2016-01-24 21:20:23 +08:00
|
|
|
#include <linux/crypto.h>
|
2012-08-31 20:29:11 +08:00
|
|
|
#include <linux/err.h>
|
2012-07-19 14:43:05 +08:00
|
|
|
#include <linux/init.h>
|
|
|
|
#include <linux/kernel.h>
|
2012-08-31 20:29:11 +08:00
|
|
|
#include <linux/list.h>
|
|
|
|
#include <linux/tcp.h>
|
|
|
|
#include <linux/rcupdate.h>
|
|
|
|
#include <linux/rculist.h>
|
|
|
|
#include <net/inetpeer.h>
|
|
|
|
#include <net/tcp.h>
|
2012-07-19 14:43:05 +08:00
|
|
|
|
2013-11-01 00:19:32 +08:00
|
|
|
int sysctl_tcp_fastopen __read_mostly = TFO_CLIENT_ENABLE;
|
2012-08-31 20:29:11 +08:00
|
|
|
|
|
|
|
struct tcp_fastopen_context __rcu *tcp_fastopen_ctx;
|
|
|
|
|
|
|
|
static DEFINE_SPINLOCK(tcp_fastopen_ctx_lock);
|
|
|
|
|
2013-10-20 03:48:58 +08:00
|
|
|
void tcp_fastopen_init_key_once(bool publish)
|
|
|
|
{
|
|
|
|
static u8 key[TCP_FASTOPEN_KEY_LENGTH];
|
|
|
|
|
|
|
|
/* tcp_fastopen_reset_cipher publishes the new context
|
|
|
|
* atomically, so we allow this race happening here.
|
|
|
|
*
|
|
|
|
* All call sites of tcp_fastopen_cookie_gen also check
|
|
|
|
* for a valid cookie, so this is an acceptable risk.
|
|
|
|
*/
|
|
|
|
if (net_get_random_once(key, sizeof(key)) && publish)
|
|
|
|
tcp_fastopen_reset_cipher(key, sizeof(key));
|
|
|
|
}
|
|
|
|
|
2012-08-31 20:29:11 +08:00
|
|
|
static void tcp_fastopen_ctx_free(struct rcu_head *head)
|
|
|
|
{
|
|
|
|
struct tcp_fastopen_context *ctx =
|
|
|
|
container_of(head, struct tcp_fastopen_context, rcu);
|
|
|
|
crypto_free_cipher(ctx->tfm);
|
|
|
|
kfree(ctx);
|
|
|
|
}
|
|
|
|
|
|
|
|
int tcp_fastopen_reset_cipher(void *key, unsigned int len)
|
|
|
|
{
|
|
|
|
int err;
|
|
|
|
struct tcp_fastopen_context *ctx, *octx;
|
|
|
|
|
|
|
|
ctx = kmalloc(sizeof(*ctx), GFP_KERNEL);
|
|
|
|
if (!ctx)
|
|
|
|
return -ENOMEM;
|
|
|
|
ctx->tfm = crypto_alloc_cipher("aes", 0, 0);
|
|
|
|
|
|
|
|
if (IS_ERR(ctx->tfm)) {
|
|
|
|
err = PTR_ERR(ctx->tfm);
|
|
|
|
error: kfree(ctx);
|
|
|
|
pr_err("TCP: TFO aes cipher alloc error: %d\n", err);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
err = crypto_cipher_setkey(ctx->tfm, key, len);
|
|
|
|
if (err) {
|
|
|
|
pr_err("TCP: TFO cipher key error: %d\n", err);
|
|
|
|
crypto_free_cipher(ctx->tfm);
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
memcpy(ctx->key, key, len);
|
|
|
|
|
|
|
|
spin_lock(&tcp_fastopen_ctx_lock);
|
|
|
|
|
|
|
|
octx = rcu_dereference_protected(tcp_fastopen_ctx,
|
|
|
|
lockdep_is_held(&tcp_fastopen_ctx_lock));
|
|
|
|
rcu_assign_pointer(tcp_fastopen_ctx, ctx);
|
|
|
|
spin_unlock(&tcp_fastopen_ctx_lock);
|
|
|
|
|
|
|
|
if (octx)
|
|
|
|
call_rcu(&octx->rcu, tcp_fastopen_ctx_free);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2014-05-12 11:22:13 +08:00
|
|
|
static bool __tcp_fastopen_cookie_gen(const void *path,
|
|
|
|
struct tcp_fastopen_cookie *foc)
|
2012-08-31 20:29:11 +08:00
|
|
|
{
|
|
|
|
struct tcp_fastopen_context *ctx;
|
2014-05-12 11:22:13 +08:00
|
|
|
bool ok = false;
|
2012-08-31 20:29:11 +08:00
|
|
|
|
|
|
|
rcu_read_lock();
|
|
|
|
ctx = rcu_dereference(tcp_fastopen_ctx);
|
|
|
|
if (ctx) {
|
2014-05-12 11:22:13 +08:00
|
|
|
crypto_cipher_encrypt_one(ctx->tfm, foc->val, path);
|
2012-08-31 20:29:11 +08:00
|
|
|
foc->len = TCP_FASTOPEN_COOKIE_SIZE;
|
2014-05-12 11:22:13 +08:00
|
|
|
ok = true;
|
2012-08-31 20:29:11 +08:00
|
|
|
}
|
|
|
|
rcu_read_unlock();
|
2014-05-12 11:22:13 +08:00
|
|
|
return ok;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Generate the fastopen cookie by doing aes128 encryption on both
|
|
|
|
* the source and destination addresses. Pad 0s for IPv4 or IPv4-mapped-IPv6
|
|
|
|
* addresses. For the longer IPv6 addresses use CBC-MAC.
