[thirdparty/openssl.git] / include / internal / bio_tfo.h

/*
 * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * Contains definitions for simplifying the use of TCP Fast Open
 * (RFC7413) in OpenSSL socket BIOs.
 */

/* If a supported OS is added here, update test/bio_tfo_test.c */
#if defined(TCP_FASTOPEN) && !defined(OPENSSL_NO_TFO)

# if defined(OPENSSL_SYS_MACOSX) || defined(__FreeBSD__)
#  include <sys/sysctl.h>
# endif

/*
 * OSSL_TFO_SYSCTL is used to determine if TFO is supported by
 * this kernel, and if supported, if it is enabled. This is more of
 * a problem on FreeBSD 10.3 ~ 11.4, where TCP_FASTOPEN was defined,
 * but not enabled by default in the kernel, and only for the server.
 * Linux does not have sysctlbyname(), and the closest equivalent
 * is to go into the /proc filesystem, but I'm not sure it's
 * worthwhile.
 *
 * On MacOS and Linux:
 * These operating systems use a single parameter to control TFO.
 * The OSSL_TFO_CLIENT_FLAG and OSSL_TFO_SERVER_FLAGS are used to
 * determine if TFO is enabled for the client and server respectively.
 *
 * OSSL_TFO_CLIENT_FLAG = 1 = client TFO enabled
 * OSSL_TFO_SERVER_FLAG = 2 = server TFO enabled
 *
 * Such that:
 * 0 = TFO disabled
 * 3 = server and client TFO enabled
 *
 * macOS 10.14 and later support TFO.
 * Linux kernel 3.6 added support for client TFO.
 * Linux kernel 3.7 added support for server TFO.
 * Linux kernel 3.13 enabled TFO by default.
 * Linux kernel 4.11 added the TCP_FASTOPEN_CONNECT option.
 *
 * On FreeBSD:
 * FreeBSD 10.3 ~ 11.4 uses a single sysctl for server enable.
 * FreeBSD 12.0 and later uses separate sysctls for server and
 * client enable.
 *
 * Some options are purposely NOT defined per-platform
 *
 * OSSL_TFO_SYSCTL
 *     Defined as a sysctlbyname() option to to determine if
 *     TFO is enabled in the kernel (macOS, FreeBSD)
 *
 * OSSL_TFO_SERVER_SOCKOPT
 *     Defined to indicate the socket option used to enable
 *     TFO on a server socket (all)
 *
 * OSSL_TFO_SERVER_SOCKOPT_VALUE
 *     Value to be used with OSSL_TFO_SERVER_SOCKOPT
 *
 * OSSL_TFO_CONNECTX
 *     Use the connectx() function to make a client connection
 *     (macOS)
 *
 * OSSL_TFO_CLIENT_SOCKOPT
 *     Defined to indicate the socket option used to enable
 *     TFO on a client socket (FreeBSD, Linux 4.14 and later)
 *
 * OSSL_TFO_SENDTO
 *     Defined to indicate the sendto() message type to
 *     be used to initiate a TFO connection (FreeBSD,
 *     Linux pre-4.14)
 *
 * OSSL_TFO_DO_NOT_CONNECT
 *     Defined to skip calling connect() when creating a
 *     client socket (macOS, FreeBSD, Linux pre-4.14)
 */

# if defined(OPENSSL_SYS_WINDOWS)
/*
 * NO WINDOWS SUPPORT
 *
 * But this is is what would be used on the server:
 *
 * define OSSL_TFO_SERVER_SOCKOPT       TCP_FASTOPEN
 * define OSSL_TFO_SERVER_SOCKOPT_VALUE 1
 *
 * Still have to figure out client support
 */
#  undef TCP_FASTOPEN
# endif

/* NO VMS SUPPORT */
# if defined(OPENSSL_SYS_VMS)
#  undef TCP_FASTOPEN
# endif

# if defined(OPENSSL_SYS_MACOSX)
#  define OSSL_TFO_SYSCTL               "net.inet.tcp.fastopen"
#  define OSSL_TFO_SERVER_SOCKOPT       TCP_FASTOPEN
#  define OSSL_TFO_SERVER_SOCKOPT_VALUE 1
#  define OSSL_TFO_CONNECTX             1
#  define OSSL_TFO_DO_NOT_CONNECT       1
#  define OSSL_TFO_CLIENT_FLAG          1
#  define OSSL_TFO_SERVER_FLAG          2
# endif

