tcp: TCP Fast Open Server - header & support functions

tcp_fastopen - INTEGER

	Enable TCP Fast Open feature (draft-ietf-tcpm-fastopen) to send data

	in the opening SYN packet. To use this feature, the client application

	must not use connect(). Instead, it should use sendmsg() or sendto()

	with MSG_FASTOPEN flag which performs a TCP handshake automatically.

	The values (bitmap) are:

	1: Enables sending data in the opening SYN on the client

	5: Enables sending data in the opening SYN on the client regardless

	   of cookie availability.

	must use sendmsg() or sendto() with MSG_FASTOPEN flag rather than

	connect() to perform a TCP handshake automatically.

	The values (bitmap) are

	1: Enables sending data in the opening SYN on the client.

	2: Enables TCP Fast Open on the server side, i.e., allowing data in

	   a SYN packet to be accepted and passed to the application before

	   3-way hand shake finishes.

	4: Send data in the opening SYN regardless of cookie availability and

	   without a cookie option.

	0x100: Accept SYN data w/o validating the cookie.

	0x200: Accept data-in-SYN w/o any cookie option present.

	0x400/0x800: Enable Fast Open on all listeners regardless of the

	   TCP_FASTOPEN socket option. The two different flags designate two

	   different ways of setting max_qlen without the TCP_FASTOPEN socket

	   option.

	Default: 0

	Note that the client & server side Fast Open flags (1 and 2

	respectively) must be also enabled before the rest of flags can take

	effect.

	See include/net/tcp.h and the code for more details.

tcp_syn_retries - INTEGER

	Number of times initial SYNs for an active TCP connection attempt

	will be retransmitted. Should not be higher than 255. Default value

	LINUX_MIB_TCPCHALLENGEACK,		/* TCPChallengeACK */

	LINUX_MIB_TCPSYNCHALLENGE,		/* TCPSYNChallenge */

	LINUX_MIB_TCPFASTOPENACTIVE,		/* TCPFastOpenActive */

	LINUX_MIB_TCPFASTOPENPASSIVE,		/* TCPFastOpenPassive*/

	LINUX_MIB_TCPFASTOPENPASSIVEFAIL,	/* TCPFastOpenPassiveFail */

	LINUX_MIB_TCPFASTOPENLISTENOVERFLOW,	/* TCPFastOpenListenOverflow */

	LINUX_MIB_TCPFASTOPENCOOKIEREQD,	/* TCPFastOpenCookieReqd */

	__LINUX_MIB_MAX

};

#define TCP_REPAIR_QUEUE	20

#define TCP_QUEUE_SEQ		21

#define TCP_REPAIR_OPTIONS	22

#define TCP_FASTOPEN		23	/* Enable FastOpen on listeners */

struct tcp_repair_opt {

	__u32	opt_code;

/* TCP Fast Open */

#define TCP_FASTOPEN_COOKIE_MIN	4	/* Min Fast Open Cookie size in bytes */

#define TCP_FASTOPEN_COOKIE_MAX	16	/* Max Fast Open Cookie size in bytes */

#define TCP_FASTOPEN_COOKIE_SIZE 8	/* the size employed by this impl. */

/* TCP Fast Open Cookie as stored in memory */

struct tcp_fastopen_cookie {

	/* Only used by TCP MD5 Signature so far. */

	const struct tcp_request_sock_ops *af_specific;

#endif

	struct sock			*listener; /* needed for TFO */

	u32				rcv_isn;

	u32				snt_isn;

	u32				snt_synack; /* synack sent time */

	u32				rcv_nxt; /* the ack # by SYNACK. For

						  * FastOpen it's the seq#

						  * after data-in-SYN.

						  */

};

static inline struct tcp_request_sock *tcp_rsk(const struct request_sock *req)

	struct tcp_md5sig_info	__rcu *md5sig_info;

#endif

/* TCP fastopen related information */

	struct tcp_fastopen_request *fastopen_req;

	/* When the cookie options are generated and exchanged, then this

	 * object holds a reference to them (cookie_values->kref).  Also

	 * contains related tcp_cookie_transactions fields.