|
|
|
|
*
|
|
|
|
* XXX (TFO) - refactor when TCP_FASTOPEN_COOKIE_SIZE != AES_BLOCK_SIZE.
|
|
|
|
*/
|
|
|
|
static bool tcp_fastopen_cookie_gen(struct request_sock *req,
|
|
|
|
struct sk_buff *syn,
|
|
|
|
struct tcp_fastopen_cookie *foc)
|
|
|
|
{
|
|
|
|
if (req->rsk_ops->family == AF_INET) {
|
|
|
|
const struct iphdr *iph = ip_hdr(syn);
|
|
|
|
|
|
|
|
__be32 path[4] = { iph->saddr, iph->daddr, 0, 0 };
|
|
|
|
return __tcp_fastopen_cookie_gen(path, foc);
|
|
|
|
}
|
|
|
|
|
|
|
|
#if IS_ENABLED(CONFIG_IPV6)
|
|
|
|
if (req->rsk_ops->family == AF_INET6) {
|
|
|
|
const struct ipv6hdr *ip6h = ipv6_hdr(syn);
|
|
|
|
struct tcp_fastopen_cookie tmp;
|
|
|
|
|
|
|
|
if (__tcp_fastopen_cookie_gen(&ip6h->saddr, &tmp)) {
|
2017-01-13 06:24:58 +08:00
|
|
|
struct in6_addr *buf = &tmp.addr;
|
2014-09-29 15:04:37 +08:00
|
|
|
int i;
|
2014-05-12 11:22:13 +08:00
|
|
|
|
|
|
|
for (i = 0; i < 4; i++)
|
|
|
|
buf->s6_addr32[i] ^= ip6h->daddr.s6_addr32[i];
|
|
|
|
return __tcp_fastopen_cookie_gen(buf, foc);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
return false;
|
2012-08-31 20:29:11 +08:00
|
|
|
}
|
2014-05-12 11:22:09 +08:00
|
|
|
|
2016-02-02 13:03:07 +08:00
|
|
|
|
|
|
|
/* If an incoming SYN or SYNACK frame contains a payload and/or FIN,
|
|
|
|
* queue this additional data / FIN.
|
|
|
|
*/
|
|
|
|
void tcp_fastopen_add_skb(struct sock *sk, struct sk_buff *skb)
|
|
|
|
{
|
|
|
|
struct tcp_sock *tp = tcp_sk(sk);
|
|
|
|
|
|
|
|
if (TCP_SKB_CB(skb)->end_seq == tp->rcv_nxt)
|
|
|
|
return;
|
|
|
|
|
|
|
|
skb = skb_clone(skb, GFP_ATOMIC);
|
|
|
|
if (!skb)
|
|
|
|
return;
|
|
|
|
|
|
|
|
skb_dst_drop(skb);
|
2016-03-15 01:52:15 +08:00
|
|
|
/* segs_in has been initialized to 1 in tcp_create_openreq_child().
|
|
|
|
* Hence, reset segs_in to 0 before calling tcp_segs_in()
|
|
|
|
* to avoid double counting. Also, tcp_segs_in() expects
|
|
|
|
* skb->len to include the tcp_hdrlen. Hence, it should
|
|
|
|
* be called before __skb_pull().
|
|
|
|
*/
|
|
|
|
tp->segs_in = 0;
|
|
|
|
tcp_segs_in(tp, skb);
|
2016-02-02 13:03:07 +08:00
|
|
|
__skb_pull(skb, tcp_hdrlen(skb));
|
2016-09-07 23:34:11 +08:00
|
|
|
sk_forced_mem_schedule(sk, skb->truesize);
|
2016-02-02 13:03:07 +08:00
|
|
|
skb_set_owner_r(skb, sk);
|
|
|
|
|
2016-02-02 13:03:08 +08:00
|
|
|
TCP_SKB_CB(skb)->seq++;
|
|
|
|
TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_SYN;
|
|
|
|
|
2016-02-02 13:03:07 +08:00
|
|
|
tp->rcv_nxt = TCP_SKB_CB(skb)->end_seq;
|
|
|
|
__skb_queue_tail(&sk->sk_receive_queue, skb);
|
|
|
|
tp->syn_data_acked = 1;
|
|
|
|
|
|
|
|
/* u64_stats_update_begin(&tp->syncp) not needed here,
|
|
|
|
* as we certainly are not changing upper 32bit value (0)
|
|
|
|
*/
|
|
|
|
tp->bytes_received = skb->len;
|
2016-02-07 03:16:28 +08:00
|
|
|
|
|
|
|
if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN)
|
|
|
|
tcp_fin(sk);
|
2016-02-02 13:03:07 +08:00
|
|
|
}
|
|
|
|
|
2015-09-25 08:16:05 +08:00
|
|
|
static struct sock *tcp_fastopen_create_child(struct sock *sk,
|
|
|
|
struct sk_buff *skb,
|
|
|
|
struct dst_entry *dst,
|
|
|
|
struct request_sock *req)
|
2014-05-12 11:22:09 +08:00
|
|
|
{
|
2014-06-17 04:30:36 +08:00
|
|
|
struct tcp_sock *tp;
|
2014-05-12 11:22:09 +08:00
|
|
|
struct request_sock_queue *queue = &inet_csk(sk)->icsk_accept_queue;
|
|
|
|
struct sock *child;
|
2015-10-22 23:20:46 +08:00
|
|
|
bool own_req;
|
2014-05-12 11:22:09 +08:00
|
|
|
|
|
|
|
req->num_retrans = 0;
|
|
|
|
req->num_timeout = 0;
|
|
|
|
req->sk = NULL;
|
|
|
|
|
2015-10-22 23:20:46 +08:00
|
|
|
child = inet_csk(sk)->icsk_af_ops->syn_recv_sock(sk, skb, req, NULL,
|
|
|
|
NULL, &own_req);
|
2015-04-03 16:17:26 +08:00
|
|
|
if (!child)
|
2015-09-25 08:16:05 +08:00
|
|
|
return NULL;
|
2014-05-12 11:22:09 +08:00
|
|
|
|
2015-09-29 22:42:52 +08:00
|
|
|
spin_lock(&queue->fastopenq.lock);
|
|
|
|
queue->fastopenq.qlen++;
|
|
|
|
spin_unlock(&queue->fastopenq.lock);
|
2014-05-12 11:22:09 +08:00
|
|
|
|
|
|
|
/* Initialize the child socket. Have to fix some values to take
|
|
|
|
* into account the child is a Fast Open socket and is created
|
|
|
|
* only out of the bits carried in the SYN packet.
