1 // SPDX-License-Identifier: GPL-2.0
4 * Copyright (c) 2017 - 2019, Intel Corporation.
7 #define pr_fmt(fmt) "MPTCP: " fmt
9 #include <linux/kernel.h>
10 #include <crypto/sha2.h>
12 #include <net/mptcp.h>
16 #include <trace/events/mptcp.h>
18 static bool mptcp_cap_flag_sha256(u8 flags)
20 return (flags & MPTCP_CAP_FLAG_MASK) == MPTCP_CAP_HMAC_SHA256;
23 static void mptcp_parse_option(const struct sk_buff *skb,
24 const unsigned char *ptr, int opsize,
25 struct mptcp_options_received *mp_opt)
27 u8 subtype = *ptr >> 4;
34 case MPTCPOPT_MP_CAPABLE:
35 /* strict size checking */
36 if (!(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)) {
37 if (skb->len > tcp_hdr(skb)->doff << 2)
38 expected_opsize = TCPOLEN_MPTCP_MPC_ACK_DATA;
40 expected_opsize = TCPOLEN_MPTCP_MPC_ACK;
42 if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_ACK)
43 expected_opsize = TCPOLEN_MPTCP_MPC_SYNACK;
45 expected_opsize = TCPOLEN_MPTCP_MPC_SYN;
47 if (opsize != expected_opsize)
50 /* try to be gentle vs future versions on the initial syn */
51 version = *ptr++ & MPTCP_VERSION_MASK;
52 if (opsize != TCPOLEN_MPTCP_MPC_SYN) {
53 if (version != MPTCP_SUPPORTED_VERSION)
55 } else if (version < MPTCP_SUPPORTED_VERSION) {
60 if (!mptcp_cap_flag_sha256(flags) ||
61 (flags & MPTCP_CAP_EXTENSIBILITY))
64 /* RFC 6824, Section 3.1:
65 * "For the Checksum Required bit (labeled "A"), if either
66 * host requires the use of checksums, checksums MUST be used.
67 * In other words, the only way for checksums not to be used
68 * is if both hosts in their SYNs set A=0."
71 * "If a checksum is not present when its use has been
72 * negotiated, the receiver MUST close the subflow with a RST as
73 * it is considered broken."
75 * We don't implement DSS checksum - fall back to TCP.
77 if (flags & MPTCP_CAP_CHECKSUM_REQD)
80 mp_opt->mp_capable = 1;
81 if (opsize >= TCPOLEN_MPTCP_MPC_SYNACK) {
82 mp_opt->sndr_key = get_unaligned_be64(ptr);
85 if (opsize >= TCPOLEN_MPTCP_MPC_ACK) {
86 mp_opt->rcvr_key = get_unaligned_be64(ptr);
89 if (opsize == TCPOLEN_MPTCP_MPC_ACK_DATA) {
91 * "the data parameters in a MP_CAPABLE are semantically
92 * equivalent to those in a DSS option and can be used
98 mp_opt->data_len = get_unaligned_be16(ptr);
101 pr_debug("MP_CAPABLE version=%x, flags=%x, optlen=%d sndr=%llu, rcvr=%llu len=%d",
102 version, flags, opsize, mp_opt->sndr_key,
103 mp_opt->rcvr_key, mp_opt->data_len);
106 case MPTCPOPT_MP_JOIN:
108 if (opsize == TCPOLEN_MPTCP_MPJ_SYN) {
109 mp_opt->backup = *ptr++ & MPTCPOPT_BACKUP;
110 mp_opt->join_id = *ptr++;
111 mp_opt->token = get_unaligned_be32(ptr);
113 mp_opt->nonce = get_unaligned_be32(ptr);
115 pr_debug("MP_JOIN bkup=%u, id=%u, token=%u, nonce=%u",
116 mp_opt->backup, mp_opt->join_id,
117 mp_opt->token, mp_opt->nonce);
118 } else if (opsize == TCPOLEN_MPTCP_MPJ_SYNACK) {
119 mp_opt->backup = *ptr++ & MPTCPOPT_BACKUP;
120 mp_opt->join_id = *ptr++;
121 mp_opt->thmac = get_unaligned_be64(ptr);
123 mp_opt->nonce = get_unaligned_be32(ptr);
125 pr_debug("MP_JOIN bkup=%u, id=%u, thmac=%llu, nonce=%u",
126 mp_opt->backup, mp_opt->join_id,
127 mp_opt->thmac, mp_opt->nonce);
128 } else if (opsize == TCPOLEN_MPTCP_MPJ_ACK) {
130 memcpy(mp_opt->hmac, ptr, MPTCPOPT_HMAC_LEN);
131 pr_debug("MP_JOIN hmac");
141 /* we must clear 'mpc_map' be able to detect MP_CAPABLE
142 * map vs DSS map in mptcp_incoming_options(), and reconstruct
143 * map info accordingly
146 flags = (*ptr++) & MPTCP_DSS_FLAG_MASK;
147 mp_opt->data_fin = (flags & MPTCP_DSS_DATA_FIN) != 0;
148 mp_opt->dsn64 = (flags & MPTCP_DSS_DSN64) != 0;
149 mp_opt->use_map = (flags & MPTCP_DSS_HAS_MAP) != 0;
150 mp_opt->ack64 = (flags & MPTCP_DSS_ACK64) != 0;
151 mp_opt->use_ack = (flags & MPTCP_DSS_HAS_ACK);
153 pr_debug("data_fin=%d dsn64=%d use_map=%d ack64=%d use_ack=%d",
154 mp_opt->data_fin, mp_opt->dsn64,
155 mp_opt->use_map, mp_opt->ack64,
158 expected_opsize = TCPOLEN_MPTCP_DSS_BASE;
160 if (mp_opt->use_ack) {
162 expected_opsize += TCPOLEN_MPTCP_DSS_ACK64;
164 expected_opsize += TCPOLEN_MPTCP_DSS_ACK32;
167 if (mp_opt->use_map) {
169 expected_opsize += TCPOLEN_MPTCP_DSS_MAP64;
171 expected_opsize += TCPOLEN_MPTCP_DSS_MAP32;
174 /* RFC 6824, Section 3.3:
175 * If a checksum is present, but its use had
176 * not been negotiated in the MP_CAPABLE handshake,
177 * the checksum field MUST be ignored.
