tcp: Configure TFO without cookie per socket and/or per route
authorChristoph Paasch <cpaasch@apple.com>
Mon, 23 Oct 2017 20:22:23 +0000 (13:22 -0700)
committerDavid S. Miller <davem@davemloft.net>
Tue, 24 Oct 2017 09:48:08 +0000 (18:48 +0900)
commit71c02379c762cb616c00fd5c4ed253fbf6bbe11b
tree516606a09f6d284d35d2d510fe23b11bf9e69f2a
parentb6f4f8484d88b69f700907200a9a9ec73806355f
tcp: Configure TFO without cookie per socket and/or per route

We already allow to enable TFO without a cookie by using the
fastopen-sysctl and setting it to TFO_SERVER_COOKIE_NOT_REQD (or
TFO_CLIENT_NO_COOKIE).
This is safe to do in certain environments where we know that there
isn't a malicous host (aka., data-centers) or when the
application-protocol already provides an authentication mechanism in the
first flight of data.

A server however might be providing multiple services or talking to both
sides (public Internet and data-center). So, this server would want to
enable cookie-less TFO for certain services and/or for connections that
go to the data-center.

This patch exposes a socket-option and a per-route attribute to enable such
fine-grained configurations.

Signed-off-by: Christoph Paasch <cpaasch@apple.com>
Reviewed-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/tcp.h
include/net/tcp.h
include/uapi/linux/rtnetlink.h
include/uapi/linux/tcp.h
net/ipv4/tcp.c
net/ipv4/tcp_fastopen.c
net/ipv4/tcp_input.c