|
|
|
|
*/
|
|
|
|
tp = tcp_sk(child);
|
|
|
|
|
|
|
|
tp->fastopen_rsk = req;
|
2015-03-18 09:32:29 +08:00
|
|
|
tcp_rsk(req)->tfo_listener = true;
|
2014-05-12 11:22:09 +08:00
|
|
|
|
|
|
|
/* RFC1323: The window in SYN & SYN/ACK segments is never
|
|
|
|
* scaled. So correct it appropriately.
|
|
|
|
*/
|
|
|
|
tp->snd_wnd = ntohs(tcp_hdr(skb)->window);
|
2017-01-19 21:36:39 +08:00
|
|
|
tp->max_window = tp->snd_wnd;
|
2014-05-12 11:22:09 +08:00
|
|
|
|
|
|
|
/* Activate the retrans timer so that SYNACK can be retransmitted.
|
2015-10-03 02:43:35 +08:00
|
|
|
* The request socket is not added to the ehash
|
2014-05-12 11:22:09 +08:00
|
|
|
* because it's been added to the accept queue directly.
|
|
|
|
*/
|
|
|
|
inet_csk_reset_xmit_timer(child, ICSK_TIME_RETRANS,
|
|
|
|
TCP_TIMEOUT_INIT, TCP_RTO_MAX);
|
|
|
|
|
2017-06-30 18:08:01 +08:00
|
|
|
refcount_set(&req->rsk_refcnt, 2);
|
2014-05-12 11:22:09 +08:00
|
|
|
|
|
|
|
/* Now finish processing the fastopen child socket. */
|
|
|
|
inet_csk(child)->icsk_af_ops->rebuild_header(child);
|
|
|
|
tcp_init_congestion_control(child);
|
|
|
|
tcp_mtup_init(child);
|
|
|
|
tcp_init_metrics(child);
|
2017-07-01 11:02:47 +08:00
|
|
|
tcp_call_bpf(child, BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB);
|
2014-05-12 11:22:09 +08:00
|
|
|
tcp_init_buffer_space(child);
|
|
|
|
|
2016-02-02 13:03:07 +08:00
|
|
|
tp->rcv_nxt = TCP_SKB_CB(skb)->seq + 1;
|
|
|
|
|
|
|
|
tcp_fastopen_add_skb(child, skb);
|
|
|
|
|
|
|
|
tcp_rsk(req)->rcv_nxt = tp->rcv_nxt;
|
2016-08-30 23:55:23 +08:00
|
|
|
tp->rcv_wup = tp->rcv_nxt;
|
2015-10-05 12:08:07 +08:00
|
|
|
/* tcp_conn_request() is sending the SYNACK,
|
|
|
|
* and queues the child into listener accept queue.
|
2015-09-25 08:16:05 +08:00
|
|
|
*/
|
|
|
|
return child;
|
2014-05-12 11:22:09 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static bool tcp_fastopen_queue_check(struct sock *sk)
|
|
|
|
{
|
|
|
|
struct fastopen_queue *fastopenq;
|
|
|
|
|
|
|
|
/* Make sure the listener has enabled fastopen, and we don't
|
|
|
|
* exceed the max # of pending TFO requests allowed before trying
|
|
|
|
* to validating the cookie in order to avoid burning CPU cycles
|
|
|
|
* unnecessarily.
|
|
|
|
*
|
|
|
|
* XXX (TFO) - The implication of checking the max_qlen before
|
|
|
|
* processing a cookie request is that clients can't differentiate
|
|
|
|
* between qlen overflow causing Fast Open to be disabled
|
|
|
|
* temporarily vs a server not supporting Fast Open at all.
|
|
|
|
*/
|
2015-09-29 22:42:52 +08:00
|
|
|
fastopenq = &inet_csk(sk)->icsk_accept_queue.fastopenq;
|
|
|
|
if (fastopenq->max_qlen == 0)
|
2014-05-12 11:22:09 +08:00
|
|
|
return false;
|
|
|
|
|
|
|
|
if (fastopenq->qlen >= fastopenq->max_qlen) {
|
|
|
|
struct request_sock *req1;
|
|
|
|
spin_lock(&fastopenq->lock);
|
|
|
|
req1 = fastopenq->rskq_rst_head;
|
inet: get rid of central tcp/dccp listener timer
One of the major issue for TCP is the SYNACK rtx handling,
done by inet_csk_reqsk_queue_prune(), fired by the keepalive
timer of a TCP_LISTEN socket.
