1/* 2 * Copyright (c) 2012-2013 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28#include <sys/param.h> 29#include <sys/systm.h> 30#include <netinet/in_systm.h> 31#include <sys/socket.h> 32#include <sys/socketvar.h> 33 34#include <net/route.h> 35#include <netinet/in.h> 36#include <net/if.h> 37 38#include <netinet/ip.h> 39#include <netinet/ip_var.h> 40#include <netinet/in_var.h> 41#include <netinet/tcp.h> 42#include <netinet/tcp_var.h> 43#include <netinet/tcp_seq.h> 44#include <netinet/tcpip.h> 45#include <netinet/tcp_fsm.h> 46#include <netinet/mptcp_var.h> 47#include <netinet/mptcp.h> 48#include <netinet/mptcp_opt.h> 49#include <netinet/mptcp_seq.h> 50 51#include <libkern/crypto/sha1.h> 52#include <netinet/mptcp_timer.h> 53 54#include <mach/sdt.h> 55 56static int mptcp_validate_join_hmac(struct tcpcb *, u_char*, int); 57static int mptcp_snd_mpprio(struct tcpcb *tp, u_char *cp, int optlen); 58 59/* 60 * MPTCP Options Output Processing 61 */ 62 63static unsigned 64mptcp_setup_first_subflow_syn_opts(struct socket *so, int flags, u_char *opt, 65 unsigned optlen) 66{ 67 struct tcpcb *tp = sototcpcb(so); 68 struct mptcb *mp_tp = NULL; 69 mp_tp = tptomptp(tp); 70 71 if (!(so->so_flags & SOF_MP_SUBFLOW)) 72 return (optlen); 73 74 /* 75 * Avoid retransmitting the MP_CAPABLE option. 76 */ 77 if (tp->t_rxtshift > mptcp_mpcap_retries) 78 return (optlen); 79 80 if ((flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK)) { 81 struct mptcp_mpcapable_opt_rsp mptcp_opt; 82 mptcp_key_t mp_localkey = 0; 83 84 mp_localkey = mptcp_get_localkey(mp_tp); 85 if (mp_localkey == 0) { 86 /* an embryonic connection was closed from above */ 87 return (optlen); 88 } 89 bzero(&mptcp_opt, 90 sizeof (struct mptcp_mpcapable_opt_rsp)); 91 mptcp_opt.mmc_common.mmco_kind = TCPOPT_MULTIPATH; 92 mptcp_opt.mmc_common.mmco_len = 93 sizeof (struct mptcp_mpcapable_opt_rsp); 94 mptcp_opt.mmc_common.mmco_subtype = MPO_CAPABLE; 95 MPT_LOCK_SPIN(mp_tp); 96 mptcp_opt.mmc_common.mmco_version = mp_tp->mpt_version; 97 mptcp_opt.mmc_common.mmco_flags |= MPCAP_PROPOSAL_SBIT; 98 if (mp_tp->mpt_flags & MPTCPF_CHECKSUM) 99 mptcp_opt.mmc_common.mmco_flags |= 100 MPCAP_CHECKSUM_CBIT; 101 MPT_UNLOCK(mp_tp); 102 mptcp_opt.mmc_localkey = mp_localkey; 103 memcpy(opt + optlen, &mptcp_opt, 104 mptcp_opt.mmc_common.mmco_len); 105 optlen += mptcp_opt.mmc_common.mmco_len; 106 if (mptcp_dbg >= MP_VERBOSE_DEBUG_2) { 107 printf("%s: SYN_ACK localkey = %llx \n", 108 __func__, mp_localkey); 109 } 110 } else { 111 /* Only the SYN flag is set */ 112 struct mptcp_mpcapable_opt_common mptcp_opt; 113 mptcp_key_t mp_localkey = 0; 114 mp_localkey = mptcp_get_localkey(mp_tp); 115 so->so_flags |= SOF_MPTCP_CLIENT; 116 if (mp_localkey == 0) { 117 /* an embryonic connection was closed */ 118 return (optlen); 119 } 120 bzero(&mptcp_opt, 121 sizeof (struct mptcp_mpcapable_opt_common)); 122 mptcp_opt.mmco_kind = TCPOPT_MULTIPATH; 123 mptcp_opt.mmco_len = 124 sizeof (struct mptcp_mpcapable_opt_common) + 125 sizeof (mptcp_key_t); 126 mptcp_opt.mmco_subtype = MPO_CAPABLE; 127 MPT_LOCK_SPIN(mp_tp); 128 mptcp_opt.mmco_version = mp_tp->mpt_version; 129 mptcp_opt.mmco_flags |= MPCAP_PROPOSAL_SBIT; 130 if (mp_tp->mpt_flags & MPTCPF_CHECKSUM) 131 mptcp_opt.mmco_flags |= MPCAP_CHECKSUM_CBIT; 132 MPT_UNLOCK(mp_tp); 133 (void) memcpy(opt + optlen, &mptcp_opt, 134 sizeof (struct mptcp_mpcapable_opt_common)); 135 optlen += sizeof (struct mptcp_mpcapable_opt_common); 136 (void) memcpy(opt + optlen, &mp_localkey, 137 sizeof (mptcp_key_t)); 138 optlen += sizeof (mptcp_key_t); 139 } 140 141 return (optlen); 142} 143 144static unsigned 145mptcp_setup_join_subflow_syn_opts(struct socket *so, int flags, u_char *opt, 146 unsigned optlen) 147{ 148 struct inpcb *inp = sotoinpcb(so); 149 struct tcpcb *tp = NULL; 150 151 if (!inp) 152 return (optlen); 153 154 tp = intotcpcb(inp); 155 if (!tp) 156 return (optlen); 157 158 if (!tp->t_mptcb) 159 return (optlen); 160 161 if ((flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK)) { 162 struct mptcp_mpjoin_opt_rsp mpjoin_rsp; 163 bzero(&mpjoin_rsp, sizeof (mpjoin_rsp)); 164 mpjoin_rsp.mmjo_kind = TCPOPT_MULTIPATH; 165 mpjoin_rsp.mmjo_len = sizeof (mpjoin_rsp); 166 mpjoin_rsp.mmjo_subtype_bkp = MPO_JOIN << 4; 167 if (tp->t_mpflags & TMPF_BACKUP_PATH) 168 mpjoin_rsp.mmjo_subtype_bkp |= MPTCP_BACKUP; 169 mpjoin_rsp.mmjo_addr_id = tp->t_local_aid; 170 mptcp_get_rands(tp->t_local_aid, tptomptp(tp), 171 &mpjoin_rsp.mmjo_rand, NULL); 172 mpjoin_rsp.mmjo_mac = mptcp_get_trunced_hmac(tp->t_local_aid, 173 tptomptp(tp)); 174 memcpy(opt + optlen, &mpjoin_rsp, mpjoin_rsp.mmjo_len); 175 optlen += mpjoin_rsp.mmjo_len; 176 } else { 177 struct mptcp_mpjoin_opt_req mpjoin_req; 178 bzero(&mpjoin_req, sizeof (mpjoin_req)); 179 mpjoin_req.mmjo_kind = TCPOPT_MULTIPATH; 180 mpjoin_req.mmjo_len = sizeof (mpjoin_req); 181 mpjoin_req.mmjo_subtype_bkp = MPO_JOIN << 4; 182 /* A secondary subflow is started off as backup */ 183 mpjoin_req.mmjo_subtype_bkp |= MPTCP_BACKUP; 184 tp->t_mpflags |= TMPF_BACKUP_PATH; 185 mpjoin_req.mmjo_addr_id = tp->t_local_aid; 186 mpjoin_req.mmjo_peer_token = mptcp_get_remotetoken(tp->t_mptcb); 187 if (mpjoin_req.mmjo_peer_token == 0) { 188 if (mptcp_dbg >= MP_ERR_DEBUG) 189 printf("%s: zero peer token \n", __func__); 190 } 191 mptcp_get_rands(tp->t_local_aid, tptomptp(tp), 192 &mpjoin_req.mmjo_rand, NULL); 193 memcpy(opt + optlen, &mpjoin_req, mpjoin_req.mmjo_len); 194 optlen += mpjoin_req.mmjo_len; 195 } 196 return (optlen); 197} 198 199unsigned 200mptcp_setup_join_ack_opts(struct tcpcb *tp, u_char *opt, unsigned optlen) 201{ 202 unsigned new_optlen; 203 struct mptcp_mpjoin_opt_rsp2 join_rsp2; 204 205 if ((MAX_TCPOPTLEN - optlen) < sizeof (struct mptcp_mpjoin_opt_rsp2)) { 206 printf("%s: no space left %d \n", __func__, optlen); 207 return (optlen); 208 } 209 210 bzero(&join_rsp2, sizeof (struct mptcp_mpjoin_opt_rsp2)); 211 join_rsp2.mmjo_kind = TCPOPT_MULTIPATH; 212 join_rsp2.mmjo_len = sizeof (struct mptcp_mpjoin_opt_rsp2); 213 join_rsp2.mmjo_subtype = MPO_JOIN; 214 mptcp_get_hmac(tp->t_local_aid, tptomptp(tp), 215 (u_char*)&join_rsp2.mmjo_mac, 216 sizeof (join_rsp2.mmjo_mac)); 217 memcpy(opt + optlen, &join_rsp2, join_rsp2.mmjo_len); 218 new_optlen = optlen + join_rsp2.mmjo_len; 219 return (new_optlen); 220} 221 222unsigned 223mptcp_setup_syn_opts(struct socket *so, int flags, u_char *opt, unsigned optlen) 224{ 225 unsigned new_optlen; 226 227 if (mptcp_enable == 0) { 228 /* do nothing */ 229 return (optlen); 230 } 231 232 if (!