1  /* SPDX-License-Identifier: GPL-2.0-or-later */
2  /*
3   * NET		Generic infrastructure for Network protocols.
4   *
5   *		Definitions for request_sock
6   *
7   * Authors:	Arnaldo Carvalho de Melo <acme@conectiva.com.br>
8   *
9   * 		From code originally in include/net/tcp.h
10   */
11  #ifndef _REQUEST_SOCK_H
12  #define _REQUEST_SOCK_H
13  
14  #include <linux/slab.h>
15  #include <linux/spinlock.h>
16  #include <linux/types.h>
17  #include <linux/bug.h>
18  #include <linux/refcount.h>
19  
20  #include <net/sock.h>
21  #include <net/rstreason.h>
22  
23  struct request_sock;
24  struct sk_buff;
25  struct dst_entry;
26  struct proto;
27  
28  struct request_sock_ops {
29  	int		family;
30  	unsigned int	obj_size;
31  	struct kmem_cache	*slab;
32  	char		*slab_name;
33  	int		(*rtx_syn_ack)(const struct sock *sk,
34  				       struct request_sock *req);
35  	void		(*send_ack)(const struct sock *sk, struct sk_buff *skb,
36  				    struct request_sock *req);
37  	void		(*send_reset)(const struct sock *sk,
38  				      struct sk_buff *skb,
39  				      enum sk_rst_reason reason);
40  	void		(*destructor)(struct request_sock *req);
41  	void		(*syn_ack_timeout)(const struct request_sock *req);
42  };
43  
44  int inet_rtx_syn_ack(const struct sock *parent, struct request_sock *req);
45  
46  struct saved_syn {
47  	u32 mac_hdrlen;
48  	u32 network_hdrlen;
49  	u32 tcp_hdrlen;
50  	u8 data[];
51  };
52  
53  /* struct request_sock - mini sock to represent a connection request
54   */
55  struct request_sock {
56  	struct sock_common		__req_common;
57  #define rsk_refcnt			__req_common.skc_refcnt
58  #define rsk_hash			__req_common.skc_hash
59  #define rsk_listener			__req_common.skc_listener
60  #define rsk_window_clamp		__req_common.skc_window_clamp
61  #define rsk_rcv_wnd			__req_common.skc_rcv_wnd
62  
63  	struct request_sock		*dl_next;
64  	u16				mss;
65  	u8				num_retrans; /* number of retransmits */
66  	u8				syncookie:1; /* True if
67  						      * 1) tcpopts needs to be encoded in
68  						      *    TS of SYN+ACK
69  						      * 2) ACK is validated by BPF kfunc.
70  						      */
71  	u8				num_timeout:7; /* number of timeouts */
72  	u32				ts_recent;
73  	struct timer_list		rsk_timer;
74  	const struct request_sock_ops	*rsk_ops;
75  	struct sock			*sk;
76  	struct saved_syn		*saved_syn;
77  	u32				secid;
78  	u32				peer_secid;
79  	u32				timeout;
80  };
81  
inet_reqsk(const struct sock * sk)82  static inline struct request_sock *inet_reqsk(const struct sock *sk)
83  {
84  	return (struct request_sock *)sk;
85  }
86  
req_to_sk(struct request_sock * req)87  static inline struct sock *req_to_sk(struct request_sock *req)
88  {
89  	return (struct sock *)req;
90  }
91  
92  /**
93   * skb_steal_sock - steal a socket from an sk_buff
94   * @skb: sk_buff to steal the socket from
95   * @refcounted: is set to true if the socket is reference-counted
96   * @prefetched: is set to true if the socket was assigned from bpf
97   */
skb_steal_sock(struct sk_buff * skb,bool * refcounted,bool * prefetched)98  static inline struct sock *skb_steal_sock(struct sk_buff *skb,
99  					  bool *refcounted, bool *prefetched)
100  {
101  	struct sock *sk = skb->sk;
102  
103  	if (!sk) {
104  		*prefetched = false;
105  		*refcounted = false;
106  		return NULL;
107  	}
108  
109  	*prefetched = skb_sk_is_prefetched(skb);
110  	if (*prefetched) {
111  #if IS_ENABLED(CONFIG_SYN_COOKIES)
112  		if (sk->sk_state == TCP_NEW_SYN_RECV && inet_reqsk(sk)->syncookie) {
113  			struct request_sock *req = inet_reqsk(sk);
114  
115  			*refcounted = false;
116  			sk = req->rsk_listener;
117  			req->rsk_listener = NULL;
118  			return sk;
119  		}
120  #endif
121  		*refcounted = sk_is_refcounted(sk);
122  	} else {
123  		*refcounted = true;
124  	}
125  
126  	skb->destructor = NULL;
127  	skb->sk = NULL;
128  	return sk;
129  }
130  
__reqsk_free(struct request_sock * req)131  static inline void __reqsk_free(struct request_sock *req)
132  {
133  	req->rsk_ops->destructor(req);
134  	if (req->rsk_listener)
135  		sock_put(req->rsk_listener);
136  	kfree(req->saved_syn);
137  	kmem_cache_free(req->rsk_ops->slab, req);
138  }
139  
reqsk_free(struct request_sock * req)140  static inline void reqsk_free(struct request_sock *req)
141  {
142  	DEBUG_NET_WARN_ON_ONCE(refcount_read(&req->rsk_refcnt) != 0);
143  	__reqsk_free(req);
144  }
145  
reqsk_put(struct request_sock * req)146  static inline void reqsk_put(struct request_sock *req)
147  {
148  	if (refcount_dec_and_test(&req->rsk_refcnt))
149  		__reqsk_free(req);
150  }
151  
152  /*
153   * For a TCP Fast Open listener -
154   *	lock - protects the access to all the reqsk, which is co-owned by
155   *		the listener and the child socket.
