xref: /openbmc/linux/net/mptcp/options.c (revision dc6a81c3)
1 // SPDX-License-Identifier: GPL-2.0
2 /* Multipath TCP
3  *
4  * Copyright (c) 2017 - 2019, Intel Corporation.
5  */
6 
7 #include <linux/kernel.h>
8 #include <net/tcp.h>
9 #include <net/mptcp.h>
10 #include "protocol.h"
11 
12 static bool mptcp_cap_flag_sha256(u8 flags)
13 {
14 	return (flags & MPTCP_CAP_FLAG_MASK) == MPTCP_CAP_HMAC_SHA256;
15 }
16 
17 void mptcp_parse_option(const struct sk_buff *skb, const unsigned char *ptr,
18 			int opsize, struct tcp_options_received *opt_rx)
19 {
20 	struct mptcp_options_received *mp_opt = &opt_rx->mptcp;
21 	u8 subtype = *ptr >> 4;
22 	int expected_opsize;
23 	u8 version;
24 	u8 flags;
25 
26 	switch (subtype) {
27 	case MPTCPOPT_MP_CAPABLE:
28 		/* strict size checking */
29 		if (!(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)) {
30 			if (skb->len > tcp_hdr(skb)->doff << 2)
31 				expected_opsize = TCPOLEN_MPTCP_MPC_ACK_DATA;
32 			else
33 				expected_opsize = TCPOLEN_MPTCP_MPC_ACK;
34 		} else {
35 			if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_ACK)
36 				expected_opsize = TCPOLEN_MPTCP_MPC_SYNACK;
37 			else
38 				expected_opsize = TCPOLEN_MPTCP_MPC_SYN;
39 		}
40 		if (opsize != expected_opsize)
41 			break;
42 
43 		/* try to be gentle vs future versions on the initial syn */
44 		version = *ptr++ & MPTCP_VERSION_MASK;
45 		if (opsize != TCPOLEN_MPTCP_MPC_SYN) {
46 			if (version != MPTCP_SUPPORTED_VERSION)
47 				break;
48 		} else if (version < MPTCP_SUPPORTED_VERSION) {
49 			break;
50 		}
51 
52 		flags = *ptr++;
53 		if (!mptcp_cap_flag_sha256(flags) ||
54 		    (flags & MPTCP_CAP_EXTENSIBILITY))
55 			break;
56 
57 		/* RFC 6824, Section 3.1:
58 		 * "For the Checksum Required bit (labeled "A"), if either
59 		 * host requires the use of checksums, checksums MUST be used.
60 		 * In other words, the only way for checksums not to be used
61 		 * is if both hosts in their SYNs set A=0."
62 		 *
63 		 * Section 3.3.0:
64 		 * "If a checksum is not present when its use has been
65 		 * negotiated, the receiver MUST close the subflow with a RST as
66 		 * it is considered broken."
67 		 *
68 		 * We don't implement DSS checksum - fall back to TCP.
69 		 */
70 		if (flags & MPTCP_CAP_CHECKSUM_REQD)
71 			break;
72 
73 		mp_opt->mp_capable = 1;
74 		if (opsize >= TCPOLEN_MPTCP_MPC_SYNACK) {
75 			mp_opt->sndr_key = get_unaligned_be64(ptr);
76 			ptr += 8;
77 		}
78 		if (opsize >= TCPOLEN_MPTCP_MPC_ACK) {
79 			mp_opt->rcvr_key = get_unaligned_be64(ptr);
80 			ptr += 8;
81 		}
82 		if (opsize == TCPOLEN_MPTCP_MPC_ACK_DATA) {
83 			/* Section 3.1.:
84 			 * "the data parameters in a MP_CAPABLE are semantically
85 			 * equivalent to those in a DSS option and can be used
86 			 * interchangeably."
