1 // SPDX-License-Identifier: GPL-2.0
4 * Copyright (c) 2017 - 2019, Intel Corporation.
7 #define pr_fmt(fmt) "MPTCP: " fmt
9 #include <linux/kernel.h>
10 #include <linux/module.h>
11 #include <linux/netdevice.h>
12 #include <crypto/algapi.h>
14 #include <net/inet_common.h>
15 #include <net/inet_hashtables.h>
16 #include <net/protocol.h>
18 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
19 #include <net/ip6_route.h>
21 #include <net/mptcp.h>
25 static void SUBFLOW_REQ_INC_STATS(struct request_sock
*req
,
26 enum linux_mptcp_mib_field field
)
28 MPTCP_INC_STATS(sock_net(req_to_sk(req
)), field
);
31 static int subflow_rebuild_header(struct sock
*sk
)
33 struct mptcp_subflow_context
*subflow
= mptcp_subflow_ctx(sk
);
34 int local_id
, err
= 0;
36 if (subflow
->request_mptcp
&& !subflow
->token
) {
37 pr_debug("subflow=%p", sk
);
38 err
= mptcp_token_new_connect(sk
);
39 } else if (subflow
->request_join
&& !subflow
->local_nonce
) {
40 struct mptcp_sock
*msk
= (struct mptcp_sock
*)subflow
->conn
;
42 pr_debug("subflow=%p", sk
);
45 get_random_bytes(&subflow
->local_nonce
, sizeof(u32
));
46 } while (!subflow
->local_nonce
);
48 if (subflow
->local_id
)
51 local_id
= mptcp_pm_get_local_id(msk
, (struct sock_common
*)sk
);
55 subflow
->local_id
= local_id
;
62 return subflow
->icsk_af_ops
->rebuild_header(sk
);
65 static void subflow_req_destructor(struct request_sock
*req
)
67 struct mptcp_subflow_request_sock
*subflow_req
= mptcp_subflow_rsk(req
);
69 pr_debug("subflow_req=%p", subflow_req
);
71 if (subflow_req
->mp_capable
)
72 mptcp_token_destroy_request(subflow_req
->token
);
73 tcp_request_sock_ops
.destructor(req
);
76 static void subflow_generate_hmac(u64 key1
, u64 key2
, u32 nonce1
, u32 nonce2
,
81 put_unaligned_be32(nonce1
, &msg
[0]);
82 put_unaligned_be32(nonce2
, &msg
[4]);
84 mptcp_crypto_hmac_sha(key1
, key2
, msg
, 8, hmac
);
87 /* validate received token and create truncated hmac and nonce for SYN-ACK */
88 static bool subflow_token_join_request(struct request_sock
*req
,
89 const struct sk_buff
*skb
)
91 struct mptcp_subflow_request_sock
*subflow_req
= mptcp_subflow_rsk(req
);
92 u8 hmac
[MPTCPOPT_HMAC_LEN
];
93 struct mptcp_sock
*msk
;
96 msk
= mptcp_token_get_sock(subflow_req
->token
);
98 SUBFLOW_REQ_INC_STATS(req
, MPTCP_MIB_JOINNOTOKEN
);
102 local_id
= mptcp_pm_get_local_id(msk
, (struct sock_common
*)req
);
104 sock_put((struct sock
*)msk
);
107 subflow_req
->local_id
= local_id
;
109 get_random_bytes(&subflow_req
->local_nonce
, sizeof(u32
));
111 subflow_generate_hmac(msk
->local_key
, msk
->remote_key
,
112 subflow_req
->local_nonce
,
113 subflow_req
->remote_nonce
, hmac
);
115 subflow_req
->thmac
= get_unaligned_be64(hmac
);
117 sock_put((struct sock
*)msk
);
121 static void subflow_init_req(struct request_sock
*req
,
122 const struct sock
*sk_listener
,
125 struct mptcp_subflow_context
*listener
= mptcp_subflow_ctx(sk_listener
);
126 struct mptcp_subflow_request_sock
*subflow_req
= mptcp_subflow_rsk(req
);
127 struct tcp_options_received rx_opt
;
129 pr_debug("subflow_req=%p, listener=%p", subflow_req
, listener
);
131 memset(&rx_opt
.mptcp
, 0, sizeof(rx_opt
.mptcp
));
132 mptcp_get_options(skb
, &rx_opt
);
134 subflow_req
->mp_capable
= 0;
135 subflow_req
->mp_join
= 0;
137 #ifdef CONFIG_TCP_MD5SIG
138 /* no MPTCP if MD5SIG is enabled on this socket or we may run out of
141 if (rcu_access_pointer(tcp_sk(sk_listener
)->md5sig_info
))
145 if (rx_opt
.mptcp
.mp_capable
) {
146 SUBFLOW_REQ_INC_STATS(req
, MPTCP_MIB_MPCAPABLEPASSIVE
);
148 if (rx_opt
.mptcp
.mp_join
)
150 } else if (rx_opt
.mptcp
.mp_join
) {
151 SUBFLOW_REQ_INC_STATS(req
, MPTCP_MIB_JOINSYNRX
);
154 if (rx_opt
.mptcp
.mp_capable
&& listener
->request_mptcp
) {
157 err
= mptcp_token_new_request(req
);
159 subflow_req
->mp_capable
= 1;
161 subflow_req
->ssn_offset
= TCP_SKB_CB(skb
)->seq
;
162 } else if (rx_opt
.mptcp
