Changeset View
Changeset View
Standalone View
Standalone View
head/sys/netinet/tcp_fastopen.c
Show First 20 Lines • Show All 75 Lines • ▼ Show 20 Lines | |||||
* net.inet.tcp.fastopen.ccache_bucket_limit | * net.inet.tcp.fastopen.ccache_bucket_limit | ||||
* (RWTUN, default TCP_FASTOPEN_CCACHE_BUCKET_LIMIT_DEFAULT) | * (RWTUN, default TCP_FASTOPEN_CCACHE_BUCKET_LIMIT_DEFAULT) | ||||
* The maximum number of entries in a client cookie cache bucket. | * The maximum number of entries in a client cookie cache bucket. | ||||
* | * | ||||
* net.inet.tcp.fastopen.ccache_buckets | * net.inet.tcp.fastopen.ccache_buckets | ||||
* (RDTUN, default TCP_FASTOPEN_CCACHE_BUCKETS_DEFAULT) | * (RDTUN, default TCP_FASTOPEN_CCACHE_BUCKETS_DEFAULT) | ||||
* The number of client cookie cache buckets. | * The number of client cookie cache buckets. | ||||
* | * | ||||
* net.inet.tcp.fastopen.ccache_list (RO) | |||||
* Print the client cookie cache. | |||||
* | |||||
* net.inet.tcp.fastopen.client_enable (RW, default 0) | * net.inet.tcp.fastopen.client_enable (RW, default 0) | ||||
* When zero, no new active (i.e., client) TFO connections can be | * When zero, no new active (i.e., client) TFO connections can be | ||||
* created. On the transition from enabled to disabled, the client | * created. On the transition from enabled to disabled, the client | ||||
* cookie cache is cleared and disabled. The transition from enabled to | * cookie cache is cleared and disabled. The transition from enabled to | ||||
* disabled does not affect any active TFO connections in progress; it | * disabled does not affect any active TFO connections in progress; it | ||||
* only prevents new ones from being made. | * only prevents new ones from being made. | ||||
* | * | ||||
* net.inet.tcp.fastopen.keylen (RD) | * net.inet.tcp.fastopen.keylen (RD) | ||||
▲ Show 20 Lines • Show All 69 Lines • ▼ Show 20 Lines | |||||
*/ | */ | ||||
#include <sys/cdefs.h> | #include <sys/cdefs.h> | ||||
__FBSDID("$FreeBSD$"); | __FBSDID("$FreeBSD$"); | ||||
#include "opt_inet.h" | #include "opt_inet.h" | ||||
#include <sys/param.h> | #include <sys/param.h> | ||||
#include <sys/jail.h> | |||||
#include <sys/kernel.h> | #include <sys/kernel.h> | ||||
#include <sys/hash.h> | #include <sys/hash.h> | ||||
#include <sys/limits.h> | #include <sys/limits.h> | ||||
#include <sys/lock.h> | #include <sys/lock.h> | ||||
#include <sys/proc.h> | |||||
#include <sys/rmlock.h> | #include <sys/rmlock.h> | ||||
#include <sys/sbuf.h> | |||||
#include <sys/socket.h> | #include <sys/socket.h> | ||||
#include <sys/socketvar.h> | #include <sys/socketvar.h> | ||||
#include <sys/sysctl.h> | #include <sys/sysctl.h> | ||||
#include <sys/systm.h> | #include <sys/systm.h> | ||||
#include <crypto/siphash/siphash.h> | #include <crypto/siphash/siphash.h> | ||||
#include <net/vnet.h> | #include <net/vnet.h> | ||||
▲ Show 20 Lines • Show All 156 Lines • ▼ Show 20 Lines | SYSCTL_PROC(_net_inet_tcp_fastopen, OID_AUTO, setkey, | ||||
"Install a new key"); | "Install a new key"); | ||||
static int sysctl_net_inet_tcp_fastopen_setpsk(SYSCTL_HANDLER_ARGS); | static int sysctl_net_inet_tcp_fastopen_setpsk(SYSCTL_HANDLER_ARGS); | ||||
SYSCTL_PROC(_net_inet_tcp_fastopen, OID_AUTO, setpsk, | SYSCTL_PROC(_net_inet_tcp_fastopen, OID_AUTO, setpsk, | ||||
CTLFLAG_VNET | CTLTYPE_OPAQUE | CTLFLAG_WR, NULL, 0, | CTLFLAG_VNET | CTLTYPE_OPAQUE | CTLFLAG_WR, NULL, 0, | ||||
&sysctl_net_inet_tcp_fastopen_setpsk, "", | &sysctl_net_inet_tcp_fastopen_setpsk, "", | ||||
"Install a new pre-shared key"); | "Install a new pre-shared key"); | ||||
static int sysctl_net_inet_tcp_fastopen_ccache_list(SYSCTL_HANDLER_ARGS); | |||||
SYSCTL_PROC(_net_inet_tcp_fastopen, OID_AUTO, ccache_list, | |||||
CTLFLAG_VNET | CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_SKIP, NULL, 0, | |||||
sysctl_net_inet_tcp_fastopen_ccache_list, "A", | |||||
"List of all client cookie cache entries"); | |||||