87 			 */
88 			mp_opt->dss = 1;
89 			mp_opt->use_map = 1;
90 			mp_opt->mpc_map = 1;
91 			mp_opt->data_len = get_unaligned_be16(ptr);
92 			ptr += 2;
93 		}
94 		pr_debug("MP_CAPABLE version=%x, flags=%x, optlen=%d sndr=%llu, rcvr=%llu len=%d",
95 			 version, flags, opsize, mp_opt->sndr_key,
96 			 mp_opt->rcvr_key, mp_opt->data_len);
97 		break;
98 
99 	case MPTCPOPT_DSS:
100 		pr_debug("DSS");
101 		ptr++;
102 
103 		/* we must clear 'mpc_map' be able to detect MP_CAPABLE
104 		 * map vs DSS map in mptcp_incoming_options(), and reconstruct
105 		 * map info accordingly
106 		 */
107 		mp_opt->mpc_map = 0;
108 		flags = (*ptr++) & MPTCP_DSS_FLAG_MASK;
109 		mp_opt->data_fin = (flags & MPTCP_DSS_DATA_FIN) != 0;
110 		mp_opt->dsn64 = (flags & MPTCP_DSS_DSN64) != 0;
111 		mp_opt->use_map = (flags & MPTCP_DSS_HAS_MAP) != 0;
112 		mp_opt->ack64 = (flags & MPTCP_DSS_ACK64) != 0;
113 		mp_opt->use_ack = (flags & MPTCP_DSS_HAS_ACK);
114 
115 		pr_debug("data_fin=%d dsn64=%d use_map=%d ack64=%d use_ack=%d",
116 			 mp_opt->data_fin, mp_opt->dsn64,
117 			 mp_opt->use_map, mp_opt->ack64,
118 			 mp_opt->use_ack);
119 
120 		expected_opsize = TCPOLEN_MPTCP_DSS_BASE;
121 
122 		if (mp_opt->use_ack) {
123 			if (mp_opt->ack64)
124 				expected_opsize += TCPOLEN_MPTCP_DSS_ACK64;
125 			else
126 				expected_opsize += TCPOLEN_MPTCP_DSS_ACK32;
127 		}
128 
129 		if (mp_opt->use_map) {
130 			if (mp_opt->dsn64)
131 				expected_opsize += TCPOLEN_MPTCP_DSS_MAP64;
132 			else
133 				expected_opsize += TCPOLEN_MPTCP_DSS_MAP32;
134 		}
135 
136 		/* RFC 6824, Section 3.3:
137 		 * If a checksum is present, but its use had
138 		 * not been negotiated in the MP_CAPABLE handshake,
139 		 * the checksum field MUST be ignored.
140 		 */
141 		if (opsize != expected_opsize &&
142 		    opsize != expected_opsize + TCPOLEN_MPTCP_DSS_CHECKSUM)
143 			break;
144 
145 		mp_opt->dss = 1;
146 
147 		if (mp_opt->use_ack) {
148 			if (mp_opt->ack64) {
149 				mp_opt->data_ack = get_unaligned_be64(ptr);
150 				ptr += 8;
151 			} else {
152 				mp_opt->data_ack = get_unaligned_be32(ptr);
153 				ptr += 4;
154 			}
155 
156 			pr_debug("data_ack=%llu", mp_opt->data_ack);
157 		}
158 
159 		if (mp_opt->use_map) {
160 			if (mp_opt->dsn64) {
161 				mp_opt->data_seq = get_unaligned_be64(ptr);
162 				ptr += 8;
163 			} else {
164 				mp_opt->data_seq = get_unaligned_be32(ptr);
165 				ptr += 4;
166 			}
167 
168 			mp_opt->subflow_seq = get_unaligned_be32(ptr);
169 			ptr += 4;
170 
171 			mp_opt->data_len = get_unaligned_be16(ptr);
172 			ptr += 2;
173 
174 			pr_debug("data_seq=%llu subflow_seq=%u data_len=%u",
175 				 mp_opt->data_seq, mp_opt->subflow_seq,
176 				 mp_opt->data_len);
177 		}
178 
179 		break;
180 
181 	default:
182 		break;
183 	}
184 }
185 
186 void mptcp_get_options(const struct sk_buff *skb,
187 		       struct tcp_options_received *opt_rx)
188 {
189 	const unsigned char *ptr;
190 	const struct tcphdr *th = tcp_hdr(skb);
191 	int length = (th->doff * 4) - sizeof(struct tcphdr);