	 */

	struct tcp_cookie_values  *cookie_values;

/* TCP fastopen related information */

	struct tcp_fastopen_request *fastopen_req;

	/* fastopen_rsk points to request_sock that resulted in this big

	 * socket. Used to retransmit SYNACKs etc.

	 */

	struct request_sock *fastopen_rsk;

};

enum tsq_flags {

	return (struct tcp_timewait_sock *)sk;

}

static inline bool tcp_passive_fastopen(const struct sock *sk)

{

	return (sk->sk_state == TCP_SYN_RECV &&

		tcp_sk(sk)->fastopen_rsk != NULL);

}

static inline bool fastopen_cookie_present(struct tcp_fastopen_cookie *foc)

{

	return foc->len != -1;

}

static inline int fastopen_init_queue(struct sock *sk, int backlog)

{

	struct request_sock_queue *queue =

	    &inet_csk(sk)->icsk_accept_queue;

	if (queue->fastopenq == NULL) {

		queue->fastopenq = kzalloc(

		    sizeof(struct fastopen_queue),

		    sk->sk_allocation);

		if (queue->fastopenq == NULL)

			return -ENOMEM;

		spin_lock_init(&queue->fastopenq->lock);

	}

	queue->fastopenq->max_qlen = backlog;

	return 0;

}

#endif	/* __KERNEL__ */

#endif	/* _LINUX_TCP_H */

	struct request_sock	*syn_table[0];

};

/*

 * For a TCP Fast Open listener -

 *	lock - protects the access to all the reqsk, which is co-owned by

 *		the listener and the child socket.

 *	qlen - pending TFO requests (still in TCP_SYN_RECV).

 *	max_qlen - max TFO reqs allowed before TFO is disabled.

 *

 *	XXX (TFO) - ideally these fields can be made as part of "listen_sock"

 *	structure above. But there is some implementation difficulty due to

 *	listen_sock being part of request_sock_queue hence will be freed when

 *	a listener is stopped. But TFO related fields may continue to be

 *	accessed even after a listener is closed, until its sk_refcnt drops

 *	to 0 implying no more outstanding TFO reqs. One solution is to keep

 *	listen_opt around until	sk_refcnt drops to 0. But there is some other

 *	complexity that needs to be resolved. E.g., a listener can be disabled

 *	temporarily through shutdown()->tcp_disconnect(), and re-enabled later.

 */

struct fastopen_queue {

	struct request_sock	*rskq_rst_head; /* Keep track of past TFO */

	struct request_sock	*rskq_rst_tail; /* requests that caused RST.

						 * This is part of the defense

						 * against spoofing attack.

						 */

	spinlock_t	lock;

	int		qlen;		/* # of pending (TCP_SYN_RECV) reqs */

	int		max_qlen;	/* != 0 iff TFO is currently enabled */

};

/** struct request_sock_queue - queue of request_socks

 *

 * @rskq_accept_head - FIFO head of established children

	u8			rskq_defer_accept;

	/* 3 bytes hole, try to pack */

	struct listen_sock	*listen_opt;

	struct fastopen_queue	*fastopenq; /* This is non-NULL iff TFO has been

					     * enabled on this listener. Check

					     * max_qlen != 0 in fastopen_queue

					     * to determine if TFO is enabled

					     * right at this moment.

					     */

};

extern int reqsk_queue_alloc(struct request_sock_queue *queue,

extern void __reqsk_queue_destroy(struct request_sock_queue *queue);

extern void reqsk_queue_destroy(struct request_sock_queue *queue);

extern void reqsk_fastopen_remove(struct sock *sk,

				  struct request_sock *req, bool reset);

static inline struct request_sock *

	reqsk_queue_yank_acceptq(struct request_sock_queue *queue)

/* Bit Flags for sysctl_tcp_fastopen */

#define	TFO_CLIENT_ENABLE	1

#define	TFO_SERVER_ENABLE	2

#define	TFO_CLIENT_NO_COOKIE	4	/* Data in SYN w/o cookie option */

/* Process SYN data but skip cookie validation */

#define	TFO_SERVER_COOKIE_NOT_CHKED	0x100

/* Accept SYN data w/o any cookie option */

#define	TFO_SERVER_COOKIE_NOT_REQD	0x200

/* Force enable TFO on all listeners, i.e., not requiring the

 * TCP_FASTOPEN socket option. SOCKOPT1/2 determine how to set max_qlen.