179 if (opsize != expected_opsize &&
180 opsize != expected_opsize + TCPOLEN_MPTCP_DSS_CHECKSUM)
185 if (mp_opt->use_ack) {
187 mp_opt->data_ack = get_unaligned_be64(ptr);
190 mp_opt->data_ack = get_unaligned_be32(ptr);
194 pr_debug("data_ack=%llu", mp_opt->data_ack);
197 if (mp_opt->use_map) {
199 mp_opt->data_seq = get_unaligned_be64(ptr);
202 mp_opt->data_seq = get_unaligned_be32(ptr);
206 mp_opt->subflow_seq = get_unaligned_be32(ptr);
209 mp_opt->data_len = get_unaligned_be16(ptr);
212 pr_debug("data_seq=%llu subflow_seq=%u data_len=%u",
213 mp_opt->data_seq, mp_opt->subflow_seq,
219 case MPTCPOPT_ADD_ADDR:
220 mp_opt->echo = (*ptr++) & MPTCP_ADDR_ECHO;
222 if (opsize == TCPOLEN_MPTCP_ADD_ADDR ||
223 opsize == TCPOLEN_MPTCP_ADD_ADDR_PORT)
224 mp_opt->addr.family = AF_INET;
225 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
226 else if (opsize == TCPOLEN_MPTCP_ADD_ADDR6 ||
227 opsize == TCPOLEN_MPTCP_ADD_ADDR6_PORT)
228 mp_opt->addr.family = AF_INET6;
233 if (opsize == TCPOLEN_MPTCP_ADD_ADDR_BASE ||
234 opsize == TCPOLEN_MPTCP_ADD_ADDR_BASE_PORT)
235 mp_opt->addr.family = AF_INET;
236 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
237 else if (opsize == TCPOLEN_MPTCP_ADD_ADDR6_BASE ||
238 opsize == TCPOLEN_MPTCP_ADD_ADDR6_BASE_PORT)
239 mp_opt->addr.family = AF_INET6;
245 mp_opt->add_addr = 1;
246 mp_opt->addr.id = *ptr++;
247 if (mp_opt->addr.family == AF_INET) {
248 memcpy((u8 *)&mp_opt->addr.addr.s_addr, (u8 *)ptr, 4);
250 if (opsize == TCPOLEN_MPTCP_ADD_ADDR_PORT ||
251 opsize == TCPOLEN_MPTCP_ADD_ADDR_BASE_PORT) {
252 mp_opt->addr.port = htons(get_unaligned_be16(ptr));
256 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
258 memcpy(mp_opt->addr.addr6.s6_addr, (u8 *)ptr, 16);
260 if (opsize == TCPOLEN_MPTCP_ADD_ADDR6_PORT ||
261 opsize == TCPOLEN_MPTCP_ADD_ADDR6_BASE_PORT) {
262 mp_opt->addr.port = htons(get_unaligned_be16(ptr));
268 mp_opt->ahmac = get_unaligned_be64(ptr);
271 pr_debug("ADD_ADDR%s: id=%d, ahmac=%llu, echo=%d, port=%d",
272 (mp_opt->addr.family == AF_INET6) ? "6" : "",
273 mp_opt->addr.id, mp_opt->ahmac, mp_opt->echo, ntohs(mp_opt->addr.port));
276 case MPTCPOPT_RM_ADDR:
277 if (opsize < TCPOLEN_MPTCP_RM_ADDR_BASE + 1 ||
278 opsize > TCPOLEN_MPTCP_RM_ADDR_BASE + MPTCP_RM_IDS_MAX)
284 mp_opt->rm_list.nr = opsize - TCPOLEN_MPTCP_RM_ADDR_BASE;
285 for (i = 0; i < mp_opt->rm_list.nr; i++)
286 mp_opt->rm_list.ids[i] = *ptr++;
287 pr_debug("RM_ADDR: rm_list_nr=%d", mp_opt->rm_list.nr);
290 case MPTCPOPT_MP_PRIO:
291 if (opsize != TCPOLEN_MPTCP_PRIO)
295 mp_opt->backup = *ptr++ & MPTCP_PRIO_BKUP;
296 pr_debug("MP_PRIO: prio=%d", mp_opt->backup);
299 case MPTCPOPT_MP_FASTCLOSE:
300 if (opsize != TCPOLEN_MPTCP_FASTCLOSE)
304 mp_opt->rcvr_key = get_unaligned_be64(ptr);
306 mp_opt->fastclose = 1;
310 if (opsize != TCPOLEN_MPTCP_RST)
313 if (!(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_RST))
317 mp_opt->reset_transient = flags & MPTCP_RST_TRANSIENT;
318 mp_opt->reset_reason = *ptr;
326 void mptcp_get_options(const struct sock *sk,
327 const struct sk_buff *skb,
328 struct mptcp_options_received *mp_opt)
330 const struct tcphdr *th = tcp_hdr(skb);
331 const unsigned char *ptr;
334 /* initialize option status */
335 mp_opt->mp_capable = 0;
337 mp_opt->add_addr = 0;
339 mp_opt->fastclose = 0;
340 mp_opt->addr.port = 0;
346 length = (th->doff * 4) - sizeof(struct tcphdr);
347 ptr = (const unsigned char *)(th + 1);
356 case TCPOPT_NOP: /* Ref: RFC 793 section 3.1 */
363 if (opsize < 2) /* "silly options" */
366 return; /* don't parse partial options */
367 if (opcode == TCPOPT_MPTCP)
368 mptcp_parse_option(skb, ptr, opsize, mp_opt);
375 bool mptcp_syn_options(struct sock *sk, const struct sk_buff *skb,
376 unsigned int *size, struct mptcp_out_options *opts)
378 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