(so->so_flags & SOF_MP_SEC_SUBFLOW)) { 233 new_optlen = mptcp_setup_first_subflow_syn_opts(so, flags, opt, 234 optlen); 235 } else { 236 /* 237 * To simulate SYN_ACK with no join opt, comment this line on 238 * OS X server side. This serves as a testing hook. 239 */ 240 new_optlen = mptcp_setup_join_subflow_syn_opts(so, flags, opt, 241 optlen); 242 } 243 return (new_optlen); 244} 245 246static int 247mptcp_send_mpfail(struct tcpcb *tp, u_char *opt, unsigned int optlen) 248{ 249#pragma unused(tp, opt, optlen) 250 251 struct mptcb *mp_tp = NULL; 252 struct mptcp_mpfail_opt fail_opt; 253 uint64_t dsn; 254 int len = sizeof (struct mptcp_mpfail_opt); 255 256 mp_tp = tptomptp(tp); 257 if (mp_tp == NULL) { 258 tp->t_mpflags &= ~TMPF_SND_MPFAIL; 259 return (optlen); 260 } 261 262 /* if option space low give up */ 263 if ((MAX_TCPOPTLEN - optlen) < sizeof (struct mptcp_mpfail_opt)) { 264 tp->t_mpflags &= ~TMPF_SND_MPFAIL; 265 return (optlen); 266 } 267 268 MPT_LOCK(mp_tp); 269 dsn = mp_tp->mpt_rcvnxt; 270 MPT_UNLOCK(mp_tp); 271 272 bzero(&fail_opt, sizeof (fail_opt)); 273 fail_opt.mfail_kind = TCPOPT_MULTIPATH; 274 fail_opt.mfail_len = len; 275 fail_opt.mfail_subtype = MPO_FAIL; 276 fail_opt.mfail_dsn = mptcp_hton64(dsn); 277 memcpy(opt + optlen, &fail_opt, len); 278 optlen += len; 279 tp->t_mpflags &= ~TMPF_SND_MPFAIL; 280 if (mptcp_dbg >= MP_ERR_DEBUG) 281 printf("%s: %d \n", __func__, tp->t_local_aid); 282 return (optlen); 283} 284 285static int 286mptcp_send_infinite_mapping(struct tcpcb *tp, u_char *opt, unsigned int optlen) 287{ 288 struct mptcp_dsn_opt infin_opt; 289 struct mptcb *mp_tp = NULL; 290 size_t len = sizeof (struct mptcp_dsn_opt); 291 struct socket *so = tp->t_inpcb->inp_socket; 292 int error = 0; 293 int csum_len = 0; 294 295 if (!so) 296 return (optlen); 297 298 mp_tp = tptomptp(tp); 299 if (mp_tp == NULL) 300 return (optlen); 301 302 MPT_LOCK(mp_tp); 303 if (mp_tp->mpt_flags & MPTCPF_CHECKSUM) 304 csum_len = 2; 305 306 /* try later */ 307 if ((MAX_TCPOPTLEN - optlen) < (len + csum_len)) { 308 MPT_UNLOCK(mp_tp); 309 return (optlen); 310 } 311 bzero(&infin_opt, sizeof (infin_opt)); 312 infin_opt.mdss_copt.mdss_kind = TCPOPT_MULTIPATH; 313 infin_opt.mdss_copt.mdss_len = len + csum_len; 314 infin_opt.mdss_copt.mdss_subtype = MPO_DSS; 315 infin_opt.mdss_copt.mdss_flags |= MDSS_M; 316 if (mp_tp->mpt_flags & MPTCPF_RECVD_MPFAIL) { 317 infin_opt.mdss_dsn = (u_int32_t) 318 MPTCP_DATASEQ_LOW32(mp_tp->mpt_dsn_at_csum_fail); 319 error = mptcp_get_map_for_dsn(so, mp_tp->mpt_dsn_at_csum_fail, 320 &infin_opt.mdss_subflow_seqn); 321 } else { 322 infin_opt.mdss_dsn = (u_int32_t) 323 MPTCP_DATASEQ_LOW32(mp_tp->mpt_snduna); 324 infin_opt.mdss_subflow_seqn = tp->snd_una - tp->iss; 325 } 326 MPT_UNLOCK(mp_tp); 327 if (error != 0) 328 return (optlen); 329 if ((infin_opt.mdss_dsn == 0) || (infin_opt.mdss_subflow_seqn == 0)) { 330 return (optlen); 331 } 332 infin_opt.mdss_dsn = htonl(infin_opt.mdss_dsn); 333 infin_opt.mdss_subflow_seqn = htonl(infin_opt.mdss_subflow_seqn); 334 infin_opt.mdss_data_len = 0; 335 336 memcpy(opt + optlen, &infin_opt, len); 337 optlen += len; 338 if (csum_len != 0) { 339 /* The checksum field is set to 0 for infinite mapping */ 340 uint16_t csum = 0; 341 memcpy(opt + optlen, &csum, csum_len); 342 optlen += csum_len; 343 } 344 345 if (mptcp_dbg == MP_VERBOSE_DEBUG_1) { 346 printf("%s: dsn = %x, seq = %x len = %x\n", __func__, 347 ntohl(infin_opt.mdss_dsn), 348 ntohl(infin_opt.mdss_subflow_seqn), 349 ntohs(infin_opt.mdss_data_len)); 350 } 351 352 /* so->so_flags &= ~SOF_MPTCP_CLIENT; */ 353 tp->t_mpflags |= TMPF_INFIN_SENT; 354 tcpstat.tcps_estab_fallback++; 355 return (optlen); 356} 357 358 359static int 360mptcp_ok_to_fin(struct tcpcb *tp, u_int64_t dsn, u_int32_t datalen) 361{ 362 struct mptcb *mp_tp = NULL; 363 mp_tp = tptomptp(tp); 364 365 MPT_LOCK(mp_tp); 366 dsn = (mp_tp->mpt_sndmax & MPTCP_DATASEQ_LOW32_MASK) | dsn; 367 if ((dsn + datalen) == mp_tp->mpt_sndmax) { 368 MPT_UNLOCK(mp_tp); 369 return (1); 370 } 371 MPT_UNLOCK(mp_tp); 372 return (0); 373} 374 375 376/* Must be called from tcp_output to fill in the fast close option */ 377static int 378mptcp_send_fastclose(struct tcpcb *tp, u_char *opt, unsigned int optlen, 379 int flags) 380{ 381 struct mptcp_fastclose_opt fastclose_opt; 382 struct mptcb *mp_tp = tptomptp(tp); 383 384 /* Only ACK flag should be set */ 385 if (flags != TH_ACK) 386 return (optlen); 387 388 if ((MAX_TCPOPTLEN - optlen) < 389 sizeof (struct mptcp_fastclose_opt)) { 390 return (optlen); 391 } 392 393 bzero(&fastclose_opt, sizeof (struct mptcp_fastclose_opt)); 394 fastclose_opt.mfast_kind = TCPOPT_MULTIPATH; 395 fastclose_opt.mfast_len = sizeof (struct mptcp_fastclose_opt); 396 fastclose_opt.mfast_subtype = MPO_FASTCLOSE; 397 MPT_LOCK_SPIN(mp_tp); 398 fastclose_opt.mfast_key = mptcp_get_remotekey(mp_tp); 399 MPT_UNLOCK(mp_tp); 400 memcpy(opt + optlen, &fastclose_opt, fastclose_opt.mfast_len); 401 optlen += fastclose_opt.mfast_len; 402 403 return (optlen); 404} 405 406unsigned int 407mptcp_setup_opts(struct tcpcb *tp, int32_t off, u_char *opt, 408 unsigned int optlen, int flags, int datalen, 409 unsigned int **dss_lenp, u_int8_t **finp, u_int64_t *dss_valp, 410 u_int32_t **sseqp) 411{ 412 struct inpcb *inp = (struct inpcb *)tp->t_inpcb; 413 struct socket *so = inp->inp_socket; 414 struct mptcb *mp_tp = tptomptp(tp); 415 boolean_t do_csum = FALSE; 416 boolean_t send_64bit_dsn = FALSE; 417 boolean_t send_64bit_ack = FALSE; 418 419 if (mptcp_enable == 0) { 420 /* do nothing */ 421 return (optlen); 422 } 423 424 if (mp_tp == NULL) { 425 return (optlen); 426 } 427 428 if (mp_tp->mpt_flags & MPTCPF_CHECKSUM) 429 do_csum = TRUE; 430 431 /* tcp_output handles the SYN path separately */ 432 if (flags & TH_SYN) 433 return (optlen); 434 435 if ((MAX_TCPOPTLEN - optlen) < 436 sizeof (struct mptcp_mpcapable_opt_common)) { 437 if (mptcp_dbg >= MP_ERR_DEBUG) { 438 printf("MPTCP ERROR %s: no space left %d flags %x " 439 "tp->t_mpflags %x" 440 "len %d\n", __func__, optlen, flags, tp->t_mpflags, 441 datalen); 442 } 443 return (optlen); 444 } 445 446 if (tp->t_mpflags & TMPF_FASTCLOSE) { 447 optlen = mptcp_send_fastclose(tp, opt, optlen, flags); 448 VERIFY(datalen == 0); 449 return (optlen); 450 } 451 452 if (tp->t_mpflags & TMPF_TCP_FALLBACK) { 453 if (tp->t_mpflags & TMPF_SND_MPFAIL) 454 optlen = mptcp_send_mpfail(tp, opt, optlen); 455 else if (!(tp->t_mpflags & TMPF_INFIN_SENT)) 456 optlen = mptcp_send_infinite_mapping(tp, opt, optlen); 457 return (optlen); 458 } 459 460 if (tp->t_mpflags & TMPF_SND_MPPRIO) { 461 optlen = mptcp_snd_mpprio(tp, opt, optlen); 462 return (optlen); 463 } 464 465 if ((tp->t_mpflags & TMPF_PREESTABLISHED) && 466 (!(tp->t_mpflags & TMPF_SENT_KEYS)) && 467 (!