| 1 | // SPDX-License-Identifier: GPL-2.0 |
|---|
| 2 | #include <linux/skbuff.h> |
|---|
| 3 | |
|---|
| 4 | #include "protocol.h" |
|---|
| 5 | |
|---|
| 6 | /* Syncookies do not work for JOIN requests. |
|---|
| 7 | * |
|---|
| 8 | * Unlike MP_CAPABLE, where the ACK cookie contains the needed MPTCP |
|---|
| 9 | * options to reconstruct the initial syn state, MP_JOIN does not contain |
|---|
| 10 | * the token to obtain the mptcp socket nor the server-generated nonce |
|---|
| 11 | * that was used in the cookie SYN/ACK response. |
|---|
| 12 | * |
|---|
| 13 | * Keep a small best effort state table to store the syn/synack data, |
|---|
| 14 | * indexed by skb hash. |
|---|
| 15 | * |
|---|
| 16 | * A MP_JOIN SYN packet handled by syn cookies is only stored if the 32bit |
|---|
| 17 | * token matches a known mptcp connection that can still accept more subflows. |
|---|
| 18 | * |
|---|
| 19 | * There is no timeout handling -- state is only re-constructed |
|---|
| 20 | * when the TCP ACK passed the cookie validation check. |
|---|
| 21 | */ |
|---|
| 22 | |
|---|
| 23 | struct join_entry { |
|---|
| 24 | u32 token; |
|---|
| 25 | u32 remote_nonce; |
|---|
| 26 | u32 local_nonce; |
|---|
| 27 | u8 join_id; |
|---|
| 28 | u8 local_id; |
|---|
| 29 | u8 backup; |
|---|
| 30 | u8 valid; |
|---|
| 31 | }; |
|---|
| 32 | |
|---|
| 33 | #define COOKIE_JOIN_SLOTS 1024 |
|---|
| 34 | |
|---|
| 35 | static struct join_entry join_entries[COOKIE_JOIN_SLOTS] __cacheline_aligned_in_smp; |
|---|
| 36 | static spinlock_t join_entry_locks[COOKIE_JOIN_SLOTS] __cacheline_aligned_in_smp; |
|---|
| 37 | |
|---|
| 38 | static u32 mptcp_join_entry_hash(struct sk_buff *skb, struct net *net) |
|---|
| 39 | { |
|---|
| 40 | static u32 mptcp_join_hash_secret __read_mostly; |
|---|
| 41 | struct tcphdr *th = tcp_hdr(skb); |
|---|
| 42 | u32 seq, i; |
|---|
| 43 | |
|---|
| 44 | net_get_random_once(&mptcp_join_hash_secret, |
|---|
| 45 | sizeof(mptcp_join_hash_secret)); |
|---|
| 46 | |
|---|
| 47 | if (th->syn) |
|---|
| 48 | seq = TCP_SKB_CB(skb)->seq; |
|---|
| 49 | else |
|---|
| 50 | seq = TCP_SKB_CB(skb)->seq - 1; |
|---|
| 51 | |
|---|
| 52 | i = jhash_3words(a: seq, b: net_hash_mix(net), |
|---|
| 53 | c: (__force __u32)th->source << 16 | (__force __u32)th->dest, |
|---|
| 54 | initval: mptcp_join_hash_secret); |
|---|
| 55 | |
|---|
| 56 | return i % ARRAY_SIZE(join_entries); |
|---|
| 57 | } |
|---|
| 58 | |
|---|
| 59 | static void mptcp_join_store_state(struct join_entry *entry, |
|---|
| 60 | const struct mptcp_subflow_request_sock *subflow_req) |
|---|
| 61 | { |
|---|
| 62 | entry->token = subflow_req->token; |
|---|
| 63 | entry->remote_nonce = subflow_req->remote_nonce; |
|---|
| 64 | entry->local_nonce = subflow_req->local_nonce; |
|---|
| 65 | entry->backup = subflow_req->backup; |
|---|
| 66 | entry->join_id = subflow_req->remote_id; |
