10Sduke/* SPDX-License-Identifier: GPL-2.0-or-later */
213351Scoleenp/*
30Sduke * NET		Generic infrastructure for Network protocols.
40Sduke *
50Sduke *		Definitions for request_sock
60Sduke *
70Sduke * Authors:	Arnaldo Carvalho de Melo <acme@conectiva.com.br>
80Sduke *
90Sduke * 		From code originally in include/net/tcp.h
100Sduke */
110Sduke#ifndef _REQUEST_SOCK_H
120Sduke#define _REQUEST_SOCK_H
130Sduke
140Sduke#include <linux/slab.h>
150Sduke#include <linux/spinlock.h>
160Sduke#include <linux/types.h>
170Sduke#include <linux/bug.h>
180Sduke#include <linux/refcount.h>
191472Strims
201472Strims#include <net/sock.h>
211472Strims
220Sdukestruct request_sock;
230Sdukestruct sk_buff;
240Sdukestruct dst_entry;
251879Sstefankstruct proto;
261879Sstefank
271879Sstefankstruct request_sock_ops {
281879Sstefank	int		family;
291879Sstefank	unsigned int	obj_size;
301879Sstefank	struct kmem_cache	*slab;
310Sduke	char		*slab_name;
320Sduke	int		(*rtx_syn_ack)(const struct sock *sk,
330Sduke				       struct request_sock *req);
340Sduke	void		(*send_ack)(const struct sock *sk, struct sk_buff *skb,
350Sduke				    struct request_sock *req);
360Sduke	void		(*send_reset)(const struct sock *sk,
372703Snever				      struct sk_buff *skb);
382703Snever	void		(*destructor)(struct request_sock *req);
390Sduke	void		(*syn_ack_timeout)(const struct request_sock *req);
400Sduke};
410Sduke
420Sdukeint inet_rtx_syn_ack(const struct sock *parent, struct request_sock *req);
430Sduke
449111Stwististruct saved_syn {
459111Stwisti	u32 mac_hdrlen;
469111Stwisti	u32 network_hdrlen;
479111Stwisti	u32 tcp_hdrlen;
489111Stwisti	u8 data[];
499111Stwisti};
509111Stwisti
510Sduke/* struct request_sock - mini sock to represent a connection request
520Sduke */
530Sdukestruct request_sock {
540Sduke	struct sock_common		__req_common;
550Sduke#define rsk_refcnt			__req_common.skc_refcnt
560Sduke#define rsk_hash			__req_common.skc_hash
571206Skvn#define rsk_listener			__req_common.skc_listener
581206Skvn#define rsk_window_clamp		__req_common.skc_window_clamp
599111Stwisti#define rsk_rcv_wnd			__req_common.skc_rcv_wnd
609111Stwisti
619111Stwisti	struct request_sock		*dl_next;
629111Stwisti	u16				mss;
639111Stwisti	u8				num_retrans; /* number of retransmits */
649111Stwisti	u8				syncookie:1; /* True if
659111Stwisti						      * 1) tcpopts needs to be encoded in
660Sduke						      *    TS of SYN+ACK
670Sduke						      * 2) ACK is validated by BPF kfunc.
680Sduke						      */
690Sduke	u8				num_timeout:7; /* number of timeouts */
700Sduke	u32				ts_recent;
710Sduke	struct timer_list		rsk_timer;
720Sduke	const struct request_sock_ops	*rsk_ops;
731172Scfang	struct sock			*sk;
742442Skvn	struct saved_syn		*saved_syn;
756054Sroland	u32				secid;
766216Sroland	u32				peer_secid;
7713166Sroland	u32				timeout;
786182Skvn};
796557Srbackman
808168Srolandstatic inline struct request_sock *inet_reqsk(const struct sock *sk)
819111Stwisti{
829111Stwisti	return (struct request_sock *)sk;
839111Stwisti}
849111Stwisti
859111Stwististatic inline struct sock *req_to_sk(struct request_sock *req)
869111Stwisti{
879111Stwisti	return (struct sock *)req;
886557Srbackman}
896557Srbackman
906557Srbackman/**
916430Siveresov * skb_steal_sock - steal a socket from an sk_buff
920Sduke * @skb: sk_buff to steal the socket from
939111Stwisti * @refcounted: is set to true if the socket is reference-counted
940Sduke * @prefetched: is set to true if the socket was assigned from bpf
951206Skvn */
960Sdukestatic inline struct sock *skb_steal_sock(struct sk_buff *skb,
970Sduke					  bool *refcounted, bool *prefetched)
980Sduke{
990Sduke	struct sock *sk = skb->sk;
1000Sduke
1010Sduke	if (!sk) {
