latests one to the client. + */ + valid_foc.exp = foc->exp; + *foc = valid_foc; + } else { + foc->len = -1; + } + NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPFASTOPENPASSIVE); return child; From patchwork Fri Dec 14 22:40:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Paasch X-Patchwork-Id: 1013754 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=apple.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=apple.com header.i=@apple.com header.b="DZ9vEpPJ"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 43GlrL1xlCz9s1c for ; Sat, 15 Dec 2018 09:40:50 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730701AbeLNWks (ORCPT ); Fri, 14 Dec 2018 17:40:48 -0500 Received: from nwk-aaemail-lapp01.apple.com ([17.151.62.66]:59438 "EHLO nwk-aaemail-lapp01.apple.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730634AbeLNWks (ORCPT ); Fri, 14 Dec 2018 17:40:48 -0500 Received: from pps.filterd (nwk-aaemail-lapp01.apple.com [127.0.0.1]) by nwk-aaemail-lapp01.apple.com (8.16.0.22/8.16.0.22) with SMTP id wBEMW0dF051119; Fri, 14 Dec 2018 14:40:44 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=content-transfer-encoding : sender : from : to : cc : subject : date : message-id : in-reply-to : references; s=20180706; bh=EwrMr/TdvK6YlFvT8cdD1GVU3NlRZfgGwklFkD1ewkY=; b=DZ9vEpPJ43eWxI/MkYlrcVVEG79b2yHOX5/dr5Kw3OpQC13iqJ4V6LMqyS+GOlh3IyCT VeEldvimaFgeDup9tIKR/QQ4JQHFHp0t01WB2RYkSlV/SLcsjiHQZwDxyipL8UYsIuRv 2KKsrqLXFTF99lSCs69AePEVwozHRPbxYIEuVOmKZhk7jMJJZLl4PZ2P00BY043aRsup mCDWdekDVzmFyUDef12A6yUjmMS3WvJsbzYIZo9CJ3/vNp6H5LbbV2YzT2edgrJrZVDC yYpdQwIa4dPhiR+gwoFZoSO6dyHs2JWfAUBKrGPuDsgzhnAx4AHxZHJu+nWk/2q300C9 Bg== Received: from mr2-mtap-s01.rno.apple.com (mr2-mtap-s01.rno.apple.com [17.179.226.133]) by nwk-aaemail-lapp01.apple.com with ESMTP id 2p8dsaqtyx-3 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 14 Dec 2018 14:40:44 -0800 Content-transfer-encoding: 7BIT Received: from nwk-mmpp-sz09.apple.com (nwk-mmpp-sz09.apple.com [17.128.115.80]) by mr2-mtap-s01.rno.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) with ESMTPS id <0PJR000EF0BLJE90@mr2-mtap-s01.rno.apple.com>; Fri, 14 Dec 2018 14:40:33 -0800 (PST) Received: from process_viserion-daemon.nwk-mmpp-sz09.apple.com by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) id <0PJQ00B00Z1EGU00@nwk-mmpp-sz09.apple.com>; Fri, 14 Dec 2018 14:40:33 -0800 (PST) X-Va-A: X-Va-T-CD: 4b1e0bf36502e052fc75ad21b706ed24 X-Va-E-CD: 3089812386ca7b59ac37036f9009cb92 X-Va-R-CD: 482b616a1c5773988125f3aaf43b0f24 X-Va-CD: 0 X-Va-ID: eee54f6a-5e98-430b-b3de-ad457e125c27 X-V-A: X-V-T-CD: 5c1d590bbb3e9640019563b4ec412a7e X-V-E-CD: 3089812386ca7b59ac37036f9009cb92 X-V-R-CD: 482b616a1c5773988125f3aaf43b0f24 X-V-CD: 0 X-V-ID: 0410d6e9-cfb6-465f-aef4-b40e0046f13b Received: from process_milters-daemon.nwk-mmpp-sz09.apple.com by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) id <0PJR00F0009AI500@nwk-mmpp-sz09.apple.com>; Fri, 14 Dec 2018 14:40:31 -0800 (PST) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-12-14_13:,, signatures=0 Received: from localhost ([17.192.155.217]) by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) with ESMTPSA id <0PJR00GB60BISV00@nwk-mmpp-sz09.apple.com>; Fri, 14 Dec 2018 14:40:30 -0800 (PST) From: Christoph Paasch To: netdev@vger.kernel.org Cc: Eric Dumazet , Yuchung Cheng , David Miller Subject: [PATCH net-next 3/5] tcp: Print list of TFO-keys from proc Date: Fri, 14 Dec 2018 14:40:05 -0800 Message-id: <20181214224007.54813-4-cpaasch@apple.com> X-Mailer: git-send-email 2.16.2 In-reply-to: <20181214224007.54813-1-cpaasch@apple.com> References: <20181214224007.54813-1-cpaasch@apple.