.mp_join
&& listener
->request_mptcp
) {
163 subflow_req
->ssn_offset
= TCP_SKB_CB(skb
)->seq
;
164 subflow_req
->mp_join
= 1;
165 subflow_req
->backup
= rx_opt
.mptcp
.backup
;
166 subflow_req
->remote_id
= rx_opt
.mptcp
.join_id
;
167 subflow_req
->token
= rx_opt
.mptcp
.token
;
168 subflow_req
->remote_nonce
= rx_opt
.mptcp
.nonce
;
169 pr_debug("token=%u, remote_nonce=%u", subflow_req
->token
,
170 subflow_req
->remote_nonce
);
171 if (!subflow_token_join_request(req
, skb
)) {
172 subflow_req
->mp_join
= 0;
173 // @@ need to trigger RST
178 static void subflow_v4_init_req(struct request_sock
*req
,
179 const struct sock
*sk_listener
,
182 tcp_rsk(req
)->is_mptcp
= 1;
184 tcp_request_sock_ipv4_ops
.init_req(req
, sk_listener
, skb
);
186 subflow_init_req(req
, sk_listener
, skb
);
189 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
190 static void subflow_v6_init_req(struct request_sock
*req
,
191 const struct sock
*sk_listener
,
194 tcp_rsk(req
)->is_mptcp
= 1;
196 tcp_request_sock_ipv6_ops
.init_req(req
, sk_listener
, skb
);
198 subflow_init_req(req
, sk_listener
, skb
);
202 /* validate received truncated hmac and create hmac for third ACK */
203 static bool subflow_thmac_valid(struct mptcp_subflow_context
*subflow
)
205 u8 hmac
[MPTCPOPT_HMAC_LEN
];
208 subflow_generate_hmac(subflow
->remote_key
, subflow
->local_key
,
209 subflow
->remote_nonce
, subflow
->local_nonce
,
212 thmac
= get_unaligned_be64(hmac
);
213 pr_debug("subflow=%p, token=%u, thmac=%llu, subflow->thmac=%llu\n",
214 subflow
, subflow
->token
,
215 (unsigned long long)thmac
,
216 (unsigned long long)subflow
->thmac
);
218 return thmac
== subflow
->thmac
;
221 static void subflow_finish_connect(struct sock
*sk
, const struct sk_buff
*skb
)
223 struct mptcp_subflow_context
*subflow
= mptcp_subflow_ctx(sk
);
224 struct sock
*parent
= subflow
->conn
;
226 subflow
->icsk_af_ops
->sk_rx_dst_set(sk
, skb
);
228 if (inet_sk_state_load(parent
) != TCP_ESTABLISHED
) {
229 inet_sk_state_store(parent
, TCP_ESTABLISHED
);
230 parent
->sk_state_change(parent
);
233 if (subflow
->conn_finished
|| !tcp_sk(sk
)->is_mptcp
)
236 if (subflow
->mp_capable
) {
237 pr_debug("subflow=%p, remote_key=%llu", mptcp_subflow_ctx(sk
),
238 subflow
->remote_key
);
239 mptcp_finish_connect(sk
);
240 subflow
->conn_finished
= 1;
243 pr_debug("synack seq=%u", TCP_SKB_CB(skb
)->seq
);
244 subflow
->ssn_offset
= TCP_SKB_CB(skb
)->seq
;
246 } else if (subflow
->mp_join
) {
247 pr_debug("subflow=%p, thmac=%llu, remote_nonce=%u",
248 subflow
, subflow
->thmac
,
249 subflow
->remote_nonce
);
250 if (!subflow_thmac_valid(subflow
)) {
251 MPTCP_INC_STATS(sock_net(sk
), MPTCP_MIB_JOINACKMAC
);
252 subflow
->mp_join
= 0;
256 subflow_generate_hmac(subflow
->local_key
, subflow
->remote_key
,
257 subflow
->local_nonce
,
258 subflow
->remote_nonce
,
262 subflow
->ssn_offset
= TCP_SKB_CB(skb
)->seq
;
264 if (!mptcp_finish_join(sk
))
267 subflow
->conn_finished
= 1;
268 MPTCP_INC_STATS(sock_net(sk
), MPTCP_MIB_JOINSYNACKRX
);
271 tcp_send_active_reset(sk
, GFP_ATOMIC
);
276 static struct request_sock_ops subflow_request_sock_ops
;
277 static struct tcp_request_sock_ops subflow_request_sock_ipv4_ops
;
279 static int subflow_v4_conn_request(struct sock
*sk
, struct sk_buff
*skb
)
281 struct mptcp_subflow_context
*subflow
= mptcp_subflow_ctx(sk
);
283 pr_debug("subflow=%p", subflow
);
285 /* Never answer to SYNs sent to broadcast or multicast */
286 if (skb_rtable(skb
)->rt_flags
& (RTCF_BROADCAST
| RTCF_MULTICAST
))
289 return tcp_conn_request(&subflow_request_sock_ops
,
290 &subflow_request_sock_ipv4_ops
,
297 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
298 static struct tcp_request_sock_ops subflow_request_sock_ipv6_ops
;
299 static struct inet_connection_sock_af_ops subflow_v6_specific
;
300 static struct inet_connection_sock_af_ops subflow_v6m_specific
;