static VNET_DEFINE(struct rmlock, tcp_fastopen_keylock); | static VNET_DEFINE(struct rmlock, tcp_fastopen_keylock); | ||||
#define V_tcp_fastopen_keylock VNET(tcp_fastopen_keylock) | #define V_tcp_fastopen_keylock VNET(tcp_fastopen_keylock) | ||||
#define TCP_FASTOPEN_KEYS_RLOCK(t) rm_rlock(&V_tcp_fastopen_keylock, (t)) | #define TCP_FASTOPEN_KEYS_RLOCK(t) rm_rlock(&V_tcp_fastopen_keylock, (t)) | ||||
#define TCP_FASTOPEN_KEYS_RUNLOCK(t) rm_runlock(&V_tcp_fastopen_keylock, (t)) | #define TCP_FASTOPEN_KEYS_RUNLOCK(t) rm_runlock(&V_tcp_fastopen_keylock, (t)) | ||||
#define TCP_FASTOPEN_KEYS_WLOCK() rm_wlock(&V_tcp_fastopen_keylock) | #define TCP_FASTOPEN_KEYS_WLOCK() rm_wlock(&V_tcp_fastopen_keylock) | ||||
#define TCP_FASTOPEN_KEYS_WUNLOCK() rm_wunlock(&V_tcp_fastopen_keylock) | #define TCP_FASTOPEN_KEYS_WUNLOCK() rm_wunlock(&V_tcp_fastopen_keylock) | ||||
▲ Show 20 Lines • Show All 774 Lines • ▼ Show 20 Lines | tcp_fastopen_ccache_entry_drop(struct tcp_fastopen_ccache_entry *cce, | ||||
struct tcp_fastopen_ccache_bucket *ccb) | struct tcp_fastopen_ccache_bucket *ccb) | ||||
{ | { | ||||
CCB_LOCK_ASSERT(ccb); | CCB_LOCK_ASSERT(ccb); | ||||
TAILQ_REMOVE(&ccb->ccb_entries, cce, cce_link); | TAILQ_REMOVE(&ccb->ccb_entries, cce, cce_link); | ||||
ccb->ccb_num_entries--; | ccb->ccb_num_entries--; | ||||
uma_zfree(V_tcp_fastopen_ccache.zone, cce); | uma_zfree(V_tcp_fastopen_ccache.zone, cce); | ||||
} | |||||
static int | |||||
sysctl_net_inet_tcp_fastopen_ccache_list(SYSCTL_HANDLER_ARGS) | |||||
{ | |||||
struct sbuf sb; | |||||
struct tcp_fastopen_ccache_bucket *ccb; | |||||
struct tcp_fastopen_ccache_entry *cce; | |||||
sbintime_t now, duration, limit; | |||||
const int linesize = 128; | |||||
int i, error, num_entries; | |||||
unsigned int j; | |||||
#ifdef INET6 | |||||
char clt_buf[INET6_ADDRSTRLEN], srv_buf[INET6_ADDRSTRLEN]; | |||||
#else | |||||
char clt_buf[INET_ADDRSTRLEN], srv_buf[INET_ADDRSTRLEN]; | |||||
#endif | |||||
if (jailed_without_vnet(curthread->td_ucred) != 0) | |||||
return (EPERM); | |||||
/* Only allow root to read the client cookie cache */ | |||||
if (curthread->td_ucred->cr_uid != 0) | |||||
return (EPERM); | |||||
num_entries = 0; | |||||
for (i = 0; i < V_tcp_fastopen_ccache.buckets; i++) { | |||||
ccb = &V_tcp_fastopen_ccache.base[i]; | |||||
CCB_LOCK(ccb); | |||||
if (ccb->ccb_num_entries > 0) | |||||
num_entries += ccb->ccb_num_entries; | |||||
CCB_UNLOCK(ccb); | |||||
} | |||||
sbuf_new(&sb, NULL, linesize * (num_entries + 1), SBUF_INCLUDENUL); | |||||
sbuf_printf(&sb, | |||||
"\nLocal IP address Remote IP address Port MSS" | |||||
" Disabled Cookie\n"); | |||||
now = getsbinuptime(); | |||||
limit = (sbintime_t)V_tcp_fastopen_path_disable_time << 32; | |||||
for (i = 0; i < V_tcp_fastopen_ccache.buckets; i++) { | |||||
ccb = &V_tcp_fastopen_ccache.base[i]; | |||||
CCB_LOCK(ccb); | |||||
TAILQ_FOREACH(cce, &ccb->ccb_entries, cce_link) { | |||||
if (cce->disable_time != 0) { | |||||
duration = now - cce->disable_time; | |||||
if (limit >= duration) | |||||
duration = limit - duration; | |||||
else | |||||
duration = 0; | |||||
} else | |||||
duration = 0; | |||||
sbuf_printf(&sb, | |||||
"%-20s %-20s %5u %5u ", | |||||
inet_ntop(cce->af, &cce->cce_client_ip, | |||||
clt_buf, sizeof(clt_buf)), | |||||
inet_ntop(cce->af, &cce->cce_server_ip, | |||||
srv_buf, sizeof(srv_buf)), | |||||
ntohs(cce->server_port), | |||||
cce->server_mss); | |||||
if (duration > 0) | |||||
sbuf_printf(&sb, "%7ds ", sbintime_getsec(duration)); | |||||
else | |||||
sbuf_printf(&sb, "%8s ", "No"); | |||||
for (j = 0; j < cce->cookie_len; j++) | |||||
sbuf_printf(&sb, "%02x", cce->cookie[j]); | |||||
sbuf_putc(&sb, '\n'); | |||||
} | |||||
CCB_UNLOCK(ccb); | |||||
} | |||||
error = sbuf_finish(&sb); | |||||
if (error == 0) | |||||
error = SYSCTL_OUT(req, sbuf_data(&sb), sbuf_len(&sb)); | |||||
sbuf_delete(&sb); | |||||
return (error); | |||||
} | } | ||||