192 
193 	ptr = (const unsigned char *)(th + 1);
194 
195 	while (length > 0) {
196 		int opcode = *ptr++;
197 		int opsize;
198 
199 		switch (opcode) {
200 		case TCPOPT_EOL:
201 			return;
202 		case TCPOPT_NOP:	/* Ref: RFC 793 section 3.1 */
203 			length--;
204 			continue;
205 		default:
206 			opsize = *ptr++;
207 			if (opsize < 2) /* "silly options" */
208 				return;
209 			if (opsize > length)
210 				return;	/* don't parse partial options */
211 			if (opcode == TCPOPT_MPTCP)
212 				mptcp_parse_option(skb, ptr, opsize, opt_rx);
213 			ptr += opsize - 2;
214 			length -= opsize;
215 		}
216 	}
217 }
218 
219 bool mptcp_syn_options(struct sock *sk, const struct sk_buff *skb,
220 		       unsigned int *size, struct mptcp_out_options *opts)
221 {
222 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
223 
224 	/* we will use snd_isn to detect first pkt [re]transmission
225 	 * in mptcp_established_options_mp()
226 	 */
227 	subflow->snd_isn = TCP_SKB_CB(skb)->end_seq;
228 	if (subflow->request_mptcp) {
229 		pr_debug("local_key=%llu", subflow->local_key);
230 		opts->suboptions = OPTION_MPTCP_MPC_SYN;
231 		opts->sndr_key = subflow->local_key;
232 		*size = TCPOLEN_MPTCP_MPC_SYN;
233 		return true;
234 	}
235 	return false;
236 }
237 
238 void mptcp_rcv_synsent(struct sock *sk)
239 {
240 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
241 	struct tcp_sock *tp = tcp_sk(sk);
242 
243 	pr_debug("subflow=%p", subflow);
244 	if (subflow->request_mptcp && tp->rx_opt.mptcp.mp_capable) {
245 		subflow->mp_capable = 1;
246 		subflow->can_ack = 1;
247 		subflow->remote_key = tp->rx_opt.mptcp.sndr_key;
248 	} else {
249 		tcp_sk(sk)->is_mptcp = 0;
250 	}
251 }
252 
253 static bool mptcp_established_options_mp(struct sock *sk, struct sk_buff *skb,
254 					 unsigned int *size,
255 					 unsigned int remaining,
256 					 struct mptcp_out_options *opts)
257 {
258 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
259 	struct mptcp_ext *mpext;
260 	unsigned int data_len;
261 
262 	pr_debug("subflow=%p fourth_ack=%d seq=%x:%x remaining=%d", subflow,
263 		 subflow->fourth_ack, subflow->snd_isn,
264 		 skb ? TCP_SKB_CB(skb)->seq : 0, remaining);
265 
266 	if (subflow->mp_capable && !subflow->fourth_ack && skb &&
267 	    subflow->snd_isn == TCP_SKB_CB(skb)->seq) {
268 		/* When skb is not available, we better over-estimate the
269 		 * emitted options len. A full DSS option is longer than
270 		 * TCPOLEN_MPTCP_MPC_ACK_DATA, so let's the caller try to fit
271 		 * that.
272 		 */
273 		mpext = mptcp_get_ext(skb);
274 		data_len = mpext ? mpext->data_len : 0;
275 
276 		/* we will check ext_copy.data_len in mptcp_write_options() to
277 		 * discriminate between TCPOLEN_MPTCP_MPC_ACK_DATA and
278 		 * TCPOLEN_MPTCP_MPC_ACK
279 		 */
280 		opts->ext_copy.data_len = data_len;
281 		opts->suboptions = OPTION_MPTCP_MPC_ACK;
282 		opts->sndr_key = subflow->local_key;
283 		opts->rcvr_key = subflow->remote_key;
284 
285 		/* Section 3.1.