302 static int subflow_v6_conn_request(struct sock
*sk
, struct sk_buff
*skb
)
304 struct mptcp_subflow_context
*subflow
= mptcp_subflow_ctx(sk
);
306 pr_debug("subflow=%p", subflow
);
308 if (skb
->protocol
== htons(ETH_P_IP
))
309 return subflow_v4_conn_request(sk
, skb
);
311 if (!ipv6_unicast_destination(skb
))
314 return tcp_conn_request(&subflow_request_sock_ops
,
315 &subflow_request_sock_ipv6_ops
, sk
, skb
);
319 return 0; /* don't send reset */
323 /* validate hmac received in third ACK */
324 static bool subflow_hmac_valid(const struct request_sock
*req
,
325 const struct tcp_options_received
*rx_opt
)
327 const struct mptcp_subflow_request_sock
*subflow_req
;
328 u8 hmac
[MPTCPOPT_HMAC_LEN
];
329 struct mptcp_sock
*msk
;
332 subflow_req
= mptcp_subflow_rsk(req
);
333 msk
= mptcp_token_get_sock(subflow_req
->token
);
337 subflow_generate_hmac(msk
->remote_key
, msk
->local_key
,
338 subflow_req
->remote_nonce
,
339 subflow_req
->local_nonce
, hmac
);
342 if (crypto_memneq(hmac
, rx_opt
->mptcp
.hmac
, sizeof(hmac
)))
345 sock_put((struct sock
*)msk
);
349 static void mptcp_sock_destruct(struct sock
*sk
)
351 /* if new mptcp socket isn't accepted, it is free'd
352 * from the tcp listener sockets request queue, linked
353 * from req->sk. The tcp socket is released.
354 * This calls the ULP release function which will
355 * also remove the mptcp socket, via
356 * sock_put(ctx->conn).
358 * Problem is that the mptcp socket will not be in
359 * SYN_RECV state and doesn't have SOCK_DEAD flag.
360 * Both result in warnings from inet_sock_destruct.
363 if (sk
->sk_state
== TCP_SYN_RECV
) {
364 sk
->sk_state
= TCP_CLOSE
;
365 WARN_ON_ONCE(sk
->sk_socket
);
369 inet_sock_destruct(sk
);
372 static void mptcp_force_close(struct sock
*sk
)
374 inet_sk_state_store(sk
, TCP_CLOSE
);
375 sk_common_release(sk
);
378 static void subflow_ulp_fallback(struct sock
*sk
,
379 struct mptcp_subflow_context
*old_ctx
)
381 struct inet_connection_sock
*icsk
= inet_csk(sk
);
383 mptcp_subflow_tcp_fallback(sk
, old_ctx
);
384 icsk
->icsk_ulp_ops
= NULL
;
385 rcu_assign_pointer(icsk
->icsk_ulp_data
, NULL
);
386 tcp_sk(sk
)->is_mptcp
= 0;
389 static struct sock
*subflow_syn_recv_sock(const struct sock
*sk
,
391 struct request_sock
*req
,
392 struct dst_entry
*dst
,
393 struct request_sock
*req_unhash
,
396 struct mptcp_subflow_context
*listener
= mptcp_subflow_ctx(sk
);
397 struct mptcp_subflow_request_sock
*subflow_req
;
398 struct tcp_options_received opt_rx
;
399 bool fallback_is_fatal
= false;
400 struct sock
*new_msk
= NULL
;
401 bool fallback
= false;
404 pr_debug("listener=%p, req=%p, conn=%p", listener
, req
, listener
->conn
);
406 opt_rx
.mptcp
.mp_capable
= 0;
407 if (tcp_rsk(req
)->is_mptcp
== 0)
410 /* if the sk is MP_CAPABLE, we try to fetch the client key */
411 subflow_req
= mptcp_subflow_rsk(req
);
412 if (subflow_req
->mp_capable
) {
413 if (TCP_SKB_CB(skb
)->seq
!= subflow_req
->ssn_offset
+ 1) {
414 /* here we can receive and accept an in-window,
415 * out-of-order pkt, which will not carry the MP_CAPABLE
416 * opt even on mptcp enabled paths
421 mptcp_get_options(skb
, &opt_rx
);
422 if (!opt_rx
.mptcp
.mp_capable
) {
428 new_msk
= mptcp_sk_clone(listener
->conn
, &opt_rx
, req
);
431 } else if (subflow_req
->mp_join
) {
432 fallback_is_fatal
= true;
433 opt_rx
.mptcp
.mp_join
= 0;
434 mptcp_get_options(skb
, &opt_rx
);
435 if (!opt_rx
.mptcp
.mp_join
||
436 !subflow_hmac_valid(req
, &opt_rx
)) {
437 SUBFLOW_REQ_INC_STATS(req
, MPTCP_MIB_JOINACKMAC
);
443 child
= listener
->icsk_af_ops
->syn_recv_sock(sk
, skb
, req
, dst
,
444 req_unhash
, own_req
);
446 if (child
&& *own_req
) {
447 struct mptcp_subflow_context
*ctx
= mptcp_subflow_ctx(child
);
449 /* we need to fallback on ctx allocation failure and on pre-reqs
450 * checking above. In the latter scenario we additionally need
451 * to reset the context to non MPTCP status.