This function runs for awful long times, with socket lock held,
meaning that other cpus needing this lock have to spin for hundred of ms.
SYNACK are sent in huge bursts, likely to cause severe drops anyway.
This model was OK 15 years ago when memory was very tight.
We now can afford to have a timer per request sock.
Timer invocations no longer need to lock the listener,
and can be run from all cpus in parallel.
With following patch increasing somaxconn width to 32 bits,
I tested a listener with more than 4 million active request sockets,
and a steady SYNFLOOD of ~200,000 SYN per second.
Host was sending ~830,000 SYNACK per second.
This is ~100 times more what we could achieve before this patch.
Later, we will get rid of the listener hash and use ehash instead.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-20 10:04:20 +08:00
|
|
|
if (!req1 || time_after(req1->rsk_timer.expires, jiffies)) {
|
2016-04-28 07:44:39 +08:00
|
|
|
__NET_INC_STATS(sock_net(sk),
|
|
|
|
LINUX_MIB_TCPFASTOPENLISTENOVERFLOW);
|
2016-04-30 05:16:47 +08:00
|
|
|
spin_unlock(&fastopenq->lock);
|
2014-05-12 11:22:09 +08:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
fastopenq->rskq_rst_head = req1->dl_next;
|
|
|
|
fastopenq->qlen--;
|
|
|
|
spin_unlock(&fastopenq->lock);
|
2015-03-16 12:12:16 +08:00
|
|
|
reqsk_put(req1);
|
2014-05-12 11:22:09 +08:00
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2014-05-12 11:22:10 +08:00
|
|
|
/* Returns true if we should perform Fast Open on the SYN. The cookie (foc)
|
|
|
|
* may be updated and return the client in the SYN-ACK later. E.g., Fast Open
|
|
|
|
* cookie request (foc->len == 0).
|
|
|
|
*/
|
2015-09-25 08:16:05 +08:00
|
|
|
struct sock *tcp_try_fastopen(struct sock *sk, struct sk_buff *skb,
|
|
|
|
struct request_sock *req,
|
|
|
|
struct tcp_fastopen_cookie *foc,
|
|
|
|
struct dst_entry *dst)
|
2014-05-12 11:22:09 +08:00
|
|
|
{
|
2014-05-12 11:22:10 +08:00
|
|
|
struct tcp_fastopen_cookie valid_foc = { .len = -1 };
|
|
|
|
bool syn_data = TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq + 1;
|
2015-09-25 08:16:05 +08:00
|
|
|
struct sock *child;
|
2014-05-12 11:22:09 +08:00
|
|
|
|
2015-02-10 04:35:23 +08:00
|
|
|
if (foc->len == 0) /* Client requests a cookie */
|
2016-04-30 05:16:47 +08:00
|
|
|
NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPFASTOPENCOOKIEREQD);
|
2015-02-10 04:35:23 +08:00
|
|
|
|
2014-05-12 11:22:10 +08:00
|
|
|
if (!((sysctl_tcp_fastopen & TFO_SERVER_ENABLE) &&
|
|
|
|
(syn_data || foc->len >= 0) &&
|
|
|
|
tcp_fastopen_queue_check(sk))) {
|
|
|
|
foc->len = -1;
|
2015-09-25 08:16:05 +08:00
|
|
|
return NULL;
|
2014-05-12 11:22:09 +08:00
|
|
|
}
|
|
|
|
|
2014-05-12 11:22:10 +08:00
|
|
|
if (syn_data && (sysctl_tcp_fastopen & TFO_SERVER_COOKIE_NOT_REQD))
|
|
|
|
goto fastopen;
|
|
|
|
|
2015-02-10 04:35:23 +08:00
|
|
|
if (foc->len >= 0 && /* Client presents or requests a cookie */
|
|
|
|
tcp_fastopen_cookie_gen(req, skb, &valid_foc) &&
|
2014-05-12 11:22:13 +08:00
|
|
|
foc->len == TCP_FASTOPEN_COOKIE_SIZE &&
|
2014-05-12 11:22:10 +08:00
|
|
|
foc->len == valid_foc.len &&
|
|
|
|
!memcmp(foc->val, valid_foc.val, foc->len)) {
|
2014-05-12 11:22:11 +08:00
|
|
|
/* Cookie is valid. Create a (full) child socket to accept
|
|
|
|
* the data in SYN before returning a SYN-ACK to ack the
|
|
|
|
* data. If we fail to create the socket, fall back and
|
|
|
|
* ack the ISN only but includes the same cookie.
|
|
|
|
*
|
|
|
|
* Note: Data-less SYN with valid cookie is allowed to send
|
|
|
|
* data in SYN_RECV state.
