Commit 9092a76d authored by Jason Baron's avatar Jason Baron Committed by David S. Miller
Browse files

tcp: add backup TFO key infrastructure 



We would like to be able to rotate TFO keys while minimizing the number of
client cookies that are rejected. Currently, we have only one key which can
be used to generate and validate cookies, thus if we simply replace this
key clients can easily have cookies rejected upon rotation.

We propose having the ability to have both a primary key and a backup key.
The primary key is used to generate as well as to validate cookies.
The backup is only used to validate cookies. Thus, keys can be rotated as:

1) generate new key
2) add new key as the backup key
3) swap the primary and backup key, thus setting the new key as the primary

We don't simply set the new key as the primary key and move the old key to
the backup slot because the ip may be behind a load balancer and we further
allow for the fact that all machines behind the load balancer will not be
updated simultaneously.

We make use of this infrastructure in subsequent patches.

Suggested-by: default avatarIgor Lubashev <ilubashe@akamai.com>
Signed-off-by: default avatarJason Baron <jbaron@akamai.com>
Signed-off-by: default avatarChristoph Paasch <cpaasch@apple.com>
Acked-by: default avatarYuchung Cheng <ycheng@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 483642e5

include/net/tcp.h

+38 −3
Original line number Diff line number Diff line
@@ -1614,7 +1614,8 @@ void tcp_free_fastopen_req(struct tcp_sock *tp); 
void tcp_fastopen_destroy_cipher(struct sock *sk);

void tcp_fastopen_ctx_destroy(struct net *net);

int tcp_fastopen_reset_cipher(struct net *net, struct sock *sk,

			      void *key, unsigned int len);

			      void *primary_key, void *backup_key,

			      unsigned int len);

void tcp_fastopen_add_skb(struct sock *sk, struct sk_buff *skb);

struct sock *tcp_try_fastopen(struct sock *sk, struct sk_buff *skb,

			      struct request_sock *req,
@@ -1625,11 +1626,14 @@ bool tcp_fastopen_cookie_check(struct sock *sk, u16 *mss, 
			     struct tcp_fastopen_cookie *cookie);

bool tcp_fastopen_defer_connect(struct sock *sk, int *err);

#define TCP_FASTOPEN_KEY_LENGTH 16

#define TCP_FASTOPEN_KEY_MAX 2

#define TCP_FASTOPEN_KEY_BUF_LENGTH \

	(TCP_FASTOPEN_KEY_LENGTH * TCP_FASTOPEN_KEY_MAX)



/* Fastopen key context */

struct tcp_fastopen_context {

	struct crypto_cipher	*tfm;

	__u8			key[TCP_FASTOPEN_KEY_LENGTH];

	struct crypto_cipher	*tfm[TCP_FASTOPEN_KEY_MAX];

	__u8			key[TCP_FASTOPEN_KEY_BUF_LENGTH];

	struct rcu_head		rcu;

};
@@ -1639,6 +1643,37 @@ bool tcp_fastopen_active_should_disable(struct sock *sk); 
void tcp_fastopen_active_disable_ofo_check(struct sock *sk);

void tcp_fastopen_active_detect_blackhole(struct sock *sk, bool expired);



/* Caller needs to wrap with rcu_read_(un)lock() */

static inline

struct tcp_fastopen_context *tcp_fastopen_get_ctx(const struct sock *sk)

{

	struct tcp_fastopen_context *ctx;



	ctx = rcu_dereference(inet_csk(sk)->icsk_accept_queue.fastopenq.ctx);

	if (!ctx)

		ctx = rcu_dereference(sock_net(sk)->ipv4.tcp_fastopen_ctx);

	return ctx;

}



static inline

bool tcp_fastopen_cookie_match(const struct tcp_fastopen_cookie *foc,

			       const struct tcp_fastopen_cookie *orig)

{

	if (orig->len == TCP_FASTOPEN_COOKIE_SIZE &&

	    orig->len == foc->len &&

	    !memcmp(orig->val, foc->val, foc->len))

		return true;

	return false;

}



static inline

int tcp_fastopen_context_len(const struct tcp_fastopen_context *ctx)

{

	if (ctx->tfm[1])

		return 2;

	return 1;

}



/* Latencies incurred by various limits for a sender. They are

 * chronograph-like stats that are mutually exclusive.

 */

include/uapi/linux/snmp.h

+1 −0
Original line number Diff line number Diff line
@@ -283,6 +283,7 @@ enum 
	LINUX_MIB_TCPACKCOMPRESSED,		/* TCPAckCompressed */

	LINUX_MIB_TCPZEROWINDOWDROP,		/* TCPZeroWindowDrop */

	LINUX_MIB_TCPRCVQDROP,			/* TCPRcvQDrop */

	LINUX_MIB_TCPFASTOPENPASSIVEALTKEY,	/* TCPFastOpenPassiveAltKey */

	__LINUX_MIB_MAX

};

net/ipv4/proc.c

+1 −0
Original line number Diff line number Diff line
@@ -291,6 +291,7 @@ static const struct snmp_mib snmp4_net_list[] = { 
	SNMP_MIB_ITEM("TCPAckCompressed", LINUX_MIB_TCPACKCOMPRESSED),

	SNMP_MIB_ITEM("TCPZeroWindowDrop", LINUX_MIB_TCPZEROWINDOWDROP),

	SNMP_MIB_ITEM("TCPRcvQDrop", LINUX_MIB_TCPRCVQDROP),

	SNMP_MIB_ITEM("TCPFastOpenPassiveAltKey", LINUX_MIB_TCPFASTOPENPASSIVEALTKEY),

	SNMP_MIB_SENTINEL

};

net/ipv4/sysctl_net_ipv4.c

+1 −1
Original line number Diff line number Diff line
@@ -318,7 +318,7 @@ static int proc_tcp_fastopen_key(struct ctl_table *table, int write, 
		for (i = 0; i < ARRAY_SIZE(user_key); i++)

			key[i] = cpu_to_le32(user_key[i]);



		tcp_fastopen_reset_cipher(net, NULL, key,

		tcp_fastopen_reset_cipher(net, NULL, key, NULL,

					  TCP_FASTOPEN_KEY_LENGTH);

	}

net/ipv4/tcp.c

+2 −1
Original line number Diff line number Diff line
@@ -2798,7 +2798,8 @@ static int do_tcp_setsockopt(struct sock *sk, int level, 
		if (copy_from_user(key, optval, optlen))

			return -EFAULT;



		return tcp_fastopen_reset_cipher(net, sk, key, sizeof(key));

		return tcp_fastopen_reset_cipher(net, sk, key, NULL,

						 sizeof(key));

	}

	default:

		/* fallthru */

CRA Git | Maintained and supported by SUSTech CRA and CCSE