tcp_fastopen.c 2.2 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091
  1. #include <linux/err.h>
  2. #include <linux/init.h>
  3. #include <linux/kernel.h>
  4. #include <linux/list.h>
  5. #include <linux/tcp.h>
  6. #include <linux/rcupdate.h>
  7. #include <linux/rculist.h>
  8. #include <net/inetpeer.h>
  9. #include <net/tcp.h>
  10. int sysctl_tcp_fastopen __read_mostly;
  11. struct tcp_fastopen_context __rcu *tcp_fastopen_ctx;
  12. static DEFINE_SPINLOCK(tcp_fastopen_ctx_lock);
  13. static void tcp_fastopen_ctx_free(struct rcu_head *head)
  14. {
  15. struct tcp_fastopen_context *ctx =
  16. container_of(head, struct tcp_fastopen_context, rcu);
  17. crypto_free_cipher(ctx->tfm);
  18. kfree(ctx);
  19. }
  20. int tcp_fastopen_reset_cipher(void *key, unsigned int len)
  21. {
  22. int err;
  23. struct tcp_fastopen_context *ctx, *octx;
  24. ctx = kmalloc(sizeof(*ctx), GFP_KERNEL);
  25. if (!ctx)
  26. return -ENOMEM;
  27. ctx->tfm = crypto_alloc_cipher("aes", 0, 0);
  28. if (IS_ERR(ctx->tfm)) {
  29. err = PTR_ERR(ctx->tfm);
  30. error: kfree(ctx);
  31. pr_err("TCP: TFO aes cipher alloc error: %d\n", err);
  32. return err;
  33. }
  34. err = crypto_cipher_setkey(ctx->tfm, key, len);
  35. if (err) {
  36. pr_err("TCP: TFO cipher key error: %d\n", err);
  37. crypto_free_cipher(ctx->tfm);
  38. goto error;
  39. }
  40. memcpy(ctx->key, key, len);
  41. spin_lock(&tcp_fastopen_ctx_lock);
  42. octx = rcu_dereference_protected(tcp_fastopen_ctx,
  43. lockdep_is_held(&tcp_fastopen_ctx_lock));
  44. rcu_assign_pointer(tcp_fastopen_ctx, ctx);
  45. spin_unlock(&tcp_fastopen_ctx_lock);
  46. if (octx)
  47. call_rcu(&octx->rcu, tcp_fastopen_ctx_free);
  48. return err;
  49. }
  50. /* Computes the fastopen cookie for the IP path.
  51. * The path is a 128 bits long (pad with zeros for IPv4).
  52. *
  53. * The caller must check foc->len to determine if a valid cookie
  54. * has been generated successfully.
  55. */
  56. void tcp_fastopen_cookie_gen(__be32 src, __be32 dst,
  57. struct tcp_fastopen_cookie *foc)
  58. {
  59. __be32 path[4] = { src, dst, 0, 0 };
  60. struct tcp_fastopen_context *ctx;
  61. rcu_read_lock();
  62. ctx = rcu_dereference(tcp_fastopen_ctx);
  63. if (ctx) {
  64. crypto_cipher_encrypt_one(ctx->tfm, foc->val, (__u8 *)path);
  65. foc->len = TCP_FASTOPEN_COOKIE_SIZE;
  66. }
  67. rcu_read_unlock();
  68. }
  69. static int __init tcp_fastopen_init(void)
  70. {
  71. __u8 key[TCP_FASTOPEN_KEY_LENGTH];
  72. get_random_bytes(key, sizeof(key));
  73. tcp_fastopen_reset_cipher(key, sizeof(key));
  74. return 0;
  75. }
  76. late_initcall(tcp_fastopen_init);