|
|
|
|
*/
|
2014-05-12 11:22:10 +08:00
|
|
|
fastopen:
|
2015-09-25 08:16:05 +08:00
|
|
|
child = tcp_fastopen_create_child(sk, skb, dst, req);
|
|
|
|
if (child) {
|
2014-05-12 11:22:11 +08:00
|
|
|
foc->len = -1;
|
2016-04-30 05:16:47 +08:00
|
|
|
NET_INC_STATS(sock_net(sk),
|
|
|
|
LINUX_MIB_TCPFASTOPENPASSIVE);
|
2015-09-25 08:16:05 +08:00
|
|
|
return child;
|
2014-05-12 11:22:11 +08:00
|
|
|
}
|
2016-04-30 05:16:47 +08:00
|
|
|
NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPFASTOPENPASSIVEFAIL);
|
2015-02-10 04:35:23 +08:00
|
|
|
} else if (foc->len > 0) /* Client presents an invalid cookie */
|
2016-04-30 05:16:47 +08:00
|
|
|
NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPFASTOPENPASSIVEFAIL);
|
2014-05-12 11:22:10 +08:00
|
|
|
|
2015-04-07 05:37:26 +08:00
|
|
|
valid_foc.exp = foc->exp;
|
2014-05-12 11:22:10 +08:00
|
|
|
*foc = valid_foc;
|
2015-09-25 08:16:05 +08:00
|
|
|
return NULL;
|
2014-05-12 11:22:09 +08:00
|
|
|
}
|
2017-01-24 02:59:20 +08:00
|
|
|
|
|
|
|
bool tcp_fastopen_cookie_check(struct sock *sk, u16 *mss,
|
|
|
|
struct tcp_fastopen_cookie *cookie)
|
|
|
|
{
|
|
|
|
unsigned long last_syn_loss = 0;
|
|
|
|
int syn_loss = 0;
|
|
|
|
|
|
|
|
tcp_fastopen_cache_get(sk, mss, cookie, &syn_loss, &last_syn_loss);
|
|
|
|
|
|
|
|
/* Recurring FO SYN losses: no cookie or data in SYN */
|
|
|
|
if (syn_loss > 1 &&
|
|
|
|
time_before(jiffies, last_syn_loss + (60*HZ << syn_loss))) {
|
|
|
|
cookie->len = -1;
|
|
|
|
return false;
|
|
|
|
}
|
net/tcp_fastopen: Disable active side TFO in certain scenarios
Middlebox firewall issues can potentially cause server's data being
blackholed after a successful 3WHS using TFO. Following are the related
reports from Apple:
https://www.nanog.org/sites/default/files/Paasch_Network_Support.pdf
Slide 31 identifies an issue where the client ACK to the server's data
sent during a TFO'd handshake is dropped.
C ---> syn-data ---> S
C <--- syn/ack ----- S
C (accept & write)
C <---- data ------- S
C ----- ACK -> X S
[retry and timeout]
https://www.ietf.org/proceedings/94/slides/slides-94-tcpm-13.pdf
Slide 5 shows a similar situation that the server's data gets dropped
after 3WHS.
C ---- syn-data ---> S
C <--- syn/ack ----- S
C ---- ack --------> S
S (accept & write)
C? X <- data ------ S
[retry and timeout]
This is the worst failure b/c the client can not detect such behavior to
mitigate the situation (such as disabling TFO). Failing to proceed, the
application (e.g., SSL library) may simply timeout and retry with TFO
again, and the process repeats indefinitely.
The proposed solution is to disable active TFO globally under the
following circumstances:
1. client side TFO socket detects out of order FIN
2. client side TFO socket receives out of order RST
We disable active side TFO globally for 1hr at first. Then if it
happens again, we disable it for 2h, then 4h, 8h, ...
And we reset the timeout to 1hr if a client side TFO sockets not opened
on loopback has successfully received data segs from server.
And we examine this condition during close().
The rational behind it is that when such firewall issue happens,
application running on the client should eventually close the socket as
it is not able to get the data it is expecting. Or application running
on the server should close the socket as it is not able to receive any
response from client.
In both cases, out of order FIN or RST will get received on the client
given that the firewall will not block them as no data are in those
frames.
And we want to disable active TFO globally as it helps if the middle box
is very close to the client and most of the connections are likely to
fail.
Also, add a debug sysctl:
tcp_fastopen_blackhole_detect_timeout_sec:
the initial timeout to use when firewall blackhole issue happens.
This can be set and read.
When setting it to 0, it means to disable the active disable logic.
Signed-off-by: Wei Wang <weiwan@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-04-21 05:45:46 +08:00
|
|
|
|
|
|
|
/* Firewall blackhole issue check */
|
|
|
|
if (tcp_fastopen_active_should_disable(sk)) {
|
|
|
|
cookie->len = -1;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2017-01-24 02:59:20 +08:00
|
|
|
if (sysctl_tcp_fastopen & TFO_CLIENT_NO_COOKIE) {
|
|
|
|
cookie->len = -1;
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
return cookie->len > 0;
|
|
|
|
}
|
net/tcp-fastopen: Add new API support
This patch adds a new socket option, TCP_FASTOPEN_CONNECT, as an
alternative way to perform Fast Open on the active side (client). Prior
to this patch, a client needs to replace the connect() call with
sendto(MSG_FASTOPEN). This can be cumbersome for applications who want
to use Fast Open: these socket operations are often done in lower layer
libraries used by many other applications. Changing these libraries
and/or the socket call sequences are not trivial. A more convenient
approach is to perform Fast Open by simply enabling a socket option when
the socket is created w/o changing other socket calls sequence:
s = socket()
create a new socket
setsockopt(s, IPPROTO_TCP, TCP_FASTOPEN_CONNECT …);
newly introduced sockopt
If set, new functionality described below will be used.