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-12-14_13:, , signatures=0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Print the list of the TFO-keys with a comma separated. For setting the keys, we still only allow a single one to be set. Signed-off-by: Christoph Paasch --- net/ipv4/sysctl_net_ipv4.c | 41 ++++++++++++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 11 deletions(-) diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index ba0fc4b18465..f0806bab5562 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c @@ -282,11 +282,15 @@ static int proc_tcp_fastopen_key(struct ctl_table *table, int write, { struct net *net = container_of(table->data, struct net, ipv4.sysctl_tcp_fastopen); - struct ctl_table tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 + 10) }; + /* maxlen to print the list of keys in hex (*2), with a comma + * in between (+ TCP_FASTOPEN_CTXT_LEN) + */ + struct ctl_table tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 * TCP_FASTOPEN_CTXT_LEN + + TCP_FASTOPEN_CTXT_LEN + 10) }; struct tcp_fastopen_context *ctxt; - u32 user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */ - __le32 key[4]; - int ret, i; + u32 user_key[TCP_FASTOPEN_CTXT_LEN * 4]; + __le32 key[TCP_FASTOPEN_CTXT_LEN * 4]; + int ret, i = 0, off = 0; tbl.data = kmalloc(tbl.maxlen, GFP_KERNEL); if (!tbl.data) @@ -294,17 +298,28 @@ static int proc_tcp_fastopen_key(struct ctl_table *table, int write, rcu_read_lock(); ctxt = rcu_dereference(net->ipv4.tcp_fastopen_ctx); - if (ctxt) - memcpy(key, ctxt->key, TCP_FASTOPEN_KEY_LENGTH); - else - memset(key, 0, sizeof(key)); + while (ctxt) { + memcpy(&key[i], ctxt->key, TCP_FASTOPEN_KEY_LENGTH); + i += 4; + ctxt = rcu_dereference(ctxt->next); + } rcu_read_unlock(); + memset(&key[i], 0, sizeof(key) - i * sizeof(u32)); + for (i = 0; i < ARRAY_SIZE(key); i++) user_key[i] = le32_to_cpu(key[i]); - snprintf(tbl.data, tbl.maxlen, "%08x-%08x-%08x-%08x", - user_key[0], user_key[1], user_key[2], user_key[3]); + for (i = 0; i < TCP_FASTOPEN_CTXT_LEN; i++) { + off += snprintf(tbl.data + off, tbl.maxlen - off, + "%08x-%08x-%08x-%08x", + user_key[i * 4], + user_key[i * 4 + 1], + user_key[i * 4 + 2], + user_key[i * 4 + 3]); + if (i + 1 < TCP_FASTOPEN_CTXT_LEN) + off += snprintf(tbl.data + off, tbl.maxlen - off, ","); + } ret = proc_dostring(&tbl, write, buffer, lenp, ppos); if (write && ret == 0) { @@ -923,7 +938,11 @@ static struct ctl_table ipv4_net_table[] = { .procname = "tcp_fastopen_key", .mode = 0600, .data = &init_net.ipv4.sysctl_tcp_fastopen, - .maxlen = ((TCP_FASTOPEN_KEY_LENGTH * 2) + 10), + /* maxlen to print the list of keys in hex (*2), with a comma + * in between (+ TCP_FASTOPEN_CTXT_LEN) + */ + .maxlen = ((TCP_FASTOPEN_KEY_LENGTH * 2 * TCP_FASTOPEN_CTXT_LEN) + + TCP_FASTOPEN_CTXT_LEN + 10), .proc_handler = proc_tcp_fastopen_key, }, { From patchwork Fri Dec 14 22:40:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Paasch X-Patchwork-Id: 1013750 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=apple.