380 /* we will use snd_isn to detect first pkt [re]transmission
381 * in mptcp_established_options_mp()
383 subflow->snd_isn = TCP_SKB_CB(skb)->end_seq;
384 if (subflow->request_mptcp) {
385 opts->suboptions = OPTION_MPTCP_MPC_SYN;
386 *size = TCPOLEN_MPTCP_MPC_SYN;
388 } else if (subflow->request_join) {
389 pr_debug("remote_token=%u, nonce=%u", subflow->remote_token,
390 subflow->local_nonce);
391 opts->suboptions = OPTION_MPTCP_MPJ_SYN;
392 opts->join_id = subflow->local_id;
393 opts->token = subflow->remote_token;
394 opts->nonce = subflow->local_nonce;
395 opts->backup = subflow->request_bkup;
396 *size = TCPOLEN_MPTCP_MPJ_SYN;
402 /* MP_JOIN client subflow must wait for 4th ack before sending any data:
403 * TCP can't schedule delack timer before the subflow is fully established.
404 * MPTCP uses the delack timer to do 3rd ack retransmissions
406 static void schedule_3rdack_retransmission(struct sock *sk)
408 struct inet_connection_sock *icsk = inet_csk(sk);
409 struct tcp_sock *tp = tcp_sk(sk);
410 unsigned long timeout;
412 /* reschedule with a timeout above RTT, as we must look only for drop */
414 timeout = tp->srtt_us << 1;
416 timeout = TCP_TIMEOUT_INIT;
418 WARN_ON_ONCE(icsk->icsk_ack.pending & ICSK_ACK_TIMER);
419 icsk->icsk_ack.pending |= ICSK_ACK_SCHED | ICSK_ACK_TIMER;
420 icsk->icsk_ack.timeout = timeout;
421 sk_reset_timer(sk, &icsk->icsk_delack_timer, timeout);
424 static void clear_3rdack_retransmission(struct sock *sk)
426 struct inet_connection_sock *icsk = inet_csk(sk);
428 sk_stop_timer(sk, &icsk->icsk_delack_timer);
429 icsk->icsk_ack.timeout = 0;
430 icsk->icsk_ack.ato = 0;
431 icsk->icsk_ack.pending &= ~(ICSK_ACK_SCHED | ICSK_ACK_TIMER);
434 static bool mptcp_established_options_mp(struct sock *sk, struct sk_buff *skb,
435 bool snd_data_fin_enable,
437 unsigned int remaining,
438 struct mptcp_out_options *opts)
440 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
441 struct mptcp_ext *mpext;
442 unsigned int data_len;
444 /* When skb is not available, we better over-estimate the emitted
445 * options len. A full DSS option (28 bytes) is longer than
446 * TCPOLEN_MPTCP_MPC_ACK_DATA(22) or TCPOLEN_MPTCP_MPJ_ACK(24), so
447 * tell the caller to defer the estimate to
448 * mptcp_established_options_dss(), which will reserve enough space.
453 /* MPC/MPJ needed only on 3rd ack packet, DATA_FIN and TCP shutdown take precedence */
454 if (subflow->fully_established || snd_data_fin_enable ||
455 subflow->snd_isn != TCP_SKB_CB(skb)->seq ||
456 sk->sk_state != TCP_ESTABLISHED)
459 if (subflow->mp_capable) {
460 mpext = mptcp_get_ext(skb);
461 data_len = mpext ? mpext->data_len : 0;
463 /* we will check ext_copy.data_len in mptcp_write_options() to
464 * discriminate between TCPOLEN_MPTCP_MPC_ACK_DATA and
465 * TCPOLEN_MPTCP_MPC_ACK
467 opts->ext_copy.data_len = data_len;
468 opts->suboptions = OPTION_MPTCP_MPC_ACK;
469 opts->sndr_key = subflow->local_key;
470 opts->rcvr_key = subflow->remote_key;
473 * The MP_CAPABLE option is carried on the SYN, SYN/ACK, and ACK
474 * packets that start the first subflow of an MPTCP connection,
475 * as well as the first packet that carries data
478 *size = ALIGN(TCPOLEN_MPTCP_MPC_ACK_DATA, 4);
480 *size = TCPOLEN_MPTCP_MPC_ACK;
482 pr_debug("subflow=%p, local_key=%llu, remote_key=%llu map_len=%d",
483 subflow, subflow->local_key, subflow->remote_key,
487 } else if (subflow->mp_join) {
488 opts->suboptions = OPTION_MPTCP_MPJ_ACK;
489 memcpy(opts->hmac, subflow->hmac, MPTCPOPT_HMAC_LEN);
490 *size = TCPOLEN_MPTCP_MPJ_ACK;
491 pr_debug("subflow=%p", subflow);
493 schedule_3rdack_retransmission(sk);
499 static void mptcp_write_data_fin(struct mptcp_subflow_context *subflow,
500 struct sk_buff *skb, struct mptcp_ext *ext)
502 /* The write_seq value has already been incremented, so the actual
503 * sequence number for the DATA_FIN is one less.
