diff options
| author |   Christoph Paasch <cpaasch@apple.com> | 2019-05-29 12:33:56 -0400 |
|---|---|---|
| committer |   David S. Miller <davem@davemloft.net> | 2019-05-30 13:41:26 -0700 |
| commit | 483642e5ea1dfa517cb7dba606d8b66ef2dd7791 (patch) | |
| tree | 5cb2d79fb8e81523ce69d0af7a1e1d7177478709 | |
| parent | Merge branch 'mlxsw-Hardware-monitoring-enhancements' (diff) | |
| download | linux-dev-483642e5ea1dfa517cb7dba606d8b66ef2dd7791.tar.xz linux-dev-483642e5ea1dfa517cb7dba606d8b66ef2dd7791.zip | |
tcp: introduce __tcp_fastopen_cookie_gen_cipher()
Restructure __tcp_fastopen_cookie_gen() to take a 'struct crypto_cipher'
argument and rename it as __tcp_fastopen_cookie_gen_cipher(). Subsequent
patches will provide different ciphers based on which key is being used for
the cookie generation.
Signed-off-by: Christoph Paasch <cpaasch@apple.com>
Signed-off-by: Jason Baron <jbaron@akamai.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/ipv4/tcp_fastopen.c | 73 |
1 files changed, 37 insertions, 36 deletions
diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c index 018a48477355..3889ad28dd06 100644 --- a/net/ipv4/tcp_fastopen.c +++ b/net/ipv4/tcp_fastopen.c @@ -111,25 +111,38 @@ error: kfree(ctx); return err; } -static bool __tcp_fastopen_cookie_gen(struct sock *sk, const void *path, - struct tcp_fastopen_cookie *foc) +static bool __tcp_fastopen_cookie_gen_cipher(struct request_sock *req, + struct sk_buff *syn, + struct crypto_cipher *tfm, + struct tcp_fastopen_cookie *foc) { - struct tcp_fastopen_context *ctx; - bool ok = false; - - rcu_read_lock(); + if (req->rsk_ops->family == AF_INET) { + const struct iphdr *iph = ip_hdr(syn); + __be32 path[4] = { iph->saddr, iph->daddr, 0, 0 }; - ctx = rcu_dereference(inet_csk(sk)->icsk_accept_queue.fastopenq.ctx); - if (!ctx) - ctx = rcu_dereference(sock_net(sk)->ipv4.tcp_fastopen_ctx); + crypto_cipher_encrypt_one(tfm, foc->val, (void *)path); + foc->len = TCP_FASTOPEN_COOKIE_SIZE; + return true; + } - if (ctx) { - crypto_cipher_encrypt_one(ctx->tfm, foc->val, path); +#if IS_ENABLED(CONFIG_IPV6) + if (req->rsk_ops->family == AF_INET6) { + const struct ipv6hdr *ip6h = ipv6_hdr(syn); + struct tcp_fastopen_cookie tmp; + struct in6_addr *buf; + int i; + + crypto_cipher_encrypt_one(tfm, tmp.val, + (void *)&ip6h->saddr); + buf = &tmp.addr; + for (i = 0; i < 4; i++) + buf->s6_addr32[i] ^= ip6h->daddr.s6_addr32[i]; + crypto_cipher_encrypt_one(tfm, foc->val, (void *)buf); foc->len = TCP_FASTOPEN_COOKIE_SIZE; - ok = true; + return true; } - rcu_read_unlock(); - return ok; +#endif + return false; } /* Generate the fastopen cookie by doing aes128 encryption on both @@ -143,29 +156,17 @@ static bool tcp_fastopen_cookie_gen(struct sock *sk, struct sk_buff *syn, struct tcp_fastopen_cookie *foc) { - if (req->rsk_ops->family == AF_INET) { - const struct iphdr *iph = ip_hdr(syn); - - __be32 path[4] = { iph->saddr, iph->daddr, 0, 0 }; - return __tcp_fastopen_cookie_gen(sk, path, foc); - } - -#if IS_ENABLED(CONFIG_IPV6) - if (req->rsk_ops->family == AF_INET6) { - const struct ipv6hdr *ip6h = ipv6_hdr(syn); - struct tcp_fastopen_cookie tmp; - - if (__tcp_fastopen_cookie_gen(sk, &ip6h->saddr, &tmp)) { - struct in6_addr *buf = &tmp.addr; - int i; + struct tcp_fastopen_context *ctx; + bool ok = false; - for (i = 0; i < 4; i++) - buf->s6_addr32[i] ^= ip6h->daddr.s6_addr32[i]; - return __tcp_fastopen_cookie_gen(sk, buf, foc); - } - } -#endif - return false; + rcu_read_lock(); + ctx = rcu_dereference(inet_csk(sk)->icsk_accept_queue.fastopenq.ctx); + if (!ctx) + ctx = rcu_dereference(sock_net(sk)->ipv4.tcp_fastopen_ctx); + if (ctx) + ok = __tcp_fastopen_cookie_gen_cipher(req, syn, ctx->tfm, foc); + rcu_read_unlock(); + return ok; } |