xref: /OK3568_Linux_fs/kernel/net/mptcp/syncookies.c (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0
2*4882a593Smuzhiyun #include <linux/skbuff.h>
3*4882a593Smuzhiyun 
4*4882a593Smuzhiyun #include "protocol.h"
5*4882a593Smuzhiyun 
6*4882a593Smuzhiyun /* Syncookies do not work for JOIN requests.
7*4882a593Smuzhiyun  *
8*4882a593Smuzhiyun  * Unlike MP_CAPABLE, where the ACK cookie contains the needed MPTCP
9*4882a593Smuzhiyun  * options to reconstruct the initial syn state, MP_JOIN does not contain
10*4882a593Smuzhiyun  * the token to obtain the mptcp socket nor the server-generated nonce
11*4882a593Smuzhiyun  * that was used in the cookie SYN/ACK response.
12*4882a593Smuzhiyun  *
13*4882a593Smuzhiyun  * Keep a small best effort state table to store the syn/synack data,
14*4882a593Smuzhiyun  * indexed by skb hash.
15*4882a593Smuzhiyun  *
16*4882a593Smuzhiyun  * A MP_JOIN SYN packet handled by syn cookies is only stored if the 32bit
17*4882a593Smuzhiyun  * token matches a known mptcp connection that can still accept more subflows.
18*4882a593Smuzhiyun  *
19*4882a593Smuzhiyun  * There is no timeout handling -- state is only re-constructed
20*4882a593Smuzhiyun  * when the TCP ACK passed the cookie validation check.
21*4882a593Smuzhiyun  */
22*4882a593Smuzhiyun 
23*4882a593Smuzhiyun struct join_entry {
24*4882a593Smuzhiyun 	u32 token;
25*4882a593Smuzhiyun 	u32 remote_nonce;
26*4882a593Smuzhiyun 	u32 local_nonce;
27*4882a593Smuzhiyun 	u8 join_id;
28*4882a593Smuzhiyun 	u8 local_id;
29*4882a593Smuzhiyun 	u8 backup;
30*4882a593Smuzhiyun 	u8 valid;
31*4882a593Smuzhiyun };
32*4882a593Smuzhiyun 
33*4882a593Smuzhiyun #define COOKIE_JOIN_SLOTS	1024
34*4882a593Smuzhiyun 
35*4882a593Smuzhiyun static struct join_entry join_entries[COOKIE_JOIN_SLOTS] __cacheline_aligned_in_smp;
36*4882a593Smuzhiyun static spinlock_t join_entry_locks[COOKIE_JOIN_SLOTS] __cacheline_aligned_in_smp;
37*4882a593Smuzhiyun 
mptcp_join_entry_hash(struct sk_buff * skb,struct net * net)38*4882a593Smuzhiyun static u32 mptcp_join_entry_hash(struct sk_buff *skb, struct net *net)
39*4882a593Smuzhiyun {
40*4882a593Smuzhiyun 	static u32 mptcp_join_hash_secret __read_mostly;
41*4882a593Smuzhiyun 	struct tcphdr *th = tcp_hdr(skb);
42*4882a593Smuzhiyun 	u32 seq, i;
43*4882a593Smuzhiyun 
44*4882a593Smuzhiyun 	net_get_random_once(&mptcp_join_hash_secret,
45*4882a593Smuzhiyun 			    sizeof(mptcp_join_hash_secret));
46*4882a593Smuzhiyun 
47*4882a593Smuzhiyun 	if (th->syn)
48*4882a593Smuzhiyun 		seq = TCP_SKB_CB(skb)->seq;
49*4882a593Smuzhiyun 	else
50*4882a593Smuzhiyun 		seq = TCP_SKB_CB(skb)->seq - 1;
51*4882a593Smuzhiyun 
52*4882a593Smuzhiyun 	i = jhash_3words(seq, net_hash_mix(net),
53*4882a593Smuzhiyun 			 (__force __u32)th->source << 16 | (__force __u32)th->dest,
54*4882a593Smuzhiyun 			 mptcp_join_hash_secret);
55*4882a593Smuzhiyun 
56*4882a593Smuzhiyun 	return i % ARRAY_SIZE(join_entries);
57*4882a593Smuzhiyun }
58*4882a593Smuzhiyun 
mptcp_join_store_state(struct join_entry * entry,const struct mptcp_subflow_request_sock * subflow_req)59*4882a593Smuzhiyun static void mptcp_join_store_state(struct join_entry *entry,
60*4882a593Smuzhiyun 				   const struct mptcp_subflow_request_sock *subflow_req)
61*4882a593Smuzhiyun {
62*4882a593Smuzhiyun 	entry->token = subflow_req->token;
63*4882a593Smuzhiyun 	entry->remote_nonce = subflow_req->remote_nonce;
64*4882a593Smuzhiyun 	entry->local_nonce = subflow_req->local_nonce;
65*4882a593Smuzhiyun 	entry->backup = subflow_req->backup;
66*4882a593Smuzhiyun 	entry->join_id = subflow_req->remote_id;
67*4882a593Smuzhiyun 	entry->local_id = subflow_req->local_id;
68*4882a593Smuzhiyun 	entry->valid = 1;
69*4882a593Smuzhiyun }
70*4882a593Smuzhiyun 
subflow_init_req_cookie_join_save(const struct mptcp_subflow_request_sock * subflow_req,struct sk_buff * skb)71*4882a593Smuzhiyun void subflow_init_req_cookie_join_save(const struct mptcp_subflow_request_sock *subflow_req,
72*4882a593Smuzhiyun 				       struct sk_buff *skb)
73*4882a593Smuzhiyun {
74*4882a593Smuzhiyun 	struct net *net = read_pnet(&subflow_req->sk.req.ireq_net);
75*4882a593Smuzhiyun 	u32 i = mptcp_join_entry_hash(skb, net);
76*4882a593Smuzhiyun 
77*4882a593Smuzhiyun 	/* No use in waiting if other cpu is already using this slot --
78*4882a593Smuzhiyun 	 * would overwrite the data that got stored.