(tp->t_mpflags & TMPF_JOINED_FLOW))) { 468 struct mptcp_mpcapable_opt_rsp1 mptcp_opt; 469 if ((MAX_TCPOPTLEN - optlen) < 470 sizeof (struct mptcp_mpcapable_opt_rsp1)) 471 return (optlen); 472 bzero(&mptcp_opt, sizeof (struct mptcp_mpcapable_opt_rsp1)); 473 mptcp_opt.mmc_common.mmco_kind = TCPOPT_MULTIPATH; 474 mptcp_opt.mmc_common.mmco_len = 475 sizeof (struct mptcp_mpcapable_opt_rsp1); 476 mptcp_opt.mmc_common.mmco_subtype = MPO_CAPABLE; 477 mptcp_opt.mmc_common.mmco_version = MP_DRAFT_VERSION_12; 478 /* HMAC-SHA1 is the proposal */ 479 mptcp_opt.mmc_common.mmco_flags |= MPCAP_PROPOSAL_SBIT; 480 MPT_LOCK(mp_tp); 481 if (mp_tp->mpt_flags & MPTCPF_CHECKSUM) 482 mptcp_opt.mmc_common.mmco_flags |= MPCAP_CHECKSUM_CBIT; 483 mptcp_opt.mmc_localkey = mptcp_get_localkey(mp_tp); 484 mptcp_opt.mmc_remotekey = mptcp_get_remotekey(mp_tp); 485 MPT_UNLOCK(mp_tp); 486 memcpy(opt + optlen, &mptcp_opt, mptcp_opt.mmc_common.mmco_len); 487 optlen += mptcp_opt.mmc_common.mmco_len; 488 tp->t_mpflags |= TMPF_SENT_KEYS; 489 so->so_flags |= SOF_MPTCP_TRUE; 490 tp->t_mpflags &= ~TMPF_PREESTABLISHED; 491 tp->t_mpflags |= TMPF_MPTCP_TRUE; 492 493 if (!tp->t_mpuna) { 494 tp->t_mpuna = tp->snd_una; 495 } else { 496 /* its a retransmission of the MP_CAPABLE ACK */ 497 } 498 if (mptcp_dbg >= MP_ERR_DEBUG) { 499 printf("MPTCP SUCCESS %s: established.\n", __func__); 500 } 501 return (optlen); 502 } else if (tp->t_mpflags & TMPF_MPTCP_TRUE) { 503 if (tp->t_mpflags & TMPF_SND_REM_ADDR) { 504 int rem_opt_len = sizeof (struct mptcp_remaddr_opt); 505 if ((optlen + rem_opt_len) <= MAX_TCPOPTLEN) { 506 mptcp_send_remaddr_opt(tp, 507 (struct mptcp_remaddr_opt *)(opt + optlen)); 508 optlen += rem_opt_len; 509 return (optlen); 510 } else { 511 tp->t_mpflags &= ~TMPF_SND_REM_ADDR; 512 } 513 } 514 } 515 516 if ((tp->t_mpflags & TMPF_JOINED_FLOW) && 517 (tp->t_mpflags & TMPF_PREESTABLISHED) && 518 (!(tp->t_mpflags & TMPF_RECVD_JOIN)) && 519 (tp->t_mpflags & TMPF_SENT_JOIN) && 520 (!(tp->t_mpflags & TMPF_MPTCP_TRUE))) { 521 /* Do the ACK part */ 522 optlen = mptcp_setup_join_ack_opts(tp, opt, optlen); 523 if (!tp->t_mpuna) { 524 tp->t_mpuna = tp->snd_una; 525 } 526 /* Start a timer to retransmit the ACK */ 527 tp->t_timer[TCPT_JACK_RXMT] = 528 OFFSET_FROM_START(tp, tcp_jack_rxmt); 529 return (optlen); 530 } 531 532 if (!(tp->t_mpflags & TMPF_MPTCP_TRUE)) 533 return (optlen); 534 535 /* From here on, all options are sent only if MPTCP_TRUE */ 536 537 MPT_LOCK(mp_tp); 538 if (mp_tp->mpt_flags & MPTCPF_SND_64BITDSN) { 539 send_64bit_dsn = TRUE; 540 } 541 if (mp_tp->mpt_flags & MPTCPF_SND_64BITACK) { 542 send_64bit_ack = TRUE; 543 } 544 MPT_UNLOCK(mp_tp); 545 546#define CHECK_OPTLEN { \ 547 if ((MAX_TCPOPTLEN - optlen) < len) { \ 548 if (mptcp_dbg >= MP_ERR_DEBUG) { \ 549 printf("MPTCP ERROR %s: len %d optlen %d \n", \ 550 __func__, \ 551 len, optlen); \ 552 } \ 553 return (optlen); \ 554 } \ 555} 556 557#define DO_FIN(dsn_opt) { \ 558 int sndfin = 0; \ 559 sndfin = mptcp_ok_to_fin(tp, dsn_opt.mdss_dsn, datalen); \ 560 if (sndfin) { \ 561 dsn_opt.mdss_copt.mdss_flags |= MDSS_F; \ 562 *finp = opt + optlen + offsetof(struct mptcp_dss_copt, \ 563 mdss_flags); \ 564 dsn_opt.mdss_data_len += 1; \ 565 } \ 566} 567 568#define CHECK_DATALEN { \ 569 /* MPTCP socket does not support IP options */ \ 570 if ((datalen + optlen + len) > tp->t_maxopd) { \ 571 if (mptcp_dbg >= MP_VERBOSE_DEBUG_2) \ 572 printf("%s: nosp %d len %d opt %d %d %d\n", \ 573 __func__, datalen, len, optlen, \ 574 tp->t_maxseg, tp->t_maxopd); \ 575 /* remove option length from payload len */ \ 576 datalen = tp->t_maxopd - optlen - len; \ 577 } \ 578} 579 580 if ((tp->t_mpflags & TMPF_SEND_DSN) && 581 (send_64bit_dsn)) { 582 /* 583 * If there was the need to send 64-bit Data ACK along 584 * with 64-bit DSN, then 26 or 28 bytes would be used. 585 * With timestamps and NOOP padding that will cause 586 * overflow. Hence, in the rare event that both 64-bit 587 * DSN and 64-bit ACK have to be sent, delay the send of 588 * 64-bit ACK until our 64-bit DSN is acked with a 64-bit ack. 589 * XXX If this delay causes issue, remove the 2-byte padding. 590 */ 591 struct mptcp_dss64_ack32_opt dsn_ack_opt; 592 unsigned int len = sizeof (dsn_ack_opt); 593 594 if (do_csum) { 595 len += 2; 596 } 597 598 CHECK_OPTLEN; 599 600 bzero(&dsn_ack_opt, sizeof (dsn_ack_opt)); 601 dsn_ack_opt.mdss_copt.mdss_kind = TCPOPT_MULTIPATH; 602 dsn_ack_opt.mdss_copt.mdss_subtype = MPO_DSS; 603 dsn_ack_opt.mdss_copt.mdss_len = len; 604 dsn_ack_opt.mdss_copt.mdss_flags |= 605 MDSS_M | MDSS_m | MDSS_A; 606 607 CHECK_DATALEN; 608 609 mptcp_output_getm_dsnmap64(so, off, (u_int32_t)datalen, 610 &dsn_ack_opt.mdss_dsn, 611 &dsn_ack_opt.mdss_subflow_seqn, 612 &dsn_ack_opt.mdss_data_len); 613 614 *dss_valp = dsn_ack_opt.mdss_dsn; 615 616 if ((dsn_ack_opt.mdss_data_len == 0) || 617 (dsn_ack_opt.mdss_dsn == 0)) { 618 return (optlen); 619 } 620 621 if (tp->t_mpflags & TMPF_SEND_DFIN) { 622 DO_FIN(dsn_ack_opt); 623 } 624 625 MPT_LOCK(mp_tp); 626 dsn_ack_opt.mdss_ack = 627 htonl(MPTCP_DATAACK_LOW32(mp_tp->mpt_rcvnxt)); 628 MPT_UNLOCK(mp_tp); 629 630 dsn_ack_opt.mdss_dsn = mptcp_hton64(dsn_ack_opt.mdss_dsn); 631 dsn_ack_opt.mdss_subflow_seqn = htonl( 632 dsn_ack_opt.mdss_subflow_seqn); 633 dsn_ack_opt.mdss_data_len = htons( 634 dsn_ack_opt.mdss_data_len); 635 *dss_lenp = (unsigned int *)(void *)(opt + optlen + 636 offsetof(struct mptcp_dss64_ack32_opt, mdss_data_len)); 637 638 memcpy(opt + optlen, &dsn_ack_opt, sizeof (dsn_ack_opt)); 639 640 if (do_csum) { 641 *sseqp = (u_int32_t *)(void *)(opt + optlen + 642 offsetof(struct mptcp_dss64_ack32_opt, 643 mdss_subflow_seqn)); 644 } 645 optlen += len; 646 if (mptcp_dbg == MP_VERBOSE_DEBUG_2) { 647 printf("%s: long DSS = %llx ACK = %llx \n", 648 __func__, 649 mptcp_ntoh64(dsn_ack_opt.mdss_dsn), 650 mptcp_ntoh64(dsn_ack_opt.mdss_ack)); 651 } 652 tp->t_mpflags &= ~TMPF_MPTCP_ACKNOW; 653 return (optlen); 654 } 655 656 if ((tp->t_mpflags & TMPF_SEND_DSN) && 657 (!send_64bit_dsn) && 658 !(tp->t_mpflags & TMPF_MPTCP_ACKNOW)) { 659 struct mptcp_dsn_opt dsn_opt; 660 unsigned int len = sizeof (struct mptcp_dsn_opt); 661 662 if (do_csum) { 663 len += 2; 664 } 665 666 CHECK_OPTLEN; 667 668 bzero(&dsn_opt, sizeof (dsn_opt)); 669 dsn_opt.mdss_copt.mdss_kind = TCPOPT_MULTIPATH; 670 dsn_opt.mdss_copt.mdss_subtype = MPO_DSS; 671 dsn_opt.mdss_copt.mdss_len = len; 672 dsn_opt.mdss_copt.mdss_flags |= MDSS_M; 673 674 CHECK_DATALEN; 675 676 mptcp_output_getm_dsnmap32(so, off, (u_int32_t)datalen, 677 &dsn_opt.mdss_dsn, 678 &dsn_opt.mdss_subflow_seqn, &dsn_opt.mdss_data_len, 679 dss_valp); 680 681 if ((dsn_opt.mdss_data_len == 0) || 682 (dsn_opt.mdss_dsn == 0)) { 683 return (optlen); 684 } 685 686 if (tp->t_mpflags & TMPF_SEND_DFIN) { 687 DO_FIN(dsn_opt); 688 } 689 690 dsn_opt.mdss_dsn = htonl(dsn_opt.mdss_dsn); 691 dsn_opt.mdss_subflow_seqn = htonl(dsn_opt.mdss_subflow_seqn); 692 dsn_opt.mdss_data_len = htons(dsn_opt.mdss_data_len); 693 *dss_lenp = (unsigned int *)(void *)(opt + optlen + 694 offsetof(struct mptcp_dsn_opt, mdss_data_len)); 695 memcpy(opt + optlen, &dsn_opt, sizeof (dsn_opt)); 696 if (do_csum) { 697 *sseqp = (u_int32_t *)(void *)(opt + optlen + 698 offsetof(struct mptcp_dsn_opt, mdss_subflow_seqn)); 699 } 700 optlen += len; 701 if (mptcp_dbg == MP_VERBOSE_DEBUG_2) { 702 printf("%s: DSS option. dsn = %x, seq = %x len = %x\n", 703 __func__, 704 ntohl(dsn_opt.mdss_dsn), 705 ntohl(dsn_opt.mdss_subflow_seqn), 706 ntohs(dsn_opt.mdss_data_len)); 707 } 708 tp->t_mpflags &= ~TMPF_MPTCP_ACKNOW; 709 return (optlen); 710 } 711 712 /* 32-bit Data ACK option */ 713 if ((tp->t_mpflags & TMPF_MPTCP_ACKNOW) && 714 (!send_64bit_ack) && 715 !