|---|
| 67 | entry->local_id = subflow_req->local_id; |
|---|
| 68 | entry->valid = 1; |
|---|
| 69 | } |
|---|
| 70 | |
|---|
| 71 | void subflow_init_req_cookie_join_save(const struct mptcp_subflow_request_sock *subflow_req, |
|---|
| 72 | struct sk_buff *skb) |
|---|
| 73 | { |
|---|
| 74 | struct net *net = read_pnet(pnet: &subflow_req->sk.req.ireq_net); |
|---|
| 75 | u32 i = mptcp_join_entry_hash(skb, net); |
|---|
| 76 | |
|---|
| 77 | /* No use in waiting if other cpu is already using this slot -- |
|---|
| 78 | * would overwrite the data that got stored. |
|---|
| 79 | */ |
|---|
| 80 | spin_lock_bh(lock: &join_entry_locks[i]); |
|---|
| 81 | mptcp_join_store_state(entry: &join_entries[i], subflow_req); |
|---|
| 82 | spin_unlock_bh(lock: &join_entry_locks[i]); |
|---|
| 83 | } |
|---|
| 84 | |
|---|
| 85 | /* Called for a cookie-ack with MP_JOIN option present. |
|---|
| 86 | * Look up the saved state based on skb hash & check token matches msk |
|---|
| 87 | * in same netns. |
|---|
| 88 | * |
|---|
| 89 | * Caller will check msk can still accept another subflow. The hmac |
|---|
| 90 | * present in the cookie ACK mptcp option space will be checked later. |
|---|
| 91 | */ |
|---|
| 92 | bool mptcp_token_join_cookie_init_state(struct mptcp_subflow_request_sock *subflow_req, |
|---|
| 93 | struct sk_buff *skb) |
|---|
| 94 | { |
|---|
| 95 | struct net *net = read_pnet(pnet: &subflow_req->sk.req.ireq_net); |
|---|
| 96 | u32 i = mptcp_join_entry_hash(skb, net); |
|---|
| 97 | struct mptcp_sock *msk; |
|---|
| 98 | struct join_entry *e; |
|---|
| 99 | |
|---|
| 100 | e = &join_entries[i]; |
|---|
| 101 | |
|---|
| 102 | spin_lock_bh(lock: &join_entry_locks[i]); |
|---|
| 103 | |
|---|
| 104 | if (e->valid == 0) { |
|---|
| 105 | spin_unlock_bh(lock: &join_entry_locks[i]); |
|---|
| 106 | return false; |
|---|
| 107 | } |
|---|
| 108 | |
|---|
| 109 | e->valid = 0; |
|---|
| 110 | |
|---|
| 111 | msk = mptcp_token_get_sock(net, token: e->token); |
|---|
| 112 | if (!msk) { |
|---|
| 113 | spin_unlock_bh(lock: &join_entry_locks[i]); |
|---|
| 114 | return false; |
|---|
| 115 | } |
|---|
| 116 | |
|---|
| 117 | subflow_req->remote_nonce = e->remote_nonce; |
|---|
| 118 | subflow_req->local_nonce = e->local_nonce; |
|---|
| 119 | subflow_req->backup = e->backup; |
|---|
| 120 | subflow_req->remote_id = e->join_id; |
|---|
| 121 | subflow_req->token = e->token; |
|---|
| 122 | subflow_req->msk = msk; |
|---|
| 123 | spin_unlock_bh(lock: &join_entry_locks[i]); |
|---|
| 124 | return true; |
|---|
| 125 | } |
|---|
| 126 | |
|---|
| 127 | void __init mptcp_join_cookie_init(void) |
|---|
| 128 | { |
|---|
| 129 | int i; |
|---|
| 130 | |
|---|
| 131 | for (i = 0; i < COOKIE_JOIN_SLOTS; i++) |
|---|
| 132 | spin_lock_init(&join_entry_locks[i]); |
|---|
| 133 | } |
|---|
| 134 | |
|---|
