diff options
author | Christoph Paasch <cpaasch@apple.com> | 2019-05-29 18:33:56 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2019-05-30 22:41:26 +0200 |
commit | 483642e5ea1dfa517cb7dba606d8b66ef2dd7791 (patch) | |
tree | 5cb2d79fb8e81523ce69d0af7a1e1d7177478709 /net/ipv4/tcp_fastopen.c | |
parent | Merge branch 'mlxsw-Hardware-monitoring-enhancements' (diff) | |
download | linux-483642e5ea1dfa517cb7dba606d8b66ef2dd7791.tar.xz linux-483642e5ea1dfa517cb7dba606d8b66ef2dd7791.zip |
tcp: introduce __tcp_fastopen_cookie_gen_cipher()
Restructure __tcp_fastopen_cookie_gen() to take a 'struct crypto_cipher'
argument and rename it as __tcp_fastopen_cookie_gen_cipher(). Subsequent
patches will provide different ciphers based on which key is being used for
the cookie generation.
Signed-off-by: Christoph Paasch <cpaasch@apple.com>
Signed-off-by: Jason Baron <jbaron@akamai.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/tcp_fastopen.c')
-rw-r--r-- | net/ipv4/tcp_fastopen.c | 73 |
1 files changed, 37 insertions, 36 deletions
diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c index 018a48477355..3889ad28dd06 100644 --- a/net/ipv4/tcp_fastopen.c +++ b/net/ipv4/tcp_fastopen.c @@ -111,25 +111,38 @@ error: kfree(ctx); return err; } -static bool __tcp_fastopen_cookie_gen(struct sock *sk, const void *path, - struct tcp_fastopen_cookie *foc) +static bool __tcp_fastopen_cookie_gen_cipher(struct request_sock *req, + struct sk_buff *syn, + struct crypto_cipher *tfm, + struct tcp_fastopen_cookie *foc) { - struct tcp_fastopen_context *ctx; - bool ok = false; - - rcu_read_lock(); + if (req->rsk_ops->family == AF_INET) { + const struct iphdr *iph = ip_hdr(syn); + __be32 path[4] = { iph->saddr, iph->daddr, 0, 0 }; - ctx = rcu_dereference(inet_csk(sk)->icsk_accept_queue.fastopenq.ctx); - if (!ctx) - ctx = rcu_dereference(sock_net(sk)->ipv4.tcp_fastopen_ctx); + crypto_cipher_encrypt_one(tfm, foc->val, (void *)path); + foc->len = TCP_FASTOPEN_COOKIE_SIZE; + return true; + } - if (ctx) { - crypto_cipher_encrypt_one(ctx->tfm, foc->val, path); +#if IS_ENABLED(CONFIG_IPV6) + if (req->rsk_ops->family == AF_INET6) { + const struct ipv6hdr *ip6h = ipv6_hdr(syn); + struct tcp_fastopen_cookie tmp; + struct in6_addr *buf; + int i; + + crypto_cipher_encrypt_one(tfm, tmp.val, + (void *)&ip6h->saddr); + buf = &tmp.addr; + for (i = 0; i < 4; i++) + buf->s6_addr32[i] ^= ip6h->daddr.s6_addr32[i]; + crypto_cipher_encrypt_one(tfm, foc->val, (void *)buf); foc->len = TCP_FASTOPEN_COOKIE_SIZE; - ok = true; + return true; } - rcu_read_unlock(); - return ok; +#endif + return false; } /* Generate the fastopen cookie by doing aes128 encryption on both @@ -143,29 +156,17 @@ static bool tcp_fastopen_cookie_gen(struct sock *sk, struct sk_buff *syn, struct tcp_fastopen_cookie *foc) { - if (req->rsk_ops->family == AF_INET) { - const struct iphdr *iph = ip_hdr(syn); - - __be32 path[4] = { iph->saddr, iph->daddr, 0, 0 }; - return __tcp_fastopen_cookie_gen(sk, path, foc); - } - -#if IS_ENABLED(CONFIG_IPV6) - if (req->rsk_ops->family == AF_INET6) { - const struct ipv6hdr *ip6h = ipv6_hdr(syn); - struct tcp_fastopen_cookie tmp; - - if (__tcp_fastopen_cookie_gen(sk, &ip6h->saddr, &tmp)) { - struct in6_addr *buf = &tmp.addr; - int i; + struct tcp_fastopen_context *ctx; + bool ok = false; - for (i = 0; i < 4; i++) - buf->s6_addr32[i] ^= ip6h->daddr.s6_addr32[i]; - return __tcp_fastopen_cookie_gen(sk, buf, foc); - } - } -#endif - return false; + rcu_read_lock(); + ctx = rcu_dereference(inet_csk(sk)->icsk_accept_queue.fastopenq.ctx); + if (!ctx) + ctx = rcu_dereference(sock_net(sk)->ipv4.tcp_fastopen_ctx); + if (ctx) + ok = __tcp_fastopen_cookie_gen_cipher(req, syn, ctx->tfm, foc); + rcu_read_unlock(); + return ok; } |