| 1 | /*
|
|---|
| 2 | * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
|
|---|
| 3 | *
|
|---|
| 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use
|
|---|
| 5 | * this file except in compliance with the License. You can obtain a copy
|
|---|
| 6 | * in the file LICENSE in the source distribution or at
|
|---|
| 7 | * https://www.openssl.org/source/license.html
|
|---|
| 8 | */
|
|---|
| 9 |
|
|---|
| 10 | /*
|
|---|
| 11 | * Contains definitions for simplifying the use of TCP Fast Open
|
|---|
| 12 | * (RFC7413) in OpenSSL socket BIOs.
|
|---|
| 13 | */
|
|---|
| 14 |
|
|---|
| 15 | /* If a supported OS is added here, update test/bio_tfo_test.c */
|
|---|
| 16 | #if defined(TCP_FASTOPEN) && !defined(OPENSSL_NO_TFO)
|
|---|
| 17 |
|
|---|
| 18 | # if defined(OPENSSL_SYS_MACOSX) || defined(__FreeBSD__)
|
|---|
| 19 | # include <sys/sysctl.h>
|
|---|
| 20 | # endif
|
|---|
| 21 |
|
|---|
| 22 | /*
|
|---|
| 23 | * OSSL_TFO_SYSCTL is used to determine if TFO is supported by
|
|---|
| 24 | * this kernel, and if supported, if it is enabled. This is more of
|
|---|
| 25 | * a problem on FreeBSD 10.3 ~ 11.4, where TCP_FASTOPEN was defined,
|
|---|
| 26 | * but not enabled by default in the kernel, and only for the server.
|
|---|
| 27 | * Linux does not have sysctlbyname(), and the closest equivalent
|
|---|
| 28 | * is to go into the /proc filesystem, but I'm not sure it's
|
|---|
| 29 | * worthwhile.
|
|---|
| 30 | *
|
|---|
| 31 | * On MacOS and Linux:
|
|---|
| 32 | * These operating systems use a single parameter to control TFO.
|
|---|
| 33 | * The OSSL_TFO_CLIENT_FLAG and OSSL_TFO_SERVER_FLAGS are used to
|
|---|
| 34 | * determine if TFO is enabled for the client and server respectively.
|
|---|
| 35 | *
|
|---|
| 36 | * OSSL_TFO_CLIENT_FLAG = 1 = client TFO enabled
|
|---|
| 37 | * OSSL_TFO_SERVER_FLAG = 2 = server TFO enabled
|
|---|
| 38 | *
|
|---|
| 39 | * Such that:
|
|---|
| 40 | * 0 = TFO disabled
|
|---|
| 41 | * 3 = server and client TFO enabled
|
|---|
| 42 | *
|
|---|
| 43 | * macOS 10.14 and later support TFO.
|
|---|
| 44 | * Linux kernel 3.6 added support for client TFO.
|
|---|
| 45 | * Linux kernel 3.7 added support for server TFO.
|
|---|
| 46 | * Linux kernel 3.13 enabled TFO by default.
|
|---|
| 47 | * Linux kernel 4.11 added the TCP_FASTOPEN_CONNECT option.
|
|---|
| 48 | *
|
|---|
| 49 | * On FreeBSD:
|
|---|
| 50 | * FreeBSD 10.3 ~ 11.4 uses a single sysctl for server enable.
|
|---|
| 51 | * FreeBSD 12.0 and later uses separate sysctls for server and
|
|---|
| 52 | * client enable.
|
|---|
| 53 | *
|
|---|
| 54 | * Some options are purposely NOT defined per-platform
|
|---|
| 55 | *
|
|---|
| 56 | * OSSL_TFO_SYSCTL
|
|---|
| 57 | * Defined as a sysctlbyname() option to determine if
|
|---|
| 58 | * TFO is enabled in the kernel (macOS, FreeBSD)
|
|---|
| 59 | *
|
|---|
| 60 | * OSSL_TFO_SERVER_SOCKOPT
|
|---|
| 61 | * Defined to indicate the socket option used to enable
|
|---|
| 62 | * TFO on a server socket (all)
|
|---|
| 63 | *
|
|---|
| 64 | * OSSL_TFO_SERVER_SOCKOPT_VALUE
|
|---|
| 65 | * Value to be used with OSSL_TFO_SERVER_SOCKOPT
|
|---|
| 66 | *
|
|---|
| 67 | * OSSL_TFO_CONNECTX
|
|---|
| 68 | * Use the connectx() function to make a client connection
|
|---|
| 69 | * (macOS)
|
|---|
| 70 | *
|
|---|
| 71 | * OSSL_TFO_CLIENT_SOCKOPT
|
|---|
| 72 | * Defined to indicate the socket option used to enable
|
|---|
| 73 | * TFO on a client socket (FreeBSD, Linux 4.14 and later)
|
|---|
| 74 | *
|
|---|
| 75 | * OSSL_TFO_SENDTO
|
|---|
| 76 | * Defined to indicate the sendto() message type to
|
|---|
| 77 | * be used to initiate a TFO connection (FreeBSD,
|
|---|
| 78 | * Linux pre-4.14)
|
|---|
| 79 | *
|
|---|
| 80 | * OSSL_TFO_DO_NOT_CONNECT
|
|---|
| 81 | * Defined to skip calling connect() when creating a
|
|---|
| 82 | * client socket (macOS, FreeBSD, Linux pre-4.14)
|
|---|
| 83 | */
|
|---|
| 84 |
|
|---|
| 85 | # if defined(OPENSSL_SYS_WINDOWS)
|
|---|
| 86 | /*
|
|---|
| 87 | * NO WINDOWS SUPPORT
|
|---|
| 88 | *
|
|---|
| 89 | * But this is what would be used on the server:
|
|---|
| 90 | *
|
|---|
| 91 | * define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN
|
|---|
| 92 | * define OSSL_TFO_SERVER_SOCKOPT_VALUE 1
|
|---|
| 93 | *
|
|---|
| 94 | * Still have to figure out client support
|
|---|
| 95 | */
|
|---|
| 96 | # undef TCP_FASTOPEN
|
|---|
| 97 | # endif
|
|---|
| 98 |
|
|---|
| 99 | /* NO VMS SUPPORT */
|
|---|
| 100 | # if defined(OPENSSL_SYS_VMS)
|
|---|
| 101 | # undef TCP_FASTOPEN
|
|---|
| 102 | # endif
|
|---|
| 103 |
|
|---|
| 104 | # if defined(OPENSSL_SYS_MACOSX)
|
|---|
| 105 | # define OSSL_TFO_SYSCTL "net.inet.tcp.fastopen"
|
|---|
| 106 | # define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN
|
|---|
| 107 | # define OSSL_TFO_SERVER_SOCKOPT_VALUE 1
|
|---|
| 108 | # define OSSL_TFO_CONNECTX 1
|
|---|
| 109 | # define OSSL_TFO_DO_NOT_CONNECT 1
|
|---|
| 110 | # define OSSL_TFO_CLIENT_FLAG 1
|
|---|
| 111 | # define OSSL_TFO_SERVER_FLAG 2
|
|---|
| 112 | # endif
|
|---|
| 113 |
|
|---|
| 114 | # if defined(__FreeBSD__)
|
|---|
| 115 | # if defined(TCP_FASTOPEN_PSK_LEN)
|
|---|
| 116 | /* As of 12.0 these are the SYSCTLs */
|
|---|
| 117 | # define OSSL_TFO_SYSCTL_SERVER "net.inet.tcp.fastopen.server_enable"
|
|---|
| 118 | # define OSSL_TFO_SYSCTL_CLIENT "net.inet.tcp.fastopen.client_enable"
|
|---|
| 119 | # define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN
|
|---|
| 120 | # define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN
|
|---|
| 121 | # define OSSL_TFO_CLIENT_SOCKOPT TCP_FASTOPEN
|
|---|
| 122 | # define OSSL_TFO_DO_NOT_CONNECT 1
|
|---|
| 123 | # define OSSL_TFO_SENDTO 0
|
|---|
| 124 | /* These are the same because the sysctl are client/server-specific */
|
|---|
| 125 | # define OSSL_TFO_CLIENT_FLAG 1
|
|---|
| 126 | # define OSSL_TFO_SERVER_FLAG 1
|
|---|
| 127 | # else
|
|---|
| 128 | /* 10.3 through 11.4 SYSCTL - ONLY SERVER SUPPORT */
|
|---|
| 129 | # define OSSL_TFO_SYSCTL "net.inet.tcp.fastopen.enabled"
|
|---|
| 130 | # define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN
|
|---|
| 131 | # define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN
|
|---|
| 132 | # define OSSL_TFO_SERVER_FLAG 1
|
|---|
| 133 | # endif
|
|---|
| 134 | # endif
|
|---|
| 135 |
|
|---|
| 136 | # if defined(OPENSSL_SYS_LINUX)
|
|---|
| 137 | /* OSSL_TFO_PROC not used, but of interest */
|
|---|
| 138 | # define OSSL_TFO_PROC "/proc/sys/net/ipv4/tcp_fastopen"
|
|---|
| 139 | # define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN
|
|---|
| 140 | # define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN
|
|---|
| 141 | # if defined(TCP_FASTOPEN_CONNECT)
|
|---|
| 142 | # define OSSL_TFO_CLIENT_SOCKOPT TCP_FASTOPEN_CONNECT
|
|---|
| 143 | # else
|
|---|
| 144 | # define OSSL_TFO_SENDTO MSG_FASTOPEN
|
|---|
| 145 | # define OSSL_TFO_DO_NOT_CONNECT 1
|
|---|
| 146 | # endif
|
|---|
| 147 | # define OSSL_TFO_CLIENT_FLAG 1
|
|---|
| 148 | # define OSSL_TFO_SERVER_FLAG 2
|
|---|
| 149 | # endif
|
|---|
| 150 |
|
|---|
| 151 | #endif
|
|---|