453 if (!ctx
|| fallback
) {
454 if (fallback_is_fatal
)
458 subflow_ulp_fallback(child
, ctx
);
464 if (ctx
->mp_capable
) {
465 /* new mpc subflow takes ownership of the newly
466 * created mptcp socket
468 new_msk
->sk_destruct
= mptcp_sock_destruct
;
469 mptcp_pm_new_connection(mptcp_sk(new_msk
), 1);
473 /* with OoO packets we can reach here without ingress
476 ctx
->remote_key
= opt_rx
.mptcp
.sndr_key
;
477 ctx
->fully_established
= opt_rx
.mptcp
.mp_capable
;
478 ctx
->can_ack
= opt_rx
.mptcp
.mp_capable
;
479 } else if (ctx
->mp_join
) {
480 struct mptcp_sock
*owner
;
482 owner
= mptcp_token_get_sock(ctx
->token
);
486 ctx
->conn
= (struct sock
*)owner
;
487 if (!mptcp_finish_join(child
))
490 SUBFLOW_REQ_INC_STATS(req
, MPTCP_MIB_JOINACKRX
);
495 /* dispose of the left over mptcp master, if any */
496 if (unlikely(new_msk
))
497 mptcp_force_close(new_msk
);
499 /* check for expected invariant - should never trigger, just help
500 * catching eariler subtle bugs
502 WARN_ON_ONCE(*own_req
&& child
&& tcp_sk(child
)->is_mptcp
&&
503 (!mptcp_subflow_ctx(child
) ||
504 !mptcp_subflow_ctx(child
)->conn
));
508 tcp_send_active_reset(child
, GFP_ATOMIC
);
509 inet_csk_prepare_forced_close(child
);
514 static struct inet_connection_sock_af_ops subflow_specific
;
516 enum mapping_status
{
523 static u64
expand_seq(u64 old_seq
, u16 old_data_len
, u64 seq
)
525 if ((u32
)seq
== (u32
)old_seq
)
528 /* Assume map covers data not mapped yet. */
529 return seq
| ((old_seq
+ old_data_len
+ 1) & GENMASK_ULL(63, 32));
532 static void warn_bad_map(struct mptcp_subflow_context
*subflow
, u32 ssn
)
534 WARN_ONCE(1, "Bad mapping: ssn=%d map_seq=%d map_data_len=%d",
535 ssn
, subflow
->map_subflow_seq
, subflow
->map_data_len
);
538 static bool skb_is_fully_mapped(struct sock
*ssk
, struct sk_buff
*skb
)
540 struct mptcp_subflow_context
*subflow
= mptcp_subflow_ctx(ssk
);
541 unsigned int skb_consumed
;
543 skb_consumed
= tcp_sk(ssk
)->copied_seq
- TCP_SKB_CB(skb
)->seq
;
544 if (WARN_ON_ONCE(skb_consumed
>= skb
->len
))
547 return skb
->len
- skb_consumed
<= subflow
->map_data_len
-
548 mptcp_subflow_get_map_offset(subflow
);
551 static bool validate_mapping(struct sock
*ssk
, struct sk_buff
*skb
)
553 struct mptcp_subflow_context
*subflow
= mptcp_subflow_ctx(ssk
);
554 u32 ssn
= tcp_sk(ssk
)->copied_seq
- subflow
->ssn_offset
;
556 if (unlikely(before(ssn
, subflow
->map_subflow_seq
))) {
557 /* Mapping covers data later in the subflow stream,
558 * currently unsupported.
560 warn_bad_map(subflow
, ssn
);
563 if (unlikely(!before(ssn
, subflow
->map_subflow_seq
+
564 subflow
->map_data_len
))) {
565 /* Mapping does covers past subflow data, invalid */
566 warn_bad_map(subflow
, ssn
+ skb
->len
);
572 static enum mapping_status
get_mapping_status(struct sock
*ssk
)
574 struct mptcp_subflow_context
*subflow
= mptcp_subflow_ctx(ssk
);
575 struct mptcp_ext
*mpext
;
580 skb
= skb_peek(&ssk
->sk_receive_queue
);
582 return MAPPING_EMPTY
;
584 mpext
= mptcp_get_ext(skb
);
585 if (!mpext
|| !mpext
->use_map
) {
586 if (!subflow
->map_valid
&& !skb
->len
) {
587 /* the TCP stack deliver 0 len FIN pkt to the receive
588 * queue, that is the only 0len pkts ever expected here,
589 * and we can admit no mapping only for 0 len pkts
591 if (!(TCP_SKB_CB(skb
)->tcp_flags
& TCPHDR_FIN
))
592 WARN_ONCE(1, "0len seq %d:%d flags %x",
593 TCP_SKB_CB(skb
)->seq
,
594 TCP_SKB_CB(skb
)->end_seq
,
595 TCP_SKB_CB(skb
)->tcp_flags
);
596 sk_eat_skb(ssk
, skb
);
597 return MAPPING_EMPTY
;
600 if (!subflow
->map_valid
)
601 return MAPPING_INVALID
;
606 pr_debug("seq=%llu is64=%d ssn=%u data_len=%u data_fin=%d",
607 mpext
->data_seq
, mpext
->dsn64
, mpext
->subflow_seq
,
608 mpext
->data_len
, mpext
->data_fin
);
610 data_len
= mpext
->data_len
;
612 pr_err("Infinite mapping not handled");
613 MPTCP_INC_STATS(sock_net(ssk
), MPTCP_MIB_INFINITEMAPRX
);
614 return MAPPING_INVALID
;
617 if (mpext
->data_fin
== 1) {
619 pr_debug("DATA_FIN with no payload");
620 if (subflow
->map_valid
) {
621 /* A DATA_FIN might arrive in a DSS
622 * option before the previous mapping
623 * has been fully consumed. Continue
624 * handling the existing mapping.
