1eda7acddSPeter Krystad // SPDX-License-Identifier: GPL-2.0 2eda7acddSPeter Krystad /* Multipath TCP 3eda7acddSPeter Krystad * 4eda7acddSPeter Krystad * Copyright (c) 2017 - 2019, Intel Corporation. 5eda7acddSPeter Krystad */ 6eda7acddSPeter Krystad 7c85adcedSGeliang Tang #define pr_fmt(fmt) "MPTCP: " fmt 8c85adcedSGeliang Tang 9eda7acddSPeter Krystad #include <linux/kernel.h> 10bd697222STodd Malsbary #include <crypto/sha.h> 11eda7acddSPeter Krystad #include <net/tcp.h> 12eda7acddSPeter Krystad #include <net/mptcp.h> 13eda7acddSPeter Krystad #include "protocol.h" 14eda7acddSPeter Krystad 1565492c5aSPaolo Abeni static bool mptcp_cap_flag_sha256(u8 flags) 1665492c5aSPaolo Abeni { 1765492c5aSPaolo Abeni return (flags & MPTCP_CAP_FLAG_MASK) == MPTCP_CAP_HMAC_SHA256; 1865492c5aSPaolo Abeni } 1965492c5aSPaolo Abeni 20cfde141eSPaolo Abeni static void mptcp_parse_option(const struct sk_buff *skb, 21cfde141eSPaolo Abeni const unsigned char *ptr, int opsize, 22cfde141eSPaolo Abeni struct mptcp_options_received *mp_opt) 23eda7acddSPeter Krystad { 24eda7acddSPeter Krystad u8 subtype = *ptr >> 4; 25648ef4b8SMat Martineau int expected_opsize; 26eda7acddSPeter Krystad u8 version; 27eda7acddSPeter Krystad u8 flags; 28eda7acddSPeter Krystad 29eda7acddSPeter Krystad switch (subtype) { 30eda7acddSPeter Krystad case MPTCPOPT_MP_CAPABLE: 31cc7972eaSChristoph Paasch /* strict size checking */ 32cc7972eaSChristoph Paasch if (!(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)) { 33cc7972eaSChristoph Paasch if (skb->len > tcp_hdr(skb)->doff << 2) 34cc7972eaSChristoph Paasch expected_opsize = TCPOLEN_MPTCP_MPC_ACK_DATA; 35cc7972eaSChristoph Paasch else 36cc7972eaSChristoph Paasch expected_opsize = TCPOLEN_MPTCP_MPC_ACK; 37cc7972eaSChristoph Paasch } else { 38cc7972eaSChristoph Paasch if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_ACK) 39cc7972eaSChristoph Paasch expected_opsize = TCPOLEN_MPTCP_MPC_SYNACK; 40cc7972eaSChristoph Paasch else 41cc7972eaSChristoph Paasch expected_opsize = TCPOLEN_MPTCP_MPC_SYN; 42cc7972eaSChristoph Paasch } 43cc7972eaSChristoph Paasch if (opsize != expected_opsize) 44eda7acddSPeter Krystad break; 45eda7acddSPeter Krystad 46cc7972eaSChristoph Paasch /* try to be gentle vs future versions on the initial syn */ 47eda7acddSPeter Krystad version = *ptr++ & MPTCP_VERSION_MASK; 48cc7972eaSChristoph Paasch if (opsize != TCPOLEN_MPTCP_MPC_SYN) { 49eda7acddSPeter Krystad if (version != MPTCP_SUPPORTED_VERSION) 50eda7acddSPeter Krystad break; 51cc7972eaSChristoph Paasch } else if (version < MPTCP_SUPPORTED_VERSION) { 52cc7972eaSChristoph Paasch break; 53cc7972eaSChristoph Paasch } 54eda7acddSPeter Krystad 55eda7acddSPeter Krystad flags = *ptr++; 5665492c5aSPaolo Abeni if (!mptcp_cap_flag_sha256(flags) || 57eda7acddSPeter Krystad (flags & MPTCP_CAP_EXTENSIBILITY)) 58eda7acddSPeter Krystad break; 59eda7acddSPeter Krystad 60eda7acddSPeter Krystad /* RFC 6824, Section 3.1: 61eda7acddSPeter Krystad * "For the Checksum Required bit (labeled "A"), if either 62eda7acddSPeter Krystad * host requires the use of checksums, checksums MUST be used. 63eda7acddSPeter Krystad * In other words, the only way for checksums not to be used 64eda7acddSPeter Krystad * is if both hosts in their SYNs set A=0." 65eda7acddSPeter Krystad * 66eda7acddSPeter Krystad * Section 3.3.0: 67eda7acddSPeter Krystad * "If a checksum is not present when its use has been 68eda7acddSPeter Krystad * negotiated, the receiver MUST close the subflow with a RST as 69eda7acddSPeter Krystad * it is considered broken." 70eda7acddSPeter Krystad * 71eda7acddSPeter Krystad * We don't implement DSS checksum - fall back to TCP. 72eda7acddSPeter Krystad */ 73eda7acddSPeter Krystad if (flags & MPTCP_CAP_CHECKSUM_REQD) 74eda7acddSPeter Krystad break; 75eda7acddSPeter Krystad 76eda7acddSPeter Krystad mp_opt->mp_capable = 1; 77cc7972eaSChristoph Paasch if (opsize >= TCPOLEN_MPTCP_MPC_SYNACK) { 78eda7acddSPeter Krystad mp_opt->sndr_key = get_unaligned_be64(ptr); 79eda7acddSPeter Krystad ptr += 8; 80cc7972eaSChristoph Paasch } 81cc7972eaSChristoph Paasch if (opsize >= TCPOLEN_MPTCP_MPC_ACK) { 82eda7acddSPeter Krystad mp_opt->rcvr_key = get_unaligned_be64(ptr); 83eda7acddSPeter Krystad ptr += 8; 84eda7acddSPeter Krystad } 85cc7972eaSChristoph Paasch if (opsize == TCPOLEN_MPTCP_MPC_ACK_DATA) { 86cc7972eaSChristoph Paasch /* Section 3.1.: 87cc7972eaSChristoph Paasch * "the data parameters in a MP_CAPABLE are semantically 88cc7972eaSChristoph Paasch * equivalent to those in a DSS option and can be used 89cc7972eaSChristoph Paasch * interchangeably." 90cc7972eaSChristoph Paasch */ 91cc7972eaSChristoph Paasch mp_opt->dss = 1; 92cc7972eaSChristoph Paasch mp_opt->use_map = 1; 93cc7972eaSChristoph Paasch mp_opt->mpc_map = 1; 94cc7972eaSChristoph Paasch mp_opt->data_len = get_unaligned_be16(ptr); 95cc7972eaSChristoph Paasch ptr += 2; 96cc7972eaSChristoph Paasch } 97cc7972eaSChristoph Paasch pr_debug("MP_CAPABLE version=%x, flags=%x, optlen=%d sndr=%llu, rcvr=%llu len=%d", 98cc7972eaSChristoph Paasch version, flags, opsize, mp_opt->sndr_key, 99cc7972eaSChristoph Paasch mp_opt->rcvr_key, mp_opt->data_len); 100eda7acddSPeter Krystad break; 101eda7acddSPeter Krystad 102f296234cSPeter Krystad case MPTCPOPT_MP_JOIN: 103f296234cSPeter Krystad mp_opt->mp_join = 1; 104f296234cSPeter Krystad if (opsize == TCPOLEN_MPTCP_MPJ_SYN) { 105f296234cSPeter Krystad mp_opt->backup = *ptr++ & MPTCPOPT_BACKUP; 106f296234cSPeter Krystad mp_opt->join_id = *ptr++; 107f296234cSPeter Krystad mp_opt->token = get_unaligned_be32(ptr); 108f296234cSPeter Krystad ptr += 4; 109f296234cSPeter Krystad mp_opt->nonce = get_unaligned_be32(ptr); 110f296234cSPeter Krystad ptr += 4; 111f296234cSPeter Krystad pr_debug("MP_JOIN bkup=%u, id=%u, token=%u, nonce=%u", 112f296234cSPeter Krystad mp_opt->backup, mp_opt->join_id, 113f296234cSPeter Krystad mp_opt->token, mp_opt->nonce); 114f296234cSPeter Krystad } else if (opsize == TCPOLEN_MPTCP_MPJ_SYNACK) { 115f296234cSPeter Krystad mp_opt->backup = *ptr++ & MPTCPOPT_BACKUP; 116f296234cSPeter Krystad mp_opt->join_id = *ptr++; 117f296234cSPeter Krystad mp_opt->thmac = get_unaligned_be64(ptr); 118f296234cSPeter Krystad ptr += 8; 119f296234cSPeter Krystad mp_opt->nonce = get_unaligned_be32(ptr); 120f296234cSPeter Krystad ptr += 4; 121f296234cSPeter Krystad pr_debug("MP_JOIN bkup=%u, id=%u, thmac=%llu, nonce=%u", 122f296234cSPeter Krystad mp_opt->backup, mp_opt->join_id, 123f296234cSPeter Krystad mp_opt->thmac, mp_opt->nonce); 124f296234cSPeter Krystad } else if (opsize == TCPOLEN_MPTCP_MPJ_ACK) { 125f296234cSPeter Krystad ptr += 2; 126f296234cSPeter Krystad