1020Sduke		*prefetched = false;
1030Sduke		*refcounted = false;
1040Sduke		return NULL;
1050Sduke	}
1060Sduke
1070Sduke	*prefetched = skb_sk_is_prefetched(skb);
1080Sduke	if (*prefetched) {
1090Sduke#if IS_ENABLED(CONFIG_SYN_COOKIES)
1100Sduke		if (sk->sk_state == TCP_NEW_SYN_RECV && inet_reqsk(sk)->syncookie) {
1110Sduke			struct request_sock *req = inet_reqsk(sk);
1120Sduke
1130Sduke			*refcounted = false;
1140Sduke			sk = req->rsk_listener;
1152442Skvn			req->rsk_listener = NULL;
1169111Stwisti			return sk;
1170Sduke		}
1180Sduke#endif
1199111Stwisti		*refcounted = sk_is_refcounted(sk);
1200Sduke	} else {
1210Sduke		*refcounted = true;
1220Sduke	}
1230Sduke
1240Sduke	skb->destructor = NULL;
1250Sduke	skb->sk = NULL;
1260Sduke	return sk;
1279461Stwisti}
1289461Stwisti
1290Sdukestatic inline struct request_sock *
1300Sdukereqsk_alloc(const struct request_sock_ops *ops, struct sock *sk_listener,
1310Sduke	    bool attach_listener)
1320Sduke{
1330Sduke	struct request_sock *req;
1340Sduke
1350Sduke	req = kmem_cache_alloc(ops->slab, GFP_ATOMIC | __GFP_NOWARN);
1360Sduke	if (!req)
1379111Stwisti		return NULL;
1380Sduke	req->rsk_listener = NULL;
13913517Snever	if (attach_listener) {
14013517Snever		if (unlikely(!refcount_inc_not_zero(&sk_listener->sk_refcnt))) {
14113517Snever			kmem_cache_free(ops->slab, req);
14213517Snever			return NULL;
1430Sduke		}
1440Sduke		req->rsk_listener = sk_listener;
1459111Stwisti	}
1460Sduke	req->rsk_ops = ops;
1470Sduke	req_to_sk(req)->sk_prot = sk_listener->sk_prot;
1480Sduke	sk_node_init(&req_to_sk(req)->sk_node);
1490Sduke	sk_tx_queue_clear(req_to_sk(req));
1500Sduke	req->saved_syn = NULL;
1510Sduke	req->syncookie = 0;
1520Sduke	req->timeout = 0;
1530Sduke	req->num_timeout = 0;
1549111Stwisti	req->num_retrans = 0;
1559111Stwisti	req->sk = NULL;
1569111Stwisti	refcount_set(&req->rsk_refcnt, 0);
1570Sduke
1580Sduke	return req;
1590Sduke}
1600Sduke
1619111Stwististatic inline void __reqsk_free(struct request_sock *req)
1627537Sroland{
1637537Sroland	req->rsk_ops->destructor(req);
1647537Sroland	if (req->rsk_listener)
1659111Stwisti		sock_put(req->rsk_listener);
1660Sduke	kfree(req->saved_syn);
1670Sduke	kmem_cache_free(req->rsk_ops->slab, req);
1687537Sroland}
1690Sduke
1700Sdukestatic inline void reqsk_free(struct request_sock *req)
1710Sduke{
1720Sduke	WARN_ON_ONCE(refcount_read(&req->rsk_refcnt) != 0);
1730Sduke	__reqsk_free(req);
1743465Szgu}
1759111Stwisti
1769789Stwististatic inline void reqsk_put(struct request_sock *req)
1770Sduke{
1780Sduke	if (refcount_dec_and_test(&req->rsk_refcnt))
1790Sduke		reqsk_free(req);
1800Sduke}
1810Sduke
1820Sduke/*
1830Sduke * For a TCP Fast Open listener -
1840Sduke *	lock - protects the access to all the reqsk, which is co-owned by
1850Sduke *		the listener and the child socket.
1862695Sbdelsart *	qlen - pending TFO requests (still in TCP_SYN_RECV).
1872466Snever *	max_qlen - max TFO reqs allowed before TFO is disabled.
1882466Snever *
1899461Stwisti *	XXX (TFO) - ideally these fields can be made as part of "listen_sock"
1902466Snever *	structure above. But there is some implementation difficulty due to
1910Sduke *	listen_sock being part of request_sock_queue hence will be freed when
1920Sduke *	a listener is stopped. But TFO related fields may continue to be
1930Sduke *	accessed even after a listener is closed, until its sk_refcnt drops
1940Sduke *	to 0 implying no more outstanding TFO reqs. One solution is to keep
1950Sduke *	listen_opt around until	sk_refcnt drops to 0. But there is some other
1960Sduke *	complexity that needs to be resolved. E.g., a listener can be disabled
1970Sduke *	temporarily through shutdown()->tcp_disconnect(), and re-enabled later.