# if defined(__FreeBSD__)
#  if defined(TCP_FASTOPEN_PSK_LEN)
/* As of 12.0 these are the SYSCTLs */
#   define OSSL_TFO_SYSCTL_SERVER        "net.inet.tcp.fastopen.server_enable"
#   define OSSL_TFO_SYSCTL_CLIENT        "net.inet.tcp.fastopen.client_enable"
#   define OSSL_TFO_SERVER_SOCKOPT       TCP_FASTOPEN
#   define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN
#   define OSSL_TFO_CLIENT_SOCKOPT       TCP_FASTOPEN
#   define OSSL_TFO_DO_NOT_CONNECT       1
#   define OSSL_TFO_SENDTO               0
/* These are the same because the sysctl are client/server-specific */
#   define OSSL_TFO_CLIENT_FLAG          1
#   define OSSL_TFO_SERVER_FLAG          1
#  else
/* 10.3 through 11.4 SYSCTL - ONLY SERVER SUPPORT */
#   define OSSL_TFO_SYSCTL               "net.inet.tcp.fastopen.enabled"
#   define OSSL_TFO_SERVER_SOCKOPT       TCP_FASTOPEN
#   define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN
#   define OSSL_TFO_SERVER_FLAG          1
#  endif
# endif

# if defined(OPENSSL_SYS_LINUX)
/* OSSL_TFO_PROC not used, but of interest */
#  define OSSL_TFO_PROC                 "/proc/sys/net/ipv4/tcp_fastopen"
#  define OSSL_TFO_SERVER_SOCKOPT       TCP_FASTOPEN
#  define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN
#  if defined(TCP_FASTOPEN_CONNECT)
#   define OSSL_TFO_CLIENT_SOCKOPT      TCP_FASTOPEN_CONNECT
#  else
#   define OSSL_TFO_SENDTO              MSG_FASTOPEN
#   define OSSL_TFO_DO_NOT_CONNECT      1
#  endif
#  define OSSL_TFO_CLIENT_FLAG          1
#  define OSSL_TFO_SERVER_FLAG          2
# endif