memcpy(mp_opt->hmac, ptr, MPTCPOPT_HMAC_LEN); 127f296234cSPeter Krystad pr_debug("MP_JOIN hmac"); 128f296234cSPeter Krystad } else { 129f296234cSPeter Krystad pr_warn("MP_JOIN bad option size"); 130f296234cSPeter Krystad mp_opt->mp_join = 0; 131f296234cSPeter Krystad } 132f296234cSPeter Krystad break; 133f296234cSPeter Krystad 134eda7acddSPeter Krystad case MPTCPOPT_DSS: 135eda7acddSPeter Krystad pr_debug("DSS"); 136648ef4b8SMat Martineau ptr++; 137648ef4b8SMat Martineau 138cc7972eaSChristoph Paasch /* we must clear 'mpc_map' be able to detect MP_CAPABLE 139cc7972eaSChristoph Paasch * map vs DSS map in mptcp_incoming_options(), and reconstruct 140cc7972eaSChristoph Paasch * map info accordingly 141cc7972eaSChristoph Paasch */ 142cc7972eaSChristoph Paasch mp_opt->mpc_map = 0; 143648ef4b8SMat Martineau flags = (*ptr++) & MPTCP_DSS_FLAG_MASK; 144648ef4b8SMat Martineau mp_opt->data_fin = (flags & MPTCP_DSS_DATA_FIN) != 0; 145648ef4b8SMat Martineau mp_opt->dsn64 = (flags & MPTCP_DSS_DSN64) != 0; 146648ef4b8SMat Martineau mp_opt->use_map = (flags & MPTCP_DSS_HAS_MAP) != 0; 147648ef4b8SMat Martineau mp_opt->ack64 = (flags & MPTCP_DSS_ACK64) != 0; 148648ef4b8SMat Martineau mp_opt->use_ack = (flags & MPTCP_DSS_HAS_ACK); 149648ef4b8SMat Martineau 150648ef4b8SMat Martineau pr_debug("data_fin=%d dsn64=%d use_map=%d ack64=%d use_ack=%d", 151648ef4b8SMat Martineau mp_opt->data_fin, mp_opt->dsn64, 152648ef4b8SMat Martineau mp_opt->use_map, mp_opt->ack64, 153648ef4b8SMat Martineau mp_opt->use_ack); 154648ef4b8SMat Martineau 155648ef4b8SMat Martineau expected_opsize = TCPOLEN_MPTCP_DSS_BASE; 156648ef4b8SMat Martineau 157648ef4b8SMat Martineau if (mp_opt->use_ack) { 158648ef4b8SMat Martineau if (mp_opt->ack64) 159648ef4b8SMat Martineau expected_opsize += TCPOLEN_MPTCP_DSS_ACK64; 160648ef4b8SMat Martineau else 161648ef4b8SMat Martineau expected_opsize += TCPOLEN_MPTCP_DSS_ACK32; 162648ef4b8SMat Martineau } 163648ef4b8SMat Martineau 164648ef4b8SMat Martineau if (mp_opt->use_map) { 165648ef4b8SMat Martineau if (mp_opt->dsn64) 166648ef4b8SMat Martineau expected_opsize += TCPOLEN_MPTCP_DSS_MAP64; 167648ef4b8SMat Martineau else 168648ef4b8SMat Martineau expected_opsize += TCPOLEN_MPTCP_DSS_MAP32; 169648ef4b8SMat Martineau } 170648ef4b8SMat Martineau 171648ef4b8SMat Martineau /* RFC 6824, Section 3.3: 172648ef4b8SMat Martineau * If a checksum is present, but its use had 173648ef4b8SMat Martineau * not been negotiated in the MP_CAPABLE handshake, 174648ef4b8SMat Martineau * the checksum field MUST be ignored. 175648ef4b8SMat Martineau */ 176648ef4b8SMat Martineau if (opsize != expected_opsize && 177648ef4b8SMat Martineau opsize != expected_opsize + TCPOLEN_MPTCP_DSS_CHECKSUM) 178648ef4b8SMat Martineau break; 179648ef4b8SMat Martineau 180eda7acddSPeter Krystad mp_opt->dss = 1; 181648ef4b8SMat Martineau 182648ef4b8SMat Martineau if (mp_opt->use_ack) { 183648ef4b8SMat Martineau if (mp_opt->ack64) { 184648ef4b8SMat Martineau mp_opt->data_ack = get_unaligned_be64(ptr); 185648ef4b8SMat Martineau ptr += 8; 186648ef4b8SMat Martineau } else { 187648ef4b8SMat Martineau mp_opt->data_ack = get_unaligned_be32(ptr); 188648ef4b8SMat Martineau ptr += 4; 189648ef4b8SMat Martineau } 190648ef4b8SMat Martineau 191648ef4b8SMat Martineau pr_debug("data_ack=%llu", mp_opt->data_ack); 192648ef4b8SMat Martineau } 193648ef4b8SMat Martineau 194648ef4b8SMat Martineau if (mp_opt->use_map) { 195648ef4b8SMat Martineau if (mp_opt->dsn64) { 196648ef4b8SMat Martineau mp_opt->data_seq = get_unaligned_be64(ptr); 197648ef4b8SMat Martineau ptr += 8; 198648ef4b8SMat Martineau } else { 199648ef4b8SMat Martineau mp_opt->data_seq = get_unaligned_be32(ptr); 200648ef4b8SMat Martineau ptr += 4; 201648ef4b8SMat Martineau } 202648ef4b8SMat Martineau 203648ef4b8SMat Martineau mp_opt->subflow_seq = get_unaligned_be32(ptr); 204648ef4b8SMat Martineau ptr += 4; 205648ef4b8SMat Martineau 206648ef4b8SMat Martineau mp_opt->data_len = get_unaligned_be16(ptr); 207648ef4b8SMat Martineau ptr += 2; 208648ef4b8SMat Martineau 209648ef4b8SMat Martineau pr_debug("data_seq=%llu subflow_seq=%u data_len=%u", 210648ef4b8SMat Martineau mp_opt->data_seq, mp_opt->subflow_seq, 211648ef4b8SMat Martineau mp_opt->data_len); 212648ef4b8SMat Martineau } 213648ef4b8SMat Martineau 214eda7acddSPeter Krystad break; 215eda7acddSPeter Krystad 2163df523abSPeter Krystad case MPTCPOPT_ADD_ADDR: 2173df523abSPeter Krystad mp_opt->echo = (*ptr++) & MPTCP_ADDR_ECHO; 2183df523abSPeter Krystad if (!mp_opt->echo) { 2193df523abSPeter Krystad if (opsize == TCPOLEN_MPTCP_ADD_ADDR || 2203df523abSPeter Krystad opsize == TCPOLEN_MPTCP_ADD_ADDR_PORT) 2213df523abSPeter Krystad mp_opt->family = MPTCP_ADDR_IPVERSION_4; 2223df523abSPeter Krystad #if IS_ENABLED(CONFIG_MPTCP_IPV6) 2233df523abSPeter Krystad else if (opsize == TCPOLEN_MPTCP_ADD_ADDR6 || 2243df523abSPeter Krystad opsize == TCPOLEN_MPTCP_ADD_ADDR6_PORT) 2253df523abSPeter Krystad mp_opt->family = MPTCP_ADDR_IPVERSION_6; 2263df523abSPeter Krystad #endif 2273df523abSPeter Krystad else 2283df523abSPeter Krystad break; 2293df523abSPeter Krystad } else { 2303df523abSPeter Krystad if (opsize == TCPOLEN_MPTCP_ADD_ADDR_BASE || 2313df523abSPeter Krystad opsize == TCPOLEN_MPTCP_ADD_ADDR_BASE_PORT) 2323df523abSPeter Krystad mp_opt->family = MPTCP_ADDR_IPVERSION_4; 2333df523abSPeter Krystad #if IS_ENABLED(CONFIG_MPTCP_IPV6) 2343df523abSPeter Krystad else if (opsize == TCPOLEN_MPTCP_ADD_ADDR6_BASE || 2353df523abSPeter Krystad opsize == TCPOLEN_MPTCP_ADD_ADDR6_BASE_PORT) 2363df523abSPeter Krystad mp_opt->family = MPTCP_ADDR_IPVERSION_6; 2373df523abSPeter Krystad #endif 2383df523abSPeter Krystad else 2393df523abSPeter Krystad break; 2403df523abSPeter Krystad } 2413df523abSPeter Krystad 2423df523abSPeter Krystad mp_opt->add_addr = 1; 2433df523abSPeter Krystad mp_opt->port = 0; 2443df523abSPeter Krystad mp_opt->addr_id = *ptr++; 2453df523abSPeter Krystad pr_debug("ADD_ADDR: id=%d", mp_opt->addr_id); 2463df523abSPeter Krystad if (mp_opt->family == MPTCP_ADDR_IPVERSION_4) { 2473df523abSPeter Krystad memcpy((u8 *)&mp_opt->addr.s_addr, (u8 *)ptr, 4); 2483df523abSPeter Krystad ptr += 4; 2493df523abSPeter Krystad if (opsize == TCPOLEN_MPTCP_ADD_ADDR_PORT || 2503df523abSPeter Krystad opsize == TCPOLEN_MPTCP_ADD_ADDR_BASE_PORT) { 2513df523abSPeter Krystad mp_opt->port = get_unaligned_be16(ptr); 2523df523abSPeter Krystad ptr += 2; 2533df523abSPeter Krystad } 2543df523abSPeter Krystad } 2553df523abSPeter Krystad #if IS_ENABLED(CONFIG_MPTCP_IPV6) 2563df523abSPeter Krystad else { 2573df523abSPeter Krystad memcpy(mp_opt->addr6.s6_addr, (u8 *)ptr, 16); 2583df523abSPeter Krystad ptr += 16; 2593df523abSPeter Krystad if (opsize == TCPOLEN_MPTCP_ADD_ADDR6_PORT || 2603df523abSPeter Krystad opsize == TCPOLEN_MPTCP_ADD_ADDR6_BASE_PORT) { 2613df523abSPeter Krystad mp_opt->port = get_unaligned_be16(ptr); 2623df523abSPeter Krystad ptr += 2; 2633df523abSPeter Krystad } 2643df523abSPeter Krystad } 2653df523abSPeter Krystad #endif 2663df523abSPeter Krystad if (!mp_opt->echo) { 2673df523abSPeter Krystad mp_opt->ahmac = get_unaligned_be64(ptr); 2683df523abSPeter Krystad ptr += 8; 2693df523abSPeter Krystad } 2703df523abSPeter Krystad break; 2713df523abSPeter Krystad 2723df523abSPeter Krystad case MPTCPOPT_RM_ADDR: 2733df523abSPeter Krystad if (opsize != TCPOLEN_MPTCP_RM_ADDR_BASE) 2743df523abSPeter Krystad break; 2753df523abSPeter Krystad 2768e60eed6SGeliang Tang ptr++; 2778e60eed6SGeliang Tang 2783df523abSPeter Krystad mp_opt->rm_addr = 1; 2793df523abSPeter Krystad mp_opt->rm_id = *ptr++; 2803df523abSPeter Krystad pr_debug("RM_ADDR: id=%d", mp_opt->rm_id); 2813df523abSPeter Krystad break; 2823df523abSPeter Krystad 283eda7acddSPeter Krystad default: 284eda7acddSPeter Krystad break; 285eda7acddSPeter Krystad } 286eda7acddSPeter Krystad } 287eda7acddSPeter Krystad 288cec37a6eSPeter Krystad void mptcp_get_options(const struct sk_buff *skb, 289cfde141eSPaolo Abeni struct mptcp_options_received *mp_opt) 290cec37a6eSPeter Krystad { 291cec37a6eSPeter Krystad const struct tcphdr *th = tcp_hdr(skb); 292cfde141eSPaolo Abeni const unsigned char *ptr; 293cfde141eSPaolo Abeni int length; 294cec37a6eSPeter Krystad 295cfde141eSPaolo Abeni /* initialize option status */ 296cfde141eSPaolo Abeni mp_opt->mp_capable = 0; 297cfde141eSPaolo Abeni mp_opt->mp_join = 0; 298cfde141eSPaolo Abeni mp_opt->add_addr = 0; 299cfde141eSPaolo Abeni mp_opt->rm_addr = 0; 300cfde141eSPaolo Abeni mp_opt->dss = 0; 301cfde141eSPaolo Abeni 302cfde141eSPaolo Abeni length = (th->doff * 4) - sizeof(struct tcphdr); 303cec37a6eSPeter Krystad ptr = (const unsigned char *)(th + 1); 304cec37a6eSPeter Krystad 305cec37a6eSPeter Krystad while (length > 0) { 306cec37a6eSPeter Krystad int opcode = *ptr++; 307cec37a6eSPeter Krystad int opsize; 308cec37a6eSPeter Krystad 309cec37a6eSPeter Krystad switch (opcode) { 310cec37a6eSPeter Krystad case TCPOPT_EOL: 311cec37a6eSPeter Krystad return; 312cec37a6eSPeter Krystad case TCPOPT_NOP: /* Ref: RFC 793 section 3.1 */ 313cec37a6eSPeter Krystad length--; 314cec37a6eSPeter Krystad continue; 315cec37a6eSPeter Krystad default: 316cec37a6eSPeter Krystad opsize = *ptr++; 317cec37a6eSPeter Krystad if (opsize < 2) /* "silly options" */ 318cec37a6eSPeter Krystad return; 319cec37a6eSPeter Krystad if (opsize > length) 320cec37a6eSPeter Krystad return; /* don't parse partial options */ 321cec37a6eSPeter Krystad if (opcode == TCPOPT_MPTCP) 322cfde141eSPaolo Abeni mptcp_parse_option(skb, ptr, opsize, mp_opt); 323cec37a6eSPeter Krystad ptr += opsize - 2; 324cec37a6eSPeter Krystad length -= opsize; 325cec37a6eSPeter Krystad } 326cec37a6eSPeter Krystad } 327cec37a6eSPeter Krystad } 328cec37a6eSPeter Krystad 329cc7972eaSChristoph Paasch bool mptcp_syn_options(struct sock *sk, const struct sk_buff *skb, 330cc7972eaSChristoph Paasch unsigned int *size, struct mptcp_out_options *opts) 331cec37a6eSPeter Krystad { 332cec37a6eSPeter Krystad struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); 333cec37a6eSPeter Krystad 334cc7972eaSChristoph Paasch /* we will use snd_isn to detect first pkt [re]transmission 335cc7972eaSChristoph Paasch * in mptcp_established_options_mp() 336cc7972eaSChristoph Paasch */ 337cc7972eaSChristoph Paasch subflow->snd_isn = TCP_SKB_CB(skb)->end_seq; 338cec37a6eSPeter Krystad if (subflow->request_mptcp) { 339cec37a6eSPeter Krystad opts->suboptions = OPTION_MPTCP_MPC_SYN; 340cec37a6eSPeter Krystad *size = TCPOLEN_MPTCP_MPC_SYN; 341cec37a6eSPeter Krystad return true; 342ec3edaa7SPeter Krystad } else if (subflow->request_join) { 343ec3edaa7SPeter Krystad pr_debug("remote_token=%u, nonce=%u", subflow->remote_token, 344ec3edaa7SPeter Krystad subflow->local_nonce); 345ec3edaa7SPeter Krystad opts->suboptions = OPTION_MPTCP_MPJ_SYN; 346ec3edaa7SPeter Krystad opts->join_id = subflow->local_id; 347ec3edaa7SPeter Krystad opts->token = subflow->remote_token; 348ec3edaa7SPeter Krystad opts->nonce = subflow->local_nonce; 349ec3edaa7SPeter Krystad opts->backup = subflow->request_bkup; 350ec3edaa7SPeter Krystad *size = TCPOLEN_MPTCP_MPJ_SYN; 351ec3edaa7SPeter Krystad return true; 352cec37a6eSPeter Krystad } 353cec37a6eSPeter Krystad return false; 354cec37a6eSPeter Krystad } 355cec37a6eSPeter Krystad 356ec3edaa7SPeter Krystad /* MP_JOIN client subflow must wait for 4th ack before sending any data: 357ec3edaa7SPeter Krystad * TCP can't schedule delack timer before the subflow is fully established. 358ec3edaa7SPeter Krystad * MPTCP uses the delack timer to do 3rd ack retransmissions 359ec3edaa7SPeter Krystad */ 360ec3edaa7SPeter Krystad static void schedule_3rdack_retransmission(struct sock *sk) 361ec3edaa7SPeter Krystad { 362ec3edaa7SPeter Krystad struct inet_connection_sock *icsk = inet_csk(sk); 363ec3edaa7SPeter Krystad struct tcp_sock *tp = tcp_sk(sk); 364ec3edaa7SPeter Krystad unsigned long timeout; 365ec3edaa7SPeter Krystad 366ec3edaa7SPeter Krystad /* reschedule with a timeout above RTT, as we must look only for drop */ 367ec3edaa7SPeter Krystad if (tp->srtt_us) 368ec3edaa7SPeter Krystad timeout = tp->srtt_us << 1; 369ec3edaa7SPeter Krystad else 370ec3edaa7SPeter Krystad timeout = TCP_TIMEOUT_INIT; 371ec3edaa7SPeter Krystad 372ec3edaa7SPeter Krystad WARN_ON_ONCE(icsk->icsk_ack.pending & ICSK_ACK_TIMER); 373ec3edaa7SPeter Krystad icsk->icsk_ack.pending |= ICSK_ACK_SCHED | ICSK_ACK_TIMER; 374ec3edaa7SPeter Krystad icsk->icsk_ack.timeout = timeout; 375ec3edaa7SPeter Krystad sk_reset_timer(sk, &icsk->icsk_delack_timer, timeout); 376ec3edaa7SPeter Krystad } 377ec3edaa7SPeter Krystad 378ec3edaa7SPeter Krystad static void clear_3rdack_retransmission(struct sock *sk) 379ec3edaa7SPeter Krystad { 380ec3edaa7SPeter Krystad struct inet_connection_sock *icsk = inet_csk(sk); 381ec3edaa7SPeter Krystad 382ec3edaa7SPeter Krystad sk_stop_timer(sk, &icsk->icsk_delack_timer); 383ec3edaa7SPeter Krystad icsk->icsk_ack.timeout = 0; 384ec3edaa7SPeter Krystad icsk->icsk_ack.ato = 0; 385ec3edaa7SPeter Krystad icsk->icsk_ack.pending &= ~(ICSK_ACK_SCHED | ICSK_ACK_TIMER); 386ec3edaa7SPeter Krystad } 387ec3edaa7SPeter Krystad 388cc7972eaSChristoph Paasch static bool mptcp_established_options_mp(struct sock *sk, struct sk_buff *skb, 389cc7972eaSChristoph Paasch unsigned int *size, 3906d0060f6SMat Martineau unsigned int remaining, 391cec37a6eSPeter Krystad struct mptcp_out_options *opts) 392cec37a6eSPeter Krystad { 393cec37a6eSPeter Krystad struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); 394cc7972eaSChristoph Paasch struct mptcp_ext *mpext; 395cc7972eaSChristoph Paasch unsigned int data_len; 396cec37a6eSPeter Krystad 397ec3edaa7SPeter Krystad /* When skb is not available, we better over-estimate the emitted 398ec3edaa7SPeter Krystad * options len. A full DSS option (28 bytes) is longer than 399ec3edaa7SPeter Krystad * TCPOLEN_MPTCP_MPC_ACK_DATA(22) or TCPOLEN_MPTCP_MPJ_ACK(24), so 400ec3edaa7SPeter Krystad * tell the caller to defer the estimate to 401ec3edaa7SPeter Krystad * mptcp_established_options_dss(), which will reserve enough space. 