Skip to content

Commit 06b22ef

Browse files
0x7f454c46davem330
0x7f454c46
authored and
davem330
committed
net/tcp: Wire TCP-AO to request sockets
Now when the new request socket is created from the listening socket, it's recorded what MKT was used by the peer. tcp_rsk_used_ao() is a new helper for checking if TCP-AO option was used to create the request socket. tcp_ao_copy_all_matching() will copy all keys that match the peer on the request socket, as well as preparing them for the usage (creating traffic keys). Co-developed-by: Francesco Ruggeri <[email protected]> Signed-off-by: Francesco Ruggeri <[email protected]> Co-developed-by: Salam Noureddine <[email protected]> Signed-off-by: Salam Noureddine <[email protected]> Signed-off-by: Dmitry Safonov <[email protected]> Acked-by: David Ahern <[email protected]> Signed-off-by: David S. Miller <[email protected]>
1 parent decde25 commit 06b22ef

File tree

12 files changed

+506
-51
lines changed

12 files changed

+506
-51
lines changed

include/linux/tcp.h

+18
Original file line numberDiff line numberDiff line change
@@ -166,13 +166,31 @@ struct tcp_request_sock {
166166
* after data-in-SYN.
167167
*/
168168
u8 syn_tos;
169+
#ifdef CONFIG_TCP_AO
170+
u8 ao_keyid;
171+
u8 ao_rcv_next;
172+
u8 maclen;
173+
#endif
169174
};
170175

171176
static inline struct tcp_request_sock *tcp_rsk(const struct request_sock *req)
172177
{
173178
return (struct tcp_request_sock *)req;
174179
}
175180

181+
static inline bool tcp_rsk_used_ao(const struct request_sock *req)
182+
{
183+
/* The real length of MAC is saved in the request socket,
184+
* signing anything with zero-length makes no sense, so here is
185+
* a little hack..
186+
*/
187+
#ifndef CONFIG_TCP_AO
188+
return false;
189+
#else
190+
return tcp_rsk(req)->maclen != 0;
191+
#endif
192+
}
193+
176194
#define TCP_RMEM_TO_WIN_SCALE 8
177195

178196
struct tcp_sock {

include/net/tcp.h

+6
Original file line numberDiff line numberDiff line change
@@ -2216,6 +2216,12 @@ struct tcp_request_sock_ops {
22162216
const struct sock *sk,
22172217
const struct sk_buff *skb);
22182218
#endif
2219+
#ifdef CONFIG_TCP_AO
2220+
struct tcp_ao_key *(*ao_lookup)(const struct sock *sk,
2221+
struct request_sock *req,
2222+
int sndid, int rcvid);
2223+
int (*ao_calc_key)(struct tcp_ao_key *mkt, u8 *key, struct request_sock *sk);
2224+
#endif
22192225
#ifdef CONFIG_SYN_COOKIES
22202226
__u32 (*cookie_init_seq)(const struct sk_buff *skb,
22212227
__u16 *mss);

include/net/tcp_ao.h

+24
Original file line numberDiff line numberDiff line change
@@ -123,6 +123,9 @@ int tcp_parse_ao(struct sock *sk, int cmd, unsigned short int family,
123123
sockptr_t optval, int optlen);
124124
struct tcp_ao_key *tcp_ao_established_key(struct tcp_ao_info *ao,
125125
int sndid, int rcvid);
126+
int tcp_ao_copy_all_matching(const struct sock *sk, struct sock *newsk,
127+
struct request_sock *req, struct sk_buff *skb,
128+
int family);
126129
int tcp_ao_calc_traffic_key(struct tcp_ao_key *mkt, u8 *key, void *ctx,
127130
unsigned int len, struct tcp_sigpool *hp);
128131
void tcp_ao_destroy_sock(struct sock *sk, bool twsk);
@@ -147,18 +150,33 @@ struct tcp_ao_key *tcp_v4_ao_lookup(const struct sock *sk, struct sock *addr_sk,
147150
int tcp_v4_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
148151
const struct sock *sk,
149152
__be32 sisn, __be32 disn, bool send);
153+
int tcp_v4_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key,
154+
struct request_sock *req);
155+
struct tcp_ao_key *tcp_v4_ao_lookup_rsk(const struct sock *sk,
156+
struct request_sock *req,
157+
int sndid, int rcvid);
150158
int tcp_v4_ao_hash_skb(char *ao_hash, struct tcp_ao_key *key,
151159
const struct sock *sk, const struct sk_buff *skb,
152160
const u8 *tkey, int hash_offset, u32 sne);
153161
/* ipv6 specific functions */
154162
int tcp_v6_ao_hash_pseudoheader(struct tcp_sigpool *hp,
155163
const struct in6_addr *daddr,
156164
const struct in6_addr *saddr, int nbytes);
165+
int tcp_v6_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key,
166+
const struct sk_buff *skb, __be32 sisn, __be32 disn);
157167
int tcp_v6_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
158168
const struct sock *sk, __be32 sisn,
159169
__be32 disn, bool send);
170+
int tcp_v6_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key,
171+
struct request_sock *req);
172+
struct tcp_ao_key *tcp_v6_ao_do_lookup(const struct sock *sk,
173+
const struct in6_addr *addr,
174+
int sndid, int rcvid);
160175
struct tcp_ao_key *tcp_v6_ao_lookup(const struct sock *sk,
161176
struct sock *addr_sk, int sndid, int rcvid);
177+
struct tcp_ao_key *tcp_v6_ao_lookup_rsk(const struct sock *sk,
178+
struct request_sock *req,
179+
int sndid, int rcvid);
162180
int tcp_v6_ao_hash_skb(char *ao_hash, struct tcp_ao_key *key,
163181
const struct sock *sk, const struct sk_buff *skb,
164182
const u8 *tkey, int hash_offset, u32 sne);
@@ -178,6 +196,12 @@ static inline int tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb,
178196
return 0;
179197
}
180198

199+
static inline void tcp_ao_syncookie(struct sock *sk, const struct sk_buff *skb,
200+
struct tcp_request_sock *treq,
201+
unsigned short int family)
202+
{
203+
}
204+
181205
static inline struct tcp_ao_key *tcp_ao_do_lookup(const struct sock *sk,
182206
const union tcp_ao_addr *addr, int family, int sndid, int rcvid)
183207
{

net/ipv4/syncookies.c

+2
Original file line numberDiff line numberDiff line change
@@ -400,6 +400,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb)
400400
treq->snt_synack = 0;
401401
treq->tfo_listener = false;
402402

403+
tcp_ao_syncookie(sk, skb, treq, AF_INET);
404+
403405
if (IS_ENABLED(CONFIG_SMC))
404406
ireq->smc_ok = 0;
405407

0 commit comments

Comments
 (0)