 */

#define	TFO_SERVER_WO_SOCKOPT1	0x400

#define	TFO_SERVER_WO_SOCKOPT2	0x800

/* Always create TFO child sockets on a TFO listener even when

 * cookie/data not present. (For testing purpose!)

 */

#define	TFO_SERVER_ALWAYS	0x1000

extern struct inet_timewait_death_row tcp_death_row;

/* sysctl variables for tcp */

extern bool tcp_peer_is_proven(struct request_sock *req, struct dst_entry *dst, bool paws_check);

extern bool tcp_remember_stamp(struct sock *sk);

extern bool tcp_tw_remember_stamp(struct inet_timewait_sock *tw);

extern void tcp_fastopen_cache_get(struct sock *sk, u16 *mss,

				   struct tcp_fastopen_cookie *cookie,

				   int *syn_loss, unsigned long *last_syn_loss);

extern void tcp_fastopen_cache_set(struct sock *sk, u16 mss,

				   struct tcp_fastopen_cookie *cookie,

				   bool syn_lost);

extern void tcp_fetch_timewait_stamp(struct sock *sk, struct dst_entry *dst);

extern void tcp_disable_fack(struct tcp_sock *tp);

extern void tcp_close(struct sock *sk, long timeout);

extern void tcp_cwnd_application_limited(struct sock *sk);

extern void tcp_resume_early_retransmit(struct sock *sk);

extern void tcp_rearm_rto(struct sock *sk);

extern void tcp_reset(struct sock *sk);

/* tcp_timer.c */

extern void tcp_init_xmit_timers(struct sock *);

extern int tcp_mss_to_mtu(struct sock *sk, int mss);

extern void tcp_mtup_init(struct sock *sk);

extern void tcp_valid_rtt_meas(struct sock *sk, u32 seq_rtt);

extern void tcp_init_buffer_space(struct sock *sk);

static inline void tcp_bound_rto(const struct sock *sk)

{

	req->rcv_wnd = 0;		/* So that tcp_send_synack() knows! */

	req->cookie_ts = 0;

	tcp_rsk(req)->rcv_isn = TCP_SKB_CB(skb)->seq;

	tcp_rsk(req)->rcv_nxt = TCP_SKB_CB(skb)->seq + 1;

	req->mss = rx_opt->mss_clamp;

	req->ts_recent = rx_opt->saw_tstamp ? rx_opt->rcv_tsval : 0;

	ireq->tstamp_ok = rx_opt->tstamp_ok;

extern int tcp_md5_hash_key(struct tcp_md5sig_pool *hp,

			    const struct tcp_md5sig_key *key);

/* From tcp_fastopen.c */

extern void tcp_fastopen_cache_get(struct sock *sk, u16 *mss,

				   struct tcp_fastopen_cookie *cookie,

				   int *syn_loss, unsigned long *last_syn_loss);

extern void tcp_fastopen_cache_set(struct sock *sk, u16 mss,

				   struct tcp_fastopen_cookie *cookie,

				   bool syn_lost);

struct tcp_fastopen_request {

	/* Fast Open cookie. Size 0 means a cookie request */

	struct tcp_fastopen_cookie	cookie;

	struct msghdr			*data;  /* data in MSG_FASTOPEN */

	u16				copied;	/* queued in tcp_connect() */

};

void tcp_free_fastopen_req(struct tcp_sock *tp);

extern struct tcp_fastopen_context __rcu *tcp_fastopen_ctx;

int tcp_fastopen_reset_cipher(void *key, unsigned int len);

void tcp_fastopen_cookie_gen(__be32 addr, struct tcp_fastopen_cookie *foc);

#define TCP_FASTOPEN_KEY_LENGTH 16

/* Fastopen key context */

struct tcp_fastopen_context {

	struct crypto_cipher __rcu	*tfm;

	__u8				key[TCP_FASTOPEN_KEY_LENGTH];

	struct rcu_head			rcu;

};

/* write queue abstraction */

static inline void tcp_write_queue_purge(struct sock *sk)

{