505 u64 data_fin_tx_seq = READ_ONCE(mptcp_sk(subflow->conn)->write_seq) - 1;
507 if (!ext->use_map || !skb->len) {
508 /* RFC6824 requires a DSS mapping with specific values
509 * if DATA_FIN is set but no data payload is mapped
514 ext->data_seq = data_fin_tx_seq;
515 ext->subflow_seq = 0;
517 } else if (ext->data_seq + ext->data_len == data_fin_tx_seq) {
518 /* If there's an existing DSS mapping and it is the
519 * final mapping, DATA_FIN consumes 1 additional byte of
527 static bool mptcp_established_options_dss(struct sock *sk, struct sk_buff *skb,
528 bool snd_data_fin_enable,
530 unsigned int remaining,
531 struct mptcp_out_options *opts)
533 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
534 struct mptcp_sock *msk = mptcp_sk(subflow->conn);
535 unsigned int dss_size = 0;
536 struct mptcp_ext *mpext;
537 unsigned int ack_size;
541 mpext = skb ? mptcp_get_ext(skb) : NULL;
543 if (!skb || (mpext && mpext->use_map) || snd_data_fin_enable) {
544 unsigned int map_size;
546 map_size = TCPOLEN_MPTCP_DSS_BASE + TCPOLEN_MPTCP_DSS_MAP64;
548 remaining -= map_size;
551 opts->ext_copy = *mpext;
553 if (skb && snd_data_fin_enable)
554 mptcp_write_data_fin(subflow, skb, &opts->ext_copy);
558 /* passive sockets msk will set the 'can_ack' after accept(), even
559 * if the first subflow may have the already the remote key handy
561 opts->ext_copy.use_ack = 0;
562 if (!READ_ONCE(msk->can_ack)) {
563 *size = ALIGN(dss_size, 4);
567 ack_seq = READ_ONCE(msk->ack_seq);
568 if (READ_ONCE(msk->use_64bit_ack)) {
569 ack_size = TCPOLEN_MPTCP_DSS_ACK64;
570 opts->ext_copy.data_ack = ack_seq;
571 opts->ext_copy.ack64 = 1;
573 ack_size = TCPOLEN_MPTCP_DSS_ACK32;
574 opts->ext_copy.data_ack32 = (uint32_t)ack_seq;
575 opts->ext_copy.ack64 = 0;
577 opts->ext_copy.use_ack = 1;
578 WRITE_ONCE(msk->old_wspace, __mptcp_space((struct sock *)msk));
580 /* Add kind/length/subtype/flag overhead if mapping is not populated */
582 ack_size += TCPOLEN_MPTCP_DSS_BASE;
584 dss_size += ack_size;
586 *size = ALIGN(dss_size, 4);
590 static u64 add_addr_generate_hmac(u64 key1, u64 key2,
591 struct mptcp_addr_info *addr)
593 u16 port = ntohs(addr->port);
594 u8 hmac[SHA256_DIGEST_SIZE];
599 if (addr->family == AF_INET) {
600 memcpy(&msg[i], &addr->addr.s_addr, 4);
603 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
604 else if (addr->family == AF_INET6) {
605 memcpy(&msg[i], &addr->addr6.s6_addr, 16);
609 msg[i++] = port >> 8;
610 msg[i++] = port & 0xFF;
612 mptcp_crypto_hmac_sha(key1, key2, msg, i, hmac);
614 return get_unaligned_be64(&hmac[SHA256_DIGEST_SIZE - sizeof(u64)]);
617 static bool mptcp_established_options_add_addr(struct sock *sk, struct sk_buff *skb,
619 unsigned int remaining,
620 struct mptcp_out_options *opts)
622 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
623 struct mptcp_sock *msk = mptcp_sk(subflow->conn);
624 bool drop_other_suboptions = false;
625 unsigned int opt_size = *size;
630 if ((mptcp_pm_should_add_signal_ipv6(msk) ||
631 mptcp_pm_should_add_signal_port(msk) ||
632 mptcp_pm_should_add_signal_echo(msk)) &&
633 skb && skb_is_tcp_pure_ack(skb)) {
634 pr_debug("drop other suboptions");
635 opts->suboptions = 0;
636 opts->ext_copy.use_ack = 0;
637 opts->ext_copy.use_map = 0;
638 remaining += opt_size;
639 drop_other_suboptions = true;
642 if (!mptcp_pm_should_add_signal(msk) ||
643 !(mptcp_pm_add_addr_signal(msk, remaining, &opts->addr, &echo, &port)))
646 len = mptcp_add_addr_len(opts->addr.family, echo, port);
651 if (drop_other_suboptions)
653 opts->suboptions |= OPTION_MPTCP_ADD_ADDR;
655 opts->ahmac = add_addr_generate_hmac(msk->local_key,
659 pr_debug("addr_id=%d, ahmac=%llu, echo=%d, port=%d",
660 opts->addr.id, opts->ahmac, echo, ntohs(opts->addr.port));
665 static bool mptcp_established_options_rm_addr(struct sock *sk,
667 unsigned int remaining,
668 struct mptcp_out_options *opts)
670 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
671 struct mptcp_sock *msk = mptcp_sk(subflow->conn);
672 struct mptcp_rm_list rm_list;
675 if (!mptcp_pm_should_rm_signal(msk) ||
676 !(mptcp_pm_rm_addr_signal(msk, remaining, &rm_list)))
679 len = mptcp_rm_addr_len(&rm_list);
686 opts->suboptions |= OPTION_MPTCP_RM_ADDR;
687 opts->rm_list = rm_list;
689 for (i = 0; i < opts->rm_list.nr; i++)
690 pr_debug("rm_list_ids[%d]=%d", i, opts->rm_list.ids[i]);