Return ENOTSUPP if TFO is not supported or not enabled in the
kernel.
connect()
With cookie present, return 0 immediately.
With no cookie, initiate 3WHS with TFO cookie-request option and
return -1 with errno = EINPROGRESS.
write()/sendmsg()
With cookie present, send out SYN with data and return the number of
bytes buffered.
With no cookie, and 3WHS not yet completed, return -1 with errno =
EINPROGRESS.
No MSG_FASTOPEN flag is needed.
read()
Return -1 with errno = EWOULDBLOCK/EAGAIN if connect() is called but
write() is not called yet.
Return -1 with errno = EWOULDBLOCK/EAGAIN if connection is
established but no msg is received yet.
Return number of bytes read if socket is established and there is
msg received.
The new API simplifies life for applications that always perform a write()
immediately after a successful connect(). Such applications can now take
advantage of Fast Open by merely making one new setsockopt() call at the time
of creating the socket. Nothing else about the application's socket call
sequence needs to change.
Signed-off-by: Wei Wang <weiwan@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-01-24 02:59:22 +08:00
|
|
|
|
|
|
|
/* This function checks if we want to defer sending SYN until the first
|
|
|
|
* write(). We defer under the following conditions:
|
|
|
|
* 1. fastopen_connect sockopt is set
|
|
|
|
* 2. we have a valid cookie
|
|
|
|
* Return value: return true if we want to defer until application writes data
|
|
|
|
* return false if we want to send out SYN immediately
|
|
|
|
*/
|
|
|
|
bool tcp_fastopen_defer_connect(struct sock *sk, int *err)
|
|
|
|
{
|
|
|
|
struct tcp_fastopen_cookie cookie = { .len = 0 };
|
|
|
|
struct tcp_sock *tp = tcp_sk(sk);
|
|
|
|
u16 mss;
|
|
|
|
|
|
|
|
if (tp->fastopen_connect && !tp->fastopen_req) {
|
|
|
|
if (tcp_fastopen_cookie_check(sk, &mss, &cookie)) {
|
|
|
|
inet_sk(sk)->defer_connect = 1;
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Alloc fastopen_req in order for FO option to be included
|
|
|
|
* in SYN
|
|
|
|
*/
|
|
|
|
tp->fastopen_req = kzalloc(sizeof(*tp->fastopen_req),
|
|
|
|
sk->sk_allocation);
|
|
|
|
if (tp->fastopen_req)
|
|
|
|
tp->fastopen_req->cookie = cookie;
|
|
|
|
else
|
|
|
|
*err = -ENOBUFS;
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(tcp_fastopen_defer_connect);
|
net/tcp_fastopen: Disable active side TFO in certain scenarios
Middlebox firewall issues can potentially cause server's data being
blackholed after a successful 3WHS using TFO. Following are the related
reports from Apple:
https://www.nanog.org/sites/default/files/Paasch_Network_Support.pdf
Slide 31 identifies an issue where the client ACK to the server's data
sent during a TFO'd handshake is dropped.
C ---> syn-data ---> S
C <--- syn/ack ----- S
C (accept & write)
C <---- data ------- S
C ----- ACK -> X S
[retry and timeout]
https://www.ietf.org/proceedings/94/slides/slides-94-tcpm-13.pdf
Slide 5 shows a similar situation that the server's data gets dropped
after 3WHS.
C ---- syn-data ---> S
C <--- syn/ack ----- S
C ---- ack --------> S
S (accept & write)
C? X <- data ------ S
[retry and timeout]
This is the worst failure b/c the client can not detect such behavior to
mitigate the situation (such as disabling TFO). Failing to proceed, the
application (e.g., SSL library) may simply timeout and retry with TFO
again, and the process repeats indefinitely.
The proposed solution is to disable active TFO globally under the
following circumstances:
1. client side TFO socket detects out of order FIN
2. client side TFO socket receives out of order RST
We disable active side TFO globally for 1hr at first. Then if it
happens again, we disable it for 2h, then 4h, 8h, ...
And we reset the timeout to 1hr if a client side TFO sockets not opened
on loopback has successfully received data segs from server.
And we examine this condition during close().
The rational behind it is that when such firewall issue happens,
application running on the client should eventually close the socket as
it is not able to get the data it is expecting. Or application running
on the server should close the socket as it is not able to receive any
response from client.
In both cases, out of order FIN or RST will get received on the client
given that the firewall will not block them as no data are in those
frames.
And we want to disable active TFO globally as it helps if the middle box
is very close to the client and most of the connections are likely to
fail.
Also, add a debug sysctl:
tcp_fastopen_blackhole_detect_timeout_sec:
the initial timeout to use when firewall blackhole issue happens.
This can be set and read.
When setting it to 0, it means to disable the active disable logic.