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=apple.com header.i=@apple.com header.b="BKfhkGI6"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 43Glr75wtwz9s47 for ; Sat, 15 Dec 2018 09:40:39 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730153AbeLNWkh (ORCPT ); Fri, 14 Dec 2018 17:40:37 -0500 Received: from ma1-aaemail-dr-lapp03.apple.com ([17.171.2.72]:48240 "EHLO ma1-aaemail-dr-lapp03.apple.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729691AbeLNWkg (ORCPT ); Fri, 14 Dec 2018 17:40:36 -0500 Received: from pps.filterd (ma1-aaemail-dr-lapp03.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp03.apple.com (8.16.0.27/8.16.0.27) with SMTP id wBEMVXhi025894; Fri, 14 Dec 2018 14:40:33 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=content-transfer-encoding : sender : from : to : cc : subject : date : message-id : in-reply-to : references; s=20180706; bh=YuXYXyVORq8JgmMgMif3YfV8NEtXdedqqm8kP+BtBLU=; b=BKfhkGI6IO61Y0inEsFktlZLKG8KMsEpERndAxisVUdXedSAz6KXCcXIMckw1tUAChX4 jgB06Oz5U8a7m5wmOzRZ4Fx80TWuz9lVzhzl2frvcy/BYF3cTUp8pvzMEnK61HzZFbiK lSNYsMWMXW7N+dVu9t6Pg6lJT/v3zAZKj8YXodQT3j1SHRmsV6Vy2dq0Yb1+iVSv6w7J UdbOXz188C+lkzW4urC15zTgLYhJiZkgCJTx/YDRC9jinxOJbSfFVX8x9pz0NQgF37eq Y418jkbqIdMBLXrOW+VoXWDnsugBHN9S6cUcC9Md+t+m9iNxw6PEmB1S338DXj000oxa qQ== Received: from mr2-mtap-s03.rno.apple.com (mr2-mtap-s03.rno.apple.com [17.179.226.135]) by ma1-aaemail-dr-lapp03.apple.com with ESMTP id 2pa3b561p2-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 14 Dec 2018 14:40:33 -0800 Content-transfer-encoding: 7BIT Received: from nwk-mmpp-sz09.apple.com (nwk-mmpp-sz09.apple.com [17.128.115.80]) by mr2-mtap-s03.rno.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) with ESMTPS id <0PJR00MIZ0BLVJA0@mr2-mtap-s03.rno.apple.com>; Fri, 14 Dec 2018 14:40:33 -0800 (PST) Received: from process_viserion-daemon.nwk-mmpp-sz09.apple.com by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) id <0PJQ00B00Z1EGU00@nwk-mmpp-sz09.apple.com>; Fri, 14 Dec 2018 14:40:33 -0800 (PST) X-Va-A: X-Va-T-CD: 4b1e0bf36502e052fc75ad21b706ed24 X-Va-E-CD: c15ada7c17434f8b105b520dc76a5ec3 X-Va-R-CD: d422ff2622491ec6eb50295d178babe5 X-Va-CD: 0 X-Va-ID: f0a51799-de43-4399-a0c0-6a2e7e9ed99a X-V-A: X-V-T-CD: 5c1d590bbb3e9640019563b4ec412a7e X-V-E-CD: c15ada7c17434f8b105b520dc76a5ec3 X-V-R-CD: d422ff2622491ec6eb50295d178babe5 X-V-CD: 0 X-V-ID: 696d1723-33a4-4a4f-bb2a-9060ea84e403 Received: from process_milters-daemon.nwk-mmpp-sz09.apple.com by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) id <0PJR00F0009AI500@nwk-mmpp-sz09.apple.com>; Fri, 14 Dec 2018 14:40:31 -0800 (PST) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-12-14_13:,, signatures=0 Received: from localhost ([17.192.155.217]) by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) with ESMTPSA id <0PJR00GB90BISV00@nwk-mmpp-sz09.apple.com>; Fri, 14 Dec 2018 14:40:31 -0800 (PST) From: Christoph Paasch To: netdev@vger.kernel.org Cc: Eric Dumazet , Yuchung Cheng , David Miller Subject: [PATCH net-next 4/5] tcp: Allow getsockopt of listener's keypool Date: Fri, 14 Dec 2018 14:40:06 -0800 Message-id: <20181214224007.54813-5-cpaasch@apple.com> X-Mailer: git-send-email 2.16.2 In-reply-to: <20181214224007.54813-1-cpaasch@apple.com> References: <20181214224007.54813-1-cpaasch@apple.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-12-14_13:, , signatures=0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Allow to get the full list of the listener's keypool through a getsockopt. Signed-off-by: Christoph Paasch --- net/ipv4/tcp.