Commit c83a47e5 authored by Florian Westphal's avatar Florian Westphal Committed by David S. Miller

mptcp: subflow: add mptcp_subflow_init_cookie_req helper

Will be used to initialize the mptcp request socket when a MP_CAPABLE
request was handled in syncookie mode, i.e. when a TCP ACK containing a
MP_CAPABLE option is a valid syncookie value.

Normally (non-cookie case), MPTCP will generate a unique 32 bit connection
ID and stores it in the MPTCP token storage to be able to retrieve the
mptcp socket for subflow joining.

In syncookie case, we do not want to store any state, so just generate the
unique ID and use it in the reply.

This means there is a small window where another connection could generate
the same token.

When Cookie ACK comes back, we check that the token has not been registered
in the mean time.  If it was, the connection needs to fall back to TCP.

Changes in v2:
 - use req->syncookie instead of passing 'want_cookie' arg to ->init_req()
   (Eric Dumazet)
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Reviewed-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 08b8d080
...@@ -131,6 +131,9 @@ static inline bool mptcp_skb_can_collapse(const struct sk_buff *to, ...@@ -131,6 +131,9 @@ static inline bool mptcp_skb_can_collapse(const struct sk_buff *to,
} }
void mptcp_seq_show(struct seq_file *seq); void mptcp_seq_show(struct seq_file *seq);
int mptcp_subflow_init_cookie_req(struct request_sock *req,
const struct sock *sk_listener,
struct sk_buff *skb);
#else #else
static inline void mptcp_init(void) static inline void mptcp_init(void)
...@@ -200,6 +203,13 @@ static inline bool mptcp_skb_can_collapse(const struct sk_buff *to, ...@@ -200,6 +203,13 @@ static inline bool mptcp_skb_can_collapse(const struct sk_buff *to,
static inline void mptcp_space(const struct sock *ssk, int *s, int *fs) { } static inline void mptcp_space(const struct sock *ssk, int *s, int *fs) { }
static inline void mptcp_seq_show(struct seq_file *seq) { } static inline void mptcp_seq_show(struct seq_file *seq) { }
static inline int mptcp_subflow_init_cookie_req(struct request_sock *req,
const struct sock *sk_listener,
struct sk_buff *skb)
{
return 0; /* TCP fallback */
}
#endif /* CONFIG_MPTCP */ #endif /* CONFIG_MPTCP */
#if IS_ENABLED(CONFIG_MPTCP_IPV6) #if IS_ENABLED(CONFIG_MPTCP_IPV6)
......
...@@ -400,6 +400,7 @@ void mptcp_token_destroy_request(struct request_sock *req); ...@@ -400,6 +400,7 @@ void mptcp_token_destroy_request(struct request_sock *req);
int mptcp_token_new_connect(struct sock *sk); int mptcp_token_new_connect(struct sock *sk);
void mptcp_token_accept(struct mptcp_subflow_request_sock *r, void mptcp_token_accept(struct mptcp_subflow_request_sock *r,
struct mptcp_sock *msk); struct mptcp_sock *msk);
bool mptcp_token_exists(u32 token);
struct mptcp_sock *mptcp_token_get_sock(u32 token); struct mptcp_sock *mptcp_token_get_sock(u32 token);
struct mptcp_sock *mptcp_token_iter_next(const struct net *net, long *s_slot, struct mptcp_sock *mptcp_token_iter_next(const struct net *net, long *s_slot,
long *s_num); long *s_num);
......
...@@ -140,18 +140,31 @@ static void subflow_init_req(struct request_sock *req, ...@@ -140,18 +140,31 @@ static void subflow_init_req(struct request_sock *req,
if (mp_opt.mp_capable && listener->request_mptcp) { if (mp_opt.mp_capable && listener->request_mptcp) {
