1 // SPDX-License-Identifier: GPL-2.0
4 * Copyright (c) 2017 - 2019, Intel Corporation.
7 #define pr_fmt(fmt) "MPTCP: " fmt
9 #include <linux/kernel.h>
10 #include <crypto/sha2.h>
12 #include <net/mptcp.h>
16 #include <trace/events/mptcp.h>
18 static bool mptcp_cap_flag_sha256(u8 flags)
20 return (flags & MPTCP_CAP_FLAG_MASK) == MPTCP_CAP_HMAC_SHA256;
23 static void mptcp_parse_option(const struct sk_buff *skb,
24 const unsigned char *ptr, int opsize,
25 struct mptcp_options_received *mp_opt)
27 u8 subtype = *ptr >> 4;
34 case MPTCPOPT_MP_CAPABLE:
35 /* strict size checking */
36 if (!(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)) {
37 if (skb->len > tcp_hdr(skb)->doff << 2)
38 expected_opsize = TCPOLEN_MPTCP_MPC_ACK_DATA;
40 expected_opsize = TCPOLEN_MPTCP_MPC_ACK;
42 if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_ACK)
43 expected_opsize = TCPOLEN_MPTCP_MPC_SYNACK;
45 expected_opsize = TCPOLEN_MPTCP_MPC_SYN;
47 if (opsize != expected_opsize)
50 /* try to be gentle vs future versions on the initial syn */
51 version = *ptr++ & MPTCP_VERSION_MASK;
52 if (opsize != TCPOLEN_MPTCP_MPC_SYN) {
53 if (version != MPTCP_SUPPORTED_VERSION)
55 } else if (version < MPTCP_SUPPORTED_VERSION) {
60 if (!mptcp_cap_flag_sha256(flags) ||
61 (flags & MPTCP_CAP_EXTENSIBILITY))
64 /* RFC 6824, Section 3.1:
65 * "For the Checksum Required bit (labeled "A"), if either
66 * host requires the use of checksums, checksums MUST be used.
67 * In other words, the only way for checksums not to be used
68 * is if both hosts in their SYNs set A=0."
71 * "If a checksum is not present when its use has been
72 * negotiated, the receiver MUST close the subflow with a RST as
73 * it is considered broken."
75 * We don't implement DSS checksum - fall back to TCP.
77 if (flags & MPTCP_CAP_CHECKSUM_REQD)
80 mp_opt->mp_capable = 1;
81 if (opsize >= TCPOLEN_MPTCP_MPC_SYNACK) {
82 mp_opt->sndr_key = get_unaligned_be64(ptr);
85 if (opsize >= TCPOLEN_MPTCP_MPC_ACK) {
86 mp_opt->rcvr_key = get_unaligned_be64(ptr);
89 if (opsize == TCPOLEN_MPTCP_MPC_ACK_DATA) {
91 * "the data parameters in a MP_CAPABLE are semantically
92 * equivalent to those in a DSS option and can be used
98 mp_opt->data_len = get_unaligned_be16(ptr);
101 pr_debug("MP_CAPABLE version=%x, flags=%x, optlen=%d sndr=%llu, rcvr=%llu len=%d",
102 version, flags, opsize, mp_opt->sndr_key,
103 mp_opt->rcvr_key, mp_opt->data_len);
106 case MPTCPOPT_MP_JOIN:
108 if (opsize == TCPOLEN_MPTCP_MPJ_SYN) {
109 mp_opt->backup = *ptr++ & MPTCPOPT_BACKUP;
110 mp_opt->join_id = *ptr++;
111 mp_opt->token = get_unaligned_be32(ptr);
113 mp_opt->nonce = get_unaligned_be32(ptr);
115 pr_debug("MP_JOIN bkup=%u, id=%u, token=%u, nonce=%u",
116 mp_opt->backup, mp_opt->join_id,
117 mp_opt->token, mp_opt->nonce);
118 } else if (opsize == TCPOLEN_MPTCP_MPJ_SYNACK) {
119 mp_opt->backup = *ptr++ & MPTCPOPT_BACKUP;
120 mp_opt->join_id = *ptr++;
121 mp_opt->thmac = get_unaligned_be64(ptr);
123 mp_opt->nonce = get_unaligned_be32(ptr);
125 pr_debug("MP_JOIN bkup=%u, id=%u, thmac=%llu, nonce=%u",
126 mp_opt->backup, mp_opt->join_id,
127 mp_opt->thmac, mp_opt->nonce);
128 } else if (opsize == TCPOLEN_MPTCP_MPJ_ACK) {
130 memcpy(mp_opt->hmac, ptr, MPTCPOPT_HMAC_LEN);
131 pr_debug("MP_JOIN hmac");
141 /* we must clear 'mpc_map' be able to detect MP_CAPABLE
142 * map vs DSS map in mptcp_incoming_options(), and reconstruct
143 * map info accordingly
146 flags = (*ptr++) & MPTCP_DSS_FLAG_MASK;
147 mp_opt->data_fin = (flags & MPTCP_DSS_DATA_FIN) != 0;
148 mp_opt->dsn64 = (flags & MPTCP_DSS_DSN64) != 0;
149 mp_opt->use_map = (flags & MPTCP_DSS_HAS_MAP) != 0;
150 mp_opt->ack64 = (flags & MPTCP_DSS_ACK64) != 0;
151 mp_opt->use_ack = (flags & MPTCP_DSS_HAS_ACK);
153 pr_debug("data_fin=%d dsn64=%d use_map=%d ack64=%d use_ack=%d",
154 mp_opt->data_fin, mp_opt->dsn64,
155 mp_opt->use_map, mp_opt->ack64,
158 expected_opsize = TCPOLEN_MPTCP_DSS_BASE;
160 if (mp_opt->use_ack) {
162 expected_opsize += TCPOLEN_MPTCP_DSS_ACK64;
164 expected_opsize += TCPOLEN_MPTCP_DSS_ACK32;
167 if (mp_opt->use_map) {
169 expected_opsize += TCPOLEN_MPTCP_DSS_MAP64;
171 expected_opsize += TCPOLEN_MPTCP_DSS_MAP32;
174 /* RFC 6824, Section 3.3:
175 * If a checksum is present, but its use had
176 * not been negotiated in the MP_CAPABLE handshake,
177 * the checksum field MUST be ignored.