286 		 * The MP_CAPABLE option is carried on the SYN, SYN/ACK, and ACK
287 		 * packets that start the first subflow of an MPTCP connection,
288 		 * as well as the first packet that carries data
289 		 */
290 		if (data_len > 0)
291 			*size = ALIGN(TCPOLEN_MPTCP_MPC_ACK_DATA, 4);
292 		else
293 			*size = TCPOLEN_MPTCP_MPC_ACK;
294 
295 		pr_debug("subflow=%p, local_key=%llu, remote_key=%llu map_len=%d",
296 			 subflow, subflow->local_key, subflow->remote_key,
297 			 data_len);
298 
299 		return true;
300 	}
301 	return false;
302 }
303 
304 static void mptcp_write_data_fin(struct mptcp_subflow_context *subflow,
305 				 struct mptcp_ext *ext)
306 {
307 	ext->data_fin = 1;
308 
309 	if (!ext->use_map) {
310 		/* RFC6824 requires a DSS mapping with specific values
311 		 * if DATA_FIN is set but no data payload is mapped
312 		 */
313 		ext->use_map = 1;
314 		ext->dsn64 = 1;
315 		ext->data_seq = mptcp_sk(subflow->conn)->write_seq;
316 		ext->subflow_seq = 0;
317 		ext->data_len = 1;
318 	} else {
319 		/* If there's an existing DSS mapping, DATA_FIN consumes
320 		 * 1 additional byte of mapping space.
321 		 */
322 		ext->data_len++;
323 	}
324 }
325 
326 static bool mptcp_established_options_dss(struct sock *sk, struct sk_buff *skb,
327 					  unsigned int *size,
328 					  unsigned int remaining,
329 					  struct mptcp_out_options *opts)
330 {
331 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
332 	unsigned int dss_size = 0;
333 	struct mptcp_ext *mpext;
334 	struct mptcp_sock *msk;
335 	unsigned int ack_size;
336 	bool ret = false;
337 	u8 tcp_fin;
338 
339 	if (skb) {
340 		mpext = mptcp_get_ext(skb);
341 		tcp_fin = TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN;
342 	} else {
343 		mpext = NULL;
344 		tcp_fin = 0;
345 	}
346 
347 	if (!skb || (mpext && mpext->use_map) || tcp_fin) {
348 		unsigned int map_size;
349 
350 		map_size = TCPOLEN_MPTCP_DSS_BASE + TCPOLEN_MPTCP_DSS_MAP64;
351 
352 		remaining -= map_size;
353 		dss_size = map_size;
354 		if (mpext)
355 			opts->ext_copy = *mpext;
356 
357 		if (skb && tcp_fin &&
358 		    subflow->conn->sk_state != TCP_ESTABLISHED)
359 			mptcp_write_data_fin(subflow, &opts->ext_copy);
360 		ret = true;
361 	}
362 
363 	opts->ext_copy.use_ack = 0;
364 	msk = mptcp_sk(subflow->conn);
365 	if (!msk || !READ_ONCE(msk->can_ack)) {
366 		*size = ALIGN(dss_size, 4);
367 		return ret;
368 	}
369 
370 	ack_size = TCPOLEN_MPTCP_DSS_ACK64;
371 
372 	/* Add kind/length/subtype/flag overhead if mapping is not populated */
373 	if (dss_size == 0)
374 		ack_size += TCPOLEN_MPTCP_DSS_BASE;
375 
376 	dss_size += ack_size;
377 
378 	opts->ext_copy.data_ack = msk->ack_seq;
379 	opts->ext_copy.ack64 = 1;
380 	opts->ext_copy.use_ack = 1;
381 
382 	*size = ALIGN(dss_size, 4);
383 	return true;
384 }
385 
386 bool mptcp_established_options(struct sock *sk, struct sk_buff *skb,