695 static bool mptcp_established_options_mp_prio(struct sock *sk,
697 unsigned int remaining,
698 struct mptcp_out_options *opts)
700 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
702 if (!subflow->send_mp_prio)
705 /* account for the trailing 'nop' option */
706 if (remaining < TCPOLEN_MPTCP_PRIO_ALIGN)
709 *size = TCPOLEN_MPTCP_PRIO_ALIGN;
710 opts->suboptions |= OPTION_MPTCP_PRIO;
711 opts->backup = subflow->request_bkup;
713 pr_debug("prio=%d", opts->backup);
718 static noinline void mptcp_established_options_rst(struct sock *sk, struct sk_buff *skb,
720 unsigned int remaining,
721 struct mptcp_out_options *opts)
723 const struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
725 if (remaining < TCPOLEN_MPTCP_RST)
728 *size = TCPOLEN_MPTCP_RST;
729 opts->suboptions |= OPTION_MPTCP_RST;
730 opts->reset_transient = subflow->reset_transient;
731 opts->reset_reason = subflow->reset_reason;
734 bool mptcp_established_options(struct sock *sk, struct sk_buff *skb,
735 unsigned int *size, unsigned int remaining,
736 struct mptcp_out_options *opts)
738 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
739 struct mptcp_sock *msk = mptcp_sk(subflow->conn);
740 unsigned int opt_size = 0;
744 opts->suboptions = 0;
746 if (unlikely(__mptcp_check_fallback(msk)))
749 if (unlikely(skb && TCP_SKB_CB(skb)->tcp_flags & TCPHDR_RST)) {
750 mptcp_established_options_rst(sk, skb, size, remaining, opts);
754 snd_data_fin = mptcp_data_fin_enabled(msk);
755 if (mptcp_established_options_mp(sk, skb, snd_data_fin, &opt_size, remaining, opts))
757 else if (mptcp_established_options_dss(sk, skb, snd_data_fin, &opt_size, remaining, opts))
760 /* we reserved enough space for the above options, and exceeding the
761 * TCP option space would be fatal
763 if (WARN_ON_ONCE(opt_size > remaining))
767 remaining -= opt_size;
768 if (mptcp_established_options_add_addr(sk, skb, &opt_size, remaining, opts)) {
770 remaining -= opt_size;
772 } else if (mptcp_established_options_rm_addr(sk, &opt_size, remaining, opts)) {
774 remaining -= opt_size;
778 if (mptcp_established_options_mp_prio(sk, &opt_size, remaining, opts)) {
780 remaining -= opt_size;
787 bool mptcp_synack_options(const struct request_sock *req, unsigned int *size,
788 struct mptcp_out_options *opts)
790 struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req);
792 if (subflow_req->mp_capable) {
793 opts->suboptions = OPTION_MPTCP_MPC_SYNACK;
794 opts->sndr_key = subflow_req->local_key;
795 *size = TCPOLEN_MPTCP_MPC_SYNACK;
796 pr_debug("subflow_req=%p, local_key=%llu",
797 subflow_req, subflow_req->local_key);
799 } else if (subflow_req->mp_join) {
800 opts->suboptions = OPTION_MPTCP_MPJ_SYNACK;
801 opts->backup = subflow_req->backup;
802 opts->join_id = subflow_req->local_id;
803 opts->thmac = subflow_req->thmac;
804 opts->nonce = subflow_req->local_nonce;
805 pr_debug("req=%p, bkup=%u, id=%u, thmac=%llu, nonce=%u",
806 subflow_req, opts->backup, opts->join_id,
807 opts->thmac, opts->nonce);
808 *size = TCPOLEN_MPTCP_MPJ_SYNACK;
814 static bool check_fully_established(struct mptcp_sock *msk, struct sock *ssk,
815 struct mptcp_subflow_context *subflow,
817 struct mptcp_options_received *mp_opt)
819 /* here we can process OoO, in-window pkts, only in-sequence 4th ack
820 * will make the subflow fully established
822 if (likely(subflow->fully_established)) {
823 /* on passive sockets, check for 3rd ack retransmission
824 * note that msk is always set by subflow_syn_recv_sock()
825 * for mp_join subflows
827 if (TCP_SKB_CB(skb)->seq == subflow->ssn_offset + 1 &&
828 TCP_SKB_CB(skb)->end_seq == TCP_SKB_CB(skb)->seq &&
829 subflow->mp_join && mp_opt->mp_join &&
830 READ_ONCE(msk->pm.server_side))
832 goto fully_established;
835 /* we must process OoO packets before the first subflow is fully
836 * established. OoO packets are instead a protocol violation
837 * for MP_JOIN subflows as the peer must not send any data
838 * before receiving the forth ack - cfr. RFC 8684 section 3.2.
840 if (TCP_SKB_CB(skb)->seq != subflow->ssn_offset + 1) {
841 if (subflow->mp_join)
843 return subflow->mp_capable;
846 if ((mp_opt->dss && mp_opt->use_ack) ||
847 (mp_opt->add_addr && !mp_opt->echo)) {
848 /* subflows are fully established as soon as we get any
849 * additional ack, including ADD_ADDR.