(tp->t_mpflags & TMPF_SEND_DSN) && 716 !(tp->t_mpflags & TMPF_SEND_DFIN)) { 717 718 struct mptcp_data_ack_opt dack_opt; 719 unsigned int len = 0; 720do_ack32_only: 721 len = sizeof (dack_opt); 722 723 CHECK_OPTLEN; 724 725 bzero(&dack_opt, len); 726 dack_opt.mdss_copt.mdss_kind = TCPOPT_MULTIPATH; 727 dack_opt.mdss_copt.mdss_len = len; 728 dack_opt.mdss_copt.mdss_subtype = MPO_DSS; 729 dack_opt.mdss_copt.mdss_flags |= MDSS_A; 730 MPT_LOCK_SPIN(mp_tp); 731 dack_opt.mdss_ack = 732 htonl(MPTCP_DATAACK_LOW32(mp_tp->mpt_rcvnxt)); 733 MPT_UNLOCK(mp_tp); 734 memcpy(opt + optlen, &dack_opt, len); 735 optlen += len; 736 VERIFY(optlen <= MAX_TCPOPTLEN); 737 tp->t_mpflags &= ~TMPF_MPTCP_ACKNOW; 738 return (optlen); 739 } 740 741 /* 64-bit Data ACK option */ 742 if ((tp->t_mpflags & TMPF_MPTCP_ACKNOW) && 743 (send_64bit_ack) && 744 !(tp->t_mpflags & TMPF_SEND_DSN) && 745 !(tp->t_mpflags & TMPF_SEND_DFIN)) { 746 struct mptcp_data_ack64_opt dack_opt; 747 unsigned int len = 0; 748do_ack64_only: 749 len = sizeof (dack_opt); 750 751 CHECK_OPTLEN; 752 753 bzero(&dack_opt, len); 754 dack_opt.mdss_copt.mdss_kind = TCPOPT_MULTIPATH; 755 dack_opt.mdss_copt.mdss_len = len; 756 dack_opt.mdss_copt.mdss_subtype = MPO_DSS; 757 dack_opt.mdss_copt.mdss_flags |= (MDSS_A | MDSS_a); 758 MPT_LOCK_SPIN(mp_tp); 759 dack_opt.mdss_ack = mptcp_hton64(mp_tp->mpt_rcvnxt); 760 /* 761 * The other end should retransmit 64-bit DSN until it 762 * receives a 64-bit ACK. 763 */ 764 mp_tp->mpt_flags &= ~MPTCPF_SND_64BITACK; 765 MPT_UNLOCK(mp_tp); 766 memcpy(opt + optlen, &dack_opt, len); 767 optlen += len; 768 VERIFY(optlen <= MAX_TCPOPTLEN); 769 tp->t_mpflags &= ~TMPF_MPTCP_ACKNOW; 770 return (optlen); 771 } 772 773 /* 32-bit DSS+Data ACK option */ 774 if ((tp->t_mpflags & TMPF_SEND_DSN) && 775 (!send_64bit_dsn) && 776 (!send_64bit_ack) && 777 (tp->t_mpflags & TMPF_MPTCP_ACKNOW)) { 778 struct mptcp_dss_ack_opt dss_ack_opt; 779 unsigned int len = sizeof (dss_ack_opt); 780 781 if (do_csum) 782 len += 2; 783 784 CHECK_OPTLEN; 785 786 bzero(&dss_ack_opt, sizeof (dss_ack_opt)); 787 dss_ack_opt.mdss_copt.mdss_kind = TCPOPT_MULTIPATH; 788 dss_ack_opt.mdss_copt.mdss_len = len; 789 dss_ack_opt.mdss_copt.mdss_subtype = MPO_DSS; 790 dss_ack_opt.mdss_copt.mdss_flags |= MDSS_A | MDSS_M; 791 MPT_LOCK_SPIN(mp_tp); 792 dss_ack_opt.mdss_ack = 793 htonl(MPTCP_DATAACK_LOW32(mp_tp->mpt_rcvnxt)); 794 MPT_UNLOCK(mp_tp); 795 796 CHECK_DATALEN; 797 798 mptcp_output_getm_dsnmap32(so, off, (u_int32_t)datalen, 799 &dss_ack_opt.mdss_dsn, 800 &dss_ack_opt.mdss_subflow_seqn, 801 &dss_ack_opt.mdss_data_len, 802 dss_valp); 803 804 if ((dss_ack_opt.mdss_data_len == 0) || 805 (dss_ack_opt.mdss_dsn == 0)) { 806 goto do_ack32_only; 807 } 808 809 if (tp->t_mpflags & TMPF_SEND_DFIN) { 810 DO_FIN(dss_ack_opt); 811 } 812 813 dss_ack_opt.mdss_dsn = htonl(dss_ack_opt.mdss_dsn); 814 dss_ack_opt.mdss_subflow_seqn = 815 htonl(dss_ack_opt.mdss_subflow_seqn); 816 dss_ack_opt.mdss_data_len = htons(dss_ack_opt.mdss_data_len); 817 *dss_lenp = (unsigned int *)(void *)(opt + optlen + 818 offsetof(struct mptcp_dss_ack_opt, mdss_data_len)); 819 memcpy(opt + optlen, &dss_ack_opt, sizeof (dss_ack_opt)); 820 if (do_csum) { 821 *sseqp = (u_int32_t *)(void *)(opt + optlen + 822 offsetof(struct mptcp_dss_ack_opt, 823 mdss_subflow_seqn)); 824 } 825 826 optlen += len; 827 828 if (optlen > MAX_TCPOPTLEN) 829 panic("optlen too large"); 830 tp->t_mpflags &= ~TMPF_MPTCP_ACKNOW; 831 return (optlen); 832 } 833 834 /* 32-bit DSS + 64-bit DACK option */ 835 if ((tp->t_mpflags & TMPF_SEND_DSN) && 836 (!send_64bit_dsn) && 837 (send_64bit_ack) && 838 (tp->t_mpflags & TMPF_MPTCP_ACKNOW)) { 839 struct mptcp_dss32_ack64_opt dss_ack_opt; 840 unsigned int len = sizeof (dss_ack_opt); 841 842 if (do_csum) 843 len += 2; 844 845 CHECK_OPTLEN; 846 847 bzero(&dss_ack_opt, sizeof (dss_ack_opt)); 848 dss_ack_opt.mdss_copt.mdss_kind = TCPOPT_MULTIPATH; 849 dss_ack_opt.mdss_copt.mdss_len = len; 850 dss_ack_opt.mdss_copt.mdss_subtype = MPO_DSS; 851 dss_ack_opt.mdss_copt.mdss_flags |= MDSS_M | MDSS_A | MDSS_a; 852 MPT_LOCK_SPIN(mp_tp); 853 dss_ack_opt.mdss_ack = 854 mptcp_hton64(mp_tp->mpt_rcvnxt); 855 MPT_UNLOCK(mp_tp); 856 857 CHECK_DATALEN; 858 859 mptcp_output_getm_dsnmap32(so, off, (u_int32_t)datalen, 860 &dss_ack_opt.mdss_dsn, &dss_ack_opt.mdss_subflow_seqn, 861 &dss_ack_opt.mdss_data_len, dss_valp); 862 863 if ((dss_ack_opt.mdss_data_len == 0) || 864 (dss_ack_opt.mdss_dsn == 0)) { 865 goto do_ack64_only; 866 } 867 868 if (tp->t_mpflags & TMPF_SEND_DFIN) { 869 DO_FIN(dss_ack_opt); 870 } 871 872 dss_ack_opt.mdss_dsn = htonl(dss_ack_opt.mdss_dsn); 873 dss_ack_opt.mdss_subflow_seqn = 874 htonl(dss_ack_opt.mdss_subflow_seqn); 875 dss_ack_opt.mdss_data_len = htons(dss_ack_opt.mdss_data_len); 876 *dss_lenp = (unsigned int *)(void *)(opt + optlen + 877 offsetof(struct mptcp_dss32_ack64_opt, mdss_data_len)); 878 memcpy(opt + optlen, &dss_ack_opt, sizeof (dss_ack_opt)); 879 if (do_csum) { 880 *sseqp = (u_int32_t *)(void *)(opt + optlen + 881 offsetof(struct mptcp_dss32_ack64_opt, 882 mdss_subflow_seqn)); 883 } 884 885 optlen += len; 886 887 if (optlen > MAX_TCPOPTLEN) 888 panic("optlen too large"); 889 tp->t_mpflags &= ~TMPF_MPTCP_ACKNOW; 890 return (optlen); 891 } 892 893 if (tp->t_mpflags & TMPF_SEND_DFIN) { 894 struct mptcp_dss_ack_opt dss_ack_opt; 895 unsigned int len = sizeof (struct mptcp_dss_ack_opt); 896 897 if (do_csum) 898 len += 2; 899 900 CHECK_OPTLEN; 901 902 bzero(&dss_ack_opt, sizeof (dss_ack_opt)); 903 904 MPT_LOCK(mp_tp); 905 /* Data FIN occupies one sequence space */ 906 if ((mp_tp->mpt_sndnxt + 1) != mp_tp->mpt_sndmax) { 907 MPT_UNLOCK(mp_tp); 908 if (mptcp_dbg == MP_VERBOSE_DEBUG_2) 909 printf("%s: Fin state %d %llu %llu\n", __func__, 910 mp_tp->mpt_state, mp_tp->mpt_sndnxt, 911 mp_tp->mpt_sndmax); 912 return (optlen); 913 } 914 915 dss_ack_opt.mdss_copt.mdss_kind = TCPOPT_MULTIPATH; 916 dss_ack_opt.mdss_copt.mdss_len = len; 917 dss_ack_opt.mdss_copt.mdss_subtype = MPO_DSS; 918 dss_ack_opt.mdss_copt.mdss_flags |= MDSS_A | MDSS_M | MDSS_F; 919 dss_ack_opt.mdss_ack = 920 htonl(MPTCP_DATAACK_LOW32(mp_tp->mpt_rcvnxt)); 921 dss_ack_opt.mdss_dsn = 922 htonl(MPTCP_DATASEQ_LOW32(mp_tp->mpt_sndnxt)); 923 MPT_UNLOCK(mp_tp); 924 dss_ack_opt.mdss_subflow_seqn = 0; 925 dss_ack_opt.mdss_data_len = 1; 926 dss_ack_opt.mdss_data_len = htons(dss_ack_opt.mdss_data_len); 927 memcpy(opt + optlen, &dss_ack_opt, sizeof (dss_ack_opt)); 928 if (do_csum) { 929 *dss_valp = mp_tp->mpt_sndnxt; 930 *sseqp = (u_int32_t *)(void *)(opt + optlen + 931 offsetof(struct mptcp_dss_ack_opt, 932 mdss_subflow_seqn)); 933 } 934 optlen += len; 935 } 936 937 return (optlen); 938} 939 940/* 941 * MPTCP Options Input Processing 942 */ 943 944 945static int 946mptcp_valid_mpcapable_common_opt(u_char *cp, u_int32_t mptcp_version) 947{ 948 struct mptcp_mpcapable_opt_common *rsp = 949 (struct mptcp_mpcapable_opt_common *)cp; 950 951 /* mmco_kind, mmco_len and mmco_subtype are validated before */ 952 953 /* In future, there can be more than one version supported */ 954 if (rsp->mmco_version != mptcp_version) 955 return (0); 956 957 if (!