diff options
author | Patrick Kelsey <pkelsey@FreeBSD.org> | 2018-02-26 02:53:22 +0000 |
---|---|---|
committer | Patrick Kelsey <pkelsey@FreeBSD.org> | 2018-02-26 02:53:22 +0000 |
commit | c560df6f12f1406a00b22a2e161a6a97d899fb03 (patch) | |
tree | 7503c1dcf4a722831f1f2b73e871551e1928168f /sys/netinet/tcp_fastopen.h | |
parent | 798caa2ee5b5ede4eba0ac13c2ad70d79acedcb8 (diff) | |
download | src-c560df6f12f1406a00b22a2e161a6a97d899fb03.tar.gz src-c560df6f12f1406a00b22a2e161a6a97d899fb03.zip |
This is an implementation of the client side of TCP Fast Open (TFO)
[RFC7413]. It also includes a pre-shared key mode of operation in
which the server requires the client to be in possession of a shared
secret in order to successfully open TFO connections with that server.
The names of some existing fastopen sysctls have changed (e.g.,
net.inet.tcp.fastopen.enabled -> net.inet.tcp.fastopen.server_enable).
Reviewed by: tuexen
MFC after: 1 month
Sponsored by: Limelight Networks
Differential Revision: https://reviews.freebsd.org/D14047
Notes
Notes:
svn path=/head/; revision=330001
Diffstat (limited to 'sys/netinet/tcp_fastopen.h')
-rw-r--r-- | sys/netinet/tcp_fastopen.h | 56 |
1 files changed, 49 insertions, 7 deletions
diff --git a/sys/netinet/tcp_fastopen.h b/sys/netinet/tcp_fastopen.h index c64ba2c04d5d..19665f635456 100644 --- a/sys/netinet/tcp_fastopen.h +++ b/sys/netinet/tcp_fastopen.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2015 Patrick Kelsey + * Copyright (c) 2015-2017 Patrick Kelsey * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -31,17 +31,59 @@ #ifdef _KERNEL -#define TCP_FASTOPEN_COOKIE_LEN 8 /* tied to SipHash24 64-bit output */ +#define TCP_FASTOPEN_COOKIE_LEN 8 /* SipHash24 64-bit output */ -VNET_DECLARE(unsigned int, tcp_fastopen_enabled); -#define V_tcp_fastopen_enabled VNET(tcp_fastopen_enabled) +VNET_DECLARE(unsigned int, tcp_fastopen_client_enable); +#define V_tcp_fastopen_client_enable VNET(tcp_fastopen_client_enable) + +VNET_DECLARE(unsigned int, tcp_fastopen_server_enable); +#define V_tcp_fastopen_server_enable VNET(tcp_fastopen_server_enable) + +union tcp_fastopen_ip_addr { + struct in_addr v4; + struct in6_addr v6; +}; + +struct tcp_fastopen_ccache_entry { + TAILQ_ENTRY(tcp_fastopen_ccache_entry) cce_link; + union tcp_fastopen_ip_addr cce_client_ip; /* network byte order */ + union tcp_fastopen_ip_addr cce_server_ip; /* network byte order */ + uint16_t server_port; /* network byte order */ + uint16_t server_mss; /* host byte order */ + uint8_t af; + uint8_t cookie_len; + uint8_t cookie[TCP_FASTOPEN_MAX_COOKIE_LEN]; + sbintime_t disable_time; /* non-zero value means path is disabled */ +}; + +struct tcp_fastopen_ccache; + +struct tcp_fastopen_ccache_bucket { + struct mtx ccb_mtx; + TAILQ_HEAD(bucket_entries, tcp_fastopen_ccache_entry) ccb_entries; + int ccb_num_entries; + struct tcp_fastopen_ccache *ccb_ccache; +}; + +struct tcp_fastopen_ccache { + uma_zone_t zone; + struct tcp_fastopen_ccache_bucket *base; + unsigned int bucket_limit; + unsigned int buckets; + unsigned int mask; + uint32_t secret; +}; void tcp_fastopen_init(void); void tcp_fastopen_destroy(void); unsigned int *tcp_fastopen_alloc_counter(void); -void tcp_fastopen_decrement_counter(unsigned int *counter); -int tcp_fastopen_check_cookie(struct in_conninfo *inc, uint8_t *cookie, - unsigned int len, uint64_t *latest_cookie); +void tcp_fastopen_decrement_counter(unsigned int *); +int tcp_fastopen_check_cookie(struct in_conninfo *, uint8_t *, unsigned int, + uint64_t *); +void tcp_fastopen_connect(struct tcpcb *); +void tcp_fastopen_disable_path(struct tcpcb *); +void tcp_fastopen_update_cache(struct tcpcb *, uint16_t, uint8_t, + uint8_t *); #endif /* _KERNEL */ #endif /* _TCP_FASTOPEN_H_ */ |