179 if (opsize != expected_opsize &&
180 opsize != expected_opsize + TCPOLEN_MPTCP_DSS_CHECKSUM)
185 if (mp_opt->use_ack) {
187 mp_opt->data_ack = get_unaligned_be64(ptr);
190 mp_opt->data_ack = get_unaligned_be32(ptr);
194 pr_debug("data_ack=%llu", mp_opt->data_ack);
197 if (mp_opt->use_map) {
199 mp_opt->data_seq = get_unaligned_be64(ptr);
202 mp_opt->data_seq = get_unaligned_be32(ptr);
206 mp_opt->subflow_seq = get_unaligned_be32(ptr);
209 mp_opt->data_len = get_unaligned_be16(ptr);
212 pr_debug("data_seq=%llu subflow_seq=%u data_len=%u",
213 mp_opt->data_seq, mp_opt->subflow_seq,
219 case MPTCPOPT_ADD_ADDR:
220 mp_opt->echo = (*ptr++) & MPTCP_ADDR_ECHO;
222 if (opsize == TCPOLEN_MPTCP_ADD_ADDR ||
223 opsize == TCPOLEN_MPTCP_ADD_ADDR_PORT)
224 mp_opt->addr.family = AF_INET;
225 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
226 else if (opsize == TCPOLEN_MPTCP_ADD_ADDR6 ||
227 opsize == TCPOLEN_MPTCP_ADD_ADDR6_PORT)
228 mp_opt->addr.family = AF_INET6;
233 if (opsize == TCPOLEN_MPTCP_ADD_ADDR_BASE ||
234 opsize == TCPOLEN_MPTCP_ADD_ADDR_BASE_PORT)
235 mp_opt->addr.family = AF_INET;
236 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
237 else if (opsize == TCPOLEN_MPTCP_ADD_ADDR6_BASE ||
238 opsize == TCPOLEN_MPTCP_ADD_ADDR6_BASE_PORT)
239 mp_opt->addr.family = AF_INET6;
245 mp_opt->add_addr = 1;
246 mp_opt->addr.id = *ptr++;
247 if (mp_opt->addr.family == AF_INET) {
248 memcpy((u8 *)&mp_opt->addr.addr.s_addr, (u8 *)ptr, 4);
250 if (opsize == TCPOLEN_MPTCP_ADD_ADDR_PORT ||
251 opsize == TCPOLEN_MPTCP_ADD_ADDR_BASE_PORT) {
252 mp_opt->addr.port = htons(get_unaligned_be16(ptr));
256 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
258 memcpy(mp_opt->addr.addr6.s6_addr, (u8 *)ptr, 16);
260 if (opsize == TCPOLEN_MPTCP_ADD_ADDR6_PORT ||
261 opsize == TCPOLEN_MPTCP_ADD_ADDR6_BASE_PORT) {
262 mp_opt->addr.port = htons(get_unaligned_be16(ptr));
268 mp_opt->ahmac = get_unaligned_be64(ptr);
271 pr_debug("ADD_ADDR%s: id=%d, ahmac=%llu, echo=%d, port=%d",
272 (mp_opt->addr.family == AF_INET6) ? "6" : "",
273 mp_opt->addr.id, mp_opt->ahmac, mp_opt->echo, ntohs(mp_opt->addr.port));
276 case MPTCPOPT_RM_ADDR:
277 if (opsize < TCPOLEN_MPTCP_RM_ADDR_BASE + 1 ||
278 opsize > TCPOLEN_MPTCP_RM_ADDR_BASE + MPTCP_RM_IDS_MAX)
284 mp_opt->rm_list.nr = opsize - TCPOLEN_MPTCP_RM_ADDR_BASE;
285 for (i = 0; i < mp_opt->rm_list.nr; i++)
286 mp_opt->rm_list.ids[i] = *ptr++;
287 pr_debug("RM_ADDR: rm_list_nr=%d", mp_opt->rm_list.nr);
290 case MPTCPOPT_MP_PRIO:
291 if (opsize != TCPOLEN_MPTCP_PRIO)
295 mp_opt->backup = *ptr++ & MPTCP_PRIO_BKUP;
296 pr_debug("MP_PRIO: prio=%d", mp_opt->backup);
299 case MPTCPOPT_MP_FASTCLOSE:
300 if (opsize != TCPOLEN_MPTCP_FASTCLOSE)
304 mp_opt->rcvr_key = get_unaligned_be64(ptr);
306 mp_opt->fastclose = 1;
310 if (opsize != TCPOLEN_MPTCP_RST)
313 if (!(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_RST))
317 mp_opt->reset_transient = flags & MPTCP_RST_TRANSIENT;
318 mp_opt->reset_reason = *ptr;
326 void mptcp_get_options(const struct sk_buff *skb,
327 struct mptcp_options_received *mp_opt)
329 const struct tcphdr *th = tcp_hdr(skb);
330 const unsigned char *ptr;
333 /* initialize option status */
334 mp_opt->mp_capable = 0;
336 mp_opt->add_addr = 0;
338 mp_opt->fastclose = 0;
339 mp_opt->addr.port = 0;
345 length = (th->doff * 4) - sizeof(struct tcphdr);
346 ptr = (const unsigned char *)(th + 1);
355 case TCPOPT_NOP: /* Ref: RFC 793 section 3.1 */
362 if (opsize < 2) /* "silly options" */
365 return; /* don't parse partial options */
366 if (opcode == TCPOPT_MPTCP)
367 mptcp_parse_option(skb, ptr, opsize, mp_opt);
374 bool mptcp_syn_options(struct sock *sk, const struct sk_buff *skb,
375 unsigned int *size, struct mptcp_out_options *opts)
377 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
379 /* we will use snd_isn to detect first pkt [re]transmission
