Acasă Explorează Ajutor
Autentificare
OWEALs
/
openssl
oglindă de git://git.openssl.org/openssl.git
2
0
Bifurcare 0
Fisiere Probleme 1 Wiki
Arbore: 36ba419286
Ramuri Etichete
openssl
/
include
/
internal
/
bio_tfo.h

bio_tfo.h 5.0 KB
Istoric Crud

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151 
  1. /*
    2. 

  2.  * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3.  *
    4. 

  4.  * Licensed under the Apache License 2.0 (the "License").  You may not use
    5. 

  5.  * this file except in compliance with the License.  You can obtain a copy
    6. 

  6.  * in the file LICENSE in the source distribution or at
    7. 

  7.  * https://www.openssl.org/source/license.html
    8. 

  8.  */
    9. 

  9. 

  10. /*
    11. 

  11.  * Contains definitions for simplifying the use of TCP Fast Open
    12. 

  12.  * (RFC7413) in OpenSSL socket BIOs.
    13. 

  13.  */
    14. 

  14. 

  15. /* If a supported OS is added here, update test/bio_tfo_test.c */
    16. 

  16. #if defined(TCP_FASTOPEN) && !defined(OPENSSL_NO_TFO)
    17. 

  17. 

  18. # if defined(OPENSSL_SYS_MACOSX) || defined(__FreeBSD__)
    19. 

  19. #  include <sys/sysctl.h>
    20. 

  20. # endif
    21. 

  21. 

  22. /*
    23. 

  23.  * OSSL_TFO_SYSCTL is used to determine if TFO is supported by
    24. 

  24.  * this kernel, and if supported, if it is enabled. This is more of
    25. 

  25.  * a problem on FreeBSD 10.3 ~ 11.4, where TCP_FASTOPEN was defined,
    26. 

  26.  * but not enabled by default in the kernel, and only for the server.
    27. 

  27.  * Linux does not have sysctlbyname(), and the closest equivalent
    28. 

  28.  * is to go into the /proc filesystem, but I'm not sure it's
    29. 

  29.  * worthwhile.
    30. 

  30.  *
    31. 

  31.  * On MacOS and Linux:
    32. 

  32.  * These operating systems use a single parameter to control TFO.
    33. 

  33.  * The OSSL_TFO_CLIENT_FLAG and OSSL_TFO_SERVER_FLAGS are used to
    34. 

  34.  * determine if TFO is enabled for the client and server respectively.
    35. 

  35.  *
    36. 

  36.  * OSSL_TFO_CLIENT_FLAG = 1 = client TFO enabled
    37. 

  37.  * OSSL_TFO_SERVER_FLAG = 2 = server TFO enabled
    38. 

  38.  *
    39. 

  39.  * Such that:
    40. 

  40.  * 0 = TFO disabled
    41. 

  41.  * 3 = server and client TFO enabled
    42. 

  42.  *
    43. 

  43.  * macOS 10.14 and later support TFO.
    44. 

  44.  * Linux kernel 3.6 added support for client TFO.
    45. 

  45.  * Linux kernel 3.7 added support for server TFO.
    46. 

  46.  * Linux kernel 3.13 enabled TFO by default.
    47. 

  47.  * Linux kernel 4.11 added the TCP_FASTOPEN_CONNECT option.
    48. 

  48.  *
    49. 

  49.  * On FreeBSD:
    50. 

  50.  * FreeBSD 10.3 ~ 11.4 uses a single sysctl for server enable.
    51. 

  51.  * FreeBSD 12.0 and later uses separate sysctls for server and
    52. 

  52.  * client enable.
    53. 

  53.  *
    54. 

  54.  * Some options are purposely NOT defined per-platform
    55. 

  55.  *
    56. 

  56.  * OSSL_TFO_SYSCTL
    57. 

  57.  *     Defined as a sysctlbyname() option to determine if
    58. 

  58.  *     TFO is enabled in the kernel (macOS, FreeBSD)
    59. 

  59.  *
    60. 

  60.  * OSSL_TFO_SERVER_SOCKOPT
    61. 

  61.  *     Defined to indicate the socket option used to enable
    62. 

  62.  *     TFO on a server socket (all)
    63. 

  63.  *
    64. 

  64.  * OSSL_TFO_SERVER_SOCKOPT_VALUE
    65. 

  65.  *     Value to be used with OSSL_TFO_SERVER_SOCKOPT
    66. 

  66.  *
    67. 

  67.  * OSSL_TFO_CONNECTX
    68. 

  68.  *     Use the connectx() function to make a client connection
    69. 

  69.  *     (macOS)
    70. 

  70.  *
    71. 

  71.  * OSSL_TFO_CLIENT_SOCKOPT
    72. 

  72.  *     Defined to indicate the socket option used to enable
    73. 

  73.  *     TFO on a client socket (FreeBSD, Linux 4.14 and later)
    74. 

  74.  *
    75. 

  75.  * OSSL_TFO_SENDTO
    76. 

  76.  *     Defined to indicate the sendto() message type to
    77. 