int err, retries = 4; int err, retries = 4;
subflow_req->ssn_offset = TCP_SKB_CB(skb)->seq;
again: again:
do { do {
get_random_bytes(&subflow_req->local_key, sizeof(subflow_req->local_key)); get_random_bytes(&subflow_req->local_key, sizeof(subflow_req->local_key));
} while (subflow_req->local_key == 0); } while (subflow_req->local_key == 0);
if (unlikely(req->syncookie)) {
mptcp_crypto_key_sha(subflow_req->local_key,
&subflow_req->token,
&subflow_req->idsn);
if (mptcp_token_exists(subflow_req->token)) {
if (retries-- > 0)
goto again;
} else {
subflow_req->mp_capable = 1;
}
return;
}
err = mptcp_token_new_request(req); err = mptcp_token_new_request(req);
if (err == 0) if (err == 0)
subflow_req->mp_capable = 1; subflow_req->mp_capable = 1;
else if (retries-- > 0) else if (retries-- > 0)
goto again; goto again;
subflow_req->ssn_offset = TCP_SKB_CB(skb)->seq;
} else if (mp_opt.mp_join && listener->request_mptcp) { } else if (mp_opt.mp_join && listener->request_mptcp) {
subflow_req->ssn_offset = TCP_SKB_CB(skb)->seq; subflow_req->ssn_offset = TCP_SKB_CB(skb)->seq;
subflow_req->mp_join = 1; subflow_req->mp_join = 1;
...@@ -165,6 +178,41 @@ static void subflow_init_req(struct request_sock *req, ...@@ -165,6 +178,41 @@ static void subflow_init_req(struct request_sock *req,
} }
} }
int mptcp_subflow_init_cookie_req(struct request_sock *req,
const struct sock *sk_listener,
struct sk_buff *skb)
{
struct mptcp_subflow_context *listener = mptcp_subflow_ctx(sk_listener);
struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req);
struct mptcp_options_received mp_opt;
int err;
err = __subflow_init_req(req, sk_listener);
if (err)
return err;
mptcp_get_options(skb, &mp_opt);
if (mp_opt.mp_capable && mp_opt.mp_join)
return -EINVAL;
if (mp_opt.mp_capable && listener->request_mptcp) {
if (mp_opt.sndr_key == 0)
return -EINVAL;
subflow_req->local_key = mp_opt.rcvr_key;
err = mptcp_token_new_request(req);
if (err)
return err;
subflow_req->mp_capable = 1;
subflow_req->ssn_offset = TCP_SKB_CB(skb)->seq - 1;
}
return 0;
}
EXPORT_SYMBOL_GPL(mptcp_subflow_init_cookie_req);
static void subflow_v4_init_req(struct request_sock *req, static void subflow_v4_init_req(struct request_sock *req,
const struct sock *sk_listener, const struct sock *sk_listener,
struct sk_buff *skb) struct sk_buff *skb)
......
...@@ -204,6 +204,32 @@ void mptcp_token_accept(struct mptcp_subflow_request_sock *req, ...@@ -204,6 +204,32 @@ void mptcp_token_accept(struct mptcp_subflow_request_sock *req,
spin_unlock_bh(&bucket->lock); spin_unlock_bh(&bucket->lock);
} }
bool mptcp_token_exists(u32 token)
{
struct hlist_nulls_node *pos;
struct token_bucket *bucket;
struct mptcp_sock *msk;
struct sock *sk;
rcu_read_lock();
bucket = token_bucket(token);
again:
sk_nulls_for_each_rcu(sk, pos, &bucket->msk_chain) {
msk = mptcp_sk(sk);
if (READ_ONCE(msk->token) == token)
goto found;
}
if (get_nulls_value(pos) != (token & token_mask))
goto again;
rcu_read_unlock();
return false;
found:
rcu_read_unlock();
return true;
}
/** /**
* mptcp_token_get_sock - retrieve mptcp connection sock using its token * mptcp_token_get_sock - retrieve mptcp connection sock using its token
* @token: token of the mptcp connection to retrieve * @token: token of the mptcp connection to retrieve
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment