xref: /freebsd-src/sys/netinet/tcp_syncache.h (revision 1c6bb4c5789c180d09653c04c6267cee5844b287) 
1c325962bSMike Silbersack /*-
251369649SPedro F. Giffuni  * SPDX-License-Identifier: BSD-3-Clause
351369649SPedro F. Giffuni  *
4c325962bSMike Silbersack  * Copyright (c) 1982, 1986, 1993, 1994, 1995
5c325962bSMike Silbersack  *	The Regents of the University of California.  All rights reserved.
6c325962bSMike Silbersack  *
7c325962bSMike Silbersack  * Redistribution and use in source and binary forms, with or without
8c325962bSMike Silbersack  * modification, are permitted provided that the following conditions
9c325962bSMike Silbersack  * are met:
10c325962bSMike Silbersack  * 1. Redistributions of source code must retain the above copyright
11c325962bSMike Silbersack  *    notice, this list of conditions and the following disclaimer.
12c325962bSMike Silbersack  * 2. Redistributions in binary form must reproduce the above copyright
13c325962bSMike Silbersack  *    notice, this list of conditions and the following disclaimer in the
14c325962bSMike Silbersack  *    documentation and/or other materials provided with the distribution.
15fbbd9655SWarner Losh  * 3. Neither the name of the University nor the names of its contributors
16c325962bSMike Silbersack  *    may be used to endorse or promote products derived from this software
17c325962bSMike Silbersack  *    without specific prior written permission.
18c325962bSMike Silbersack  *
19c325962bSMike Silbersack  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20c325962bSMike Silbersack  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21c325962bSMike Silbersack  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22c325962bSMike Silbersack  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23c325962bSMike Silbersack  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24c325962bSMike Silbersack  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25c325962bSMike Silbersack  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26c325962bSMike Silbersack  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27c325962bSMike Silbersack  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28c325962bSMike Silbersack  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29c325962bSMike Silbersack  * SUCH DAMAGE.
30c325962bSMike Silbersack  */
31c325962bSMike Silbersack 
32c325962bSMike Silbersack #ifndef _NETINET_TCP_SYNCACHE_H_
33c325962bSMike Silbersack #define _NETINET_TCP_SYNCACHE_H_
34c325962bSMike Silbersack #ifdef _KERNEL
35c325962bSMike Silbersack 
36c325962bSMike Silbersack void	 syncache_init(void);
37bc29160dSMarko Zec #ifdef VIMAGE
38bc29160dSMarko Zec void	syncache_destroy(void);
39bc29160dSMarko Zec #endif
409e644c23SMichael Tuexen void	 syncache_unreach(struct in_conninfo *, tcp_seq, uint16_t);
41c325962bSMike Silbersack int	 syncache_expand(struct in_conninfo *, struct tcpopt *,
429e644c23SMichael Tuexen 	     struct tcphdr *, struct socket **, struct mbuf *, uint16_t);
438d5719aaSGleb Smirnoff struct socket *	 syncache_add(struct in_conninfo *, struct tcpopt *,
448d5719aaSGleb Smirnoff 	     struct tcphdr *, struct inpcb *, struct socket *, struct mbuf *,
459e644c23SMichael Tuexen 	     void *, void *, uint8_t, uint16_t);
469e644c23SMichael Tuexen void	 syncache_chkrst(struct in_conninfo *, struct tcphdr *, struct mbuf *,
479e644c23SMichael Tuexen 	     uint16_t);
489e644c23SMichael Tuexen void	 syncache_badack(struct in_conninfo *, uint16_t);
49032677ceSGleb Smirnoff int	 syncache_pcblist(struct sysctl_req *);
50c325962bSMike Silbersack 
51e0306e8bSJulian Elischer struct syncache {
52e0306e8bSJulian Elischer 	TAILQ_ENTRY(syncache)	sc_hash;
53e0306e8bSJulian Elischer 	struct		in_conninfo sc_inc;	/* addresses */
54e0306e8bSJulian Elischer 	int		sc_rxttime;		/* retransmit time */
55e0306e8bSJulian Elischer 	u_int16_t	sc_rxmits;		/* retransmit counter */
569e644c23SMichael Tuexen 	u_int16_t	sc_port;		/* remote UDP encaps port */
57e0306e8bSJulian Elischer 	u_int32_t	sc_tsreflect;		/* timestamp to reflect */
58e0306e8bSJulian Elischer 	u_int32_t	sc_tsoff;		/* ts offset w/ syncookies */
59e0306e8bSJulian Elischer 	u_int32_t	sc_flowlabel;		/* IPv6 flowlabel */
60e0306e8bSJulian Elischer 	tcp_seq		sc_irs;			/* seq from peer */
61e0306e8bSJulian Elischer 	tcp_seq		sc_iss;			/* our ISS */
62e0306e8bSJulian Elischer 	struct		mbuf *sc_ipopts;	/* source route */
63e0306e8bSJulian Elischer 	u_int16_t	sc_peer_mss;		/* peer's MSS */
64e0306e8bSJulian Elischer 	u_int16_t	sc_wnd;			/* advertised window */
65cf8a49abSMichael Tuexen 	u_int8_t	sc_ip_ttl;		/* TTL / Hop Limit */
66cf8a49abSMichael Tuexen 	u_int8_t	sc_ip_tos;		/* TOS / Traffic Class */
67e0306e8bSJulian Elischer 	u_int8_t	sc_requested_s_scale:4,
68e0306e8bSJulian Elischer 			sc_requested_r_scale:4;
69e0306e8bSJulian Elischer 	u_int16_t	sc_flags;
70*1c6bb4c5SMichael Tuexen #if defined(TCP_OFFLOAD)
7109fe6320SNavdeep Parhar 	struct toedev	*sc_tod;		/* entry added by this TOE */
7209fe6320SNavdeep Parhar 	void		*sc_todctx;		/* TOE driver context */
73e0306e8bSJulian Elischer #endif
74e0306e8bSJulian Elischer 	struct label	*sc_label;		/* MAC label reference */
75e0306e8bSJulian Elischer 	struct ucred	*sc_cred;		/* cred cache for jail checks */
76281a0fd4SPatrick Kelsey 	void		*sc_tfo_cookie;		/* for TCP Fast Open response */
77a5f44cd7SBjoern A. Zeeb 	void		*sc_pspare;		/* TCP_SIGNATURE */
78d9a36286SBjoern A. Zeeb 	u_int32_t	sc_spare[2];		/* UTO */
79e0306e8bSJulian Elischer };
80e0306e8bSJulian Elischer 
815d045651SRobert Watson /*
825d045651SRobert Watson  * Flags for the sc_flags field.
835d045651SRobert Watson  */
845d045651SRobert Watson #define SCF_NOOPT	0x01			/* no TCP options */
855d045651SRobert Watson #define SCF_WINSCALE	0x02			/* negotiated window scaling */
865d045651SRobert Watson #define SCF_TIMESTAMP	0x04			/* negotiated timestamps */
875d045651SRobert Watson 						/* MSS is implicit */
885d045651SRobert Watson #define SCF_UNREACH	0x10			/* icmp unreachable received */
895d045651SRobert Watson #define SCF_SIGNATURE	0x20			/* send MD5 digests */
905d045651SRobert Watson #define SCF_SACK	0x80			/* send SACK option */
913f169c54SRichard Scheffenegger #define SCF_ECN_MASK	0x700			/* ECN codepoint mask */
925d045651SRobert Watson #define SCF_ECN 	0x100			/* send ECN setup packet */
933f169c54SRichard Scheffenegger #define SCF_ACE_N	0x400			/* send ACE non-ECT setup */
943f169c54SRichard Scheffenegger #define SCF_ACE_0	0x500			/* send ACE ECT0 setup */
953f169c54SRichard Scheffenegger #define SCF_ACE_1	0x600			/* send ACE ECT1 setup */
963f169c54SRichard Scheffenegger #define SCF_ACE_CE	0x700			/* send ACE CE setup */
975d045651SRobert Watson 
98e0306e8bSJulian Elischer struct syncache_head {
99e0306e8bSJulian Elischer 	struct mtx	sch_mtx;
100e0306e8bSJulian Elischer 	TAILQ_HEAD(sch_head, syncache)	sch_bucket;
101e0306e8bSJulian Elischer 	struct callout	sch_timer;
102e0306e8bSJulian Elischer 	int		sch_nextc;
103e0306e8bSJulian Elischer 	u_int		sch_length;
10481d392a0SAndre Oppermann 	struct tcp_syncache *sch_sc;
105190d9abcSMichael Tuexen 	time_t		sch_last_overflow;
10681d392a0SAndre Oppermann };
10781d392a0SAndre Oppermann 
10881d392a0SAndre Oppermann #define	SYNCOOKIE_SECRET_SIZE	16
10981d392a0SAndre Oppermann #define	SYNCOOKIE_LIFETIME	15		/* seconds */
11081d392a0SAndre Oppermann 
11181d392a0SAndre Oppermann struct syncookie_secret {
11281d392a0SAndre Oppermann 	volatile u_int oddeven;
11381d392a0SAndre Oppermann 	uint8_t key[2][SYNCOOKIE_SECRET_SIZE];
11481d392a0SAndre Oppermann 	struct callout reseed;
11581d392a0SAndre Oppermann 	u_int lifetime;
116e0306e8bSJulian Elischer };
117e0306e8bSJulian Elischer 
1180b18fb07SJonathan T. Looney #define	TCP_SYNCACHE_PAUSE_TIME		SYNCOOKIE_LIFETIME
1190b18fb07SJonathan T. Looney #define	TCP_SYNCACHE_MAX_BACKOFF	6	/* 16 minutes */
1200b18fb07SJonathan T. Looney 
121e0306e8bSJulian Elischer struct tcp_syncache {
122e0306e8bSJulian Elischer 	struct	syncache_head *hashbase;
123e0306e8bSJulian Elischer 	uma_zone_t zone;
124e0306e8bSJulian Elischer 	u_int	hashsize;
125e0306e8bSJulian Elischer 	u_int	hashmask;
126e0306e8bSJulian Elischer 	u_int	bucket_limit;
127e0306e8bSJulian Elischer 	u_int	cache_limit;
128e0306e8bSJulian Elischer 	u_int	rexmt_limit;
129388909a1SGleb Smirnoff 	uint32_t hash_secret;
130b3bc746cSMichael Tuexen #ifdef VIMAGE
13110c98295SAndre Oppermann 	struct vnet *vnet;
132b3bc746cSMichael Tuexen #endif
13381d392a0SAndre Oppermann 	struct syncookie_secret secret;
1340b18fb07SJonathan T. Looney 	struct mtx pause_mtx;
1350b18fb07SJonathan T. Looney 	struct callout pause_co;
1360b18fb07SJonathan T. Looney 	time_t	pause_until;
1370b18fb07SJonathan T. Looney 	uint8_t pause_backoff;
1380b18fb07SJonathan T. Looney 	volatile bool paused;
139cb8d7c44SGleb Smirnoff 	bool see_other;
14081d392a0SAndre Oppermann };
14181d392a0SAndre Oppermann 
14281d392a0SAndre Oppermann /* Internal use for the syncookie functions. */
14381d392a0SAndre Oppermann union syncookie {
14481d392a0SAndre Oppermann 	uint8_t cookie;
14581d392a0SAndre Oppermann 	struct {
14681d392a0SAndre Oppermann 		uint8_t odd_even:1,
14781d392a0SAndre Oppermann 			sack_ok:1,
14881d392a0SAndre Oppermann 			wscale_idx:3,
14981d392a0SAndre Oppermann 			mss_idx:3;
15081d392a0SAndre Oppermann 	} flags;
151e0306e8bSJulian Elischer };
152e0306e8bSJulian Elischer 
153c325962bSMike Silbersack #endif /* _KERNEL */
154e0306e8bSJulian Elischer #endif /* !_NETINET_TCP_SYNCACHE_H_ */
155