851 subflow->fully_established = 1;
852 WRITE_ONCE(msk->fully_established, true);
853 goto fully_established;
856 /* If the first established packet does not contain MP_CAPABLE + data
857 * then fallback to TCP. Fallback scenarios requires a reset for
860 if (!mp_opt->mp_capable) {
861 if (subflow->mp_join)
863 subflow->mp_capable = 0;
865 __mptcp_do_fallback(msk);
869 if (unlikely(!READ_ONCE(msk->pm.server_side)))
870 pr_warn_once("bogus mpc option on established client sk");
871 mptcp_subflow_fully_established(subflow, mp_opt);
874 /* if the subflow is not already linked into the conn_list, we can't
875 * notify the PM: this subflow is still on the listener queue
876 * and the PM possibly acquiring the subflow lock could race with
879 if (likely(subflow->pm_notified) || list_empty(&subflow->node))
882 subflow->pm_notified = 1;
883 if (subflow->mp_join) {
884 clear_3rdack_retransmission(ssk);
885 mptcp_pm_subflow_established(msk);
887 mptcp_pm_fully_established(msk, ssk, GFP_ATOMIC);
892 mptcp_subflow_reset(ssk);
896 u64 __mptcp_expand_seq(u64 old_seq, u64 cur_seq)
898 u32 old_seq32, cur_seq32;
900 old_seq32 = (u32)old_seq;
901 cur_seq32 = (u32)cur_seq;
902 cur_seq = (old_seq & GENMASK_ULL(63, 32)) + cur_seq32;
903 if (unlikely(cur_seq32 < old_seq32 && before(old_seq32, cur_seq32)))
904 return cur_seq + (1LL << 32);
906 /* reverse wrap could happen, too */
907 if (unlikely(cur_seq32 > old_seq32 && after(old_seq32, cur_seq32)))
908 return cur_seq - (1LL << 32);
912 static void ack_update_msk(struct mptcp_sock *msk,
914 struct mptcp_options_received *mp_opt)
916 u64 new_wnd_end, new_snd_una, snd_nxt = READ_ONCE(msk->snd_nxt);
917 struct sock *sk = (struct sock *)msk;
922 /* avoid ack expansion on update conflict, to reduce the risk of
923 * wrongly expanding to a future ack sequence number, which is way
924 * more dangerous than missing an ack
926 old_snd_una = msk->snd_una;
927 new_snd_una = mptcp_expand_seq(old_snd_una, mp_opt->data_ack, mp_opt->ack64);
929 /* ACK for data not even sent yet? Ignore. */
930 if (after64(new_snd_una, snd_nxt))
931 new_snd_una = old_snd_una;
933 new_wnd_end = new_snd_una + tcp_sk(ssk)->snd_wnd;
935 if (after64(new_wnd_end, msk->wnd_end))
936 msk->wnd_end = new_wnd_end;
938 /* this assumes mptcp_incoming_options() is invoked after tcp_ack() */
939 if (after64(msk->wnd_end, READ_ONCE(msk->snd_nxt)))
940 __mptcp_check_push(sk, ssk);
942 if (after64(new_snd_una, old_snd_una)) {
943 msk->snd_una = new_snd_una;
944 __mptcp_data_acked(sk);
946 mptcp_data_unlock(sk);
948 trace_ack_update_msk(mp_opt->data_ack,
949 old_snd_una, new_snd_una,
950 new_wnd_end, msk->wnd_end);
953 bool mptcp_update_rcv_data_fin(struct mptcp_sock *msk, u64 data_fin_seq, bool use_64bit)
955 /* Skip if DATA_FIN was already received.
956 * If updating simultaneously with the recvmsg loop, values
957 * should match. If they mismatch, the peer is misbehaving and
958 * we will prefer the most recent information.
960 if (READ_ONCE(msk->rcv_data_fin))
963 WRITE_ONCE(msk->rcv_data_fin_seq,
964 mptcp_expand_seq(READ_ONCE(msk->ack_seq), data_fin_seq, use_64bit));
965 WRITE_ONCE(msk->rcv_data_fin, 1);
970 static bool add_addr_hmac_valid(struct mptcp_sock *msk,
971 struct mptcp_options_received *mp_opt)
978 hmac = add_addr_generate_hmac(msk->remote_key,
982 pr_debug("msk=%p, ahmac=%llu, mp_opt->ahmac=%llu\n",
983 msk, (unsigned long long)hmac,
984 (unsigned long long)mp_opt->ahmac);
986 return hmac == mp_opt->ahmac;
989 /* Return false if a subflow has been reset, else return true */
990 bool mptcp_incoming_options(struct sock *sk, struct sk_buff *skb)
992 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
993 struct mptcp_sock *msk = mptcp_sk(subflow->conn);
994 struct mptcp_options_received mp_opt;
995 struct mptcp_ext *mpext;
997 if (__mptcp_check_fallback(msk)) {
998 /* Keep it simple and unconditionally trigger send data cleanup and
999 * pending queue spooling. We will need to acquire the data lock
1000 * for more accurate checks, and once the lock is acquired, such
1001 * helpers are cheap.
1003 mptcp_data_lock(subflow->conn);
1004 if (sk_stream_memory_free(sk))
1005 __mptcp_check_push(subflow->conn, sk);
1006 __mptcp_data_acked(subflow->conn);
1007 mptcp_data_unlock(subflow->conn);
1011 mptcp_get_options(sk, skb, &mp_opt);
1013 /* The subflow can be in close state only if check_fully_established()
1014 * just sent a reset. If so, tell the caller to ignore the current packet.