626 skb_ext_del(skb
, SKB_EXT_MPTCP
);
629 return MAPPING_DATA_FIN
;
633 /* Adjust for DATA_FIN using 1 byte of sequence space */
638 map_seq
= expand_seq(subflow
->map_seq
, subflow
->map_data_len
,
640 pr_debug("expanded seq=%llu", subflow
->map_seq
);
642 map_seq
= mpext
->data_seq
;
645 if (subflow
->map_valid
) {
646 /* Allow replacing only with an identical map */
647 if (subflow
->map_seq
== map_seq
&&
648 subflow
->map_subflow_seq
== mpext
->subflow_seq
&&
649 subflow
->map_data_len
== data_len
) {
650 skb_ext_del(skb
, SKB_EXT_MPTCP
);
654 /* If this skb data are fully covered by the current mapping,
655 * the new map would need caching, which is not supported
657 if (skb_is_fully_mapped(ssk
, skb
)) {
658 MPTCP_INC_STATS(sock_net(ssk
), MPTCP_MIB_DSSNOMATCH
);
659 return MAPPING_INVALID
;
662 /* will validate the next map after consuming the current one */
666 subflow
->map_seq
= map_seq
;
667 subflow
->map_subflow_seq
= mpext
->subflow_seq
;
668 subflow
->map_data_len
= data_len
;
669 subflow
->map_valid
= 1;
670 subflow
->mpc_map
= mpext
->mpc_map
;
671 pr_debug("new map seq=%llu subflow_seq=%u data_len=%u",
672 subflow
->map_seq
, subflow
->map_subflow_seq
,
673 subflow
->map_data_len
);
676 /* we revalidate valid mapping on new skb, because we must ensure
677 * the current skb is completely covered by the available mapping
679 if (!validate_mapping(ssk
, skb
))
680 return MAPPING_INVALID
;
682 skb_ext_del(skb
, SKB_EXT_MPTCP
);
686 static int subflow_read_actor(read_descriptor_t
*desc
,
688 unsigned int offset
, size_t len
)
690 size_t copy_len
= min(desc
->count
, len
);
692 desc
->count
-= copy_len
;
694 pr_debug("flushed %zu bytes, %zu left", copy_len
, desc
->count
);
698 static bool subflow_check_data_avail(struct sock
*ssk
)
700 struct mptcp_subflow_context
*subflow
= mptcp_subflow_ctx(ssk
);
701 enum mapping_status status
;
702 struct mptcp_sock
*msk
;
705 pr_debug("msk=%p ssk=%p data_avail=%d skb=%p", subflow
->conn
, ssk
,
706 subflow
->data_avail
, skb_peek(&ssk
->sk_receive_queue
));
707 if (subflow
->data_avail
)
710 msk
= mptcp_sk(subflow
->conn
);
717 status
= get_mapping_status(ssk
);
718 pr_debug("msk=%p ssk=%p status=%d", msk
, ssk
, status
);
719 if (status
== MAPPING_INVALID
) {
720 ssk
->sk_err
= EBADMSG
;
724 if (status
!= MAPPING_OK
)
727 skb
= skb_peek(&ssk
->sk_receive_queue
);
728 if (WARN_ON_ONCE(!skb
))
731 /* if msk lacks the remote key, this subflow must provide an
732 * MP_CAPABLE-based mapping
734 if (unlikely(!READ_ONCE(msk
->can_ack
))) {
735 if (!subflow
->mpc_map
) {
736 ssk
->sk_err
= EBADMSG
;
739 WRITE_ONCE(msk
->remote_key
, subflow
->remote_key
);
740 WRITE_ONCE(msk
->ack_seq
, subflow
->map_seq
);
741 WRITE_ONCE(msk
->can_ack
, true);
744 old_ack
= READ_ONCE(msk
->ack_seq
);
745 ack_seq
= mptcp_subflow_get_mapped_dsn(subflow
);
746 pr_debug("msk ack_seq=%llx subflow ack_seq=%llx", old_ack
,
748 if (ack_seq
== old_ack
)
751 /* only accept in-sequence mapping. Old values are spurious
752 * retransmission; we can hit "future" values on active backup
753 * subflow switch, we relay on retransmissions to get
755 * Cuncurrent subflows support will require subflow data
758 map_remaining
= subflow
->map_data_len
-
759 mptcp_subflow_get_map_offset(subflow
);
760 if (before64(ack_seq
, old_ack
))
761 delta
= min_t(size_t, old_ack
- ack_seq
, map_remaining
);
763 delta
= min_t(size_t, ack_seq
- old_ack
, map_remaining
);
765 /* discard mapped data */
766 pr_debug("discarding %zu bytes, current map len=%d", delta
,
769 read_descriptor_t desc
= {
774 ret
= tcp_read_sock(ssk
, &desc
, subflow_read_actor
);
781 if (delta
== map_remaining
)
782 subflow
->map_valid
= 0;
788 /* fatal protocol error, close the socket */
789 /* This barrier is coupled with smp_rmb() in tcp_poll() */
791 ssk
