| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253 |
- /* SPDX-License-Identifier: GPL-2.0-or-later */
- /*
- * NET Generic infrastructure for Network protocols.
- *
- * Definitions for request_sock
- *
- * Authors: Arnaldo Carvalho de Melo <acme@conectiva.com.br>
- *
- * From code originally in include/net/tcp.h
- */
- #ifndef _REQUEST_SOCK_H
- #define _REQUEST_SOCK_H
- #include <linux/slab.h>
- #include <linux/spinlock.h>
- #include <linux/types.h>
- #include <linux/bug.h>
- #include <linux/refcount.h>
- #include <net/sock.h>
- #include <net/rstreason.h>
- struct request_sock;
- struct sk_buff;
- struct dst_entry;
- struct proto;
- struct request_sock_ops {
- int family;
- unsigned int obj_size;
- struct kmem_cache *slab;
- char *slab_name;
- void (*send_ack)(const struct sock *sk, struct sk_buff *skb,
- struct request_sock *req);
- void (*send_reset)(const struct sock *sk,
- struct sk_buff *skb,
- enum sk_rst_reason reason);
- void (*destructor)(struct request_sock *req);
- };
- struct saved_syn {
- u32 mac_hdrlen;
- u32 network_hdrlen;
- u32 tcp_hdrlen;
- u8 data[];
- };
- /* struct request_sock - mini sock to represent a connection request
- */
- struct request_sock {
- struct sock_common __req_common;
- #define rsk_refcnt __req_common.skc_refcnt
- #define rsk_hash __req_common.skc_hash
- #define rsk_listener __req_common.skc_listener
- #define rsk_window_clamp __req_common.skc_window_clamp
- #define rsk_rcv_wnd __req_common.skc_rcv_wnd
- struct request_sock *dl_next;
- u16 mss;
- u8 num_retrans; /* number of retransmits */
- u8 syncookie:1; /* True if
- * 1) tcpopts needs to be encoded in
- * TS of SYN+ACK
- * 2) ACK is validated by BPF kfunc.
- */
- u8 num_timeout:7; /* number of timeouts */
- u32 ts_recent;
- struct timer_list rsk_timer;
- const struct request_sock_ops *rsk_ops;
- struct sock *sk;
- struct saved_syn *saved_syn;
- u32 secid;
- u32 peer_secid;
- u32 timeout;
- };
- static inline struct request_sock *inet_reqsk(const struct sock *sk)
- {
- return (struct request_sock *)sk;
- }
- static inline struct sock *req_to_sk(struct request_sock *req)
- {
- return (struct sock *)req;
- }
- /**
- * skb_steal_sock - steal a socket from an sk_buff
- * @skb: sk_buff to steal the socket from
- * @refcounted: is set to true if the socket is reference-counted
- * @prefetched: is set to true if the socket was assigned from bpf
- */
- static inline struct sock *skb_steal_sock(struct sk_buff *skb,
- bool *refcounted, bool *prefetched)
- {
- struct sock *sk = skb->sk;
- if (!sk) {
- *prefetched = false;
- *refcounted = false;
- return NULL;
- }
- *prefetched = skb_sk_is_prefetched(skb);
- if (*prefetched) {
- #if IS_ENABLED(CONFIG_SYN_COOKIES)
- if (sk->sk_state == TCP_NEW_SYN_RECV && inet_reqsk(sk)->syncookie) {
- struct request_sock *req = inet_reqsk(sk);
- *refcounted = false;
- sk = req->rsk_listener;
- req->rsk_listener = NULL;
- return sk;
- }
- #endif
- *refcounted = sk_is_refcounted(sk);
- } else {
- *refcounted = true;
- }
- skb->destructor = NULL;
- skb->sk = NULL;
- return sk;
- }
- void __reqsk_free(struct request_sock *req);
- static inline void reqsk_free(struct request_sock *req)
- {
- DEBUG_NET_WARN_ON_ONCE(refcount_read(&req->rsk_refcnt) != 0);
- __reqsk_free(req);
- }
- static inline void reqsk_put(struct request_sock *req)
- {
- if (refcount_dec_and_test(&req->rsk_refcnt))
- __reqsk_free(req);
- }
- /*
- * For a TCP Fast Open listener -
- * lock - protects the access to all the reqsk, which is co-owned by
- * the listener and the child socket.