(rsp->mmco_flags & MPCAP_PROPOSAL_SBIT)) 958 return (0); 959 960 if (rsp->mmco_flags & (MPCAP_BBIT | MPCAP_CBIT | MPCAP_DBIT | 961 MPCAP_EBIT | MPCAP_FBIT | MPCAP_GBIT)) 962 return (0); 963 964 return (1); 965} 966 967 968static void 969mptcp_do_mpcapable_opt(struct tcpcb *tp, u_char *cp, struct tcphdr *th, 970 int optlen) 971{ 972 struct mptcp_mpcapable_opt_rsp1 *rsp1 = NULL; 973 struct mptcp_mpcapable_opt_rsp *rsp = NULL; 974 struct mptcb *mp_tp = tptomptp(tp); 975 976#define MPTCP_OPT_ERROR_PATH(tp) { \ 977 tp->t_mpflags |= TMPF_RESET; \ 978 tcpstat.tcps_invalid_mpcap++; \ 979 if (tp->t_inpcb->inp_socket != NULL) { \ 980 soevent(tp->t_inpcb->inp_socket, \ 981 SO_FILT_HINT_LOCKED | SO_FILT_HINT_MUSTRST); \ 982 } \ 983} 984 985 if (mp_tp == NULL) { 986 if (mptcp_dbg == MP_ERR_DEBUG) 987 printf("MPTCP ERROR %s: NULL mpsocket \n", __func__); 988 tcpstat.tcps_invalid_mpcap++; 989 return; 990 } 991 992 /* Validate the kind, len, flags */ 993 if (mptcp_valid_mpcapable_common_opt(cp, mp_tp->mpt_version) != 1) { 994 tcpstat.tcps_invalid_mpcap++; 995 return; 996 } 997 998 /* A SYN contains only the MP_CAPABLE option */ 999 if ((th->th_flags & (TH_SYN | TH_ACK)) == TH_SYN) { 1000 /* XXX passive side not supported yet */ 1001 return; 1002 } else if ((th->th_flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK)) { 1003 1004 /* A SYN/ACK contains peer's key and flags */ 1005 if (optlen != sizeof (struct mptcp_mpcapable_opt_rsp)) { 1006 /* complain */ 1007 if (mptcp_dbg == MP_ERR_DEBUG) { 1008 printf("%s: SYN_ACK optlen = %d, sizeof mp opt \ 1009 = %lu \n", __func__, optlen, 1010 sizeof (struct mptcp_mpcapable_opt_rsp)); 1011 } 1012 tcpstat.tcps_invalid_mpcap++; 1013 return; 1014 } 1015 1016 /* 1017 * If checksum flag is set, enable MPTCP checksum, even if 1018 * it was not negotiated on the first SYN. 1019 */ 1020 if (((struct mptcp_mpcapable_opt_common *)cp)->mmco_flags & 1021 MPCAP_CHECKSUM_CBIT) 1022 mp_tp->mpt_flags |= MPTCPF_CHECKSUM; 1023 1024 rsp = (struct mptcp_mpcapable_opt_rsp *)cp; 1025 MPT_LOCK_SPIN(mp_tp); 1026 mp_tp->mpt_remotekey = rsp->mmc_localkey; 1027 MPT_UNLOCK(mp_tp); 1028 tp->t_mpflags |= TMPF_PREESTABLISHED; 1029 1030 if (mptcp_dbg > MP_VERBOSE_DEBUG_1) { 1031 printf("SYN_ACK pre established, optlen = %d, tp \ 1032 state = %d sport = %x dport = %x key = %llx \n", 1033 optlen, tp->t_state, th->th_sport, th->th_dport, 1034 mp_tp->mpt_remotekey); 1035 } 1036 1037 } else if ((th->th_flags & TH_ACK) && 1038 (tp->t_mpflags & TMPF_PREESTABLISHED)) { 1039 1040 /* 1041 * Verify checksum flag is set, if we initially negotiated 1042 * checksum. 1043 */ 1044 if ((mp_tp->mpt_flags & MPTCPF_CHECKSUM) && 1045 !(((struct mptcp_mpcapable_opt_common *)cp)->mmco_flags & 1046 MPCAP_CHECKSUM_CBIT)) { 1047 if (mptcp_dbg == MP_ERR_DEBUG) { 1048 printf("%s: checksum negotiation failure \n", 1049 __func__); 1050 } 1051 MPTCP_OPT_ERROR_PATH(tp); 1052 return; 1053 } 1054 1055 if (!(mp_tp->mpt_flags & MPTCPF_CHECKSUM) && 1056 (((struct mptcp_mpcapable_opt_common *)cp)->mmco_flags & 1057 MPCAP_CHECKSUM_CBIT)) { 1058 if (mptcp_dbg == MP_ERR_DEBUG) { 1059 printf("%s: checksum negotiation failure 2.\n", 1060 __func__); 1061 } 1062 MPTCP_OPT_ERROR_PATH(tp); 1063 return; 1064 } 1065 1066 /* 1067 * The ACK of a three way handshake contains peer's key and 1068 * flags. 1069 */ 1070 if (optlen != sizeof (struct mptcp_mpcapable_opt_rsp1)) { 1071 /* complain */ 1072 if (mptcp_dbg == MP_ERR_DEBUG) { 1073 printf("%s: ACK optlen = %d , sizeof mp option \ 1074 = %lu, state = %d \n", 1075 __func__, 1076 optlen, 1077 sizeof (struct mptcp_mpcapable_opt_rsp1), 1078 tp->t_state); 1079 } 1080 MPTCP_OPT_ERROR_PATH(tp); 1081 return; 1082 } 1083 1084 rsp1 = (struct mptcp_mpcapable_opt_rsp1 *)cp; 1085 /* Skipping MPT_LOCK for invariant key */ 1086 if (rsp1->mmc_remotekey != *mp_tp->mpt_localkey) { 1087 if (mptcp_dbg == MP_ERR_DEBUG) { 1088 printf("MPTCP ERROR %s: key mismatch locally " 1089 "stored key. rsp = %llx local = %llx \n", 1090 __func__, rsp1->mmc_remotekey, 1091 *mp_tp->mpt_localkey); 1092 } 1093 tp->t_mpflags &= ~TMPF_PREESTABLISHED; 1094 MPTCP_OPT_ERROR_PATH(tp); 1095 return; 1096 } else { 1097 /* We received both keys. Almost an MPTCP connection */ 1098 /* Skipping MPT_LOCK for invariant key */ 1099 if (mp_tp->mpt_remotekey != rsp1->mmc_localkey) { 1100 if (mptcp_dbg == MP_ERR_DEBUG) { 1101 printf("MPTCP ERROR %s: keys don't" 1102 " match\n", __func__); 1103 } 1104 tp->t_mpflags &= ~TMPF_PREESTABLISHED; 1105 MPTCP_OPT_ERROR_PATH(tp); 1106 return; 1107 } 1108 tp->t_mpflags &= ~TMPF_PREESTABLISHED; 1109 tp->t_mpflags |= TMPF_MPTCP_RCVD_KEY; 1110 tp->t_mpflags |= TMPF_MPTCP_TRUE; 1111 tp->t_inpcb->inp_socket->so_flags |= SOF_MPTCP_TRUE; 1112 MPT_LOCK(mp_tp); 1113 DTRACE_MPTCP2(state__change, struct mptcb *, mp_tp, 1114 uint32_t, 0 /* event */); 1115 mp_tp->mpt_state = MPTCPS_ESTABLISHED; 1116 MPT_UNLOCK(mp_tp); 1117 if (mptcp_dbg >= MP_VERBOSE_DEBUG_2) { 1118 printf("MPTCP SUCCESS %s: rem key = %llx local \ 1119 key = %llx \n", 1120 __func__, mp_tp->mpt_remotekey, 1121 *mp_tp->mpt_localkey); 1122 } 1123 } 1124 if (tp->t_mpuna) { 1125 tp->t_mpuna = 0; 1126 } 1127 } 1128} 1129 1130 1131static void 1132mptcp_do_mpjoin_opt(struct tcpcb *tp, u_char *cp, struct tcphdr *th, int optlen) 1133{ 1134#define MPTCP_JOPT_ERROR_PATH(tp) { \ 1135 tp->t_mpflags |= TMPF_RESET; \ 1136 tcpstat.tcps_invalid_joins++; \ 1137 if (tp->t_inpcb->inp_socket != NULL) { \ 1138 soevent(tp->t_inpcb->inp_socket, \ 1139 SO_FILT_HINT_LOCKED | SO_FILT_HINT_MUSTRST); \ 1140 } \ 1141} 1142 int error = 0; 1143 struct mptcb *mp_tp = tptomptp(tp); 1144 1145 if ((th->th_flags & (TH_SYN | TH_ACK)) == TH_SYN) { 1146 /* We won't accept join requests as an active opener */ 1147 if (tp->t_inpcb->inp_socket->so_flags & SOF_MPTCP_CLIENT) { 1148 MPTCP_JOPT_ERROR_PATH(tp); 1149 return; 1150 } 1151 1152 if (optlen != sizeof (struct mptcp_mpjoin_opt_req)) { 1153 if (mptcp_dbg == MP_ERR_DEBUG) { 1154 printf("SYN: unexpected optlen = %d, mp option" 1155 "= %lu\n", 1156 optlen, 1157 sizeof (struct mptcp_mpjoin_opt_req)); 1158 } 1159 /* send RST and close */ 1160 MPTCP_JOPT_ERROR_PATH(tp); 1161 return; 1162 } 1163 /* not supported yet */ 1164 return; 1165#ifdef MPTCP_NOTYET 1166 struct mptcp_mpjoin_opt_req *join_req = 1167 (struct mptcp_mpjoin_opt_req *)cp; 1168 mp_so = mptcp_find_mpso(join_req->mmjo_peer_token); 1169 if (!mp_so) { 1170 if (mptcp_dbg >= MP_ERR_DEBUG) 1171 printf("%s: cannot find mp_so token = %x\n", 1172 __func__, join_req->mmjo_peer_token); 1173 /* send RST */ 1174 MPTCP_JOPT_ERROR_PATH(tp); 1175 return; 1176 } 1177 if (tp->t_mpflags & TMPF_PREESTABLISHED) { 1178 return; 1179 } 1180 