->sk_error_report(ssk
);
792 tcp_set_state(ssk
, TCP_CLOSE
);
793 tcp_send_active_reset(ssk
, GFP_ATOMIC
);
797 bool mptcp_subflow_data_available(struct sock
*sk
)
799 struct mptcp_subflow_context
*subflow
= mptcp_subflow_ctx(sk
);
802 /* check if current mapping is still valid */
803 if (subflow
->map_valid
&&
804 mptcp_subflow_get_map_offset(subflow
) >= subflow
->map_data_len
) {
805 subflow
->map_valid
= 0;
806 subflow
->data_avail
= 0;
808 pr_debug("Done with mapping: seq=%u data_len=%u",
809 subflow
->map_subflow_seq
,
810 subflow
->map_data_len
);
813 if (!subflow_check_data_avail(sk
)) {
814 subflow
->data_avail
= 0;
818 skb
= skb_peek(&sk
->sk_receive_queue
);
819 subflow
->data_avail
= skb
&&
820 before(tcp_sk(sk
)->copied_seq
, TCP_SKB_CB(skb
)->end_seq
);
821 return subflow
->data_avail
;
824 static void subflow_data_ready(struct sock
*sk
)
826 struct mptcp_subflow_context
*subflow
= mptcp_subflow_ctx(sk
);
827 struct sock
*parent
= subflow
->conn
;
829 if (!subflow
->mp_capable
&& !subflow
->mp_join
) {
830 subflow
->tcp_data_ready(sk
);
832 parent
->sk_data_ready(parent
);
836 if (mptcp_subflow_data_available(sk
))
837 mptcp_data_ready(parent
, sk
);
840 static void subflow_write_space(struct sock
*sk
)
842 struct mptcp_subflow_context
*subflow
= mptcp_subflow_ctx(sk
);
843 struct sock
*parent
= subflow
->conn
;
845 sk_stream_write_space(sk
);
846 if (sk_stream_is_writeable(sk
)) {
847 set_bit(MPTCP_SEND_SPACE
, &mptcp_sk(parent
)->flags
);
848 smp_mb__after_atomic();
849 /* set SEND_SPACE before sk_stream_write_space clears NOSPACE */
850 sk_stream_write_space(parent
);
854 static struct inet_connection_sock_af_ops
*
855 subflow_default_af_ops(struct sock
*sk
)
857 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
858 if (sk
->sk_family
== AF_INET6
)
859 return &subflow_v6_specific
;
861 return &subflow_specific
;
864 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
865 void mptcpv6_handle_mapped(struct sock
*sk
, bool mapped
)
867 struct mptcp_subflow_context
*subflow
= mptcp_subflow_ctx(sk
);
868 struct inet_connection_sock
*icsk
= inet_csk(sk
);
869 struct inet_connection_sock_af_ops
*target
;
871 target
= mapped
? &subflow_v6m_specific
: subflow_default_af_ops(sk
);
873 pr_debug("subflow=%p family=%d ops=%p target=%p mapped=%d",
874 subflow
, sk
->sk_family
, icsk
->icsk_af_ops
, target
, mapped
);
876 if (likely(icsk
->icsk_af_ops
== target
))
879 subflow
->icsk_af_ops
= icsk
->icsk_af_ops
;
880 icsk
->icsk_af_ops
= target
;
884 static void mptcp_info2sockaddr(const struct mptcp_addr_info
*info
,
885 struct sockaddr_storage
*addr
)
887 memset(addr
, 0, sizeof(*addr
));
888 addr
->ss_family
= info
->family
;
889 if (addr
->ss_family
== AF_INET
) {
890 struct sockaddr_in
*in_addr
= (struct sockaddr_in
*)addr
;
892 in_addr
->sin_addr
= info
->addr
;
893 in_addr
->sin_port
= info
->port
;
895 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
896 else if (addr
->ss_family
== AF_INET6
) {
897 struct sockaddr_in6
*in6_addr
= (struct sockaddr_in6
*)addr
;
899 in6_addr
->sin6_addr
= info
->addr6
;
900 in6_addr
->sin6_port
= info
->port
;
905 int __mptcp_subflow_connect(struct sock
*sk
, int ifindex
,
906 const struct mptcp_addr_info
*loc
,
907 const struct mptcp_addr_info
*remote
)
909 struct mptcp_sock
*msk
= mptcp_sk(sk
);
910 struct mptcp_subflow_context
*subflow
;
911 struct sockaddr_storage addr
;
917 if (sk
->sk_state
!= TCP_ESTABLISHED
)
920 err
= mptcp_subflow_create_socket(sk
, &sf
);
924 subflow
= mptcp_subflow_ctx(sf
->sk
);
925 subflow
->remote_key
= msk
->remote_key
;
926 subflow
->local_key
= msk
->local_key
;
927 subflow
->token
= msk
->token
;
928 mptcp_info2sockaddr(loc
, &addr
);
930 addrlen
= sizeof(struct sockaddr_in
);
931 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
932 if (loc