380 * in mptcp_established_options_mp()
382 subflow->snd_isn = TCP_SKB_CB(skb)->end_seq;
383 if (subflow->request_mptcp) {
384 opts->suboptions = OPTION_MPTCP_MPC_SYN;
385 *size = TCPOLEN_MPTCP_MPC_SYN;
387 } else if (subflow->request_join) {
388 pr_debug("remote_token=%u, nonce=%u", subflow->remote_token,
389 subflow->local_nonce);
390 opts->suboptions = OPTION_MPTCP_MPJ_SYN;
391 opts->join_id = subflow->local_id;
392 opts->token = subflow->remote_token;
393 opts->nonce = subflow->local_nonce;
394 opts->backup = subflow->request_bkup;
395 *size = TCPOLEN_MPTCP_MPJ_SYN;
401 /* MP_JOIN client subflow must wait for 4th ack before sending any data:
402 * TCP can't schedule delack timer before the subflow is fully established.
403 * MPTCP uses the delack timer to do 3rd ack retransmissions
405 static void schedule_3rdack_retransmission(struct sock *sk)
407 struct inet_connection_sock *icsk = inet_csk(sk);
408 struct tcp_sock *tp = tcp_sk(sk);
409 unsigned long timeout;
411 /* reschedule with a timeout above RTT, as we must look only for drop */
413 timeout = tp->srtt_us << 1;
415 timeout = TCP_TIMEOUT_INIT;
417 WARN_ON_ONCE(icsk->icsk_ack.pending & ICSK_ACK_TIMER);
418 icsk->icsk_ack.pending |= ICSK_ACK_SCHED | ICSK_ACK_TIMER;
419 icsk->icsk_ack.timeout = timeout;
420 sk_reset_timer(sk, &icsk->icsk_delack_timer, timeout);
423 static void clear_3rdack_retransmission(struct sock *sk)
425 struct inet_connection_sock *icsk = inet_csk(sk);
427 sk_stop_timer(sk, &icsk->icsk_delack_timer);
428 icsk->icsk_ack.timeout = 0;
429 icsk->icsk_ack.ato = 0;
430 icsk->icsk_ack.pending &= ~(ICSK_ACK_SCHED | ICSK_ACK_TIMER);
433 static bool mptcp_established_options_mp(struct sock *sk, struct sk_buff *skb,
434 bool snd_data_fin_enable,
436 unsigned int remaining,
437 struct mptcp_out_options *opts)
439 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
440 struct mptcp_ext *mpext;
441 unsigned int data_len;
443 /* When skb is not available, we better over-estimate the emitted
444 * options len. A full DSS option (28 bytes) is longer than
445 * TCPOLEN_MPTCP_MPC_ACK_DATA(22) or TCPOLEN_MPTCP_MPJ_ACK(24), so
446 * tell the caller to defer the estimate to
447 * mptcp_established_options_dss(), which will reserve enough space.
452 /* MPC/MPJ needed only on 3rd ack packet, DATA_FIN and TCP shutdown take precedence */
453 if (subflow->fully_established || snd_data_fin_enable ||
454 subflow->snd_isn != TCP_SKB_CB(skb)->seq ||
455 sk->sk_state != TCP_ESTABLISHED)
458 if (subflow->mp_capable) {
459 mpext = mptcp_get_ext(skb);
460 data_len = mpext ? mpext->data_len : 0;
462 /* we will check ext_copy.data_len in mptcp_write_options() to
463 * discriminate between TCPOLEN_MPTCP_MPC_ACK_DATA and
464 * TCPOLEN_MPTCP_MPC_ACK
466 opts->ext_copy.data_len = data_len;
467 opts->suboptions = OPTION_MPTCP_MPC_ACK;
468 opts->sndr_key = subflow->local_key;
469 opts->rcvr_key = subflow->remote_key;
472 * The MP_CAPABLE option is carried on the SYN, SYN/ACK, and ACK
473 * packets that start the first subflow of an MPTCP connection,
474 * as well as the first packet that carries data
477 *size = ALIGN(TCPOLEN_MPTCP_MPC_ACK_DATA, 4);
479 *size = TCPOLEN_MPTCP_MPC_ACK;
481 pr_debug("subflow=%p, local_key=%llu, remote_key=%llu map_len=%d",
482 subflow, subflow->local_key, subflow->remote_key,
486 } else if (subflow->mp_join) {
487 opts->suboptions = OPTION_MPTCP_MPJ_ACK;
488 memcpy(opts->hmac, subflow->hmac, MPTCPOPT_HMAC_LEN);
489 *size = TCPOLEN_MPTCP_MPJ_ACK;
490 pr_debug("subflow=%p", subflow);
492 schedule_3rdack_retransmission(sk);
498 static void mptcp_write_data_fin(struct mptcp_subflow_context *subflow,
499 struct sk_buff *skb, struct mptcp_ext *ext)
501 /* The write_seq value has already been incremented, so the actual
502 * sequence number for the DATA_FIN is one less.
504 u64 data_fin_tx_seq = READ_ONCE(mptcp_sk(subflow->conn)->write_seq) - 1;
506 if (!ext->use_map || !skb->len) {
507 /* RFC6824 requires a DSS mapping with specific values
508 * if DATA_FIN is set but no data payload is mapped
513 ext->data_seq = data_fin_tx_seq;
514 ext->subflow_seq = 0;
516 } else if (ext->data_seq + ext->data_len == data_fin_tx_seq) {
517 /* If there's an existing DSS mapping and it is the
518 * final mapping, DATA_FIN consumes 1 additional byte of
526 static bool mptcp_established_options_dss(struct sock *sk, struct sk_buff *skb,
527 bool snd_data_fin_enable,
529 unsigned int remaining,
530 struct mptcp_out_options *opts)
532 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
533 struct mptcp_sock *msk = mptcp_sk(subflow->conn);
534 unsigned int dss_size = 0;
535 struct mptcp_ext *mpext;
536 unsigned int ack_size;
540 mpext = skb ? mptcp_get_ext(skb) : NULL;
542 if (!skb || (mpext && mpext->use_map) || snd_data_fin_enable) {
543 unsigned int map_size;
545 map_size = TCPOLEN_MPTCP_DSS_BASE + TCPOLEN_MPTCP_DSS_MAP64;
547 remaining -= map_size;
550 opts->ext_copy = *mpext;
552 if (skb && snd_data_fin_enable)
553 mptcp_write_data_fin(subflow, skb, &opts->ext_copy);
557 /* passive sockets msk will set the 'can_ack' after accept(), even
558 * if the first subflow may have the already the remote key handy
560 opts->ext_copy.use_ack = 0;
561 if (!READ_ONCE(msk->can_ack)) {
562 *size = ALIGN(dss_size, 4);
566 ack_seq = READ_ONCE(msk->ack_seq);
567 if (READ_ONCE(msk->use_64bit_ack)) {
568 ack_size = TCPOLEN_MPTCP_DSS_ACK64;
569 opts->ext_copy.data_ack = ack_seq;
570 opts->ext_copy.ack64 = 1;
572 ack_size = TCPOLEN_MPTCP_DSS_ACK32;
573 opts->ext_copy.data_ack32 = (uint32_t)ack_seq;
574 opts->ext_copy.ack64 = 0;
576 opts->ext_copy.use_ack = 1;
577 WRITE_ONCE(msk->old_wspace, __mptcp_space((struct sock *)msk));
579 /* Add kind/length/subtype/flag overhead if mapping is not populated */
581 ack_size += TCPOLEN_MPTCP_DSS_BASE;
583 dss_size += ack_size;
585 *size = ALIGN(dss_size, 4);
589 static u64 add_addr_generate_hmac(u64 key1, u64 key2,
590 struct mptcp_addr_info *addr)
592 u16 port = ntohs(addr->port);
593 u8 hmac[SHA256_DIGEST_SIZE];
598 if (addr->family == AF_INET) {
599 memcpy(&msg[i], &addr->addr.s_addr, 4);
602 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
603 else if (addr->family == AF_INET6) {
604 memcpy(&msg[i], &addr->addr6.s6_addr, 16);
608 msg[i++] = port >> 8;
609 msg[i++] = port & 0xFF;
611 mptcp_crypto_hmac_sha(key1, key2, msg, i, hmac);
613 return get_unaligned_be64(&hmac[SHA256_DIGEST_SIZE - sizeof(u64)]);
616 static bool mptcp_established_options_add_addr(struct sock *sk, struct sk_buff *skb,
618 unsigned int remaining,
619 struct mptcp_out_options *opts)
621 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
622 struct mptcp_sock *msk = mptcp_sk(subflow->conn);
623 bool drop_other_suboptions = false;
624 unsigned int opt_size = *size;
629 if ((mptcp_pm_should_add_signal_ipv6(msk) ||
630 mptcp_pm_should_add_signal_port(msk) ||
631 mptcp_pm_should_add_signal_echo(msk)) &&
632 skb && skb_is_tcp_pure_ack(skb)) {
633 pr_debug("drop other suboptions");
634 opts->suboptions = 0;
635 opts->ext_copy.use_ack = 0;
636 opts->ext_copy.use_map = 0;
637 remaining += opt_size;
638 drop_other_suboptions = true;
641 if (!mptcp_pm_should_add_signal(msk) ||
642 !(mptcp_pm_add_addr_signal(msk, remaining, &opts->addr, &echo, &port)))
645 len = mptcp_add_addr_len(opts->addr.family, echo, port);
650 if (drop_other_suboptions)
652 opts->suboptions |= OPTION_MPTCP_ADD_ADDR;
654 opts->ahmac = add_addr_generate_hmac(msk->local_key,
658 pr_debug("addr_id=%d, ahmac=%llu, echo=%d, port=%d",
659 opts->addr.id, opts->ahmac, echo, ntohs(opts->addr.port));
664 static bool mptcp_established_options_rm_addr(struct sock *sk,
666 unsigned int remaining,
667 struct mptcp_out_options *opts)
669 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
670 struct mptcp_sock *msk = mptcp_sk(subflow->conn);
671 struct mptcp_rm_list rm_list;
674 if (!mptcp_pm_should_rm_signal(msk) ||
675 !(mptcp_pm_rm_addr_signal(msk, remaining, &rm_list)))
678 len = mptcp_rm_addr_len(&rm_list);
685 opts->suboptions |= OPTION_MPTCP_RM_ADDR;
686 opts->rm_list = rm_list;
688 for (i = 0; i < opts->rm_list.nr; i++)
689 pr_debug("rm_list_ids[%d]=%d", i, opts->rm_list.ids[i]);
694 static bool mptcp_established_options_mp_prio(struct sock *sk,
696 unsigned int remaining,
697 struct mptcp_out_options *opts)
699 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
701 if (!subflow->send_mp_prio)
704 /* account for the trailing 'nop' option */
705 if (remaining < TCPOLEN_MPTCP_PRIO_ALIGN)
708 *size = TCPOLEN_MPTCP_PRIO_ALIGN;
709 opts->suboptions |= OPTION_MPTCP_PRIO;
710 opts->backup = subflow->request_bkup;
712 pr_debug("prio=%d", opts->backup);
717 static noinline void mptcp_established_options_rst(struct sock *sk, struct sk_buff *skb,
719 unsigned int remaining,
720 struct mptcp_out_options *opts)
722 const struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
724 if (remaining < TCPOLEN_MPTCP_RST)
727 *size = TCPOLEN_MPTCP_RST;
728 opts->suboptions |= OPTION_MPTCP_RST;
729 opts->reset_transient = subflow->reset_transient;
730 opts->reset_reason = subflow->reset_reason;
733 bool mptcp_established_options(struct sock *sk, struct sk_buff *skb,
734 unsigned int *size, unsigned int remaining,
735 struct mptcp_out_options *opts)
737 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
738 struct mptcp_sock *msk = mptcp_sk(subflow->conn);
739 unsigned int opt_size = 0;
743 opts->suboptions = 0;
745 if (unlikely(__mptcp_check_fallback(msk)))
748 if (unlikely(skb && TCP_SKB_CB(skb)->tcp_flags & TCPHDR_RST)) {
749 mptcp_established_options_rst(sk, skb, size, remaining, opts);
753 snd_data_fin = mptcp_data_fin_enabled(msk);
754 if (mptcp_established_options_mp(sk, skb, snd_data_fin, &opt_size, remaining, opts))
756 else if (mptcp_established_options_dss(sk, skb, snd_data_fin, &opt_size, remaining, opts))
759 /* we reserved enough space for the above options, and exceeding the
760 * TCP option space would be fatal
762 if (WARN_ON_ONCE(opt_size > remaining))
766 remaining -= opt_size;
767 if (mptcp_established_options_add_addr(sk, skb, &opt_size, remaining, opts)) {
769 remaining -= opt_size;
771 } else if (mptcp_established_options_rm_addr(sk, &opt_size, remaining, opts)) {
773 remaining -= opt_size;
777 if (mptcp_established_options_mp_prio(sk, &opt_size, remaining, opts)) {
779 remaining -= opt_size;
786 bool mptcp_synack_options(const struct request_sock *req, unsigned int *size,
787 struct mptcp_out_options *opts)
789 struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req);
791 if (subflow_req->mp_capable) {
792 opts->suboptions = OPTION_MPTCP_MPC_SYNACK;
793 opts->sndr_key = subflow_req->local_key;
794 *size = TCPOLEN_MPTCP_MPC_SYNACK;
795 pr_debug("subflow_req=%p, local_key=%llu",
796 subflow_req, subflow_req->local_key);
798 } else if (subflow_req->mp_join) {
799 opts->suboptions = OPTION_MPTCP_MPJ_SYNACK;
800 opts->backup = subflow_req->backup;
801 opts->join_id = subflow_req->local_id;
802 opts->thmac = subflow_req->thmac;
803 opts->nonce = subflow_req->local_nonce;
804 pr_debug("req=%p, bkup=%u, id=%u, thmac=%llu, nonce=%u",
805 subflow_req, opts->backup, opts->join_id,
806 opts->thmac, opts->nonce);
807 *size = TCPOLEN_MPTCP_MPJ_SYNACK;
813 static bool check_fully_established(struct mptcp_sock *msk, struct sock *ssk,
814 struct mptcp_subflow_context *subflow,
816 struct mptcp_options_received *mp_opt)
818 /* here we can process OoO, in-window pkts, only in-sequence 4th ack
819 * will make the subflow fully established
821 if (likely(subflow->fully_established)) {
822 /* on passive sockets, check for 3rd ack retransmission
823 * note that msk is always set by subflow_syn_recv_sock()
824 * for mp_join subflows
826 if (TCP_SKB_CB(skb)->seq == subflow->ssn_offset + 1 &&
827 TCP_SKB_CB(skb)->end_seq == TCP_SKB_CB(skb)->seq &&
828 subflow->mp_join && mp_opt->mp_join &&
829 READ_ONCE(msk->pm.server_side))
831 goto fully_established;
834 /* we must process OoO packets before the first subflow is fully
835 * established. OoO packets are instead a protocol violation
836 * for MP_JOIN subflows as the peer must not send any data
837 * before receiving the forth ack - cfr. RFC 8684 section 3.2.