387 			       unsigned int *size, unsigned int remaining,
388 			       struct mptcp_out_options *opts)
389 {
390 	unsigned int opt_size = 0;
391 	bool ret = false;
392 
393 	if (mptcp_established_options_mp(sk, skb, &opt_size, remaining, opts))
394 		ret = true;
395 	else if (mptcp_established_options_dss(sk, skb, &opt_size, remaining,
396 					       opts))
397 		ret = true;
398 
399 	/* we reserved enough space for the above options, and exceeding the
400 	 * TCP option space would be fatal
401 	 */
402 	if (WARN_ON_ONCE(opt_size > remaining))
403 		return false;
404 
405 	*size += opt_size;
406 	remaining -= opt_size;
407 
408 	return ret;
409 }
410 
411 bool mptcp_synack_options(const struct request_sock *req, unsigned int *size,
412 			  struct mptcp_out_options *opts)
413 {
414 	struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req);
415 
416 	if (subflow_req->mp_capable) {
417 		opts->suboptions = OPTION_MPTCP_MPC_SYNACK;
418 		opts->sndr_key = subflow_req->local_key;
419 		*size = TCPOLEN_MPTCP_MPC_SYNACK;
420 		pr_debug("subflow_req=%p, local_key=%llu",
421 			 subflow_req, subflow_req->local_key);
422 		return true;
423 	}
424 	return false;
425 }
426 
427 static bool check_fourth_ack(struct mptcp_subflow_context *subflow,
428 			     struct sk_buff *skb,
429 			     struct mptcp_options_received *mp_opt)
430 {
431 	/* here we can process OoO, in-window pkts, only in-sequence 4th ack
432 	 * are relevant
433 	 */
434 	if (likely(subflow->fourth_ack ||
435 		   TCP_SKB_CB(skb)->seq != subflow->ssn_offset + 1))
436 		return true;
437 
438 	if (mp_opt->use_ack)
439 		subflow->fourth_ack = 1;
440 
441 	if (subflow->can_ack)
442 		return true;
443 
444 	/* If the first established packet does not contain MP_CAPABLE + data
445 	 * then fallback to TCP
446 	 */
447 	if (!mp_opt->mp_capable) {
448 		subflow->mp_capable = 0;
449 		tcp_sk(mptcp_subflow_tcp_sock(subflow))->is_mptcp = 0;
450 		return false;
451 	}
452 	subflow->remote_key = mp_opt->sndr_key;
453 	subflow->can_ack = 1;
454 	return true;
455 }
456 
457 void mptcp_incoming_options(struct sock *sk, struct sk_buff *skb,
458 			    struct tcp_options_received *opt_rx)
459 {
460 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
461 	struct mptcp_options_received *mp_opt;
462 	struct mptcp_ext *mpext;
463 
464 	mp_opt = &opt_rx->mptcp;
465 	if (!check_fourth_ack(subflow, skb, mp_opt))
466 		return;
467 
468 	if (!mp_opt->dss)
469 		return;
470 
471 	mpext = skb_ext_add(skb, SKB_EXT_MPTCP);
472 	if (!mpext)
473 		return;
474 
475 	memset(mpext, 0, sizeof(*mpext));
476 
477 	if (mp_opt->use_map) {
478 		if (mp_opt->mpc_map) {
479 			/* this is an MP_CAPABLE carrying MPTCP data
480 			 * we know this map the first chunk of data
481 			 */
482 			mptcp_crypto_key_sha(subflow->remote_key, NULL,
483 					     &mpext->data_seq);
484 			mpext->data_seq++;
485 			mpext->subflow_seq = 1;
486 			mpext->dsn64 = 1;