79*4882a593Smuzhiyun 	 */
80*4882a593Smuzhiyun 	spin_lock_bh(&join_entry_locks[i]);
81*4882a593Smuzhiyun 	mptcp_join_store_state(&join_entries[i], subflow_req);
82*4882a593Smuzhiyun 	spin_unlock_bh(&join_entry_locks[i]);
83*4882a593Smuzhiyun }
84*4882a593Smuzhiyun 
85*4882a593Smuzhiyun /* Called for a cookie-ack with MP_JOIN option present.
86*4882a593Smuzhiyun  * Look up the saved state based on skb hash & check token matches msk
87*4882a593Smuzhiyun  * in same netns.
88*4882a593Smuzhiyun  *
89*4882a593Smuzhiyun  * Caller will check msk can still accept another subflow.  The hmac
90*4882a593Smuzhiyun  * present in the cookie ACK mptcp option space will be checked later.
91*4882a593Smuzhiyun  */
mptcp_token_join_cookie_init_state(struct mptcp_subflow_request_sock * subflow_req,struct sk_buff * skb)92*4882a593Smuzhiyun bool mptcp_token_join_cookie_init_state(struct mptcp_subflow_request_sock *subflow_req,
93*4882a593Smuzhiyun 					struct sk_buff *skb)
94*4882a593Smuzhiyun {
95*4882a593Smuzhiyun 	struct net *net = read_pnet(&subflow_req->sk.req.ireq_net);
96*4882a593Smuzhiyun 	u32 i = mptcp_join_entry_hash(skb, net);
97*4882a593Smuzhiyun 	struct mptcp_sock *msk;
98*4882a593Smuzhiyun 	struct join_entry *e;
99*4882a593Smuzhiyun 
100*4882a593Smuzhiyun 	e = &join_entries[i];
101*4882a593Smuzhiyun 
102*4882a593Smuzhiyun 	spin_lock_bh(&join_entry_locks[i]);
103*4882a593Smuzhiyun 
104*4882a593Smuzhiyun 	if (e->valid == 0) {
105*4882a593Smuzhiyun 		spin_unlock_bh(&join_entry_locks[i]);
106*4882a593Smuzhiyun 		return false;
107*4882a593Smuzhiyun 	}
108*4882a593Smuzhiyun 
109*4882a593Smuzhiyun 	e->valid = 0;
110*4882a593Smuzhiyun 
111*4882a593Smuzhiyun 	msk = mptcp_token_get_sock(net, e->token);
112*4882a593Smuzhiyun 	if (!msk) {
113*4882a593Smuzhiyun 		spin_unlock_bh(&join_entry_locks[i]);
114*4882a593Smuzhiyun 		return false;
115*4882a593Smuzhiyun 	}
116*4882a593Smuzhiyun 
117*4882a593Smuzhiyun 	subflow_req->remote_nonce = e->remote_nonce;
118*4882a593Smuzhiyun 	subflow_req->local_nonce = e->local_nonce;
119*4882a593Smuzhiyun 	subflow_req->backup = e->backup;
120*4882a593Smuzhiyun 	subflow_req->remote_id = e->join_id;
121*4882a593Smuzhiyun 	subflow_req->token = e->token;
122*4882a593Smuzhiyun 	subflow_req->msk = msk;
123*4882a593Smuzhiyun 	spin_unlock_bh(&join_entry_locks[i]);
124*4882a593Smuzhiyun 	return true;
125*4882a593Smuzhiyun }
126*4882a593Smuzhiyun 
mptcp_join_cookie_init(void)127*4882a593Smuzhiyun void __init mptcp_join_cookie_init(void)
128*4882a593Smuzhiyun {
129*4882a593Smuzhiyun 	int i;
130*4882a593Smuzhiyun 
131*4882a593Smuzhiyun 	for (i = 0; i < COOKIE_JOIN_SLOTS; i++)
132*4882a593Smuzhiyun 		spin_lock_init(&join_entry_locks[i]);
133*4882a593Smuzhiyun }
134