- * qlen - pending TFO requests (still in TCP_SYN_RECV).
- * max_qlen - max TFO reqs allowed before TFO is disabled.
- *
- * XXX (TFO) - ideally these fields can be made as part of "listen_sock"
- * structure above. But there is some implementation difficulty due to
- * listen_sock being part of request_sock_queue hence will be freed when
- * a listener is stopped. But TFO related fields may continue to be
- * accessed even after a listener is closed, until its sk_refcnt drops
- * to 0 implying no more outstanding TFO reqs. One solution is to keep
- * listen_opt around until sk_refcnt drops to 0. But there is some other
- * complexity that needs to be resolved. E.g., a listener can be disabled
- * temporarily through shutdown()->tcp_disconnect(), and re-enabled later.
- */
- struct fastopen_queue {
- struct request_sock *rskq_rst_head; /* Keep track of past TFO */
- struct request_sock *rskq_rst_tail; /* requests that caused RST.
- * This is part of the defense
- * against spoofing attack.
- */
- spinlock_t lock;
- int qlen; /* # of pending (TCP_SYN_RECV) reqs */
- int max_qlen; /* != 0 iff TFO is currently enabled */
- struct tcp_fastopen_context __rcu *ctx; /* cipher context for cookie */
- };
- /** struct request_sock_queue - queue of request_socks
- *
- * @rskq_accept_head - FIFO head of established children
- * @rskq_accept_tail - FIFO tail of established children
- * @rskq_defer_accept - User waits for some data after accept()
- *
- */
- struct request_sock_queue {
- spinlock_t rskq_lock;
- u8 rskq_defer_accept;
- u8 synflood_warned;
- atomic_t qlen;
- atomic_t young;
- struct request_sock *rskq_accept_head;
- struct request_sock *rskq_accept_tail;
- struct fastopen_queue fastopenq; /* Check max_qlen != 0 to determine
- * if TFO is enabled.
- */
- };
- void reqsk_fastopen_remove(struct sock *sk, struct request_sock *req,
- bool reset);
- static inline bool reqsk_queue_empty(const struct request_sock_queue *queue)
- {
- return READ_ONCE(queue->rskq_accept_head) == NULL;
- }
- static inline struct request_sock *reqsk_queue_remove(struct request_sock_queue *queue,
- struct sock *parent)
- {
- struct request_sock *req;
- spin_lock_bh(&queue->rskq_lock);
- req = queue->rskq_accept_head;
- if (req) {
- sk_acceptq_removed(parent);
- WRITE_ONCE(queue->rskq_accept_head, req->dl_next);
- if (queue->rskq_accept_head == NULL)
- queue->rskq_accept_tail = NULL;
- }
- spin_unlock_bh(&queue->rskq_lock);
- return req;
- }
- static inline void reqsk_queue_removed(struct request_sock_queue *queue,
- const struct request_sock *req)
- {
- if (req->num_timeout == 0)
- atomic_dec(&queue->young);
- atomic_dec(&queue->qlen);
- }
- static inline void reqsk_queue_added(struct request_sock_queue *queue)
- {
- atomic_inc(&queue->young);
- atomic_inc(&queue->qlen);
- }
- static inline int reqsk_queue_len(const struct request_sock_queue *queue)
- {
- return atomic_read(&queue->qlen);
- }
- static inline int reqsk_queue_len_young(const struct request_sock_queue *queue)
- {
- return atomic_read(&queue->young);
- }
- /* RFC 7323 2.3 Using the Window Scale Option
- * The window field (SEG.WND) of every outgoing segment, with the
- * exception of <SYN> segments, MUST be right-shifted by
- * Rcv.Wind.Shift bits.
- *
- * This means the SEG.WND carried in SYNACK can not exceed 65535.
- * We use this property to harden TCP stack while in NEW_SYN_RECV state.
- */
- static inline u32 tcp_synack_window(const struct request_sock *req)
- {
- return min(req->rsk_rcv_wnd, 65535U);
- }
- #endif /* _REQUEST_SOCK_H */
|