487 			mpext->mpc_map = 1;
488 		} else {
489 			mpext->data_seq = mp_opt->data_seq;
490 			mpext->subflow_seq = mp_opt->subflow_seq;
491 			mpext->dsn64 = mp_opt->dsn64;
492 		}
493 		mpext->data_len = mp_opt->data_len;
494 		mpext->use_map = 1;
495 	}
496 
497 	if (mp_opt->use_ack) {
498 		mpext->data_ack = mp_opt->data_ack;
499 		mpext->use_ack = 1;
500 		mpext->ack64 = mp_opt->ack64;
501 	}
502 
503 	mpext->data_fin = mp_opt->data_fin;
504 }
505 
506 void mptcp_write_options(__be32 *ptr, struct mptcp_out_options *opts)
507 {
508 	if ((OPTION_MPTCP_MPC_SYN | OPTION_MPTCP_MPC_SYNACK |
509 	     OPTION_MPTCP_MPC_ACK) & opts->suboptions) {
510 		u8 len;
511 
512 		if (OPTION_MPTCP_MPC_SYN & opts->suboptions)
513 			len = TCPOLEN_MPTCP_MPC_SYN;
514 		else if (OPTION_MPTCP_MPC_SYNACK & opts->suboptions)
515 			len = TCPOLEN_MPTCP_MPC_SYNACK;
516 		else if (opts->ext_copy.data_len)
517 			len = TCPOLEN_MPTCP_MPC_ACK_DATA;
518 		else
519 			len = TCPOLEN_MPTCP_MPC_ACK;
520 
521 		*ptr++ = htonl((TCPOPT_MPTCP << 24) | (len << 16) |
522 			       (MPTCPOPT_MP_CAPABLE << 12) |
523 			       (MPTCP_SUPPORTED_VERSION << 8) |
524 			       MPTCP_CAP_HMAC_SHA256);
525 
526 		if (!((OPTION_MPTCP_MPC_SYNACK | OPTION_MPTCP_MPC_ACK) &
527 		    opts->suboptions))
528 			goto mp_capable_done;
529 
530 		put_unaligned_be64(opts->sndr_key, ptr);
531 		ptr += 2;
532 		if (!((OPTION_MPTCP_MPC_ACK) & opts->suboptions))
533 			goto mp_capable_done;
534 
535 		put_unaligned_be64(opts->rcvr_key, ptr);
536 		ptr += 2;
537 		if (!opts->ext_copy.data_len)
538 			goto mp_capable_done;
539 
540 		put_unaligned_be32(opts->ext_copy.data_len << 16 |
541 				   TCPOPT_NOP << 8 | TCPOPT_NOP, ptr);
542 		ptr += 1;
543 	}
544 
545 mp_capable_done:
546 	if (opts->ext_copy.use_ack || opts->ext_copy.use_map) {
547 		struct mptcp_ext *mpext = &opts->ext_copy;
548 		u8 len = TCPOLEN_MPTCP_DSS_BASE;
549 		u8 flags = 0;
550 
551 		if (mpext->use_ack) {
552 			len += TCPOLEN_MPTCP_DSS_ACK64;
553 			flags = MPTCP_DSS_HAS_ACK | MPTCP_DSS_ACK64;
554 		}
555 
556 		if (mpext->use_map) {
557 			len += TCPOLEN_MPTCP_DSS_MAP64;
558 
559 			/* Use only 64-bit mapping flags for now, add
560 			 * support for optional 32-bit mappings later.
561 			 */
562 			flags |= MPTCP_DSS_HAS_MAP | MPTCP_DSS_DSN64;
563 			if (mpext->data_fin)
564 				flags |= MPTCP_DSS_DATA_FIN;
565 		}
566 
567 		*ptr++ = htonl((TCPOPT_MPTCP << 24) |
568 			       (len  << 16) |
569 			       (MPTCPOPT_DSS << 12) |
570 			       (flags));
571 
572 		if (mpext->use_ack) {
573 			put_unaligned_be64(mpext->data_ack, ptr);
574 			ptr += 2;
575 		}
576 
577 		if (mpext->use_map) {
578 			put_unaligned_be64(mpext->data_seq, ptr);
579 			ptr += 2;
580 			put_unaligned_be32(mpext->subflow_seq, ptr);
581 			ptr += 1;
582 			put_unaligned_be32(mpext->data_len << 16 |
583 					   TCPOPT_NOP << 8 | TCPOPT_NOP, ptr);
584 		}
585 	}
586 }
587