839 if (TCP_SKB_CB(skb)->seq != subflow->ssn_offset + 1) {
840 if (subflow->mp_join)
842 return subflow->mp_capable;
845 if (mp_opt->dss && mp_opt->use_ack) {
846 /* subflows are fully established as soon as we get any
849 subflow->fully_established = 1;
850 WRITE_ONCE(msk->fully_established, true);
851 goto fully_established;
854 if (mp_opt->add_addr) {
855 WRITE_ONCE(msk->fully_established, true);
859 /* If the first established packet does not contain MP_CAPABLE + data
860 * then fallback to TCP. Fallback scenarios requires a reset for
863 if (!mp_opt->mp_capable) {
864 if (subflow->mp_join)
866 subflow->mp_capable = 0;
868 __mptcp_do_fallback(msk);
872 if (unlikely(!READ_ONCE(msk->pm.server_side)))
873 pr_warn_once("bogus mpc option on established client sk");
874 mptcp_subflow_fully_established(subflow, mp_opt);
877 /* if the subflow is not already linked into the conn_list, we can't
878 * notify the PM: this subflow is still on the listener queue
879 * and the PM possibly acquiring the subflow lock could race with
882 if (likely(subflow->pm_notified) || list_empty(&subflow->node))
885 subflow->pm_notified = 1;
886 if (subflow->mp_join) {
887 clear_3rdack_retransmission(ssk);
888 mptcp_pm_subflow_established(msk);
890 mptcp_pm_fully_established(msk, ssk, GFP_ATOMIC);
895 mptcp_subflow_reset(ssk);
899 static u64 expand_ack(u64 old_ack, u64 cur_ack, bool use_64bit)
901 u32 old_ack32, cur_ack32;
906 old_ack32 = (u32)old_ack;
907 cur_ack32 = (u32)cur_ack;
908 cur_ack = (old_ack & GENMASK_ULL(63, 32)) + cur_ack32;
909 if (unlikely(before(cur_ack32, old_ack32)))
910 return cur_ack + (1LL << 32);
914 static void ack_update_msk(struct mptcp_sock *msk,
916 struct mptcp_options_received *mp_opt)
918 u64 new_wnd_end, new_snd_una, snd_nxt = READ_ONCE(msk->snd_nxt);
919 struct sock *sk = (struct sock *)msk;
924 /* avoid ack expansion on update conflict, to reduce the risk of
925 * wrongly expanding to a future ack sequence number, which is way
926 * more dangerous than missing an ack
928 old_snd_una = msk->snd_una;
929 new_snd_una = expand_ack(old_snd_una, mp_opt->data_ack, mp_opt->ack64);
931 /* ACK for data not even sent yet? Ignore. */
932 if (after64(new_snd_una, snd_nxt))
933 new_snd_una = old_snd_una;
935 new_wnd_end = new_snd_una + tcp_sk(ssk)->snd_wnd;
937 if (after64(new_wnd_end, msk->wnd_end))
938 msk->wnd_end = new_wnd_end;
940 /* this assumes mptcp_incoming_options() is invoked after tcp_ack() */
941 if (after64(msk->wnd_end, READ_ONCE(msk->snd_nxt)))
942 __mptcp_check_push(sk, ssk);
944 if (after64(new_snd_una, old_snd_una)) {
945 msk->snd_una = new_snd_una;
946 __mptcp_data_acked(sk);
948 mptcp_data_unlock(sk);
950 trace_ack_update_msk(mp_opt->data_ack,
951 old_snd_una, new_snd_una,
952 new_wnd_end, msk->wnd_end);
955 bool mptcp_update_rcv_data_fin(struct mptcp_sock *msk, u64 data_fin_seq, bool use_64bit)
957 /* Skip if DATA_FIN was already received.
958 * If updating simultaneously with the recvmsg loop, values
959 * should match. If they mismatch, the peer is misbehaving and
960 * we will prefer the most recent information.
962 if (READ_ONCE(msk->rcv_data_fin))
965 WRITE_ONCE(msk->rcv_data_fin_seq,
966 expand_ack(READ_ONCE(msk->ack_seq), data_fin_seq, use_64bit));
967 WRITE_ONCE(msk->rcv_data_fin, 1);
972 static bool add_addr_hmac_valid(struct mptcp_sock *msk,
973 struct mptcp_options_received *mp_opt)
980 hmac = add_addr_generate_hmac(msk->remote_key,
984 pr_debug("msk=%p, ahmac=%llu, mp_opt->ahmac=%llu\n",
985 msk, (unsigned long long)hmac,
986 (unsigned long long)mp_opt->ahmac);
988 return hmac == mp_opt->ahmac;
991 void mptcp_incoming_options(struct sock *sk, struct sk_buff *skb)
993 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
994 struct mptcp_sock *msk = mptcp_sk(subflow->conn);
995 struct mptcp_options_received mp_opt;
996 struct mptcp_ext *mpext;
998 if (__mptcp_check_fallback(msk)) {
999 /* Keep it simple and unconditionally trigger send data cleanup and
1000 * pending queue spooling. We will need to acquire the data lock
1001 * for more accurate checks, and once the lock is acquired, such
1002 * helpers are cheap.