mp_so->ms_remote_addr_id = join_req->mmjo_addr_id; 1181 mp_so->ms_remote_rand = join_req->mmjo_rand; 1182 tp->t_mpflags |= TMPF_PREESTABLISHED | TMPF_JOINED_FLOW; 1183 tp->t_mpflags |= TMPF_RECVD_JOIN; 1184 tp->t_inpcb->inp_socket->so_flags |= SOF_MP_SEC_SUBFLOW; 1185 if (join_req->mmjo_subtype & MPTCP_BACKUP) { 1186 tp->t_mpflags |= TMPF_BACKUP_PATH; 1187 } 1188#endif 1189 } else if ((th->th_flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK)) { 1190 struct mptcp_mpjoin_opt_rsp *join_rsp = 1191 (struct mptcp_mpjoin_opt_rsp *)cp; 1192 1193 if (optlen != sizeof (struct mptcp_mpjoin_opt_rsp)) { 1194 if (mptcp_dbg >= MP_ERR_DEBUG) { 1195 printf("SYN_ACK: unexpected optlen = %d mp " 1196 "option = %lu\n", optlen, 1197 sizeof (struct mptcp_mpjoin_opt_rsp)); 1198 } 1199 tp->t_mpflags &= ~TMPF_PREESTABLISHED; 1200 /* send RST and close */ 1201 MPTCP_JOPT_ERROR_PATH(tp); 1202 return; 1203 } 1204 1205 if (mp_tp == NULL) { 1206 if (mptcp_dbg >= MP_ERR_DEBUG) 1207 printf("%s: cannot find mp_tp in SYN_ACK\n", 1208 __func__); 1209 tp->t_mpflags &= ~TMPF_PREESTABLISHED; 1210 /* send RST and close */ 1211 MPTCP_JOPT_ERROR_PATH(tp); 1212 return; 1213 } 1214 1215 mptcp_set_raddr_rand(tp->t_local_aid, 1216 tptomptp(tp), 1217 join_rsp->mmjo_addr_id, join_rsp->mmjo_rand); 1218 error = mptcp_validate_join_hmac(tp, 1219 (u_char*)&join_rsp->mmjo_mac, SHA1_TRUNCATED); 1220 if (error) { 1221 if (mptcp_dbg >= MP_ERR_DEBUG) { 1222 printf("%s: SYN_ACK error = %d \n", __func__, 1223 error); 1224 } 1225 tp->t_mpflags &= ~TMPF_PREESTABLISHED; 1226 /* send RST and close */ 1227 MPTCP_JOPT_ERROR_PATH(tp); 1228 return; 1229 } 1230 tp->t_mpflags |= TMPF_SENT_JOIN; 1231 } else if ((th->th_flags & TH_ACK) && 1232 (tp->t_mpflags & TMPF_PREESTABLISHED)) { 1233 struct mptcp_mpjoin_opt_rsp2 *join_rsp2 = 1234 (struct mptcp_mpjoin_opt_rsp2 *)cp; 1235 1236 if (optlen != sizeof (struct mptcp_mpjoin_opt_rsp2)) { 1237 if (mptcp_dbg >= MP_ERR_DEBUG) { 1238 printf("ACK: unexpected optlen = %d mp option " 1239 "= %lu \n", optlen, 1240 sizeof (struct mptcp_mpjoin_opt_rsp2)); 1241 } 1242 tp->t_mpflags &= ~TMPF_PREESTABLISHED; 1243 /* send RST and close */ 1244 MPTCP_JOPT_ERROR_PATH(tp); 1245 return; 1246 } 1247 1248 if (mp_tp == NULL) { 1249 tp->t_mpflags &= ~TMPF_PREESTABLISHED; 1250 MPTCP_JOPT_ERROR_PATH(tp); 1251 return; 1252 } 1253 1254 error = mptcp_validate_join_hmac(tp, join_rsp2->mmjo_mac, 1255 SHA1_RESULTLEN); 1256 if (error) { 1257 if (mptcp_dbg >= MP_ERR_DEBUG) { 1258 printf("%s: ACK error = %d\n", __func__, 1259 error); 1260 } 1261 tp->t_mpflags &= ~TMPF_PREESTABLISHED; 1262 MPTCP_JOPT_ERROR_PATH(tp); 1263 return; 1264 } 1265 tp->t_mpflags |= TMPF_MPTCP_TRUE; 1266 tp->t_mpflags &= ~TMPF_PREESTABLISHED; 1267 tp->t_flags |= TF_ACKNOW; 1268 tp->t_mpflags |= TMPF_MPTCP_ACKNOW; 1269 tp->t_inpcb->inp_socket->so_flags |= SOF_MPTCP_TRUE; 1270 if (mptcp_dbg >= MP_ERR_DEBUG) { 1271 printf("MPTCP SUCCESS %s: join \n", __func__); 1272 } 1273 } 1274} 1275 1276static int 1277mptcp_validate_join_hmac(struct tcpcb *tp, u_char* hmac, int mac_len) 1278{ 1279 u_char digest[SHA1_RESULTLEN] = {0}; 1280 struct mptcb *mp_tp = NULL; 1281 mptcp_key_t rem_key, loc_key; 1282 u_int32_t rem_rand, loc_rand; 1283 1284 mp_tp = tp->t_mptcb; 1285 if (mp_tp == NULL) 1286 return (-1); 1287 1288 rem_rand = loc_rand = 0; 1289 1290 MPT_LOCK(mp_tp); 1291 rem_key = mp_tp->mpt_remotekey; 1292 loc_key = *mp_tp->mpt_localkey; 1293 MPT_UNLOCK(mp_tp); 1294 1295 mptcp_get_rands(tp->t_local_aid, mp_tp, &loc_rand, &rem_rand); 1296 if ((rem_rand == 0) || (loc_rand == 0)) 1297 return (-1); 1298 1299 mptcp_hmac_sha1(rem_key, loc_key, rem_rand, loc_rand, 1300 digest, sizeof (digest)); 1301 1302 if (bcmp(digest, hmac, mac_len) == 0) 1303 return (0); /* matches */ 1304 else { 1305 printf("%s: remote key %llx local key %llx remote rand %x " 1306 "local rand %x \n", __func__, rem_key, loc_key, 1307 rem_rand, loc_rand); 1308 return (-1); 1309 } 1310} 1311 1312static void 1313mptcp_do_dss_opt_ack_meat(u_int64_t full_dack, struct tcpcb *tp) 1314{ 1315 struct mptcb *mp_tp = tptomptp(tp); 1316 int close_notify = 0; 1317 1318 if (mp_tp == NULL) 1319 return; 1320 1321 MPT_LOCK(mp_tp); 1322 if (MPTCP_SEQ_LEQ(full_dack, mp_tp->mpt_sndmax) && 1323 MPTCP_SEQ_GEQ(full_dack, mp_tp->mpt_snduna)) { 1324 mptcp_data_ack_rcvd(mp_tp, tp, full_dack); 1325 if ((mp_tp->mpt_state == MPTCPS_CLOSED) || 1326 (mp_tp->mpt_state > MPTCPS_FIN_WAIT_2)) 1327 close_notify = 1; 1328 MPT_UNLOCK(mp_tp); 1329 mptcp_notify_mpready(tp->t_inpcb->inp_socket); 1330 if (close_notify) 1331 mptcp_notify_close(tp->t_inpcb->inp_socket); 1332 if (mp_tp->mpt_flags & MPTCPF_RCVD_64BITACK) { 1333 mp_tp->mpt_flags &= ~MPTCPF_RCVD_64BITACK; 1334 mp_tp->mpt_flags &= ~MPTCPF_SND_64BITDSN; 1335 } 1336 } else { 1337 MPT_UNLOCK(mp_tp); 1338 if (mptcp_dbg == MP_VERBOSE_DEBUG_2) { 1339 printf("%s: unexpected dack %llx snduna %llx " 1340 "sndmax %llx\n", __func__, full_dack, 1341 mp_tp->mpt_snduna, mp_tp->mpt_sndmax); 1342 } 1343 } 1344 1345 if (mptcp_dbg == MP_VERBOSE_DEBUG_2) { 1346 printf("%s: full_dack = %llu \n", __func__, full_dack); 1347 } 1348} 1349 1350static void 1351mptcp_do_dss_opt_meat(u_char *cp, struct tcpcb *tp) 1352{ 1353 struct mptcp_dss_copt *dss_rsp = (struct mptcp_dss_copt *)cp; 1354 u_int64_t full_dack = 0; 1355 struct mptcb *mp_tp = tptomptp(tp); 1356 int csum_len = 0; 1357 1358#define MPTCP_DSS_OPT_SZ_CHK(len, expected_len) { \ 1359 if (len != expected_len) { \ 1360 if (mptcp_dbg >= MP_ERR_DEBUG) { \ 1361 printf("MPTCP ERROR %s: bad len = %d" \ 1362 "dss: %x \n", __func__, \ 1363 len, \ 1364 dss_rsp->mdss_flags); \ 1365 } \ 1366 return; \ 1367 } \ 1368} 1369 if (mp_tp == NULL) 1370 return; 1371 1372 if (mp_tp->mpt_flags & MPTCPF_CHECKSUM) 1373 csum_len = 2; 1374 1375 dss_rsp->mdss_flags &= (MDSS_A|MDSS_a|MDSS_M|MDSS_m); 1376 switch (dss_rsp->mdss_flags) { 1377 case (MDSS_M): 1378 { 1379 /* 32-bit DSS, No Data ACK */ 1380 struct mptcp_dsn_opt *dss_rsp1; 1381 dss_rsp1 = (struct mptcp_dsn_opt *)cp; 1382 1383 MPTCP_DSS_OPT_SZ_CHK(dss_rsp1->mdss_copt.mdss_len, 1384 sizeof (struct mptcp_dsn_opt) + csum_len); 1385 if (csum_len == 0) 1386 mptcp_update_dss_rcv_state(dss_rsp1, tp, 0); 1387 else 1388 mptcp_update_dss_rcv_state(dss_rsp1, tp, 1389 *(uint16_t *)(void *)(cp + 1390 (dss_rsp1->mdss_copt.mdss_len - csum_len))); 1391 break; 1392 } 1393 case (MDSS_A): 1394 { 1395 /* 32-bit Data ACK, no DSS */ 1396 struct mptcp_data_ack_opt *dack_opt; 1397 dack_opt = (struct mptcp_data_ack_opt *)cp; 1398 1399 MPTCP_DSS_OPT_SZ_CHK(dack_opt->mdss_copt.mdss_len, 1400 sizeof (struct mptcp_data_ack_opt)); 1401 1402 u_int32_t dack = dack_opt->mdss_ack; 1403 NTOHL(dack); 1404 MPT_LOCK_SPIN(mp_tp); 1405 MPTCP_EXTEND_DSN(mp_tp->mpt_snduna, dack, full_dack); 1406 MPT_UNLOCK(mp_tp); 1407 mptcp_do_dss_opt_ack_meat(full_dack, tp); 1408 break; 1409 } 1410 case (MDSS_M | MDSS_A): 1411 { 1412 /* 32-bit Data ACK + 32-bit DSS */ 1413 struct mptcp_dss_ack_opt *dss_ack_rsp; 1414 dss_ack_rsp = (struct mptcp_dss_ack_opt *)cp; 1415 1416 MPTCP_DSS_OPT_SZ_CHK(dss_ack_rsp->mdss_copt.mdss_len, 1417 sizeof (struct mptcp_dss_ack_opt) + csum_len); 1418 1419 u_int32_t dack = dss_ack_rsp->mdss_ack; 1420 NTOHL(dack); 1421 MPT_LOCK_SPIN(mp_tp); 1422 MPTCP_EXTEND_DSN(mp_tp->mpt_snduna, dack, full_dack); 1423 MPT_UNLOCK(mp_tp); 1424 mptcp_do_dss_opt_ack_meat(full_dack, tp); 1425 if (csum_len == 0) 1426 mptcp_update_rcv_state_f(dss_ack_rsp, tp, 0); 1427 else 1428 mptcp_update_rcv_state_f(dss_ack_rsp, tp, 1429 *(uint16_t *)(void *)(cp + 1430 (dss_ack_rsp->mdss_copt.mdss_len - 1431 csum_len))); 1432 break; 1433 } 1434 case (MDSS_M | MDSS_m): 1435 { 1436 /* 64-bit DSS , No Data ACK */ 1437 struct mptcp_dsn64_opt *dsn64; 1438 dsn64 = (struct mptcp_dsn64_opt *)cp; 1439 u_int64_t full_dsn; 1440 1441 MPTCP_DSS_OPT_SZ_CHK(dsn64->mdss_copt.mdss_len, 1442 sizeof (struct mptcp_dsn64_opt) + csum_len); 1443 1444 if (mptcp_dbg == MP_VERBOSE_DEBUG_4) { 1445 printf("%s: 64-bit M present.