1016 if (!check_fully_established(msk, sk, subflow, skb, &mp_opt))
1017 return sk->sk_state != TCP_CLOSE;
1019 if (mp_opt.fastclose &&
1020 msk->local_key == mp_opt.rcvr_key) {
1021 WRITE_ONCE(msk->rcv_fastclose, true);
1022 mptcp_schedule_work((struct sock *)msk);
1025 if (mp_opt.add_addr && add_addr_hmac_valid(msk, &mp_opt)) {
1027 mptcp_pm_add_addr_received(msk, &mp_opt.addr);
1028 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_ADDADDR);
1030 mptcp_pm_add_addr_echoed(msk, &mp_opt.addr);
1031 mptcp_pm_del_add_timer(msk, &mp_opt.addr, true);
1032 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_ECHOADD);
1035 if (mp_opt.addr.port)
1036 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_PORTADD);
1038 mp_opt.add_addr = 0;
1041 if (mp_opt.rm_addr) {
1042 mptcp_pm_rm_addr_received(msk, &mp_opt.rm_list);
1046 if (mp_opt.mp_prio) {
1047 mptcp_pm_mp_prio_received(sk, mp_opt.backup);
1048 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPPRIORX);
1053 subflow->reset_seen = 1;
1054 subflow->reset_reason = mp_opt.reset_reason;
1055 subflow->reset_transient = mp_opt.reset_transient;
1061 /* we can't wait for recvmsg() to update the ack_seq, otherwise
1062 * monodirectional flows will stuck
1065 ack_update_msk(msk, sk, &mp_opt);
1067 /* Zero-data-length packets are dropped by the caller and not
1068 * propagated to the MPTCP layer, so the skb extension does not
1069 * need to be allocated or populated. DATA_FIN information, if
1070 * present, needs to be updated here before the skb is freed.
1072 if (TCP_SKB_CB(skb)->seq == TCP_SKB_CB(skb)->end_seq) {
1073 if (mp_opt.data_fin && mp_opt.data_len == 1 &&
1074 mptcp_update_rcv_data_fin(msk, mp_opt.data_seq, mp_opt.dsn64) &&
1075 schedule_work(&msk->work))
1076 sock_hold(subflow->conn);
1081 mpext = skb_ext_add(skb, SKB_EXT_MPTCP);
1085 memset(mpext, 0, sizeof(*mpext));
1087 if (mp_opt.use_map) {
1088 if (mp_opt.mpc_map) {
1089 /* this is an MP_CAPABLE carrying MPTCP data
1090 * we know this map the first chunk of data
1092 mptcp_crypto_key_sha(subflow->remote_key, NULL,
1095 mpext->subflow_seq = 1;
1098 mpext->data_fin = 0;
1100 mpext->data_seq = mp_opt.data_seq;
1101 mpext->subflow_seq = mp_opt.subflow_seq;
1102 mpext->dsn64 = mp_opt.dsn64;
1103 mpext->data_fin = mp_opt.data_fin;
1105 mpext->data_len = mp_opt.data_len;
1112 static void mptcp_set_rwin(const struct tcp_sock *tp)
1114 const struct sock *ssk = (const struct sock *)tp;
1115 const struct mptcp_subflow_context *subflow;
1116 struct mptcp_sock *msk;
1119 subflow = mptcp_subflow_ctx(ssk);
1120 msk = mptcp_sk(subflow->conn);
1122 ack_seq = READ_ONCE(msk->ack_seq) + tp->rcv_wnd;
1124 if (after64(ack_seq, READ_ONCE(msk->rcv_wnd_sent)))
1125 WRITE_ONCE(msk->rcv_wnd_sent, ack_seq);
1128 void mptcp_write_options(__be32 *ptr, const struct tcp_sock *tp,
1129 struct mptcp_out_options *opts)
1131 if ((OPTION_MPTCP_MPC_SYN | OPTION_MPTCP_MPC_SYNACK |
1132 OPTION_MPTCP_MPC_ACK) & opts->suboptions) {
1135 if (OPTION_MPTCP_MPC_SYN & opts->suboptions)
1136 len = TCPOLEN_MPTCP_MPC_SYN;
1137 else if (OPTION_MPTCP_MPC_SYNACK & opts->suboptions)
1138 len = TCPOLEN_MPTCP_MPC_SYNACK;
1139 else if (opts->ext_copy.data_len)
1140 len = TCPOLEN_MPTCP_MPC_ACK_DATA;
1142 len = TCPOLEN_MPTCP_MPC_ACK;
1144 *ptr++ = mptcp_option(MPTCPOPT_MP_CAPABLE, len,
1145 MPTCP_SUPPORTED_VERSION,
1146 MPTCP_CAP_HMAC_SHA256);
1148 if (!((OPTION_MPTCP_MPC_SYNACK | OPTION_MPTCP_MPC_ACK) &
1150 goto mp_capable_done;
1152 put_unaligned_be64(opts->sndr_key, ptr);
1154 if (!((OPTION_MPTCP_MPC_ACK) & opts->suboptions))
1155 goto mp_capable_done;
1157 put_unaligned_be64(opts->rcvr_key, ptr);
1159 if (!opts->ext_copy.data_len)
1160 goto mp_capable_done;
1162 put_unaligned_be32(opts->ext_copy.data_len << 16 |
1163 TCPOPT_NOP << 8 | TCPOPT_NOP, ptr);
1168 if (OPTION_MPTCP_ADD_ADDR & opts->suboptions) {
1169 u8 len = TCPOLEN_MPTCP_ADD_ADDR_BASE;