1004 mptcp_data_lock(subflow->conn);
1005 if (sk_stream_memory_free(sk))
1006 __mptcp_check_push(subflow->conn, sk);
1007 __mptcp_data_acked(subflow->conn);
1008 mptcp_data_unlock(subflow->conn);
1012 mptcp_get_options(skb, &mp_opt);
1013 if (!check_fully_established(msk, sk, subflow, skb, &mp_opt))
1016 if (mp_opt.fastclose &&
1017 msk->local_key == mp_opt.rcvr_key) {
1018 WRITE_ONCE(msk->rcv_fastclose, true);
1019 mptcp_schedule_work((struct sock *)msk);
1022 if (mp_opt.add_addr && add_addr_hmac_valid(msk, &mp_opt)) {
1024 mptcp_pm_add_addr_received(msk, &mp_opt.addr);
1025 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_ADDADDR);
1027 mptcp_pm_add_addr_echoed(msk, &mp_opt.addr);
1028 mptcp_pm_del_add_timer(msk, &mp_opt.addr, true);
1029 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_ECHOADD);
1032 if (mp_opt.addr.port)
1033 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_PORTADD);
1035 mp_opt.add_addr = 0;
1038 if (mp_opt.rm_addr) {
1039 mptcp_pm_rm_addr_received(msk, &mp_opt.rm_list);
1043 if (mp_opt.mp_prio) {
1044 mptcp_pm_mp_prio_received(sk, mp_opt.backup);
1045 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPPRIORX);
1050 subflow->reset_seen = 1;
1051 subflow->reset_reason = mp_opt.reset_reason;
1052 subflow->reset_transient = mp_opt.reset_transient;
1058 /* we can't wait for recvmsg() to update the ack_seq, otherwise
1059 * monodirectional flows will stuck
1062 ack_update_msk(msk, sk, &mp_opt);
1064 /* Zero-data-length packets are dropped by the caller and not
1065 * propagated to the MPTCP layer, so the skb extension does not
1066 * need to be allocated or populated. DATA_FIN information, if
1067 * present, needs to be updated here before the skb is freed.
1069 if (TCP_SKB_CB(skb)->seq == TCP_SKB_CB(skb)->end_seq) {
1070 if (mp_opt.data_fin && mp_opt.data_len == 1 &&
1071 mptcp_update_rcv_data_fin(msk, mp_opt.data_seq, mp_opt.dsn64) &&
1072 schedule_work(&msk->work))
1073 sock_hold(subflow->conn);
1078 mpext = skb_ext_add(skb, SKB_EXT_MPTCP);
1082 memset(mpext, 0, sizeof(*mpext));
1084 if (mp_opt.use_map) {
1085 if (mp_opt.mpc_map) {
1086 /* this is an MP_CAPABLE carrying MPTCP data
1087 * we know this map the first chunk of data
1089 mptcp_crypto_key_sha(subflow->remote_key, NULL,
1092 mpext->subflow_seq = 1;
1095 mpext->data_fin = 0;
1097 mpext->data_seq = mp_opt.data_seq;
1098 mpext->subflow_seq = mp_opt.subflow_seq;
1099 mpext->dsn64 = mp_opt.dsn64;
1100 mpext->data_fin = mp_opt.data_fin;
1102 mpext->data_len = mp_opt.data_len;
1107 static void mptcp_set_rwin(const struct tcp_sock *tp)
1109 const struct sock *ssk = (const struct sock *)tp;
1110 const struct mptcp_subflow_context *subflow;
1111 struct mptcp_sock *msk;
1114 subflow = mptcp_subflow_ctx(ssk);
1115 msk = mptcp_sk(subflow->conn);
1117 ack_seq = READ_ONCE(msk->ack_seq) + tp->rcv_wnd;
1119 if (after64(ack_seq, READ_ONCE(msk->rcv_wnd_sent)))
1120 WRITE_ONCE(msk->rcv_wnd_sent, ack_seq);
1123 void mptcp_write_options(__be32 *ptr, const struct tcp_sock *tp,
1124 struct mptcp_out_options *opts)
1126 if ((OPTION_MPTCP_MPC_SYN | OPTION_MPTCP_MPC_SYNACK |
1127 OPTION_MPTCP_MPC_ACK) & opts->suboptions) {
1130 if (OPTION_MPTCP_MPC_SYN & opts->suboptions)
1131 len = TCPOLEN_MPTCP_MPC_SYN;
1132 else if (OPTION_MPTCP_MPC_SYNACK & opts->suboptions)
1133 len = TCPOLEN_MPTCP_MPC_SYNACK;
1134 else if (opts->ext_copy.data_len)
1135 len = TCPOLEN_MPTCP_MPC_ACK_DATA;
1137 len = TCPOLEN_MPTCP_MPC_ACK;
1139 *ptr++ = mptcp_option(MPTCPOPT_MP_CAPABLE, len,
1140 MPTCP_SUPPORTED_VERSION,
1141 MPTCP_CAP_HMAC_SHA256);
1143 if (!((OPTION_MPTCP_MPC_SYNACK | OPTION_MPTCP_MPC_ACK) &
1145 goto mp_capable_done;
1147 put_unaligned_be64(opts->sndr_key, ptr);
1149 if (!((OPTION_MPTCP_MPC_ACK) & opts->suboptions))
1150 goto mp_capable_done;
1152 put_unaligned_be64(opts->rcvr_key, ptr);
1154 if (!opts->ext_copy.data_len)
1155 goto mp_capable_done;
1157 put_unaligned_be32(opts->ext_copy.data_len << 16 |
1158 TCPOPT_NOP << 8 | TCPOPT_NOP, ptr);