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 27e2f6837062..cdb317392138 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -3420,21 +3420,24 @@ static int do_tcp_getsockopt(struct sock *sk, int level, return 0; case TCP_FASTOPEN_KEY: { - __u8 key[TCP_FASTOPEN_KEY_LENGTH]; + __u8 key[TCP_FASTOPEN_KEY_LENGTH * TCP_FASTOPEN_CTXT_LEN]; struct tcp_fastopen_context *ctx; + unsigned int key_len = 0; if (get_user(len, optlen)) return -EFAULT; rcu_read_lock(); ctx = rcu_dereference(icsk->icsk_accept_queue.fastopenq.ctx); - if (ctx) - memcpy(key, ctx->key, sizeof(key)); - else - len = 0; + while (ctx) { + memcpy(&key[key_len], ctx->key, TCP_FASTOPEN_KEY_LENGTH); + + key_len += TCP_FASTOPEN_KEY_LENGTH; + ctx = rcu_dereference(ctx->next); + } rcu_read_unlock(); - len = min_t(unsigned int, len, sizeof(key)); + len = min_t(unsigned int, len, key_len); if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, key, len)) From patchwork Fri Dec 14 22:40:07 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Paasch X-Patchwork-Id: 1013751 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=apple.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=apple.com header.i=@apple.com header.b="ZfwnF18E"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 43Glr90Mqnz9s1c for ; Sat, 15 Dec 2018 09:40:41 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730264AbeLNWkk (ORCPT ); Fri, 14 Dec 2018 17:40:40 -0500 Received: from nwk-aaemail-lapp03.apple.com ([17.151.62.68]:35314 "EHLO nwk-aaemail-lapp03.apple.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729803AbeLNWkh (ORCPT ); Fri, 14 Dec 2018 17:40:37 -0500 Received: from pps.filterd (nwk-aaemail-lapp03.apple.com [127.0.0.1]) by nwk-aaemail-lapp03.apple.com (8.16.0.22/8.16.0.22) with SMTP id wBEMW0uN054363; Fri, 14 Dec 2018 14:40:33 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=content-transfer-encoding : sender : from : to : cc : subject : date : message-id : in-reply-to : references; s=20180706; bh=YRphguDudp1jzYQr2JrSAW6CKzJj8j3o5WWf6y2ek8w=; b=ZfwnF18EtZZeKlD74DuMYZ7I8boxBqg1/PNDIJOUWpFNy97uSj/Aa71oqqiA9tEZzV1Y juPHIYZUKz6gGZj0x7aHCWxShUlCfSJwr6c9o+iDydyb4cJatFS/KF4Hy+DNCB7LCDqt 82Ah+mgCwNUMZRkc9n58KdxTbMKa0P3Z2wM319BJ5r1XmcDnevpdqRV2l3APkxRlG0jk f+3EWokQnHz/VqMEKd3SN14F7MhKfUOyozzUY5gL3+JReweZjLo2cGMjF3ovsBvvzzxv O0ZkPDow6ZhmeWZUtdD4BVNFGCHr78w6Kc6r8IFEIVT3RS/FeD9IYhy82Daao0uJDp7S Dg== Received: from mr2-mtap-s02.rno.apple.com (mr2-mtap-s02.rno.apple.com [17.179.226.134]) by nwk-aaemail-lapp03.apple.com with ESMTP id 2p8bcd4jbv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 14 Dec 2018 14:40:33 -0800 Content-transfer-encoding: 7BIT Received: from nwk-mmpp-sz09.apple.com (nwk-mmpp-sz09.apple.com [17.128.115.80]) by mr2-mtap-s02.rno.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) with ESMTPS id <0PJR00LM70BLWQE0@mr2-mtap-s02.rno.apple.com>; Fri, 14 Dec 2018 14:40:33 -0800 (PST) Received: from process_viserion-daemon.nwk-mmpp-sz09.apple.com by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) id <0PJQ00B00Z1EGU00@nwk-mmpp-sz09.apple.com>; Fri, 14 Dec 2018 14:40:33 -0800 (PST) X-Va-A: X-Va-T-CD: 4b1e0bf36502e052fc75ad21b706ed24 X-Va-E-CD: 7c3ee86764b9b9f2218ea4c1bf5f34a6 X-Va-R-CD: 3ab423187ce70efc0116c2277bac3176 X-Va-CD: 0 X-Va-ID: 21677b8b-fb39-4e4e-9c0a-7f575bc9165c X-V-A: X-V-T-CD: 5c1d590bbb3e9640019563b4ec412a7e