Commit 6fc8c827 authored by Florian Westphal's avatar Florian Westphal Committed by David S. Miller

tcp: syncookies: create mptcp request socket for ACK cookies with MPTCP option

If SYN packet contains MP_CAPABLE option, keep it enabled.
Syncokie validation and cookie-based socket creation is changed to
instantiate an mptcp request sockets if the ACK contains an MPTCP
connection request.

Rather than extend both cookie_v4/6_check, add a common helper to create
the (mp)tcp request socket.
Suggested-by: default avatarPaolo Abeni <pabeni@redhat.com>
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent c83a47e5
...@@ -469,6 +469,8 @@ struct sock *tcp_get_cookie_sock(struct sock *sk, struct sk_buff *skb, ...@@ -469,6 +469,8 @@ struct sock *tcp_get_cookie_sock(struct sock *sk, struct sk_buff *skb,
int __cookie_v4_check(const struct iphdr *iph, const struct tcphdr *th, int __cookie_v4_check(const struct iphdr *iph, const struct tcphdr *th,
u32 cookie); u32 cookie);
struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb); struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb);
struct request_sock *cookie_tcp_reqsk_alloc(const struct request_sock_ops *ops,
struct sock *sk, struct sk_buff *skb);
#ifdef CONFIG_SYN_COOKIES #ifdef CONFIG_SYN_COOKIES
/* Syncookies use a monotonic timer which increments every 60 seconds. /* Syncookies use a monotonic timer which increments every 60 seconds.
......
...@@ -276,6 +276,39 @@ bool cookie_ecn_ok(const struct tcp_options_received *tcp_opt, ...@@ -276,6 +276,39 @@ bool cookie_ecn_ok(const struct tcp_options_received *tcp_opt,
} }
EXPORT_SYMBOL(cookie_ecn_ok); EXPORT_SYMBOL(cookie_ecn_ok);
struct request_sock *cookie_tcp_reqsk_alloc(const struct request_sock_ops *ops,
struct sock *sk,
struct sk_buff *skb)
{
struct tcp_request_sock *treq;
struct request_sock *req;
#ifdef CONFIG_MPTCP
if (sk_is_mptcp(sk))
ops = &mptcp_subflow_request_sock_ops;
#endif
req = inet_reqsk_alloc(ops, sk, false);
if (!req)
return NULL;
#if IS_ENABLED(CONFIG_MPTCP)
treq = tcp_rsk(req);
treq->is_mptcp = sk_is_mptcp(sk);
if (treq->is_mptcp) {
int err = mptcp_subflow_init_cookie_req(req, sk, skb);
if (err) {
reqsk_free(req);
return NULL;
}
}
#endif
return req;
}
EXPORT_SYMBOL_GPL(cookie_tcp_reqsk_alloc);
/* On input, sk is a listener. /* On input, sk is a listener.
* Output is listener if incoming packet would not create a child * Output is listener if incoming packet would not create a child
* NULL if memory could not be allocated. * NULL if memory could not be allocated.
...@@ -326,7 +359,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) ...@@ -326,7 +359,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb)
goto out; goto out;
ret = NULL; ret = NULL;
req = inet_reqsk_alloc(&tcp_request_sock_ops, sk, false); /* for safety */ req = cookie_tcp_reqsk_alloc(&tcp_request_sock_ops, sk, skb);
if (!req) if (!req)
goto out; goto out;
...@@ -350,9 +383,6 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) ...@@ -350,9 +383,6 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb)
treq->snt_synack = 0; treq->snt_synack = 0;
treq->tfo_listener = false; treq->tfo_listener = false;
if (IS_ENABLED(CONFIG_MPTCP))
treq->is_mptcp = 0;
if (IS_ENABLED(CONFIG_SMC)) if (IS_ENABLED(CONFIG_SMC))
ireq->smc_ok = 0; ireq->smc_ok = 0;
......
...@@ -6701,9 +6701,6 @@ int tcp_conn_request(struct request_sock_ops *rsk_ops, ...@@ -6701,9 +6701,6 @@ int tcp_conn_request(struct request_sock_ops *rsk_ops,
af_ops->init_req(req, sk, skb); af_ops->init_req(req, sk, skb);
if (IS_ENABLED(CONFIG_MPTCP) && want_cookie)
tcp_rsk(req)->is_mptcp = 0;
if (security_inet_conn_request(sk, skb, req)) if (security_inet_conn_request(sk, skb, req))
goto drop_and_free; goto drop_and_free;
......
...@@ -170,7 +170,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) ...@@ -170,7 +170,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
goto out; goto out;
ret = NULL; ret = NULL;
req = inet_reqsk_alloc(&tcp6_request_sock_ops, sk, false); req = cookie_tcp_reqsk_alloc(&tcp6_request_sock_ops, sk, skb);
if (!req) if (!req)
goto out; goto out;
...@@ -178,9 +178,6 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) ...@@ -178,9 +178,6 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
treq = tcp_rsk(req); treq = tcp_rsk(req);
treq->tfo_listener = false; treq->tfo_listener = false;
if (IS_ENABLED(CONFIG_MPTCP))
treq->is_mptcp = 0;
if (security_inet_conn_request(sk, skb, req)) if (security_inet_conn_request(sk, skb, req))
goto out_free; goto out_free;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment