// SPDX-License-Identifier: GPL-2.0 #include <linux/skbuff.h> #include "protocol.h" /* Syncookies do not work for JOIN requests. * * Unlike MP_CAPABLE, where the ACK cookie contains the needed MPTCP * options to reconstruct the initial syn state, MP_JOIN does not contain * the token to obtain the mptcp socket nor the server-generated nonce * that was used in the cookie SYN/ACK response. * * Keep a small best effort state table to store the syn/synack data, * indexed by skb hash. * * A MP_JOIN SYN packet handled by syn cookies is only stored if the 32bit * token matches a known mptcp connection that can still accept more subflows. * * There is no timeout handling -- state is only re-constructed * when the TCP ACK passed the cookie validation check. */ struct join_entry { … }; #define COOKIE_JOIN_SLOTS … static struct join_entry join_entries[COOKIE_JOIN_SLOTS] __cacheline_aligned_in_smp; static spinlock_t join_entry_locks[COOKIE_JOIN_SLOTS] __cacheline_aligned_in_smp; static u32 mptcp_join_entry_hash(struct sk_buff *skb, struct net *net) { … } static void mptcp_join_store_state(struct join_entry *entry, const struct mptcp_subflow_request_sock *subflow_req) { … } void subflow_init_req_cookie_join_save(const struct mptcp_subflow_request_sock *subflow_req, struct sk_buff *skb) { … } /* Called for a cookie-ack with MP_JOIN option present. * Look up the saved state based on skb hash & check token matches msk * in same netns. * * Caller will check msk can still accept another subflow. The hmac * present in the cookie ACK mptcp option space will be checked later. */ bool mptcp_token_join_cookie_init_state(struct mptcp_subflow_request_sock *subflow_req, struct sk_buff *skb) { … } void __init mptcp_join_cookie_init(void) { … }
Codebase Browser
linux