Signed-off-by: Wei Wang <weiwan@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-04-21 05:45:46 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* The following code block is to deal with middle box issues with TFO:
|
|
|
|
* Middlebox firewall issues can potentially cause server's data being
|
|
|
|
* blackholed after a successful 3WHS using TFO.
|
|
|
|
* The proposed solution is to disable active TFO globally under the
|
|
|
|
* following circumstances:
|
|
|
|
* 1. client side TFO socket receives out of order FIN
|
|
|
|
* 2. client side TFO socket receives out of order RST
|
|
|
|
* We disable active side TFO globally for 1hr at first. Then if it
|
|
|
|
* happens again, we disable it for 2h, then 4h, 8h, ...
|
|
|
|
* And we reset the timeout back to 1hr when we see a successful active
|
|
|
|
* TFO connection with data exchanges.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* Default to 1hr */
|
|
|
|
unsigned int sysctl_tcp_fastopen_blackhole_timeout __read_mostly = 60 * 60;
|
|
|
|
static atomic_t tfo_active_disable_times __read_mostly = ATOMIC_INIT(0);
|
|
|
|
static unsigned long tfo_active_disable_stamp __read_mostly;
|
|
|
|
|
|
|
|
/* Disable active TFO and record current jiffies and
|
|
|
|
* tfo_active_disable_times
|
|
|
|
*/
|
2017-04-21 05:45:47 +08:00
|
|
|
void tcp_fastopen_active_disable(struct sock *sk)
|
net/tcp_fastopen: Disable active side TFO in certain scenarios
Middlebox firewall issues can potentially cause server's data being
blackholed after a successful 3WHS using TFO. Following are the related
reports from Apple:
https://www.nanog.org/sites/default/files/Paasch_Network_Support.pdf
Slide 31 identifies an issue where the client ACK to the server's data
sent during a TFO'd handshake is dropped.
C ---> syn-data ---> S
C <--- syn/ack ----- S
C (accept & write)
C <---- data ------- S
C ----- ACK -> X S
[retry and timeout]
https://www.ietf.org/proceedings/94/slides/slides-94-tcpm-13.pdf
Slide 5 shows a similar situation that the server's data gets dropped
after 3WHS.
C ---- syn-data ---> S
C <--- syn/ack ----- S
C ---- ack --------> S
S (accept & write)
C? X <- data ------ S
[retry and timeout]
This is the worst failure b/c the client can not detect such behavior to
mitigate the situation (such as disabling TFO). Failing to proceed, the
application (e.g., SSL library) may simply timeout and retry with TFO
again, and the process repeats indefinitely.
The proposed solution is to disable active TFO globally under the
following circumstances:
1. client side TFO socket detects out of order FIN
2. client side TFO socket receives out of order RST
We disable active side TFO globally for 1hr at first. Then if it
happens again, we disable it for 2h, then 4h, 8h, ...
And we reset the timeout to 1hr if a client side TFO sockets not opened
on loopback has successfully received data segs from server.
And we examine this condition during close().
The rational behind it is that when such firewall issue happens,
application running on the client should eventually close the socket as
it is not able to get the data it is expecting. Or application running
on the server should close the socket as it is not able to receive any
response from client.
In both cases, out of order FIN or RST will get received on the client
given that the firewall will not block them as no data are in those
frames.
And we want to disable active TFO globally as it helps if the middle box
is very close to the client and most of the connections are likely to
fail.
Also, add a debug sysctl:
tcp_fastopen_blackhole_detect_timeout_sec:
the initial timeout to use when firewall blackhole issue happens.
This can be set and read.
When setting it to 0, it means to disable the active disable logic.
Signed-off-by: Wei Wang <weiwan@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-04-21 05:45:46 +08:00
|
|
|
{
|
|
|
|
atomic_inc(&tfo_active_disable_times);
|
|
|
|
tfo_active_disable_stamp = jiffies;
|
2017-04-21 05:45:47 +08:00
|
|
|
NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPFASTOPENBLACKHOLE);
|
net/tcp_fastopen: Disable active side TFO in certain scenarios
Middlebox firewall issues can potentially cause server's data being
blackholed after a successful 3WHS using TFO. Following are the related
reports from Apple:
https://www.nanog.org/sites/default/files/Paasch_Network_Support.pdf
Slide 31 identifies an issue where the client ACK to the server's data
sent during a TFO'd handshake is dropped.
C ---> syn-data ---> S
C <--- syn/ack ----- S
C (accept & write)
C <---- data ------- S
C ----- ACK -> X S
[retry and timeout]
https://www.ietf.org/proceedings/94/slides/slides-94-tcpm-13.pdf
Slide 5 shows a similar situation that the server's data gets dropped
after 3WHS.
C ---- syn-data ---> S
C <--- syn/ack ----- S
C ---- ack --------> S
S (accept & write)
C? X <- data ------ S
[retry and timeout]
This is the worst failure b/c the client can not detect such behavior to
mitigate the situation (such as disabling TFO). Failing to proceed, the
application (e.g., SSL library) may simply timeout and retry with TFO
again, and the process repeats indefinitely.
The proposed solution is to disable active TFO globally under the
following circumstances:
1. client side TFO socket detects out of order FIN
2. client side TFO socket receives out of order RST
We disable active side TFO globally for 1hr at first. Then if it
happens again, we disable it for 2h, then 4h, 8h, ...
And we reset the timeout to 1hr if a client side TFO sockets not opened
on loopback has successfully received data segs from server.
And we examine this condition during close().
The rational behind it is that when such firewall issue happens,
application running on the client should eventually close the socket as
it is not able to get the data it is expecting. Or application running
on the server should close the socket as it is not able to receive any
response from client.
In both cases, out of order FIN or RST will get received on the client
given that the firewall will not block them as no data are in those
frames.
And we want to disable active TFO globally as it helps if the middle box
is very close to the client and most of the connections are likely to
fail.
Also, add a debug sysctl:
tcp_fastopen_blackhole_detect_timeout_sec:
the initial timeout to use when firewall blackhole issue happens.
This can be set and read.
When setting it to 0, it means to disable the active disable logic.