1163 if (OPTION_MPTCP_ADD_ADDR & opts->suboptions) {
1164 u8 len = TCPOLEN_MPTCP_ADD_ADDR_BASE;
1165 u8 echo = MPTCP_ADDR_ECHO;
1167 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
1168 if (opts->addr.family == AF_INET6)
1169 len = TCPOLEN_MPTCP_ADD_ADDR6_BASE;
1172 if (opts->addr.port)
1173 len += TCPOLEN_MPTCP_PORT_LEN;
1176 len += sizeof(opts->ahmac);
1180 *ptr++ = mptcp_option(MPTCPOPT_ADD_ADDR,
1181 len, echo, opts->addr.id);
1182 if (opts->addr.family == AF_INET) {
1183 memcpy((u8 *)ptr, (u8 *)&opts->addr.addr.s_addr, 4);
1186 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
1187 else if (opts->addr.family == AF_INET6) {
1188 memcpy((u8 *)ptr, opts->addr.addr6.s6_addr, 16);
1193 if (!opts->addr.port) {
1195 put_unaligned_be64(opts->ahmac, ptr);
1199 u16 port = ntohs(opts->addr.port);
1202 u8 *bptr = (u8 *)ptr;
1204 put_unaligned_be16(port, bptr);
1206 put_unaligned_be64(opts->ahmac, bptr);
1208 put_unaligned_be16(TCPOPT_NOP << 8 |
1213 put_unaligned_be32(port << 16 |
1221 if (OPTION_MPTCP_RM_ADDR & opts->suboptions) {
1224 *ptr++ = mptcp_option(MPTCPOPT_RM_ADDR,
1225 TCPOLEN_MPTCP_RM_ADDR_BASE + opts->rm_list.nr,
1226 0, opts->rm_list.ids[0]);
1228 while (i < opts->rm_list.nr) {
1229 u8 id1, id2, id3, id4;
1231 id1 = opts->rm_list.ids[i];
1232 id2 = i + 1 < opts->rm_list.nr ? opts->rm_list.ids[i + 1] : TCPOPT_NOP;
1233 id3 = i + 2 < opts->rm_list.nr ? opts->rm_list.ids[i + 2] : TCPOPT_NOP;
1234 id4 = i + 3 < opts->rm_list.nr ? opts->rm_list.ids[i + 3] : TCPOPT_NOP;
1235 put_unaligned_be32(id1 << 24 | id2 << 16 | id3 << 8 | id4, ptr);
1241 if (OPTION_MPTCP_PRIO & opts->suboptions) {
1242 const struct sock *ssk = (const struct sock *)tp;
1243 struct mptcp_subflow_context *subflow;
1245 subflow = mptcp_subflow_ctx(ssk);
1246 subflow->send_mp_prio = 0;
1248 *ptr++ = mptcp_option(MPTCPOPT_MP_PRIO,
1250 opts->backup, TCPOPT_NOP);
1253 if (OPTION_MPTCP_MPJ_SYN & opts->suboptions) {
1254 *ptr++ = mptcp_option(MPTCPOPT_MP_JOIN,
1255 TCPOLEN_MPTCP_MPJ_SYN,
1256 opts->backup, opts->join_id);
1257 put_unaligned_be32(opts->token, ptr);
1259 put_unaligned_be32(opts->nonce, ptr);
1263 if (OPTION_MPTCP_MPJ_SYNACK & opts->suboptions) {
1264 *ptr++ = mptcp_option(MPTCPOPT_MP_JOIN,
1265 TCPOLEN_MPTCP_MPJ_SYNACK,
1266 opts->backup, opts->join_id);
1267 put_unaligned_be64(opts->thmac, ptr);
1269 put_unaligned_be32(opts->nonce, ptr);
1273 if (OPTION_MPTCP_MPJ_ACK & opts->suboptions) {
1274 *ptr++ = mptcp_option(MPTCPOPT_MP_JOIN,
1275 TCPOLEN_MPTCP_MPJ_ACK, 0, 0);
1276 memcpy(ptr, opts->hmac, MPTCPOPT_HMAC_LEN);
1280 if (OPTION_MPTCP_RST & opts->suboptions)
1281 *ptr++ = mptcp_option(MPTCPOPT_RST,
1283 opts->reset_transient,
1284 opts->reset_reason);
1286 if (opts->ext_copy.use_ack || opts->ext_copy.use_map) {
1287 struct mptcp_ext *mpext = &opts->ext_copy;
1288 u8 len = TCPOLEN_MPTCP_DSS_BASE;
1291 if (mpext->use_ack) {
1292 flags = MPTCP_DSS_HAS_ACK;
1294 len += TCPOLEN_MPTCP_DSS_ACK64;
1295 flags |= MPTCP_DSS_ACK64;
1297 len += TCPOLEN_MPTCP_DSS_ACK32;
1301 if (mpext->use_map) {
1302 len += TCPOLEN_MPTCP_DSS_MAP64;
1304 /* Use only 64-bit mapping flags for now, add
1305 * support for optional 32-bit mappings later.
1307 flags |= MPTCP_DSS_HAS_MAP | MPTCP_DSS_DSN64;
1308 if (mpext->data_fin)
1309 flags |= MPTCP_DSS_DATA_FIN;
1312 *ptr++ = mptcp_option(MPTCPOPT_DSS, len, 0, flags);
1314 if (mpext->use_ack) {
1316 put_unaligned_be64(mpext->data_ack, ptr);
1319 put_unaligned_be32(mpext->data_ack32, ptr);
1324 if (mpext->use_map) {
1325 put_unaligned_be64(mpext->data_seq, ptr);
1327 put_unaligned_be32(mpext->subflow_seq, ptr);
1329 put_unaligned_be32(mpext->data_len << 16 |
1330 TCPOPT_NOP << 8 | TCPOPT_NOP, ptr);
1338 __be32 mptcp_get_reset_option(const struct sk_buff *skb)
1340 const struct mptcp_ext *ext = mptcp_get_ext(skb);
1344 flags = ext->reset_transient;
1345 reason = ext->reset_reason;
1347 return mptcp_option(MPTCPOPT_RST, TCPOLEN_MPTCP_RST,
1353 EXPORT_SYMBOL_GPL(mptcp_get_reset_option);