->family
== AF_INET6
)
933 addrlen
= sizeof(struct sockaddr_in6
);
935 sf
->sk
->sk_bound_dev_if
= ifindex
;
936 err
= kernel_bind(sf
, (struct sockaddr
*)&addr
, addrlen
);
940 mptcp_crypto_key_sha(subflow
->remote_key
, &remote_token
, NULL
);
941 pr_debug("msk=%p remote_token=%u", msk
, remote_token
);
942 subflow
->remote_token
= remote_token
;
943 subflow
->local_id
= loc
->id
;
944 subflow
->request_join
= 1;
945 subflow
->request_bkup
= 1;
946 mptcp_info2sockaddr(remote
, &addr
);
948 err
= kernel_connect(sf
, (struct sockaddr
*)&addr
, addrlen
, O_NONBLOCK
);
949 if (err
&& err
!= -EINPROGRESS
)
952 spin_lock_bh(&msk
->join_list_lock
);
953 list_add_tail(&subflow
->node
, &msk
->join_list
);
954 spin_unlock_bh(&msk
->join_list_lock
);
963 int mptcp_subflow_create_socket(struct sock
*sk
, struct socket
**new_sock
)
965 struct mptcp_subflow_context
*subflow
;
966 struct net
*net
= sock_net(sk
);
970 err
= sock_create_kern(net
, sk
->sk_family
, SOCK_STREAM
, IPPROTO_TCP
,
977 /* kernel sockets do not by default acquire net ref, but TCP timer
980 sf
->sk
->sk_net_refcnt
= 1;
982 #ifdef CONFIG_PROC_FS
983 this_cpu_add(*net
->core
.sock_inuse
, 1);
985 err
= tcp_set_ulp(sf
->sk
, "mptcp");
986 release_sock(sf
->sk
);
991 subflow
= mptcp_subflow_ctx(sf
->sk
);
992 pr_debug("subflow=%p", subflow
);
1001 static struct mptcp_subflow_context
*subflow_create_ctx(struct sock
*sk
,
1004 struct inet_connection_sock
*icsk
= inet_csk(sk
);
1005 struct mptcp_subflow_context
*ctx
;
1007 ctx
= kzalloc(sizeof(*ctx
), priority
);
1011 rcu_assign_pointer(icsk
->icsk_ulp_data
, ctx
);
1012 INIT_LIST_HEAD(&ctx
->node
);
1014 pr_debug("subflow=%p", ctx
);
1021 static void __subflow_state_change(struct sock
*sk
)
1023 struct socket_wq
*wq
;
1026 wq
= rcu_dereference(sk
->sk_wq
);
1027 if (skwq_has_sleeper(wq
))
1028 wake_up_interruptible_all(&wq
->wait
);
1032 static bool subflow_is_done(const struct sock
*sk
)
1034 return sk
->sk_shutdown
& RCV_SHUTDOWN
|| sk
->sk_state
== TCP_CLOSE
;
1037 static void subflow_state_change(struct sock
*sk
)
1039 struct mptcp_subflow_context
*subflow
= mptcp_subflow_ctx(sk
);
1040 struct sock
*parent
= subflow
->conn
;
1042 __subflow_state_change(sk
);
1044 /* as recvmsg() does not acquire the subflow socket for ssk selection
1045 * a fin packet carrying a DSS can be unnoticed if we don't trigger
1046 * the data available machinery here.
1048 if (subflow
->mp_capable
&& mptcp_subflow_data_available(sk
))
1049 mptcp_data_ready(parent
, sk
);
1051 if (!(parent
->sk_shutdown
& RCV_SHUTDOWN
) &&
1052 !subflow
->rx_eof
&& subflow_is_done(sk
)) {
1053 subflow
->rx_eof
= 1;
1054 mptcp_subflow_eof(parent
);
1058 static int subflow_ulp_init(struct sock
*sk
)
1060 struct inet_connection_sock
*icsk
= inet_csk(sk
);
1061 struct mptcp_subflow_context
*ctx
;
1062 struct tcp_sock
*tp
= tcp_sk(sk
);
1065 /* disallow attaching ULP to a socket unless it has been
1066 * created with sock_create_kern()
1068 if (!sk
->sk_kern_sock
) {
1073 ctx
= subflow_create_ctx(sk
, GFP_KERNEL
);
1079 pr_debug("subflow=%p, family=%d", ctx
, sk
->sk_family
);
1082 ctx
->icsk_af_ops
= icsk
->icsk_af_ops
;
1083 icsk
->icsk_af_ops
= subflow_default_af_ops(sk
);
1084 ctx
->tcp_data_ready
= sk
->sk_data_ready
;
1085 ctx
->tcp_state_change
= sk
->sk_state_change
;
1086 ctx
->tcp_write_space
= sk
->sk_write_space
;
1087 sk
->sk_data_ready
= subflow_data_ready
;
1088 sk
->sk_write_space
= subflow_write_space
;
1089 sk
->sk_state_change
= subflow_state_change
;
1094 static void subflow_ulp_release(struct sock
*sk
)
1096 struct mptcp_subflow_context
*ctx
= mptcp_subflow_ctx(sk
);
1102 sock_put(ctx
->conn
);
1104 kfree_rcu(ctx
, rcu
);
1107 static void subflow_ulp_clone(const struct request_sock
*req
,
1109 const gfp_t priority
)
1111 struct mptcp_subflow_request_sock