\n", __func__); 1446 } 1447 1448 MPT_LOCK_SPIN(mp_tp); 1449 mp_tp->mpt_flags |= MPTCPF_SND_64BITACK; 1450 MPT_UNLOCK(mp_tp); 1451 1452 full_dsn = mptcp_ntoh64(dsn64->mdss_dsn); 1453 NTOHL(dsn64->mdss_subflow_seqn); 1454 NTOHS(dsn64->mdss_data_len); 1455 if (csum_len == 0) 1456 mptcp_update_rcv_state_meat(mp_tp, tp, full_dsn, 1457 dsn64->mdss_subflow_seqn, 1458 dsn64->mdss_data_len, 1459 0); 1460 else 1461 mptcp_update_rcv_state_meat(mp_tp, tp, full_dsn, 1462 dsn64->mdss_subflow_seqn, 1463 dsn64->mdss_data_len, 1464 *(uint16_t *)(void *)(cp + 1465 dsn64->mdss_copt.mdss_len - csum_len)); 1466 break; 1467 } 1468 case (MDSS_A | MDSS_a): 1469 { 1470 /* 64-bit Data ACK, no DSS */ 1471 struct mptcp_data_ack64_opt *dack64; 1472 dack64 = (struct mptcp_data_ack64_opt *)cp; 1473 1474 MPTCP_DSS_OPT_SZ_CHK(dack64->mdss_copt.mdss_len, 1475 sizeof (struct mptcp_data_ack64_opt)); 1476 1477 1478 if (mptcp_dbg == MP_VERBOSE_DEBUG_4) { 1479 printf("%s: 64-bit A present. \n", __func__); 1480 } 1481 1482 MPT_LOCK_SPIN(mp_tp); 1483 mp_tp->mpt_flags |= MPTCPF_RCVD_64BITACK; 1484 MPT_UNLOCK(mp_tp); 1485 1486 full_dack = mptcp_ntoh64(dack64->mdss_ack); 1487 mptcp_do_dss_opt_ack_meat(full_dack, tp); 1488 break; 1489 } 1490 case (MDSS_M | MDSS_m | MDSS_A): 1491 { 1492 /* 64-bit DSS + 32-bit Data ACK */ 1493 struct mptcp_dss64_ack32_opt *dss_ack_rsp; 1494 dss_ack_rsp = (struct mptcp_dss64_ack32_opt *)cp; 1495 1496 MPTCP_DSS_OPT_SZ_CHK(dss_ack_rsp->mdss_copt.mdss_len, 1497 sizeof (struct mptcp_dss64_ack32_opt) + csum_len); 1498 1499 if (mptcp_dbg == MP_VERBOSE_DEBUG_4) { 1500 printf("%s: 64-bit M and 32-bit A present.\n", 1501 __func__); 1502 } 1503 1504 u_int32_t dack = dss_ack_rsp->mdss_ack; 1505 NTOHL(dack); 1506 MPT_LOCK_SPIN(mp_tp); 1507 mp_tp->mpt_flags |= MPTCPF_SND_64BITACK; 1508 MPTCP_EXTEND_DSN(mp_tp->mpt_snduna, dack, full_dack); 1509 MPT_UNLOCK(mp_tp); 1510 mptcp_do_dss_opt_ack_meat(full_dack, tp); 1511 if (csum_len == 0) 1512 mptcp_update_rcv_state_g(dss_ack_rsp, tp, 0); 1513 else 1514 mptcp_update_rcv_state_g(dss_ack_rsp, tp, 1515 *(uint16_t *)(void *)(cp + 1516 dss_ack_rsp->mdss_copt.mdss_len - 1517 csum_len)); 1518 break; 1519 } 1520 case (MDSS_M | MDSS_A | MDSS_a): 1521 { 1522 /* 32-bit DSS + 64-bit Data ACK */ 1523 struct mptcp_dss32_ack64_opt *dss32_ack64_opt; 1524 dss32_ack64_opt = (struct mptcp_dss32_ack64_opt *)cp; 1525 u_int64_t full_dsn; 1526 1527 MPTCP_DSS_OPT_SZ_CHK( 1528 dss32_ack64_opt->mdss_copt.mdss_len, 1529 sizeof (struct mptcp_dss32_ack64_opt) + csum_len); 1530 1531 if (mptcp_dbg == MP_VERBOSE_DEBUG_4) { 1532 printf("%s: 32-bit M and 64-bit A present.\n", 1533 __func__); 1534 } 1535 full_dack = mptcp_ntoh64(dss32_ack64_opt->mdss_ack); 1536 mptcp_do_dss_opt_ack_meat(full_dack, tp); 1537 NTOHL(dss32_ack64_opt->mdss_dsn); 1538 MPT_LOCK_SPIN(mp_tp); 1539 mp_tp->mpt_flags |= MPTCPF_RCVD_64BITACK; 1540 MPTCP_EXTEND_DSN(mp_tp->mpt_rcvnxt, 1541 dss32_ack64_opt->mdss_dsn, full_dsn); 1542 MPT_UNLOCK(mp_tp); 1543 NTOHL(dss32_ack64_opt->mdss_subflow_seqn); 1544 NTOHS(dss32_ack64_opt->mdss_data_len); 1545 if (csum_len == 0) 1546 mptcp_update_rcv_state_meat(mp_tp, tp, full_dsn, 1547 dss32_ack64_opt->mdss_subflow_seqn, 1548 dss32_ack64_opt->mdss_data_len, 0); 1549 else 1550 mptcp_update_rcv_state_meat(mp_tp, tp, full_dsn, 1551 dss32_ack64_opt->mdss_subflow_seqn, 1552 dss32_ack64_opt->mdss_data_len, 1553 *(uint16_t *)(void *)(cp + 1554 dss32_ack64_opt->mdss_copt.mdss_len - 1555 csum_len)); 1556 break; 1557 } 1558 case (MDSS_M | MDSS_m | MDSS_A | MDSS_a): 1559 { 1560 /* 64-bit DSS + 64-bit Data ACK */ 1561 struct mptcp_dss64_ack64_opt *dss64_ack64; 1562 dss64_ack64 = (struct mptcp_dss64_ack64_opt *)cp; 1563 u_int64_t full_dsn; 1564 1565 MPTCP_DSS_OPT_SZ_CHK(dss64_ack64->mdss_copt.mdss_len, 1566 sizeof (struct mptcp_dss64_ack64_opt) + csum_len); 1567 1568 if (mptcp_dbg == MP_VERBOSE_DEBUG_4) { 1569 printf("%s: 64-bit M and 64-bit A present.\n", 1570 __func__); 1571 } 1572 MPT_LOCK_SPIN(mp_tp); 1573 mp_tp->mpt_flags |= MPTCPF_RCVD_64BITACK; 1574 mp_tp->mpt_flags |= MPTCPF_SND_64BITACK; 1575 MPT_UNLOCK(mp_tp); 1576 full_dsn = mptcp_ntoh64(dss64_ack64->mdss_dsn); 1577 full_dack = mptcp_ntoh64(dss64_ack64->mdss_dsn); 1578 mptcp_do_dss_opt_ack_meat(full_dack, tp); 1579 NTOHL(dss64_ack64->mdss_subflow_seqn); 1580 NTOHS(dss64_ack64->mdss_data_len); 1581 if (csum_len == 0) 1582 mptcp_update_rcv_state_meat(mp_tp, tp, full_dsn, 1583 dss64_ack64->mdss_subflow_seqn, 1584 dss64_ack64->mdss_data_len, 0); 1585 else 1586 mptcp_update_rcv_state_meat(mp_tp, tp, full_dsn, 1587 dss64_ack64->mdss_subflow_seqn, 1588 dss64_ack64->mdss_data_len, 1589 *(uint16_t *)(void *)(cp + 1590 dss64_ack64->mdss_copt.mdss_len - 1591 csum_len)); 1592 break; 1593 } 1594 default: 1595 if (mptcp_dbg >= MP_ERR_DEBUG) { 1596 printf("MPTCP ERROR %s: File bug, DSS flags = %x\n", 1597 __func__, dss_rsp->mdss_flags); 1598 } 1599 break; 1600 } 1601} 1602 1603 1604static void 1605mptcp_do_fin_opt(struct tcpcb *tp) 1606{ 1607 struct mptcb *mp_tp = (struct mptcb *)tp->t_mptcb; 1608 1609 if (!(tp->t_mpflags & TMPF_RECV_DFIN)) { 1610 if (mp_tp != NULL) { 1611 MPT_LOCK(mp_tp); 1612 mp_tp->mpt_rcvnxt += 1; 1613 mptcp_close_fsm(mp_tp, MPCE_RECV_DATA_FIN); 1614 MPT_UNLOCK(mp_tp); 1615 } 1616 tp->t_mpflags |= TMPF_RECV_DFIN; 1617 } 1618 1619 tp->t_mpflags |= TMPF_MPTCP_ACKNOW; 1620 /* 1621 * Since this is a data level FIN, TCP needs to be explicitly told 1622 * to send back an ACK on which the Data ACK is piggybacked. 