  77.  *     be used to initiate a TFO connection (FreeBSD,
    78. 

  78.  *     Linux pre-4.14)
    79. 

  79.  *
    80. 

  80.  * OSSL_TFO_DO_NOT_CONNECT
    81. 

  81.  *     Defined to skip calling connect() when creating a
    82. 

  82.  *     client socket (macOS, FreeBSD, Linux pre-4.14)
    83. 

  83.  */
    84. 

  84. 

  85. # if defined(OPENSSL_SYS_WINDOWS)
    86. 

  86. /*
    87. 

  87.  * NO WINDOWS SUPPORT
    88. 

  88.  *
    89. 

  89.  * But this is what would be used on the server:
    90. 

  90.  *
    91. 

  91.  * define OSSL_TFO_SERVER_SOCKOPT       TCP_FASTOPEN
    92. 

  92.  * define OSSL_TFO_SERVER_SOCKOPT_VALUE 1
    93. 

  93.  *
    94. 

  94.  * Still have to figure out client support
    95. 

  95.  */
    96. 

  96. #  undef TCP_FASTOPEN
    97. 

  97. # endif
    98. 

  98. 

  99. /* NO VMS SUPPORT */
    100. 

  100. # if defined(OPENSSL_SYS_VMS)
    101. 

  101. #  undef TCP_FASTOPEN
    102. 

  102. # endif
    103. 

  103. 

  104. # if defined(OPENSSL_SYS_MACOSX)
    105. 

  105. #  define OSSL_TFO_SYSCTL               "net.inet.tcp.fastopen"
    106. 

  106. #  define OSSL_TFO_SERVER_SOCKOPT       TCP_FASTOPEN
    107. 

  107. #  define OSSL_TFO_SERVER_SOCKOPT_VALUE 1
    108. 

  108. #  define OSSL_TFO_CONNECTX             1
    109. 

  109. #  define OSSL_TFO_DO_NOT_CONNECT       1
    110. 

  110. #  define OSSL_TFO_CLIENT_FLAG          1
    111. 

  111. #  define OSSL_TFO_SERVER_FLAG          2
    112. 

  112. # endif
    113. 

  113. 

  114. # if defined(__FreeBSD__)
    115. 

  115. #  if defined(TCP_FASTOPEN_PSK_LEN)
    116. 

  116. /* As of 12.0 these are the SYSCTLs */
    117. 

  117. #   define OSSL_TFO_SYSCTL_SERVER        "net.inet.tcp.fastopen.server_enable"
    118. 

  118. #   define OSSL_TFO_SYSCTL_CLIENT        "net.inet.tcp.fastopen.client_enable"
    119. 

  119. #   define OSSL_TFO_SERVER_SOCKOPT       TCP_FASTOPEN
    120. 

  120. #   define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN
    121. 

  121. #   define OSSL_TFO_CLIENT_SOCKOPT       TCP_FASTOPEN
    122. 

  122. #   define OSSL_TFO_DO_NOT_CONNECT       1
    123. 

  123. #   define OSSL_TFO_SENDTO               0
    124. 

  124. /* These are the same because the sysctl are client/server-specific */
    125. 

  125. #   define OSSL_TFO_CLIENT_FLAG          1
    126. 

  126. #   define OSSL_TFO_SERVER_FLAG          1
    127. 

  127. #  else
    128. 

  128. /* 10.3 through 11.4 SYSCTL - ONLY SERVER SUPPORT */
    129. 

  129. #   define OSSL_TFO_SYSCTL               "net.inet.tcp.fastopen.enabled"
    130. 

  130. #   define OSSL_TFO_SERVER_SOCKOPT       TCP_FASTOPEN
    131. 

  131. #   define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN
    132. 

  132. #   define OSSL_TFO_SERVER_FLAG          1
    133. 

  133. #  endif
    134. 

  134. # endif
    135. 

  135. 

  136. # if defined(OPENSSL_SYS_LINUX)
    137. 

  137. /* OSSL_TFO_PROC not used, but of interest */
    138. 

  138. #  define OSSL_TFO_PROC                 "/proc/sys/net/ipv4/tcp_fastopen"
    139. 

  139. #  define OSSL_TFO_SERVER_SOCKOPT       TCP_FASTOPEN
    140. 

  140. #  define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN
    141. 

  141. #  if defined(TCP_FASTOPEN_CONNECT)
    142. 

  142. #   define OSSL_TFO_CLIENT_SOCKOPT      TCP_FASTOPEN_CONNECT
    143. 

  143. #  else
    144. 

  144. #   define OSSL_TFO_SENDTO              MSG_FASTOPEN
    145. 

  145. #   define OSSL_TFO_DO_NOT_CONNECT      1
    146. 

  146. #  endif
    147. 

  147. #  define OSSL_TFO_CLIENT_FLAG          1
    148. 

  148. #  define OSSL_TFO_SERVER_FLAG          2
    149. 

  149. # endif
    150. 

  150. 

  151. #endif
    152.