0d41cca490
Applications have started to use Fast Open (e.g., Chrome browser has such an optional flag) and the feature has gone through several generations of kernels since 3.7 with many real network tests. It's time to enable this flag by default for applications to test more conveniently and extensively. Signed-off-by: Yuchung Cheng <ycheng@google.com> Signed-off-by: Neal Cardwell <ncardwell@google.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
96 lines
2.4 KiB
C
96 lines
2.4 KiB
C
#include <linux/err.h>
|
|
#include <linux/init.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/list.h>
|
|
#include <linux/tcp.h>
|
|
#include <linux/rcupdate.h>
|
|
#include <linux/rculist.h>
|
|
#include <net/inetpeer.h>
|
|
#include <net/tcp.h>
|
|
|
|
int sysctl_tcp_fastopen __read_mostly = TFO_CLIENT_ENABLE;
|
|
|
|
struct tcp_fastopen_context __rcu *tcp_fastopen_ctx;
|
|
|
|
static DEFINE_SPINLOCK(tcp_fastopen_ctx_lock);
|
|
|
|
void tcp_fastopen_init_key_once(bool publish)
|
|
{
|
|
static u8 key[TCP_FASTOPEN_KEY_LENGTH];
|
|
|
|
/* tcp_fastopen_reset_cipher publishes the new context
|
|
* atomically, so we allow this race happening here.
|
|
*
|
|
* All call sites of tcp_fastopen_cookie_gen also check
|
|
* for a valid cookie, so this is an acceptable risk.
|
|
*/
|
|
if (net_get_random_once(key, sizeof(key)) && publish)
|
|
tcp_fastopen_reset_cipher(key, sizeof(key));
|
|
}
|
|
|
|
static void tcp_fastopen_ctx_free(struct rcu_head *head)
|
|
{
|
|
struct tcp_fastopen_context *ctx =
|
|
container_of(head, struct tcp_fastopen_context, rcu);
|
|
crypto_free_cipher(ctx->tfm);
|
|
kfree(ctx);
|
|
}
|
|
|
|
int tcp_fastopen_reset_cipher(void *key, unsigned int len)
|
|
{
|
|
int err;
|
|
struct tcp_fastopen_context *ctx, *octx;
|
|
|
|
ctx = kmalloc(sizeof(*ctx), GFP_KERNEL);
|
|
if (!ctx)
|
|
return -ENOMEM;
|
|
ctx->tfm = crypto_alloc_cipher("aes", 0, 0);
|
|
|
|
if (IS_ERR(ctx->tfm)) {
|
|
err = PTR_ERR(ctx->tfm);
|
|
error: kfree(ctx);
|
|
pr_err("TCP: TFO aes cipher alloc error: %d\n", err);
|
|
return err;
|
|
}
|
|
err = crypto_cipher_setkey(ctx->tfm, key, len);
|
|
if (err) {
|
|
pr_err("TCP: TFO cipher key error: %d\n", err);
|
|
crypto_free_cipher(ctx->tfm);
|
|
goto error;
|
|
}
|
|
memcpy(ctx->key, key, len);
|
|
|
|
spin_lock(&tcp_fastopen_ctx_lock);
|
|
|
|
octx = rcu_dereference_protected(tcp_fastopen_ctx,
|
|
lockdep_is_held(&tcp_fastopen_ctx_lock));
|
|
rcu_assign_pointer(tcp_fastopen_ctx, ctx);
|
|
spin_unlock(&tcp_fastopen_ctx_lock);
|
|
|
|
if (octx)
|
|
call_rcu(&octx->rcu, tcp_fastopen_ctx_free);
|
|
return err;
|
|
}
|
|
|
|
/* Computes the fastopen cookie for the IP path.
|
|
* The path is a 128 bits long (pad with zeros for IPv4).
|
|
*
|
|
* The caller must check foc->len to determine if a valid cookie
|
|
* has been generated successfully.
|
|
*/
|
|
void tcp_fastopen_cookie_gen(__be32 src, __be32 dst,
|
|
struct tcp_fastopen_cookie *foc)
|
|
{
|
|
__be32 path[4] = { src, dst, 0, 0 };
|
|
struct tcp_fastopen_context *ctx;
|
|
|
|
tcp_fastopen_init_key_once(true);
|
|
|
|
rcu_read_lock();
|
|
ctx = rcu_dereference(tcp_fastopen_ctx);
|
|
if (ctx) {
|
|
crypto_cipher_encrypt_one(ctx->tfm, foc->val, (__u8 *)path);
|
|
foc->len = TCP_FASTOPEN_COOKIE_SIZE;
|
|
}
|
|
rcu_read_unlock();
|
|
}
|