1980Sduke */
1990Sdukestruct fastopen_queue {
2000Sduke	struct request_sock	*rskq_rst_head; /* Keep track of past TFO */
2012466Snever	struct request_sock	*rskq_rst_tail; /* requests that caused RST.
2020Sduke						 * This is part of the defense
2030Sduke						 * against spoofing attack.
2040Sduke						 */
2059461Stwisti	spinlock_t	lock;
2069461Stwisti	int		qlen;		/* # of pending (TCP_SYN_RECV) reqs */
2070Sduke	int		max_qlen;	/* != 0 iff TFO is currently enabled */
2080Sduke
2090Sduke	struct tcp_fastopen_context __rcu *ctx; /* cipher context for cookie */
2100Sduke};
2110Sduke
2120Sduke/** struct request_sock_queue - queue of request_socks
2130Sduke *
2140Sduke * @rskq_accept_head - FIFO head of established children
2150Sduke * @rskq_accept_tail - FIFO tail of established children
2169461Stwisti * @rskq_defer_accept - User waits for some data after accept()
2170Sduke *
2180Sduke */
2190Sdukestruct request_sock_queue {
2200Sduke	spinlock_t		rskq_lock;
2212695Sbdelsart	u8			rskq_defer_accept;
2222185Sbdelsart
2232466Snever	u32			synflood_warned;
2242466Snever	atomic_t		qlen;
2250Sduke	atomic_t		young;
2260Sduke
2270Sduke	struct request_sock	*rskq_accept_head;
2280Sduke	struct request_sock	*rskq_accept_tail;
2290Sduke	struct fastopen_queue	fastopenq;  /* Check max_qlen != 0 to determine
2300Sduke					     * if TFO is enabled.
2310Sduke					     */
2320Sduke};
2330Sduke
2340Sdukevoid reqsk_queue_alloc(struct request_sock_queue *queue);
2352695Sbdelsart
2360Sdukevoid reqsk_fastopen_remove(struct sock *sk, struct request_sock *req,
2370Sduke			   bool reset);
2380Sduke
2390Sdukestatic inline bool reqsk_queue_empty(const struct request_sock_queue *queue)
2400Sduke{
2410Sduke	return READ_ONCE(queue->rskq_accept_head) == NULL;
2420Sduke}
2430Sduke
2440Sdukestatic inline struct request_sock *reqsk_queue_remove(struct request_sock_queue *queue,
2450Sduke						      struct sock *parent)
2460Sduke{
2470Sduke	struct request_sock *req;
2480Sduke
2499461Stwisti	spin_lock_bh(&queue->rskq_lock);
2500Sduke	req = queue->rskq_accept_head;
2510Sduke	if (req) {
2520Sduke		sk_acceptq_removed(parent);
2530Sduke		WRITE_ONCE(queue->rskq_accept_head, req->dl_next);
2540Sduke		if (queue->rskq_accept_head == NULL)
2555862Sjwilhelm			queue->rskq_accept_tail = NULL;
2560Sduke	}
2570Sduke	spin_unlock_bh(&queue->rskq_lock);
2580Sduke	return req;
2590Sduke}
2600Sduke
2610Sdukestatic inline void reqsk_queue_removed(struct request_sock_queue *queue,
2620Sduke				       const struct request_sock *req)
2630Sduke{
2640Sduke	if (req->num_timeout == 0)
2650Sduke		atomic_dec(&queue->young);
2660Sduke	atomic_dec(&queue->qlen);
2670Sduke}
2680Sduke
2690Sdukestatic inline void reqsk_queue_added(struct request_sock_queue *queue)
2700Sduke{
2710Sduke	atomic_inc(&queue->young);
2720Sduke	atomic_inc(&queue->qlen);
2730Sduke}
2749461Stwisti
2750Sdukestatic inline int reqsk_queue_len(const struct request_sock_queue *queue)
2760Sduke{
2770Sduke	return atomic_read(&queue->qlen);
2780Sduke}
2790Sduke
2800Sdukestatic inline int reqsk_queue_len_young(const struct request_sock_queue *queue)
2810Sduke{
2829111Stwisti	return atomic_read(&queue->young);
2831825Snever}
2849111Stwisti
2851825Snever#endif /* _REQUEST_SOCK_H */
2869111Stwisti