X-V-E-CD: 7c3ee86764b9b9f2218ea4c1bf5f34a6 X-V-R-CD: 3ab423187ce70efc0116c2277bac3176 X-V-CD: 0 X-V-ID: f31c0b37-ad59-413a-ae3a-b11d766f3b33 Received: from process_milters-daemon.nwk-mmpp-sz09.apple.com by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) id <0PJR00F0009AI500@nwk-mmpp-sz09.apple.com>; Fri, 14 Dec 2018 14:40:31 -0800 (PST) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-12-14_13:,, signatures=0 Received: from localhost ([17.192.155.217]) by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) with ESMTPSA id <0PJR00GBC0BJSV00@nwk-mmpp-sz09.apple.com>; Fri, 14 Dec 2018 14:40:31 -0800 (PST) From: Christoph Paasch To: netdev@vger.kernel.org Cc: Eric Dumazet , Yuchung Cheng , David Miller Subject: [PATCH net-next 5/5] tcp: TFO - cleanup code duplication Date: Fri, 14 Dec 2018 14:40:07 -0800 Message-id: <20181214224007.54813-6-cpaasch@apple.com> X-Mailer: git-send-email 2.16.2 In-reply-to: <20181214224007.54813-1-cpaasch@apple.com> References: <20181214224007.54813-1-cpaasch@apple.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-12-14_13:, , signatures=0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org We can actually easily reuse __tcp_fastopen_cookie_gen_with_ctx to generate the cookie based on a give TFO-context. This cleans up some of the code. Signed-off-by: Christoph Paasch --- net/ipv4/tcp_fastopen.c | 51 +++++++++++-------------------------------------- 1 file changed, 11 insertions(+), 40 deletions(-) diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c index e856262ef4c2..81e8b3ae9ecd 100644 --- a/net/ipv4/tcp_fastopen.c +++ b/net/ipv4/tcp_fastopen.c @@ -155,27 +155,6 @@ error: kfree(ctx); return err; } -static bool __tcp_fastopen_cookie_gen(struct sock *sk, const void *path, - struct tcp_fastopen_cookie *foc) -{ - struct tcp_fastopen_context *ctx; - bool ok = false; - - rcu_read_lock(); - - ctx = rcu_dereference(inet_csk(sk)->icsk_accept_queue.fastopenq.ctx); - if (!ctx) - ctx = rcu_dereference(sock_net(sk)->ipv4.tcp_fastopen_ctx); - - if (ctx) { - crypto_cipher_encrypt_one(ctx->tfm, foc->val, path); - foc->len = TCP_FASTOPEN_COOKIE_SIZE; - ok = true; - } - rcu_read_unlock(); - return ok; -} - static void __tcp_fastopen_cookie_gen_with_ctx(struct request_sock *req, struct sk_buff *syn, struct tcp_fastopen_cookie *foc, @@ -222,29 +201,21 @@ static bool tcp_fastopen_cookie_gen(struct sock *sk, struct sk_buff *syn, struct tcp_fastopen_cookie *foc) { - if (req->rsk_ops->family == AF_INET) { - const struct iphdr *iph = ip_hdr(syn); - - __be32 path[4] = { iph->saddr, iph->daddr, 0, 0 }; - return __tcp_fastopen_cookie_gen(sk, path, foc); - } + struct tcp_fastopen_context *ctx; + bool ok = false; -#if IS_ENABLED(CONFIG_IPV6) - if (req->rsk_ops->family == AF_INET6) { - const struct ipv6hdr *ip6h = ipv6_hdr(syn); - struct tcp_fastopen_cookie tmp; + rcu_read_lock(); - if (__tcp_fastopen_cookie_gen(sk, &ip6h->saddr, &tmp)) { - struct in6_addr *buf = &tmp.addr; - int i; + ctx = rcu_dereference(inet_csk(sk)->icsk_accept_queue.fastopenq.ctx); + if (!ctx) + ctx = rcu_dereference(sock_net(sk)->ipv4.tcp_fastopen_ctx); - for (i = 0; i < 4; i++) - buf->s6_addr32[i] ^= ip6h->daddr.s6_addr32[i]; - return __tcp_fastopen_cookie_gen(sk, buf, foc); - } + if (ctx) { + __tcp_fastopen_cookie_gen_with_ctx(req, syn, foc, ctx); + ok = true; } -#endif - return false; + rcu_read_unlock(); + return ok; }