Signed-off-by: Wei Wang <weiwan@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-04-21 05:45:46 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Reset tfo_active_disable_times to 0 */
|
|
|
|
void tcp_fastopen_active_timeout_reset(void)
|
|
|
|
{
|
|
|
|
atomic_set(&tfo_active_disable_times, 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Calculate timeout for tfo active disable
|
|
|
|
* Return true if we are still in the active TFO disable period
|
|
|
|
* Return false if timeout already expired and we should use active TFO
|
|
|
|
*/
|
|
|
|
bool tcp_fastopen_active_should_disable(struct sock *sk)
|
|
|
|
{
|
|
|
|
int tfo_da_times = atomic_read(&tfo_active_disable_times);
|
|
|
|
int multiplier;
|
|
|
|
unsigned long timeout;
|
|
|
|
|
|
|
|
if (!tfo_da_times)
|
|
|
|
return false;
|
|
|
|
|
|
|
|
/* Limit timout to max: 2^6 * initial timeout */
|
|
|
|
multiplier = 1 << min(tfo_da_times - 1, 6);
|
|
|
|
timeout = multiplier * sysctl_tcp_fastopen_blackhole_timeout * HZ;
|
|
|
|
if (time_before(jiffies, tfo_active_disable_stamp + timeout))
|
|
|
|
return true;
|
|
|
|
|
|
|
|
/* Mark check bit so we can check for successful active TFO
|
|
|
|
* condition and reset tfo_active_disable_times
|
|
|
|
*/
|
|
|
|
tcp_sk(sk)->syn_fastopen_ch = 1;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Disable active TFO if FIN is the only packet in the ofo queue
|
|
|
|
* and no data is received.
|
|
|
|
* Also check if we can reset tfo_active_disable_times if data is
|
|
|
|
* received successfully on a marked active TFO sockets opened on
|
|
|
|
* a non-loopback interface
|
|
|
|
*/
|
|
|
|
void tcp_fastopen_active_disable_ofo_check(struct sock *sk)
|
|
|
|
{
|
|
|
|
struct tcp_sock *tp = tcp_sk(sk);
|
|
|
|
struct rb_node *p;
|
|
|
|
struct sk_buff *skb;
|
|
|
|
struct dst_entry *dst;
|
|
|
|
|
|
|
|
if (!tp->syn_fastopen)
|
|
|
|
return;
|
|
|
|
|
|
|
|
if (!tp->data_segs_in) {
|
|
|
|
p = rb_first(&tp->out_of_order_queue);
|
|
|
|
if (p && !rb_next(p)) {
|
|
|
|
skb = rb_entry(p, struct sk_buff, rbnode);
|
|
|
|
if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN) {
|
2017-04-21 05:45:47 +08:00
|
|
|
tcp_fastopen_active_disable(sk);
|
net/tcp_fastopen: Disable active side TFO in certain scenarios
Middlebox firewall issues can potentially cause server's data being
blackholed after a successful 3WHS using TFO. Following are the related
reports from Apple:
https://www.nanog.org/sites/default/files/Paasch_Network_Support.pdf
Slide 31 identifies an issue where the client ACK to the server's data
sent during a TFO'd handshake is dropped.
C ---> syn-data ---> S
C <--- syn/ack ----- S
C (accept & write)
C <---- data ------- S
C ----- ACK -> X S
[retry and timeout]
https://www.ietf.org/proceedings/94/slides/slides-94-tcpm-13.pdf
Slide 5 shows a similar situation that the server's data gets dropped
after 3WHS.
C ---- syn-data ---> S
C <--- syn/ack ----- S
C ---- ack --------> S
S (accept & write)
C? X <- data ------ S
[retry and timeout]
This is the worst failure b/c the client can not detect such behavior to
mitigate the situation (such as disabling TFO). Failing to proceed, the
application (e.g., SSL library) may simply timeout and retry with TFO
again, and the process repeats indefinitely.
The proposed solution is to disable active TFO globally under the
following circumstances:
1. client side TFO socket detects out of order FIN
2. client side TFO socket receives out of order RST
We disable active side TFO globally for 1hr at first. Then if it
happens again, we disable it for 2h, then 4h, 8h, ...
And we reset the timeout to 1hr if a client side TFO sockets not opened
on loopback has successfully received data segs from server.
And we examine this condition during close().
The rational behind it is that when such firewall issue happens,
application running on the client should eventually close the socket as
it is not able to get the data it is expecting. Or application running
on the server should close the socket as it is not able to receive any
response from client.
In both cases, out of order FIN or RST will get received on the client
given that the firewall will not block them as no data are in those
frames.
And we want to disable active TFO globally as it helps if the middle box
is very close to the client and most of the connections are likely to
fail.
Also, add a debug sysctl:
tcp_fastopen_blackhole_detect_timeout_sec:
the initial timeout to use when firewall blackhole issue happens.
This can be set and read.
When setting it to 0, it means to disable the active disable logic.
Signed-off-by: Wei Wang <weiwan@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-04-21 05:45:46 +08:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else if (tp->syn_fastopen_ch &&
|
|
|
|
atomic_read(&tfo_active_disable_times)) {
|
|
|
|
dst = sk_dst_get(sk);
|
|
|
|
if (!(dst && dst->dev && (dst->dev->flags & IFF_LOOPBACK)))
|
|
|
|
tcp_fastopen_active_timeout_reset();
|
|
|
|
dst_release(dst);
|
|
|
|
}
|
|
|
|
}
|