*subflow_req
= mptcp_subflow_rsk(req
);
1112 struct mptcp_subflow_context
*old_ctx
= mptcp_subflow_ctx(newsk
);
1113 struct mptcp_subflow_context
*new_ctx
;
1115 if (!tcp_rsk(req
)->is_mptcp
||
1116 (!subflow_req
->mp_capable
&& !subflow_req
->mp_join
)) {
1117 subflow_ulp_fallback(newsk
, old_ctx
);
1121 new_ctx
= subflow_create_ctx(newsk
, priority
);
1123 subflow_ulp_fallback(newsk
, old_ctx
);
1127 new_ctx
->conn_finished
= 1;
1128 new_ctx
->icsk_af_ops
= old_ctx
->icsk_af_ops
;
1129 new_ctx
->tcp_data_ready
= old_ctx
->tcp_data_ready
;
1130 new_ctx
->tcp_state_change
= old_ctx
->tcp_state_change
;
1131 new_ctx
->tcp_write_space
= old_ctx
->tcp_write_space
;
1132 new_ctx
->rel_write_seq
= 1;
1133 new_ctx
->tcp_sock
= newsk
;
1135 if (subflow_req
->mp_capable
) {
1136 /* see comments in subflow_syn_recv_sock(), MPTCP connection
1137 * is fully established only after we receive the remote key
1139 new_ctx
->mp_capable
= 1;
1140 new_ctx
->local_key
= subflow_req
->local_key
;
1141 new_ctx
->token
= subflow_req
->token
;
1142 new_ctx
->ssn_offset
= subflow_req
->ssn_offset
;
1143 new_ctx
->idsn
= subflow_req
->idsn
;
1144 } else if (subflow_req
->mp_join
) {
1145 new_ctx
->ssn_offset
= subflow_req
->ssn_offset
;
1146 new_ctx
->mp_join
= 1;
1147 new_ctx
->fully_established
= 1;
1148 new_ctx
->backup
= subflow_req
->backup
;
1149 new_ctx
->local_id
= subflow_req
->local_id
;
1150 new_ctx
->token
= subflow_req
->token
;
1151 new_ctx
->thmac
= subflow_req
->thmac
;
1155 static struct tcp_ulp_ops subflow_ulp_ops __read_mostly
= {
1157 .owner
= THIS_MODULE
,
1158 .init
= subflow_ulp_init
,
1159 .release
= subflow_ulp_release
,
1160 .clone
= subflow_ulp_clone
,
1163 static int subflow_ops_init(struct request_sock_ops
*subflow_ops
)
1165 subflow_ops
->obj_size
= sizeof(struct mptcp_subflow_request_sock
);
1166 subflow_ops
->slab_name
= "request_sock_subflow";
1168 subflow_ops
->slab
= kmem_cache_create(subflow_ops
->slab_name
,
1169 subflow_ops
->obj_size
, 0,
1171 SLAB_TYPESAFE_BY_RCU
,
1173 if (!subflow_ops
->slab
)
1176 subflow_ops
->destructor
= subflow_req_destructor
;
1181 void mptcp_subflow_init(void)
1183 subflow_request_sock_ops
= tcp_request_sock_ops
;
1184 if (subflow_ops_init(&subflow_request_sock_ops
) != 0)
1185 panic("MPTCP: failed to init subflow request sock ops\n");
1187 subflow_request_sock_ipv4_ops
= tcp_request_sock_ipv4_ops
;
1188 subflow_request_sock_ipv4_ops
.init_req
= subflow_v4_init_req
;
1190 subflow_specific
= ipv4_specific
;
1191 subflow_specific
.conn_request
= subflow_v4_conn_request
;
1192 subflow_specific
.syn_recv_sock
= subflow_syn_recv_sock
;
1193 subflow_specific
.sk_rx_dst_set
= subflow_finish_connect
;
1194 subflow_specific
.rebuild_header
= subflow_rebuild_header
;
1196 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
1197 subflow_request_sock_ipv6_ops
= tcp_request_sock_ipv6_ops
;
1198 subflow_request_sock_ipv6_ops
.init_req
= subflow_v6_init_req
;
1200 subflow_v6_specific
= ipv6_specific
;
1201 subflow_v6_specific
.conn_request
= subflow_v6_conn_request
;
1202 subflow_v6_specific
.syn_recv_sock
= subflow_syn_recv_sock
;
1203 subflow_v6_specific
.sk_rx_dst_set
= subflow_finish_connect
;
1204 subflow_v6_specific
.rebuild_header
= subflow_rebuild_header
;
1206 subflow_v6m_specific
= subflow_v6_specific
;
1207 subflow_v6m_specific
.queue_xmit
= ipv4_specific
.queue_xmit
;
1208 subflow_v6m_specific
.send_check
= ipv4_specific
.send_check
;
1209 subflow_v6m_specific
.net_header_len
= ipv4_specific
.net_header_len
;
1210 subflow_v6m_specific
.mtu_reduced
= ipv4_specific
.mtu_reduced
;
1211 subflow_v6m_specific
.net_frag_header_len
= 0;
1214 mptcp_diag_subflow_init(&subflow_ulp_ops
);
1216 if (tcp_register_ulp(&subflow_ulp_ops
) != 0)
1217 panic("MPTCP: failed to register subflows to ULP\n");