402cc7972eaSChristoph Paasch */ 403ec3edaa7SPeter Krystad if (!skb) 404ec3edaa7SPeter Krystad return false; 405ec3edaa7SPeter Krystad 406ec3edaa7SPeter Krystad /* MPC/MPJ needed only on 3rd ack packet */ 407ec3edaa7SPeter Krystad if (subflow->fully_established || 408ec3edaa7SPeter Krystad subflow->snd_isn != TCP_SKB_CB(skb)->seq) 409ec3edaa7SPeter Krystad return false; 410ec3edaa7SPeter Krystad 411ec3edaa7SPeter Krystad if (subflow->mp_capable) { 412cc7972eaSChristoph Paasch mpext = mptcp_get_ext(skb); 413cc7972eaSChristoph Paasch data_len = mpext ? mpext->data_len : 0; 414cc7972eaSChristoph Paasch 415cc7972eaSChristoph Paasch /* we will check ext_copy.data_len in mptcp_write_options() to 416cc7972eaSChristoph Paasch * discriminate between TCPOLEN_MPTCP_MPC_ACK_DATA and 417cc7972eaSChristoph Paasch * TCPOLEN_MPTCP_MPC_ACK 418cc7972eaSChristoph Paasch */ 419cc7972eaSChristoph Paasch opts->ext_copy.data_len = data_len; 420cec37a6eSPeter Krystad opts->suboptions = OPTION_MPTCP_MPC_ACK; 421cec37a6eSPeter Krystad opts->sndr_key = subflow->local_key; 422cec37a6eSPeter Krystad opts->rcvr_key = subflow->remote_key; 423cc7972eaSChristoph Paasch 424cc7972eaSChristoph Paasch /* Section 3.1. 425cc7972eaSChristoph Paasch * The MP_CAPABLE option is carried on the SYN, SYN/ACK, and ACK 426cc7972eaSChristoph Paasch * packets that start the first subflow of an MPTCP connection, 427cc7972eaSChristoph Paasch * as well as the first packet that carries data 428cc7972eaSChristoph Paasch */ 429cc7972eaSChristoph Paasch if (data_len > 0) 430cc7972eaSChristoph Paasch *size = ALIGN(TCPOLEN_MPTCP_MPC_ACK_DATA, 4); 431cc7972eaSChristoph Paasch else 432cec37a6eSPeter Krystad *size = TCPOLEN_MPTCP_MPC_ACK; 433cc7972eaSChristoph Paasch 434cc7972eaSChristoph Paasch pr_debug("subflow=%p, local_key=%llu, remote_key=%llu map_len=%d", 435cc7972eaSChristoph Paasch subflow, subflow->local_key, subflow->remote_key, 436cc7972eaSChristoph Paasch data_len); 437cc7972eaSChristoph Paasch 438cec37a6eSPeter Krystad return true; 439ec3edaa7SPeter Krystad } else if (subflow->mp_join) { 440ec3edaa7SPeter Krystad opts->suboptions = OPTION_MPTCP_MPJ_ACK; 441ec3edaa7SPeter Krystad memcpy(opts->hmac, subflow->hmac, MPTCPOPT_HMAC_LEN); 442ec3edaa7SPeter Krystad *size = TCPOLEN_MPTCP_MPJ_ACK; 443ec3edaa7SPeter Krystad pr_debug("subflow=%p", subflow); 444ec3edaa7SPeter Krystad 445ec3edaa7SPeter Krystad schedule_3rdack_retransmission(sk); 446ec3edaa7SPeter Krystad return true; 447cec37a6eSPeter Krystad } 448cec37a6eSPeter Krystad return false; 449cec37a6eSPeter Krystad } 450cec37a6eSPeter Krystad 4516d0060f6SMat Martineau static void mptcp_write_data_fin(struct mptcp_subflow_context *subflow, 4526d0060f6SMat Martineau struct mptcp_ext *ext) 4536d0060f6SMat Martineau { 4546d0060f6SMat Martineau if (!ext->use_map) { 4556d0060f6SMat Martineau /* RFC6824 requires a DSS mapping with specific values 4566d0060f6SMat Martineau * if DATA_FIN is set but no data payload is mapped 4576d0060f6SMat Martineau */ 4586d37a0b8SMat Martineau ext->data_fin = 1; 4596d0060f6SMat Martineau ext->use_map = 1; 4606d0060f6SMat Martineau ext->dsn64 = 1; 46176c42a29SMat Martineau ext->data_seq = subflow->data_fin_tx_seq; 4626d0060f6SMat Martineau ext->subflow_seq = 0; 4636d0060f6SMat Martineau ext->data_len = 1; 4646d37a0b8SMat Martineau } else if (ext->data_seq + ext->data_len == subflow->data_fin_tx_seq) { 4656d37a0b8SMat Martineau /* If there's an existing DSS mapping and it is the 4666d37a0b8SMat Martineau * final mapping, DATA_FIN consumes 1 additional byte of 4676d37a0b8SMat Martineau * mapping space. 4686d0060f6SMat Martineau */ 4696d37a0b8SMat Martineau ext->data_fin = 1; 4706d0060f6SMat Martineau ext->data_len++; 4716d0060f6SMat Martineau } 4726d0060f6SMat Martineau } 4736d0060f6SMat Martineau 4746d0060f6SMat Martineau static bool mptcp_established_options_dss(struct sock *sk, struct sk_buff *skb, 4756d0060f6SMat Martineau unsigned int *size, 4766d0060f6SMat Martineau unsigned int remaining, 4776d0060f6SMat Martineau struct mptcp_out_options *opts) 4786d0060f6SMat Martineau { 4796d0060f6SMat Martineau struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); 4806d0060f6SMat Martineau unsigned int dss_size = 0; 4816d0060f6SMat Martineau struct mptcp_ext *mpext; 4826d0060f6SMat Martineau struct mptcp_sock *msk; 4836d0060f6SMat Martineau unsigned int ack_size; 484d22f4988SChristoph Paasch bool ret = false; 4856d0060f6SMat Martineau u8 tcp_fin; 4866d0060f6SMat Martineau 4876d0060f6SMat Martineau if (skb) { 4886d0060f6SMat Martineau mpext = mptcp_get_ext(skb); 4896d0060f6SMat Martineau tcp_fin = TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN; 4906d0060f6SMat Martineau } else { 4916d0060f6SMat Martineau mpext = NULL; 4926d0060f6SMat Martineau tcp_fin = 0; 4936d0060f6SMat Martineau } 4946d0060f6SMat Martineau 4956d0060f6SMat Martineau if (!skb || (mpext && mpext->use_map) || tcp_fin) { 4966d0060f6SMat Martineau unsigned int map_size; 4976d0060f6SMat Martineau 4986d0060f6SMat Martineau map_size = TCPOLEN_MPTCP_DSS_BASE + TCPOLEN_MPTCP_DSS_MAP64; 4996d0060f6SMat Martineau 5006d0060f6SMat Martineau remaining -= map_size; 5016d0060f6SMat Martineau dss_size = map_size; 5026d0060f6SMat Martineau if (mpext) 5036d0060f6SMat Martineau opts->ext_copy = *mpext; 5046d0060f6SMat Martineau 50576c42a29SMat Martineau if (skb && tcp_fin && subflow->data_fin_tx_enable) 5066d0060f6SMat Martineau mptcp_write_data_fin(subflow, &opts->ext_copy); 507d22f4988SChristoph Paasch ret = true; 508d22f4988SChristoph Paasch } 509d22f4988SChristoph Paasch 5102398e399SPaolo Abeni /* passive sockets msk will set the 'can_ack' after accept(), even 5112398e399SPaolo Abeni * if the first subflow may have the already the remote key handy 5122398e399SPaolo Abeni */ 513d22f4988SChristoph Paasch opts->ext_copy.use_ack = 0; 514d22f4988SChristoph Paasch msk = mptcp_sk(subflow->conn); 515dc093db5SPaolo Abeni if (!READ_ONCE(msk->can_ack)) { 516d22f4988SChristoph Paasch *size = ALIGN(dss_size, 4); 517d22f4988SChristoph Paasch return ret; 5186d0060f6SMat Martineau } 5196d0060f6SMat Martineau 520a0c1d0eaSChristoph Paasch if (subflow->use_64bit_ack) { 5216d0060f6SMat Martineau ack_size = TCPOLEN_MPTCP_DSS_ACK64; 522a0c1d0eaSChristoph Paasch opts->ext_copy.data_ack = msk->ack_seq; 523a0c1d0eaSChristoph Paasch opts->ext_copy.ack64 = 1; 524a0c1d0eaSChristoph Paasch } else { 525a0c1d0eaSChristoph Paasch ack_size = TCPOLEN_MPTCP_DSS_ACK32; 526a0c1d0eaSChristoph Paasch opts->ext_copy.data_ack32 = (uint32_t)(msk->ack_seq); 527a0c1d0eaSChristoph Paasch opts->ext_copy.ack64 = 0; 528a0c1d0eaSChristoph Paasch } 529a0c1d0eaSChristoph Paasch opts->ext_copy.use_ack = 1; 5306d0060f6SMat Martineau 5316d0060f6SMat Martineau /* Add kind/length/subtype/flag overhead if mapping is not populated */ 5326d0060f6SMat Martineau if (dss_size == 0) 5336d0060f6SMat Martineau ack_size += TCPOLEN_MPTCP_DSS_BASE; 5346d0060f6SMat Martineau 5356d0060f6SMat Martineau dss_size += ack_size; 5366d0060f6SMat Martineau 5376d0060f6SMat Martineau *size = ALIGN(dss_size, 4); 5386d0060f6SMat Martineau return true; 5396d0060f6SMat Martineau } 5406d0060f6SMat Martineau 5413df523abSPeter Krystad static u64 add_addr_generate_hmac(u64 key1, u64 key2, u8 addr_id, 5423df523abSPeter Krystad struct in_addr *addr) 5433df523abSPeter Krystad { 544bd697222STodd Malsbary u8 hmac[SHA256_DIGEST_SIZE]; 5453df523abSPeter Krystad u8 msg[7]; 5463df523abSPeter Krystad 5473df523abSPeter Krystad msg[0] = addr_id; 5483df523abSPeter Krystad memcpy(&msg[1], &addr->s_addr, 4); 5493df523abSPeter Krystad msg[5] = 0; 5503df523abSPeter Krystad msg[6] = 0; 5513df523abSPeter Krystad 5523df523abSPeter Krystad mptcp_crypto_hmac_sha(key1, key2, msg, 7, hmac); 5533df523abSPeter Krystad 554bd697222STodd Malsbary return get_unaligned_be64(&hmac[SHA256_DIGEST_SIZE - sizeof(u64)]); 5553df523abSPeter Krystad } 5563df523abSPeter Krystad 5573df523abSPeter Krystad #if IS_ENABLED(CONFIG_MPTCP_IPV6) 5583df523abSPeter Krystad static u64 add_addr6_generate_hmac(u64 key1, u64 key2, u8 addr_id, 5593df523abSPeter Krystad struct in6_addr *addr) 5603df523abSPeter Krystad { 561bd697222STodd Malsbary u8 hmac[SHA256_DIGEST_SIZE]; 5623df523abSPeter Krystad u8 msg[19]; 5633df523abSPeter Krystad 5643df523abSPeter Krystad msg[0] = addr_id; 5653df523abSPeter Krystad memcpy(&msg[1], &addr->s6_addr, 16); 5663df523abSPeter Krystad msg[17] = 0; 5673df523abSPeter Krystad msg[18] = 0; 5683df523abSPeter Krystad 5693df523abSPeter Krystad mptcp_crypto_hmac_sha(key1, key2, msg, 19, hmac); 5703df523abSPeter Krystad 571bd697222STodd Malsbary return get_unaligned_be64(&hmac[SHA256_DIGEST_SIZE - sizeof(u64)]); 5723df523abSPeter Krystad } 5733df523abSPeter Krystad #endif 5743df523abSPeter Krystad 5753df523abSPeter Krystad static bool mptcp_established_options_addr(struct sock *sk, 5763df523abSPeter Krystad unsigned int *size, 5773df523abSPeter Krystad unsigned int remaining, 5783df523abSPeter Krystad struct mptcp_out_options *opts) 5793df523abSPeter Krystad { 5803df523abSPeter Krystad struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); 5813df523abSPeter Krystad struct mptcp_sock *msk = mptcp_sk(subflow->conn); 5821b1c7a0eSPeter Krystad struct mptcp_addr_info saddr; 5831b1c7a0eSPeter Krystad int len; 5843df523abSPeter Krystad 5851b1c7a0eSPeter Krystad if (!mptcp_pm_should_signal(msk) || 5861b1c7a0eSPeter Krystad !(mptcp_pm_addr_signal(msk, remaining, &saddr))) 5873df523abSPeter Krystad return false; 5881b1c7a0eSPeter Krystad 5891b1c7a0eSPeter Krystad len = mptcp_add_addr_len(saddr.family); 5901b1c7a0eSPeter Krystad if (remaining < len) 5911b1c7a0eSPeter Krystad return false; 5921b1c7a0eSPeter Krystad 5931b1c7a0eSPeter Krystad *size = len; 5941b1c7a0eSPeter Krystad opts->addr_id = saddr.id; 5951b1c7a0eSPeter Krystad if (saddr.family == AF_INET) { 5963df523abSPeter Krystad opts->suboptions |= OPTION_MPTCP_ADD_ADDR; 5971b1c7a0eSPeter Krystad opts->addr = saddr.addr; 5983df523abSPeter Krystad opts->ahmac = add_addr_generate_hmac(msk->local_key, 5993df523abSPeter Krystad msk->remote_key, 6003df523abSPeter Krystad opts->addr_id, 6013df523abSPeter Krystad &opts->addr); 6023df523abSPeter Krystad } 6033df523abSPeter Krystad #if IS_ENABLED(CONFIG_MPTCP_IPV6) 6041b1c7a0eSPeter Krystad else if (saddr.family == AF_INET6) { 6053df523abSPeter Krystad opts->suboptions |= OPTION_MPTCP_ADD_ADDR6; 6061b1c7a0eSPeter Krystad opts->addr6 = saddr.addr6; 6073df523abSPeter Krystad opts->ahmac = add_addr6_generate_hmac(msk->local_key, 6083df523abSPeter Krystad msk->remote_key, 6093df523abSPeter Krystad opts->addr_id, 6103df523abSPeter Krystad &opts->addr6); 6113df523abSPeter Krystad } 6123df523abSPeter Krystad #endif 6133df523abSPeter Krystad pr_debug("addr_id=%d, ahmac=%llu", opts->addr_id, opts->ahmac); 6143df523abSPeter Krystad 6153df523abSPeter Krystad return true; 6163df523abSPeter Krystad } 6173df523abSPeter Krystad 6186d0060f6SMat Martineau bool mptcp_established_options(struct sock *sk, struct sk_buff *skb, 6196d0060f6SMat Martineau unsigned int *size, unsigned int remaining, 6206d0060f6SMat Martineau struct mptcp_out_options *opts) 6216d0060f6SMat Martineau { 6226d0060f6SMat Martineau unsigned int opt_size = 0; 6236d0060f6SMat Martineau bool ret = false; 6246d0060f6SMat Martineau 6253df523abSPeter Krystad opts->suboptions = 0; 6263df523abSPeter Krystad 627*e1ff9e82SDavide Caratti if (unlikely(mptcp_check_fallback(sk))) 628*e1ff9e82SDavide Caratti return false; 629*e1ff9e82SDavide Caratti 630cc7972eaSChristoph Paasch if (mptcp_established_options_mp(sk, skb, &opt_size, remaining, opts)) 6316d0060f6SMat Martineau ret = true; 6326d0060f6SMat Martineau else if (mptcp_established_options_dss(sk, skb, &opt_size, remaining, 6336d0060f6SMat Martineau opts)) 6346d0060f6SMat Martineau ret = true; 6356d0060f6SMat Martineau 6366d0060f6SMat Martineau /* we reserved enough space for the above options, and exceeding the 6376d0060f6SMat Martineau * TCP option space would be fatal 6386d0060f6SMat Martineau */ 6396d0060f6SMat Martineau if (WARN_ON_ONCE(opt_size > remaining)) 6406d0060f6SMat Martineau return false; 6416d0060f6SMat Martineau 6426d0060f6SMat Martineau *size += opt_size; 6436d0060f6SMat Martineau remaining -= opt_size; 6443df523abSPeter Krystad if (mptcp_established_options_addr(sk, &opt_size, remaining, opts)) { 6453df523abSPeter Krystad *size += opt_size; 6463df523abSPeter Krystad remaining -= opt_size; 6473df523abSPeter Krystad ret = true; 6483df523abSPeter Krystad } 6496d0060f6SMat Martineau 6506d0060f6SMat Martineau return ret; 6516d0060f6SMat Martineau } 6526d0060f6SMat Martineau 653cec37a6eSPeter Krystad bool mptcp_synack_options(const struct request_sock *req, unsigned int *size, 654cec37a6eSPeter Krystad struct mptcp_out_options *opts) 655cec37a6eSPeter Krystad { 656cec37a6eSPeter Krystad struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req); 657cec37a6eSPeter Krystad 658cec37a6eSPeter Krystad if (subflow_req->mp_capable) { 659cec37a6eSPeter Krystad opts->suboptions = OPTION_MPTCP_MPC_SYNACK; 660cec37a6eSPeter Krystad opts->sndr_key = subflow_req->local_key; 661cec37a6eSPeter Krystad *size = TCPOLEN_MPTCP_MPC_SYNACK; 662cec37a6eSPeter Krystad pr_debug("subflow_req=%p, local_key=%llu", 663cec37a6eSPeter Krystad subflow_req, subflow_req->local_key); 664cec37a6eSPeter Krystad return true; 665f296234cSPeter Krystad } else if (subflow_req->mp_join) { 666f296234cSPeter Krystad opts->suboptions = OPTION_MPTCP_MPJ_SYNACK; 667f296234cSPeter Krystad opts->backup = subflow_req->backup; 668f296234cSPeter Krystad opts->join_id = subflow_req->local_id; 669f296234cSPeter Krystad opts->thmac = subflow_req->thmac; 670f296234cSPeter Krystad opts->nonce = subflow_req->local_nonce; 671f296234cSPeter Krystad pr_debug("req=%p, bkup=%u, id=%u, thmac=%llu, nonce=%u", 672f296234cSPeter Krystad subflow_req, opts->backup, opts->join_id, 673f296234cSPeter Krystad opts->thmac, opts->nonce); 674f296234cSPeter Krystad *size = TCPOLEN_MPTCP_MPJ_SYNACK; 675f296234cSPeter Krystad return true; 676cec37a6eSPeter Krystad } 677cec37a6eSPeter Krystad return false; 678cec37a6eSPeter Krystad } 679cec37a6eSPeter Krystad 680f296234cSPeter Krystad static bool check_fully_established(struct mptcp_sock *msk, struct sock *sk, 681f296234cSPeter Krystad struct mptcp_subflow_context *subflow, 682d22f4988SChristoph Paasch struct sk_buff *skb, 683d22f4988SChristoph Paasch struct mptcp_options_received *mp_opt) 684d22f4988SChristoph Paasch { 685d22f4988SChristoph Paasch /* here we can process OoO, in-window pkts, only in-sequence 4th ack 686f296234cSPeter Krystad * will make the subflow fully established 687d22f4988SChristoph Paasch */ 688f296234cSPeter Krystad if (likely(subflow->fully_established)) { 689f296234cSPeter Krystad /* on passive sockets, check for 3rd ack retransmission 690f296234cSPeter Krystad * note that msk is always set by subflow_syn_recv_sock() 691f296234cSPeter Krystad * for mp_join subflows 692f296234cSPeter Krystad */ 693f296234cSPeter Krystad if (TCP_SKB_CB(skb)->seq == subflow->ssn_offset + 1 && 694f296234cSPeter Krystad TCP_SKB_CB(skb)->end_seq == TCP_SKB_CB(skb)->seq && 695f296234cSPeter Krystad subflow->mp_join && mp_opt->mp_join && 696f296234cSPeter Krystad READ_ONCE(msk->pm.server_side)) 697f296234cSPeter Krystad tcp_send_ack(sk); 698f296234cSPeter Krystad goto fully_established; 699f296234cSPeter Krystad } 700d22f4988SChristoph Paasch 701f296234cSPeter Krystad /* we should process OoO packets before the first subflow is fully 702f296234cSPeter Krystad * established, but not expected for MP_JOIN subflows 703f296234cSPeter Krystad */ 704f296234cSPeter Krystad if (TCP_SKB_CB(skb)->seq != subflow->ssn_offset + 1) 705f296234cSPeter Krystad return subflow->mp_capable; 706f296234cSPeter Krystad 7075a91e32bSPaolo Abeni if (mp_opt->dss && mp_opt->use_ack) { 708f296234cSPeter Krystad /* subflows are fully established as soon as we get any 709f296234cSPeter Krystad * additional ack. 710f296234cSPeter Krystad */ 7110be534f5SPaolo Abeni subflow->fully_established = 1; 712f296234cSPeter Krystad goto fully_established; 713f296234cSPeter Krystad } 714d22f4988SChristoph Paasch 715d22f4988SChristoph Paasch /* If the first established packet does not contain MP_CAPABLE + data 716d22f4988SChristoph Paasch * then fallback to TCP 717d22f4988SChristoph Paasch */ 718d22f4988SChristoph Paasch if (!mp_opt->mp_capable) { 719d22f4988SChristoph Paasch subflow->mp_capable = 0; 720*e1ff9e82SDavide Caratti pr_fallback(msk); 721*e1ff9e82SDavide Caratti __mptcp_do_fallback(msk); 722d22f4988SChristoph Paasch return false; 723d22f4988SChristoph Paasch } 724f296234cSPeter Krystad 725d6085fe1SPaolo Abeni if (unlikely(!READ_ONCE(msk->pm.server_side))) 726d6085fe1SPaolo Abeni pr_warn_once("bogus mpc option on established client sk"); 727f296234cSPeter Krystad subflow->fully_established = 1; 728d22f4988SChristoph Paasch subflow->remote_key = mp_opt->sndr_key; 729d22f4988SChristoph Paasch subflow->can_ack = 1; 730f296234cSPeter Krystad 731f296234cSPeter Krystad fully_established: 732f296234cSPeter Krystad if (likely(subflow->pm_notified)) 733f296234cSPeter Krystad return true; 734f296234cSPeter Krystad 735f296234cSPeter Krystad subflow->pm_notified = 1; 736ec3edaa7SPeter Krystad if (subflow->mp_join) { 737ec3edaa7SPeter Krystad clear_3rdack_retransmission(sk); 738f296234cSPeter Krystad mptcp_pm_subflow_established(msk, subflow); 739ec3edaa7SPeter Krystad } else { 740f296234cSPeter Krystad mptcp_pm_fully_established(msk); 741ec3edaa7SPeter Krystad } 742d22f4988SChristoph Paasch return true; 743d22f4988SChristoph Paasch } 744d22f4988SChristoph Paasch 745cc9d2566SPaolo Abeni static u64 expand_ack(u64 old_ack, u64 cur_ack, bool use_64bit) 746cc9d2566SPaolo Abeni { 747cc9d2566SPaolo Abeni u32 old_ack32, cur_ack32; 748cc9d2566SPaolo Abeni 749cc9d2566SPaolo Abeni if (use_64bit) 750cc9d2566SPaolo Abeni return cur_ack; 751cc9d2566SPaolo Abeni 752cc9d2566SPaolo Abeni old_ack32 = (u32)old_ack; 753cc9d2566SPaolo Abeni cur_ack32 = (u32)cur_ack; 754cc9d2566SPaolo Abeni cur_ack = (old_ack & GENMASK_ULL(63, 32)) + cur_ack32; 755cc9d2566SPaolo Abeni if (unlikely(before(cur_ack32, old_ack32))) 756cc9d2566SPaolo Abeni return cur_ack + (1LL << 32); 757cc9d2566SPaolo Abeni return cur_ack; 758cc9d2566SPaolo Abeni } 759cc9d2566SPaolo Abeni 760cc9d2566SPaolo Abeni static void update_una(struct mptcp_sock *msk, 761cc9d2566SPaolo Abeni struct mptcp_options_received *mp_opt) 762cc9d2566SPaolo Abeni { 763cc9d2566SPaolo Abeni u64 new_snd_una, snd_una, old_snd_una = atomic64_read(&msk->snd_una); 764cc9d2566SPaolo Abeni u64 write_seq = READ_ONCE(msk->write_seq); 765cc9d2566SPaolo Abeni 766cc9d2566SPaolo Abeni /* avoid ack expansion on update conflict, to reduce the risk of 767cc9d2566SPaolo Abeni * wrongly expanding to a future ack sequence number, which is way 768cc9d2566SPaolo Abeni * more dangerous than missing an ack 769cc9d2566SPaolo Abeni */ 770cc9d2566SPaolo Abeni new_snd_una = expand_ack(old_snd_una, mp_opt->data_ack, mp_opt->ack64); 771cc9d2566SPaolo Abeni 772cc9d2566SPaolo Abeni /* ACK for data not even sent yet? Ignore. */ 773cc9d2566SPaolo Abeni if (after64(new_snd_una, write_seq)) 774cc9d2566SPaolo Abeni new_snd_una = old_snd_una; 775cc9d2566SPaolo Abeni 776cc9d2566SPaolo Abeni while (after64(new_snd_una, old_snd_una)) { 777cc9d2566SPaolo Abeni snd_una = old_snd_una; 778cc9d2566SPaolo Abeni old_snd_una = atomic64_cmpxchg(&msk->snd_una, snd_una, 779cc9d2566SPaolo Abeni new_snd_una); 780b51f9b80SPaolo Abeni if (old_snd_una == snd_una) { 781b51f9b80SPaolo Abeni mptcp_data_acked((struct sock *)msk); 782cc9d2566SPaolo Abeni break; 783cc9d2566SPaolo Abeni } 784cc9d2566SPaolo Abeni } 785b51f9b80SPaolo Abeni } 786cc9d2566SPaolo Abeni 7871b1c7a0eSPeter Krystad static bool add_addr_hmac_valid(struct mptcp_sock *msk, 7881b1c7a0eSPeter Krystad struct mptcp_options_received *mp_opt) 7891b1c7a0eSPeter Krystad { 7901b1c7a0eSPeter Krystad u64 hmac = 0; 7911b1c7a0eSPeter Krystad 7921b1c7a0eSPeter Krystad if (mp_opt->echo) 7931b1c7a0eSPeter Krystad return true; 7941b1c7a0eSPeter Krystad 7951b1c7a0eSPeter Krystad if (mp_opt->family == MPTCP_ADDR_IPVERSION_4) 7961b1c7a0eSPeter Krystad hmac = add_addr_generate_hmac(msk->remote_key, 7971b1c7a0eSPeter Krystad msk->local_key, 7981b1c7a0eSPeter Krystad mp_opt->addr_id, &mp_opt->addr); 7991b1c7a0eSPeter Krystad #if IS_ENABLED(CONFIG_MPTCP_IPV6) 8001b1c7a0eSPeter Krystad else 8011b1c7a0eSPeter Krystad hmac = add_addr6_generate_hmac(msk->remote_key, 8021b1c7a0eSPeter Krystad msk->local_key, 8031b1c7a0eSPeter Krystad mp_opt->addr_id, &mp_opt->addr6); 8041b1c7a0eSPeter Krystad #endif 8051b1c7a0eSPeter Krystad 8061b1c7a0eSPeter Krystad pr_debug("msk=%p, ahmac=%llu, mp_opt->ahmac=%llu\n", 8071b1c7a0eSPeter Krystad msk, (unsigned long long)hmac, 8081b1c7a0eSPeter Krystad (unsigned long long)mp_opt->ahmac); 8091b1c7a0eSPeter Krystad 8101b1c7a0eSPeter Krystad return hmac == mp_opt->ahmac; 8111b1c7a0eSPeter Krystad } 8121b1c7a0eSPeter Krystad 813648ef4b8SMat Martineau void mptcp_incoming_options(struct sock *sk, struct sk_buff *skb, 814648ef4b8SMat Martineau struct tcp_options_received *opt_rx) 815648ef4b8SMat Martineau { 816d22f4988SChristoph Paasch struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); 8171b1c7a0eSPeter Krystad struct mptcp_sock *msk = mptcp_sk(subflow->conn); 818cfde141eSPaolo Abeni struct mptcp_options_received mp_opt; 819648ef4b8SMat Martineau struct mptcp_ext *mpext; 820648ef4b8SMat Martineau 821*e1ff9e82SDavide Caratti if (__mptcp_check_fallback(msk)) 822*e1ff9e82SDavide Caratti return; 823*e1ff9e82SDavide Caratti 824cfde141eSPaolo Abeni mptcp_get_options(skb, &mp_opt); 825cfde141eSPaolo Abeni if (!check_fully_established(msk, sk, subflow, skb, &mp_opt)) 826d22f4988SChristoph Paasch return; 827648ef4b8SMat Martineau 828cfde141eSPaolo Abeni if (mp_opt.add_addr && add_addr_hmac_valid(msk, &mp_opt)) { 8291b1c7a0eSPeter Krystad struct mptcp_addr_info addr; 8301b1c7a0eSPeter Krystad 831cfde141eSPaolo Abeni addr.port = htons(mp_opt.port); 832cfde141eSPaolo Abeni addr.id = mp_opt.addr_id; 833cfde141eSPaolo Abeni if (mp_opt.family == MPTCP_ADDR_IPVERSION_4) { 8341b1c7a0eSPeter Krystad addr.family = AF_INET; 835cfde141eSPaolo Abeni addr.addr = mp_opt.addr; 8361b1c7a0eSPeter Krystad } 8371b1c7a0eSPeter Krystad #if IS_ENABLED(CONFIG_MPTCP_IPV6) 838cfde141eSPaolo Abeni else if (mp_opt.family == MPTCP_ADDR_IPVERSION_6) { 8391b1c7a0eSPeter Krystad addr.family = AF_INET6; 840cfde141eSPaolo Abeni addr.addr6 = mp_opt.addr6; 8411b1c7a0eSPeter Krystad } 8421b1c7a0eSPeter Krystad #endif 843cfde141eSPaolo Abeni if (!mp_opt.echo) 8441b1c7a0eSPeter Krystad mptcp_pm_add_addr_received(msk, &addr); 845cfde141eSPaolo Abeni mp_opt.add_addr = 0; 8461b1c7a0eSPeter Krystad } 8471b1c7a0eSPeter Krystad 848cfde141eSPaolo Abeni if (!mp_opt.dss) 849648ef4b8SMat Martineau return; 850648ef4b8SMat Martineau 851cc9d2566SPaolo Abeni /* we can't wait for recvmsg() to update the ack_seq, otherwise 852cc9d2566SPaolo Abeni * monodirectional flows will stuck 853cc9d2566SPaolo Abeni */ 854cfde141eSPaolo Abeni if (mp_opt.use_ack) 855cfde141eSPaolo Abeni update_una(msk, &mp_opt); 856cc9d2566SPaolo Abeni 857648ef4b8SMat Martineau mpext = skb_ext_add(skb, SKB_EXT_MPTCP); 858648ef4b8SMat Martineau if (!mpext) 859648ef4b8SMat Martineau return; 860648ef4b8SMat Martineau 861648ef4b8SMat Martineau memset(mpext, 0, sizeof(*mpext)); 862648ef4b8SMat Martineau 863cfde141eSPaolo Abeni if (mp_opt.use_map) { 864cfde141eSPaolo Abeni if (mp_opt.mpc_map) { 865cc7972eaSChristoph Paasch /* this is an MP_CAPABLE carrying MPTCP data 866cc7972eaSChristoph Paasch * we know this map the first chunk of data 867cc7972eaSChristoph Paasch */ 868cc7972eaSChristoph Paasch mptcp_crypto_key_sha(subflow->remote_key, NULL, 869cc7972eaSChristoph Paasch &mpext->data_seq); 870cc7972eaSChristoph Paasch mpext->data_seq++; 871cc7972eaSChristoph Paasch mpext->subflow_seq = 1; 872cc7972eaSChristoph Paasch mpext->dsn64 = 1; 873cc7972eaSChristoph Paasch mpext->mpc_map = 1; 874a77895dbSPaolo Abeni mpext->data_fin = 0; 875cc7972eaSChristoph Paasch } else { 876cfde141eSPaolo Abeni mpext->data_seq = mp_opt.data_seq; 877cfde141eSPaolo Abeni mpext->subflow_seq = mp_opt.subflow_seq; 878cfde141eSPaolo Abeni mpext->dsn64 = mp_opt.dsn64; 879cfde141eSPaolo Abeni mpext->data_fin = mp_opt.data_fin; 880cc7972eaSChristoph Paasch } 881cfde141eSPaolo Abeni mpext->data_len = mp_opt.data_len; 882648ef4b8SMat Martineau mpext->use_map = 1; 883648ef4b8SMat Martineau } 884648ef4b8SMat Martineau } 885648ef4b8SMat Martineau 886eda7acddSPeter Krystad void mptcp_write_options(__be32 *ptr, struct mptcp_out_options *opts) 887eda7acddSPeter Krystad { 888cc7972eaSChristoph Paasch if ((OPTION_MPTCP_MPC_SYN | OPTION_MPTCP_MPC_SYNACK | 889eda7acddSPeter Krystad OPTION_MPTCP_MPC_ACK) & opts->suboptions) { 890eda7acddSPeter Krystad u8 len; 891eda7acddSPeter Krystad 892eda7acddSPeter Krystad if (OPTION_MPTCP_MPC_SYN & opts->suboptions) 893eda7acddSPeter Krystad len = TCPOLEN_MPTCP_MPC_SYN; 894cec37a6eSPeter Krystad else if (OPTION_MPTCP_MPC_SYNACK & opts->suboptions) 895cec37a6eSPeter Krystad len = TCPOLEN_MPTCP_MPC_SYNACK; 896cc7972eaSChristoph Paasch else if (opts->ext_copy.data_len) 897cc7972eaSChristoph Paasch len = TCPOLEN_MPTCP_MPC_ACK_DATA; 898eda7acddSPeter Krystad else 899eda7acddSPeter Krystad len = TCPOLEN_MPTCP_MPC_ACK; 900eda7acddSPeter Krystad 9013df523abSPeter Krystad *ptr++ = mptcp_option(MPTCPOPT_MP_CAPABLE, len, 9023df523abSPeter Krystad MPTCP_SUPPORTED_VERSION, 90365492c5aSPaolo Abeni MPTCP_CAP_HMAC_SHA256); 904cc7972eaSChristoph Paasch 905cc7972eaSChristoph Paasch if (!((OPTION_MPTCP_MPC_SYNACK | OPTION_MPTCP_MPC_ACK) & 906cc7972eaSChristoph Paasch opts->suboptions)) 907cc7972eaSChristoph Paasch goto mp_capable_done; 908cc7972eaSChristoph Paasch 909eda7acddSPeter Krystad put_unaligned_be64(opts->sndr_key, ptr); 910eda7acddSPeter Krystad ptr += 2; 911cc7972eaSChristoph Paasch if (!((OPTION_MPTCP_MPC_ACK) & opts->suboptions)) 912cc7972eaSChristoph Paasch goto mp_capable_done; 913cc7972eaSChristoph Paasch 914eda7acddSPeter Krystad put_unaligned_be64(opts->rcvr_key, ptr); 915eda7acddSPeter Krystad ptr += 2; 916cc7972eaSChristoph Paasch if (!opts->ext_copy.data_len) 917cc7972eaSChristoph Paasch goto mp_capable_done; 918cc7972eaSChristoph Paasch 919cc7972eaSChristoph Paasch put_unaligned_be32(opts->ext_copy.data_len << 16 | 920cc7972eaSChristoph Paasch TCPOPT_NOP << 8 | TCPOPT_NOP, ptr); 921cc7972eaSChristoph Paasch ptr += 1; 922eda7acddSPeter Krystad } 9236d0060f6SMat Martineau 924cc7972eaSChristoph Paasch mp_capable_done: 9253df523abSPeter Krystad if (OPTION_MPTCP_ADD_ADDR & opts->suboptions) { 9263df523abSPeter Krystad if (opts->ahmac) 9273df523abSPeter Krystad *ptr++ = mptcp_option(MPTCPOPT_ADD_ADDR, 9283df523abSPeter Krystad TCPOLEN_MPTCP_ADD_ADDR, 0, 9293df523abSPeter Krystad opts->addr_id); 9303df523abSPeter Krystad else 9313df523abSPeter Krystad *ptr++ = mptcp_option(MPTCPOPT_ADD_ADDR, 9323df523abSPeter Krystad TCPOLEN_MPTCP_ADD_ADDR_BASE, 9333df523abSPeter Krystad MPTCP_ADDR_ECHO, 9343df523abSPeter Krystad opts->addr_id); 9353df523abSPeter Krystad memcpy((u8 *)ptr, (u8 *)&opts->addr.s_addr, 4); 9363df523abSPeter Krystad ptr += 1; 9373df523abSPeter Krystad if (opts->ahmac) { 9383df523abSPeter Krystad put_unaligned_be64(opts->ahmac, ptr); 9393df523abSPeter Krystad ptr += 2; 9403df523abSPeter Krystad } 9413df523abSPeter Krystad } 9423df523abSPeter Krystad 9433df523abSPeter Krystad #if IS_ENABLED(CONFIG_MPTCP_IPV6) 9443df523abSPeter Krystad if (OPTION_MPTCP_ADD_ADDR6 & opts->suboptions) { 9453df523abSPeter Krystad if (opts->ahmac) 9463df523abSPeter Krystad *ptr++ = mptcp_option(MPTCPOPT_ADD_ADDR, 9473df523abSPeter Krystad TCPOLEN_MPTCP_ADD_ADDR6, 0, 9483df523abSPeter Krystad opts->addr_id); 9493df523abSPeter Krystad else 9503df523abSPeter Krystad *ptr++ = mptcp_option(MPTCPOPT_ADD_ADDR, 9513df523abSPeter Krystad TCPOLEN_MPTCP_ADD_ADDR6_BASE, 9523df523abSPeter Krystad MPTCP_ADDR_ECHO, 9533df523abSPeter Krystad opts->addr_id); 9543df523abSPeter Krystad memcpy((u8 *)ptr, opts->addr6.s6_addr, 16); 9553df523abSPeter Krystad ptr += 4; 9563df523abSPeter Krystad if (opts->ahmac) { 9573df523abSPeter Krystad put_unaligned_be64(opts->ahmac, ptr); 9583df523abSPeter Krystad ptr += 2; 9593df523abSPeter Krystad } 9603df523abSPeter Krystad } 9613df523abSPeter Krystad #endif 9623df523abSPeter Krystad 9633df523abSPeter Krystad if (OPTION_MPTCP_RM_ADDR & opts->suboptions) { 9643df523abSPeter Krystad *ptr++ = mptcp_option(MPTCPOPT_RM_ADDR, 9653df523abSPeter Krystad TCPOLEN_MPTCP_RM_ADDR_BASE, 9663df523abSPeter Krystad 0, opts->rm_id); 9673df523abSPeter Krystad } 9683df523abSPeter Krystad 969ec3edaa7SPeter Krystad if (OPTION_MPTCP_MPJ_SYN & opts->suboptions) { 970ec3edaa7SPeter Krystad *ptr++ = mptcp_option(MPTCPOPT_MP_JOIN, 971ec3edaa7SPeter Krystad TCPOLEN_MPTCP_MPJ_SYN, 972ec3edaa7SPeter Krystad opts->backup, opts->join_id); 973ec3edaa7SPeter Krystad put_unaligned_be32(opts->token, ptr); 974ec3edaa7SPeter Krystad ptr += 1; 975ec3edaa7SPeter Krystad put_unaligned_be32(opts->nonce, ptr); 976ec3edaa7SPeter Krystad ptr += 1; 977ec3edaa7SPeter Krystad } 978ec3edaa7SPeter Krystad 979f296234cSPeter Krystad if (OPTION_MPTCP_MPJ_SYNACK & opts->suboptions) { 980f296234cSPeter Krystad *ptr++ = mptcp_option(MPTCPOPT_MP_JOIN, 981f296234cSPeter Krystad TCPOLEN_MPTCP_MPJ_SYNACK, 982f296234cSPeter Krystad opts->backup, opts->join_id); 983f296234cSPeter Krystad put_unaligned_be64(opts->thmac, ptr); 984f296234cSPeter Krystad ptr += 2; 985f296234cSPeter Krystad put_unaligned_be32(opts->nonce, ptr); 986f296234cSPeter Krystad ptr += 1; 987f296234cSPeter Krystad } 988f296234cSPeter Krystad 989ec3edaa7SPeter Krystad if (OPTION_MPTCP_MPJ_ACK & opts->suboptions) { 990ec3edaa7SPeter Krystad *ptr++ = mptcp_option(MPTCPOPT_MP_JOIN, 991ec3edaa7SPeter Krystad TCPOLEN_MPTCP_MPJ_ACK, 0, 0); 992ec3edaa7SPeter Krystad memcpy(ptr, opts->hmac, MPTCPOPT_HMAC_LEN); 993ec3edaa7SPeter Krystad ptr += 5; 994ec3edaa7SPeter Krystad } 995ec3edaa7SPeter Krystad 9966d0060f6SMat Martineau if (opts->ext_copy.use_ack || opts->ext_copy.use_map) { 9976d0060f6SMat Martineau struct mptcp_ext *mpext = &opts->ext_copy; 9986d0060f6SMat Martineau u8 len = TCPOLEN_MPTCP_DSS_BASE; 9996d0060f6SMat Martineau u8 flags = 0; 10006d0060f6SMat Martineau 10016d0060f6SMat Martineau if (mpext->use_ack) { 1002a0c1d0eaSChristoph Paasch flags = MPTCP_DSS_HAS_ACK; 1003a0c1d0eaSChristoph Paasch if (mpext->ack64) { 10046d0060f6SMat Martineau len += TCPOLEN_MPTCP_DSS_ACK64; 1005a0c1d0eaSChristoph Paasch flags |= MPTCP_DSS_ACK64; 1006a0c1d0eaSChristoph Paasch } else { 1007a0c1d0eaSChristoph Paasch len += TCPOLEN_MPTCP_DSS_ACK32; 1008a0c1d0eaSChristoph Paasch } 10096d0060f6SMat Martineau } 10106d0060f6SMat Martineau 10116d0060f6SMat Martineau if (mpext->use_map) { 10126d0060f6SMat Martineau len += TCPOLEN_MPTCP_DSS_MAP64; 10136d0060f6SMat Martineau 10146d0060f6SMat Martineau /* Use only 64-bit mapping flags for now, add 10156d0060f6SMat Martineau * support for optional 32-bit mappings later. 10166d0060f6SMat Martineau */ 10176d0060f6SMat Martineau flags |= MPTCP_DSS_HAS_MAP | MPTCP_DSS_DSN64; 10186d0060f6SMat Martineau if (mpext->data_fin) 10196d0060f6SMat Martineau flags |= MPTCP_DSS_DATA_FIN; 10206d0060f6SMat Martineau } 10216d0060f6SMat Martineau 10223df523abSPeter Krystad *ptr++ = mptcp_option(MPTCPOPT_DSS, len, 0, flags); 10236d0060f6SMat Martineau 10246d0060f6SMat Martineau if (mpext->use_ack) { 1025a0c1d0eaSChristoph Paasch if (mpext->ack64) { 10266d0060f6SMat Martineau put_unaligned_be64(mpext->data_ack, ptr); 10276d0060f6SMat Martineau ptr += 2; 1028a0c1d0eaSChristoph Paasch } else { 1029a0c1d0eaSChristoph Paasch put_unaligned_be32(mpext->data_ack32, ptr); 1030a0c1d0eaSChristoph Paasch ptr += 1; 1031a0c1d0eaSChristoph Paasch } 10326d0060f6SMat Martineau } 10336d0060f6SMat Martineau 10346d0060f6SMat Martineau if (mpext->use_map) { 10356d0060f6SMat Martineau put_unaligned_be64(mpext->data_seq, ptr); 10366d0060f6SMat Martineau ptr += 2; 10376d0060f6SMat Martineau put_unaligned_be32(mpext->subflow_seq, ptr); 10386d0060f6SMat Martineau ptr += 1; 10396d0060f6SMat Martineau put_unaligned_be32(mpext->data_len << 16 | 10406d0060f6SMat Martineau TCPOPT_NOP << 8 | TCPOPT_NOP, ptr); 10416d0060f6SMat Martineau } 10426d0060f6SMat Martineau } 1043eda7acddSPeter Krystad } 1044