1170 u8 echo = MPTCP_ADDR_ECHO;
1172 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
1173 if (opts->addr.family == AF_INET6)
1174 len = TCPOLEN_MPTCP_ADD_ADDR6_BASE;
1177 if (opts->addr.port)
1178 len += TCPOLEN_MPTCP_PORT_LEN;
1181 len += sizeof(opts->ahmac);
1185 *ptr++ = mptcp_option(MPTCPOPT_ADD_ADDR,
1186 len, echo, opts->addr.id);
1187 if (opts->addr.family == AF_INET) {
1188 memcpy((u8 *)ptr, (u8 *)&opts->addr.addr.s_addr, 4);
1191 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
1192 else if (opts->addr.family == AF_INET6) {
1193 memcpy((u8 *)ptr, opts->addr.addr6.s6_addr, 16);
1198 if (!opts->addr.port) {
1200 put_unaligned_be64(opts->ahmac, ptr);
1204 u16 port = ntohs(opts->addr.port);
1207 u8 *bptr = (u8 *)ptr;
1209 put_unaligned_be16(port, bptr);
1211 put_unaligned_be64(opts->ahmac, bptr);
1213 put_unaligned_be16(TCPOPT_NOP << 8 |
1218 put_unaligned_be32(port << 16 |
1226 if (OPTION_MPTCP_RM_ADDR & opts->suboptions) {
1229 *ptr++ = mptcp_option(MPTCPOPT_RM_ADDR,
1230 TCPOLEN_MPTCP_RM_ADDR_BASE + opts->rm_list.nr,
1231 0, opts->rm_list.ids[0]);
1233 while (i < opts->rm_list.nr) {
1234 u8 id1, id2, id3, id4;
1236 id1 = opts->rm_list.ids[i];
1237 id2 = i + 1 < opts->rm_list.nr ? opts->rm_list.ids[i + 1] : TCPOPT_NOP;
1238 id3 = i + 2 < opts->rm_list.nr ? opts->rm_list.ids[i + 2] : TCPOPT_NOP;
1239 id4 = i + 3 < opts->rm_list.nr ? opts->rm_list.ids[i + 3] : TCPOPT_NOP;
1240 put_unaligned_be32(id1 << 24 | id2 << 16 | id3 << 8 | id4, ptr);
1246 if (OPTION_MPTCP_PRIO & opts->suboptions) {
1247 const struct sock *ssk = (const struct sock *)tp;
1248 struct mptcp_subflow_context *subflow;
1250 subflow = mptcp_subflow_ctx(ssk);
1251 subflow->send_mp_prio = 0;
1253 *ptr++ = mptcp_option(MPTCPOPT_MP_PRIO,
1255 opts->backup, TCPOPT_NOP);
1258 if (OPTION_MPTCP_MPJ_SYN & opts->suboptions) {
1259 *ptr++ = mptcp_option(MPTCPOPT_MP_JOIN,
1260 TCPOLEN_MPTCP_MPJ_SYN,
1261 opts->backup, opts->join_id);
1262 put_unaligned_be32(opts->token, ptr);
1264 put_unaligned_be32(opts->nonce, ptr);
1268 if (OPTION_MPTCP_MPJ_SYNACK & opts->suboptions) {
1269 *ptr++ = mptcp_option(MPTCPOPT_MP_JOIN,
1270 TCPOLEN_MPTCP_MPJ_SYNACK,
1271 opts->backup, opts->join_id);
1272 put_unaligned_be64(opts->thmac, ptr);
1274 put_unaligned_be32(opts->nonce, ptr);
1278 if (OPTION_MPTCP_MPJ_ACK & opts->suboptions) {
1279 *ptr++ = mptcp_option(MPTCPOPT_MP_JOIN,
1280 TCPOLEN_MPTCP_MPJ_ACK, 0, 0);
1281 memcpy(ptr, opts->hmac, MPTCPOPT_HMAC_LEN);
1285 if (OPTION_MPTCP_RST & opts->suboptions)
1286 *ptr++ = mptcp_option(MPTCPOPT_RST,
1288 opts->reset_transient,
1289 opts->reset_reason);
1291 if (opts->ext_copy.use_ack || opts->ext_copy.use_map) {
1292 struct mptcp_ext *mpext = &opts->ext_copy;
1293 u8 len = TCPOLEN_MPTCP_DSS_BASE;
1296 if (mpext->use_ack) {
1297 flags = MPTCP_DSS_HAS_ACK;
1299 len += TCPOLEN_MPTCP_DSS_ACK64;
1300 flags |= MPTCP_DSS_ACK64;
1302 len += TCPOLEN_MPTCP_DSS_ACK32;
1306 if (mpext->use_map) {
1307 len += TCPOLEN_MPTCP_DSS_MAP64;
1309 /* Use only 64-bit mapping flags for now, add
1310 * support for optional 32-bit mappings later.
1312 flags |= MPTCP_DSS_HAS_MAP | MPTCP_DSS_DSN64;
1313 if (mpext->data_fin)
1314 flags |= MPTCP_DSS_DATA_FIN;
1317 *ptr++ = mptcp_option(MPTCPOPT_DSS, len, 0, flags);
1319 if (mpext->use_ack) {
1321 put_unaligned_be64(mpext->data_ack, ptr);
1324 put_unaligned_be32(mpext->data_ack32, ptr);
1329 if (mpext->use_map) {
1330 put_unaligned_be64(mpext->data_seq, ptr);
1332 put_unaligned_be32(mpext->subflow_seq, ptr);
1334 put_unaligned_be32(mpext->data_len << 16 |
1335 TCPOPT_NOP << 8 | TCPOPT_NOP, ptr);
1343 __be32 mptcp_get_reset_option(const struct sk_buff *skb)
1345 const struct mptcp_ext *ext = mptcp_get_ext(skb);
1349 flags = ext->reset_transient;
1350 reason = ext->reset_reason;
1352 return mptcp_option(MPTCPOPT_RST, TCPOLEN_MPTCP_RST,
1358 EXPORT_SYMBOL_GPL(mptcp_get_reset_option);