1623 */ 1624 tp->t_flags |= TF_ACKNOW; 1625} 1626 1627static void 1628mptcp_do_dss_opt(struct tcpcb *tp, u_char *cp, struct tcphdr *th, int optlen) 1629{ 1630#pragma unused(th, optlen) 1631 struct mptcb *mp_tp = (struct mptcb *)tp->t_mptcb; 1632 1633 if (!mp_tp) 1634 return; 1635 1636 if (tp->t_mpflags & TMPF_MPTCP_TRUE) { 1637 struct mptcp_dss_copt *dss_rsp = (struct mptcp_dss_copt *)cp; 1638 1639 if (dss_rsp->mdss_subtype == MPO_DSS) { 1640 if (mptcp_dbg > MP_VERBOSE_DEBUG_4) { 1641 printf("%s: DSS option received: %d ", 1642 __func__, dss_rsp->mdss_flags); 1643 } 1644 if (dss_rsp->mdss_flags & MDSS_F) { 1645 if (mptcp_dbg >= MP_VERBOSE_DEBUG_1) 1646 printf("%s: received FIN\n", __func__); 1647 mptcp_do_fin_opt(tp); 1648 } 1649 1650 mptcp_do_dss_opt_meat(cp, tp); 1651 } 1652 } 1653} 1654 1655static void 1656mptcp_do_fastclose_opt(struct tcpcb *tp, u_char *cp, struct tcphdr *th) 1657{ 1658 struct mptcb *mp_tp = NULL; 1659 struct mptcp_fastclose_opt *fc_opt = (struct mptcp_fastclose_opt *)cp; 1660 1661 if (th->th_flags != TH_ACK) 1662 return; 1663 1664 if (mptcp_dbg > MP_VERBOSE_DEBUG_2) 1665 printf("%s: received \n", __func__); 1666 1667 if (fc_opt->mfast_len != sizeof (struct mptcp_fastclose_opt)) { 1668 tcpstat.tcps_invalid_opt++; 1669 return; 1670 } 1671 1672 mp_tp = (struct mptcb *)tp->t_mptcb; 1673 if (!mp_tp) 1674 return; 1675 1676 if (fc_opt->mfast_key != mptcp_get_localkey(mp_tp)) { 1677 tcpstat.tcps_invalid_opt++; 1678 return; 1679 } 1680 1681 /* 1682 * fastclose could make us more vulnerable to attacks, hence 1683 * accept only those that are at the next expected sequence number. 1684 */ 1685 if (th->th_seq != tp->rcv_nxt) { 1686 tcpstat.tcps_invalid_opt++; 1687 return; 1688 } 1689 1690 MPT_LOCK(mp_tp); 1691 if (mp_tp->mpt_state != MPTCPS_FASTCLOSE_WAIT) { 1692 mp_tp->mpt_state = MPTCPS_FASTCLOSE_WAIT; 1693 DTRACE_MPTCP2(state__change, struct mptcb *, mp_tp, 1694 uint32_t, 0 /* event */); 1695 mptcp_start_timer(mp_tp, MPTT_FASTCLOSE); 1696 } 1697 MPT_UNLOCK(mp_tp); 1698 1699 /* Reset this flow */ 1700 tp->t_mpflags |= TMPF_RESET; 1701 1702 if (tp->t_inpcb->inp_socket != NULL) { 1703 soevent(tp->t_inpcb->inp_socket, 1704 SO_FILT_HINT_LOCKED | SO_FILT_HINT_MUSTRST); 1705 } 1706} 1707 1708 1709static void 1710mptcp_do_mpfail_opt(struct tcpcb *tp, u_char *cp, struct tcphdr *th) 1711{ 1712 struct mptcb *mp_tp = NULL; 1713 struct mptcp_mpfail_opt *fail_opt = (struct mptcp_mpfail_opt *)cp; 1714 1715 if ((th->th_flags != TH_ACK) || (th->th_flags != TH_RST)) 1716 return; 1717 1718 if (fail_opt->mfail_len != sizeof (struct mptcp_mpfail_opt)) 1719 return; 1720 1721 mp_tp = (struct mptcb *)tp->t_mptcb; 1722 if (mp_tp == NULL) 1723 return; 1724 1725 MPT_LOCK(mp_tp); 1726 mp_tp->mpt_flags |= MPTCPF_RECVD_MPFAIL; 1727 mp_tp->mpt_dsn_at_csum_fail = mptcp_hton64(fail_opt->mfail_dsn); 1728 MPT_UNLOCK(mp_tp); 1729 1730 mptcp_notify_mpfail(tp->t_inpcb->inp_socket); 1731} 1732 1733int 1734tcp_do_mptcp_options(struct tcpcb *tp, u_char *cp, struct tcphdr *th, 1735 struct tcpopt *to, int optlen) 1736{ 1737 int mptcp_subtype; 1738 1739 /* All MPTCP options have atleast 4 bytes */ 1740 if (optlen < 4) 1741 return (0); 1742 1743 mptcp_subtype = (cp[2] >> 4); 1744 1745 switch (mptcp_subtype) { 1746 case MPO_CAPABLE: 1747 mptcp_do_mpcapable_opt(tp, cp, th, optlen); 1748 break; 1749 case MPO_JOIN: 1750 mptcp_do_mpjoin_opt(tp, cp, th, optlen); 1751 break; 1752 case MPO_DSS: 1753 mptcp_do_dss_opt(tp, cp, th, optlen); 1754 break; 1755 case MPO_FASTCLOSE: 1756 mptcp_do_fastclose_opt(tp, cp, th); 1757 break; 1758 case MPO_FAIL: 1759 mptcp_do_mpfail_opt(tp, cp, th); 1760 break; 1761 case MPO_ADD_ADDR: /* fall through */ 1762 case MPO_REMOVE_ADDR: /* fall through */ 1763 case MPO_PRIO: 1764 to->to_flags |= TOF_MPTCP; 1765 break; 1766 default: 1767 printf("%s: type = %d\n", __func__, mptcp_subtype); 1768 break; 1769 } 1770 return (0); 1771} 1772 1773/* 1774 * MPTCP ADD_ADDR and REMOVE_ADDR options 1775 */ 1776 1777/* 1778 * ADD_ADDR is only placeholder code - not sent on wire 1779 * The ADD_ADDR option is not sent on wire because of security issues 1780 * around connection hijacking. 1781 */ 1782void 1783mptcp_send_addaddr_opt(struct tcpcb *tp, struct mptcp_addaddr_opt *opt) 1784{ 1785 1786 opt->ma_kind = TCPOPT_MULTIPATH; 1787 opt->ma_len = sizeof (struct mptcp_addaddr_opt); 1788 opt->ma_subtype = MPO_ADD_ADDR; 1789 opt->ma_addr_id = tp->t_local_aid; 1790#ifdef MPTCP_NOTYET 1791 struct inpcb *inp = tp->t_inpcb; 1792 if (inp->inp_vflag == AF_INET) { 1793 opt->ma_ipver = MA_IPVer_V4; 1794 bcopy((char *)&sin->sin_addr.s_addr, (char *)opt + opt->ma_len, 1795 sizeof (in_addr_t)); 1796 opt->ma_len += sizeof (in_addr_t); 1797 } else if (inp->inp_vflag == AF_INET6) { 1798 opt->ma_ipver = MA_IPVer_V6; 1799 bcopy((char *)&sin6->sin6_addr, (char *)opt + opt->ma_len, 1800 sizeof (struct in6_addr)); 1801 opt->ma_len += sizeof (struct in6_addr); 1802 } 1803#if 0 1804 if (tp->t_mp_port) { 1805 /* add ports XXX */ 1806 } 1807#endif 1808#endif 1809} 1810 1811/* REMOVE_ADDR option is sent when a source address goes away */ 1812void 1813mptcp_send_remaddr_opt(struct tcpcb *tp, struct mptcp_remaddr_opt *opt) 1814{ 1815 if (mptcp_dbg >= MP_ERR_DEBUG) 1816 printf("%s: local id %d remove id %d \n", __func__, 1817 tp->t_local_aid, tp->t_rem_aid); 1818 1819 bzero(opt, sizeof (opt)); 1820 opt->mr_kind = TCPOPT_MULTIPATH; 1821 opt->mr_len = sizeof (opt); 1822 opt->mr_subtype = MPO_REMOVE_ADDR; 1823 opt->mr_addr_id = tp->t_rem_aid; 1824 tp->t_mpflags &= ~TMPF_SND_REM_ADDR; 1825} 1826 1827/* 1828 * MPTCP MP_PRIO option 1829 */ 1830 1831#if 0 1832/* 1833 * Current implementation drops incoming MP_PRIO option and this code is 1834 * just a placeholder. The option is dropped because only the mobile client can 1835 * decide which of the subflows is preferred (usually wifi is preferred 1836 * over Cellular). 1837 */ 1838void 1839mptcp_do_mpprio_opt(struct tcpcb *tp, u_char *cp, struct tcphdr *th, 1840 int optlen) 1841{ 1842 int bkp = 0; 1843 struct mptcp_mpprio_opt *mpprio = (struct mptcp_mpprio_opt *)cp; 1844 1845 if ((tp == NULL) || !(tp->t_mpflags & TMPF_MPTCP_TRUE)) 1846 return; 1847 1848 if ((mpprio->mpprio_len != sizeof (struct mptcp_mpprio_addr_opt)) && 1849 (mpprio->mpprio_len != sizeof (struct mptcp_mpprio_opt))) 1850 return; 1851} 1852#endif 1853 1854/* We send MP_PRIO option based on the values set by the SIOCSCONNORDER ioctl */ 1855static int 1856mptcp_snd_mpprio(struct tcpcb *tp, u_char *cp, int optlen) 1857{ 1858 struct mptcp_mpprio_addr_opt mpprio; 1859 1860 if (tp->t_state != TCPS_ESTABLISHED) { 1861 tp->t_mpflags &= ~TMPF_SND_MPPRIO; 1862 return (optlen); 1863 } 1864 1865 if (mptcp_mpprio_enable != 1) { 1866 tp->t_mpflags &= ~TMPF_SND_MPPRIO; 1867 return (optlen); 1868 } 1869 1870 if ((MAX_TCPOPTLEN - optlen) < 1871 (int)sizeof (mpprio)) 1872 return (optlen); 1873 1874 bzero(&mpprio, sizeof (mpprio)); 1875 mpprio.mpprio_kind = TCPOPT_MULTIPATH; 1876 mpprio.mpprio_len = sizeof (mpprio); 1877 mpprio.mpprio_subtype = MPO_PRIO; 1878 if (tp->t_mpflags & TMPF_BACKUP_PATH) 1879 mpprio.mpprio_flags |= MPTCP_MPPRIO_BKP; 1880 mpprio.mpprio_addrid = tp->t_local_aid; 1881 memcpy(cp + optlen, &mpprio, sizeof (mpprio)); 1882 optlen += sizeof (mpprio); 1883 tp->t_mpflags &= ~TMPF_SND_MPPRIO; 1884 if (mptcp_dbg >= MP_ERR_DEBUG) 1885 printf("%s: aid = %d \n", __func__, tp->t_local_aid); 1886 return (optlen); 1887} 1888