#endif
Commit	Line	Data
a3e53d56	1	/*
da1c088f	2	* Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
a3e53d56 TS	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	/*
	11	* Contains definitions for simplifying the use of TCP Fast Open
	12	* (RFC7413) in OpenSSL socket BIOs.
	13	*/
	14
	15	/* If a supported OS is added here, update test/bio_tfo_test.c */
	16	#if defined(TCP_FASTOPEN) && !defined(OPENSSL_NO_TFO)
	17
	18	# if defined(OPENSSL_SYS_MACOSX) \|\| defined(__FreeBSD__)
	19	# include <sys/sysctl.h>
	20	# endif
	21
	22	/*
	23	* OSSL_TFO_SYSCTL is used to determine if TFO is supported by
	24	* this kernel, and if supported, if it is enabled. This is more of
	25	* a problem on FreeBSD 10.3 ~ 11.4, where TCP_FASTOPEN was defined,
	26	* but not enabled by default in the kernel, and only for the server.
	27	* Linux does not have sysctlbyname(), and the closest equivalent
	28	* is to go into the /proc filesystem, but I'm not sure it's
	29	* worthwhile.
	30	*
	31	* On MacOS and Linux:
	32	* These operating systems use a single parameter to control TFO.
	33	* The OSSL_TFO_CLIENT_FLAG and OSSL_TFO_SERVER_FLAGS are used to
	34	* determine if TFO is enabled for the client and server respectively.
	35	*
	36	* OSSL_TFO_CLIENT_FLAG = 1 = client TFO enabled
	37	* OSSL_TFO_SERVER_FLAG = 2 = server TFO enabled
	38	*
	39	* Such that:
	40	* 0 = TFO disabled
	41	* 3 = server and client TFO enabled
	42	*
	43	* macOS 10.14 and later support TFO.
	44	* Linux kernel 3.6 added support for client TFO.
	45	* Linux kernel 3.7 added support for server TFO.
	46	* Linux kernel 3.13 enabled TFO by default.
	47	* Linux kernel 4.11 added the TCP_FASTOPEN_CONNECT option.
	48	*
	49	* On FreeBSD:
	50	* FreeBSD 10.3 ~ 11.4 uses a single sysctl for server enable.
	51	* FreeBSD 12.0 and later uses separate sysctls for server and
	52	* client enable.
	53	*
	54	* Some options are purposely NOT defined per-platform
	55	*
	56	* OSSL_TFO_SYSCTL
	57	* Defined as a sysctlbyname() option to to determine if
	58	* TFO is enabled in the kernel (macOS, FreeBSD)
	59	*
	60	* OSSL_TFO_SERVER_SOCKOPT
	61	* Defined to indicate the socket option used to enable
	62	* TFO on a server socket (all)
	63	*
	64	* OSSL_TFO_SERVER_SOCKOPT_VALUE
	65	* Value to be used with OSSL_TFO_SERVER_SOCKOPT
	66	*
67	* OSSL_TFO_CONNECTX
68	* Use the connectx() function to make a client connection
69	* (macOS)
70	*
71	* OSSL_TFO_CLIENT_SOCKOPT
72	* Defined to indicate the socket option used to enable
73	* TFO on a client socket (FreeBSD, Linux 4.14 and later)
74	*
75	* OSSL_TFO_SENDTO
76	* Defined to indicate the sendto() message type to
77	* be used to initiate a TFO connection (FreeBSD,
78	* Linux pre-4.14)
79	*
80	* OSSL_TFO_DO_NOT_CONNECT
eb4129e1	81	* Defined to skip calling connect() when creating a
a3e53d56 TS	82	* client socket (macOS, FreeBSD, Linux pre-4.14)
	83	*/
	84
	85	# if defined(OPENSSL_SYS_WINDOWS)
	86	/*
	87	* NO WINDOWS SUPPORT
	88	*
	89	* But this is is what would be used on the server:
	90	*
	91	* define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN
	92	* define OSSL_TFO_SERVER_SOCKOPT_VALUE 1
	93	*
	94	* Still have to figure out client support
	95	*/
	96	# undef TCP_FASTOPEN
	97	# endif
	98
	99	/* NO VMS SUPPORT */
	100	# if defined(OPENSSL_SYS_VMS)
	101	# undef TCP_FASTOPEN
	102	# endif
	103
	104	# if defined(OPENSSL_SYS_MACOSX)
	105	# define OSSL_TFO_SYSCTL "net.inet.tcp.fastopen"
	106	# define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN
	107	# define OSSL_TFO_SERVER_SOCKOPT_VALUE 1
	108	# define OSSL_TFO_CONNECTX 1
	109	# define OSSL_TFO_DO_NOT_CONNECT 1
	110	# define OSSL_TFO_CLIENT_FLAG 1
	111	# define OSSL_TFO_SERVER_FLAG 2
	112	# endif
	113
	114	# if defined(__FreeBSD__)
	115	# if defined(TCP_FASTOPEN_PSK_LEN)
	116	/* As of 12.0 these are the SYSCTLs */
	117	# define OSSL_TFO_SYSCTL_SERVER "net.inet.tcp.fastopen.server_enable"
	118	# define OSSL_TFO_SYSCTL_CLIENT "net.inet.tcp.fastopen.client_enable"
	119	# define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN
	120	# define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN
	121	# define OSSL_TFO_CLIENT_SOCKOPT TCP_FASTOPEN
	122	# define OSSL_TFO_DO_NOT_CONNECT 1
	123	# define OSSL_TFO_SENDTO 0
	124	/* These are the same because the sysctl are client/server-specific */
	125	# define OSSL_TFO_CLIENT_FLAG 1
	126	# define OSSL_TFO_SERVER_FLAG 1
	127	# else
	128	/* 10.3 through 11.4 SYSCTL - ONLY SERVER SUPPORT */
	129	# define OSSL_TFO_SYSCTL "net.inet.tcp.fastopen.enabled"
	130	# define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN
	131	# define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN
	132	# define OSSL_TFO_SERVER_FLAG 1
	133	# endif
	134	# endif
	135
	136	# if defined(OPENSSL_SYS_LINUX)
	137	/* OSSL_TFO_PROC not used, but of interest */
	138	# define OSSL_TFO_PROC "/proc/sys/net/ipv4/tcp_fastopen"
	139	# define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN
	140	# define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN
	141	# if defined(TCP_FASTOPEN_CONNECT)
	142	# define OSSL_TFO_CLIENT_SOCKOPT TCP_FASTOPEN_CONNECT
	143	# else
	144	# define OSSL_TFO_SENDTO MSG_FASTOPEN
	145	# define OSSL_TFO_DO_NOT_CONNECT 1
146	# endif
147	# define OSSL_TFO_CLIENT_FLAG 1
148	# define OSSL_TFO_SERVER_FLAG 2
149	# endif
150
151	#endif