156   *	qlen - pending TFO requests (still in TCP_SYN_RECV).
157   *	max_qlen - max TFO reqs allowed before TFO is disabled.
158   *
159   *	XXX (TFO) - ideally these fields can be made as part of "listen_sock"
160   *	structure above. But there is some implementation difficulty due to
161   *	listen_sock being part of request_sock_queue hence will be freed when
162   *	a listener is stopped. But TFO related fields may continue to be
163   *	accessed even after a listener is closed, until its sk_refcnt drops
164   *	to 0 implying no more outstanding TFO reqs. One solution is to keep
165   *	listen_opt around until	sk_refcnt drops to 0. But there is some other
166   *	complexity that needs to be resolved. E.g., a listener can be disabled
167   *	temporarily through shutdown()->tcp_disconnect(), and re-enabled later.
168   */
169  struct fastopen_queue {
170  	struct request_sock	*rskq_rst_head; /* Keep track of past TFO */
171  	struct request_sock	*rskq_rst_tail; /* requests that caused RST.
172  						 * This is part of the defense
173  						 * against spoofing attack.
174  						 */
175  	spinlock_t	lock;
176  	int		qlen;		/* # of pending (TCP_SYN_RECV) reqs */
177  	int		max_qlen;	/* != 0 iff TFO is currently enabled */
178  
179  	struct tcp_fastopen_context __rcu *ctx; /* cipher context for cookie */
180  };
181  
182  /** struct request_sock_queue - queue of request_socks
183   *
184   * @rskq_accept_head - FIFO head of established children
185   * @rskq_accept_tail - FIFO tail of established children
186   * @rskq_defer_accept - User waits for some data after accept()
187   *
188   */
189  struct request_sock_queue {
190  	spinlock_t		rskq_lock;
191  	u8			rskq_defer_accept;
192  
193  	u32			synflood_warned;
194  	atomic_t		qlen;
195  	atomic_t		young;
196  
197  	struct request_sock	*rskq_accept_head;
198  	struct request_sock	*rskq_accept_tail;
199  	struct fastopen_queue	fastopenq;  /* Check max_qlen != 0 to determine
200  					     * if TFO is enabled.
201  					     */
202  };
203  
204  void reqsk_queue_alloc(struct request_sock_queue *queue);
205  
206  void reqsk_fastopen_remove(struct sock *sk, struct request_sock *req,
207  			   bool reset);
208  
reqsk_queue_empty(const struct request_sock_queue * queue)209  static inline bool reqsk_queue_empty(const struct request_sock_queue *queue)
210  {
211  	return READ_ONCE(queue->rskq_accept_head) == NULL;
212  }
213  
reqsk_queue_remove(struct request_sock_queue * queue,struct sock * parent)214  static inline struct request_sock *reqsk_queue_remove(struct request_sock_queue *queue,
215  						      struct sock *parent)
216  {
217  	struct request_sock *req;
218  
219  	spin_lock_bh(&queue->rskq_lock);
220  	req = queue->rskq_accept_head;
221  	if (req) {
222  		sk_acceptq_removed(parent);
223  		WRITE_ONCE(queue->rskq_accept_head, req->dl_next);
224  		if (queue->rskq_accept_head == NULL)
225  			queue->rskq_accept_tail = NULL;
226  	}
227  	spin_unlock_bh(&queue->rskq_lock);
228  	return req;
229  }
230  
reqsk_queue_removed(struct request_sock_queue * queue,const struct request_sock * req)231  static inline void reqsk_queue_removed(struct request_sock_queue *queue,
232  				       const struct request_sock *req)
233  {
234  	if (req->num_timeout == 0)
235  		atomic_dec(&queue->young);
236  	atomic_dec(&queue->qlen);
237  }
238  
reqsk_queue_added(struct request_sock_queue * queue)239  static inline void reqsk_queue_added(struct request_sock_queue *queue)
240  {
241  	atomic_inc(&queue->young);
242  	atomic_inc(&queue->qlen);
243  }
244  
reqsk_queue_len(const struct request_sock_queue * queue)245  static inline int reqsk_queue_len(const struct request_sock_queue *queue)
246  {
247  	return atomic_read(&queue->qlen);
248  }
249  
reqsk_queue_len_young(const struct request_sock_queue * queue)250  static inline int reqsk_queue_len_young(const struct request_sock_queue *queue)
251  {
252  	return atomic_read(&queue->young);
253  }
254  
255  /* RFC 7323 2.3 Using the Window Scale Option
256   *  The window field (SEG.WND) of every outgoing segment, with the
257   *  exception of <SYN> segments, MUST be right-shifted by
258   *  Rcv.Wind.Shift bits.
259   *
260   * This means the SEG.WND carried in SYNACK can not exceed 65535.
261   * We use this property to harden TCP stack while in NEW_SYN_RECV state.
262   */
tcp_synack_window(const struct request_sock * req)263  static inline u32 tcp_synack_window(const struct request_sock *req)
264  {
265  	return min(req->rsk_rcv_wnd, 65535U);
266  }
267  #endif /* _REQUEST_SOCK_H */
268