Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/openssl/include/internal/bio_tfo.h
105310 views
1
/*

2
 * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.

3
 *

4
 * Licensed under the Apache License 2.0 (the "License").  You may not use

5
 * this file except in compliance with the License.  You can obtain a copy

6
 * in the file LICENSE in the source distribution or at

7
 * https://www.openssl.org/source/license.html

8
 */

9


10
/*

11
 * Contains definitions for simplifying the use of TCP Fast Open

12
 * (RFC7413) in OpenSSL socket BIOs.

13
 */

14


15
/* If a supported OS is added here, update test/bio_tfo_test.c */

16
#if defined(TCP_FASTOPEN) && !defined(OPENSSL_NO_TFO)

17


18
#if defined(OPENSSL_SYS_MACOSX) || defined(__FreeBSD__)

19
#include <sys/sysctl.h>

20
#endif

21


22
/*

23
 * OSSL_TFO_SYSCTL is used to determine if TFO is supported by

24
 * this kernel, and if supported, if it is enabled. This is more of

25
 * a problem on FreeBSD 10.3 ~ 11.4, where TCP_FASTOPEN was defined,

26
 * but not enabled by default in the kernel, and only for the server.

27
 * Linux does not have sysctlbyname(), and the closest equivalent

28
 * is to go into the /proc filesystem, but I'm not sure it's

29
 * worthwhile.

30
 *

31
 * On MacOS and Linux:

32
 * These operating systems use a single parameter to control TFO.

33
 * The OSSL_TFO_CLIENT_FLAG and OSSL_TFO_SERVER_FLAGS are used to

34
 * determine if TFO is enabled for the client and server respectively.

35
 *

36
 * OSSL_TFO_CLIENT_FLAG = 1 = client TFO enabled

37
 * OSSL_TFO_SERVER_FLAG = 2 = server TFO enabled

38
 *

39
 * Such that:

40
 * 0 = TFO disabled

41
 * 3 = server and client TFO enabled

42
 *

43
 * macOS 10.14 and later support TFO.

44
 * Linux kernel 3.6 added support for client TFO.

45
 * Linux kernel 3.7 added support for server TFO.

46
 * Linux kernel 3.13 enabled TFO by default.

47
 * Linux kernel 4.11 added the TCP_FASTOPEN_CONNECT option.

48
 *

49
 * On FreeBSD:

50
 * FreeBSD 10.3 ~ 11.4 uses a single sysctl for server enable.

51
 * FreeBSD 12.0 and later uses separate sysctls for server and

52
 * client enable.

53
 *

54
 * Some options are purposely NOT defined per-platform

55
 *

56
 * OSSL_TFO_SYSCTL

57
 *     Defined as a sysctlbyname() option to determine if

58
 *     TFO is enabled in the kernel (macOS, FreeBSD)

59
 *

60
 * OSSL_TFO_SERVER_SOCKOPT

61
 *     Defined to indicate the socket option used to enable

62
 *     TFO on a server socket (all)

63
 *

64
 * OSSL_TFO_SERVER_SOCKOPT_VALUE

65
 *     Value to be used with OSSL_TFO_SERVER_SOCKOPT

66
 *

67
 * OSSL_TFO_CONNECTX

68
 *     Use the connectx() function to make a client connection

69
 *     (macOS)

70
 *

71
 * OSSL_TFO_CLIENT_SOCKOPT

72
 *     Defined to indicate the socket option used to enable

73
 *     TFO on a client socket (FreeBSD, Linux 4.14 and later)

74
 *

75
 * OSSL_TFO_SENDTO

76
 *     Defined to indicate the sendto() message type to

77
 *     be used to initiate a TFO connection (FreeBSD,

78
 *     Linux pre-4.14)

79
 *

80
 * OSSL_TFO_DO_NOT_CONNECT

81
 *     Defined to skip calling connect() when creating a

82
 *     client socket (macOS, FreeBSD, Linux pre-4.14)

83
 */

84


85
#if defined(OPENSSL_SYS_WINDOWS)

86
/*

87
 * NO WINDOWS SUPPORT

88
 *

89
 * But this is what would be used on the server:

90
 *

91
 * define OSSL_TFO_SERVER_SOCKOPT       TCP_FASTOPEN

92
 * define OSSL_TFO_SERVER_SOCKOPT_VALUE 1

93
 *

94
 * Still have to figure out client support

95
 */

96
#undef TCP_FASTOPEN

97
#endif

98


99
/* NO VMS SUPPORT */

100
#if defined(OPENSSL_SYS_VMS)

101
#undef TCP_FASTOPEN

102
#endif

103


104
#if defined(OPENSSL_SYS_MACOSX)

105
#define OSSL_TFO_SYSCTL "net.inet.tcp.fastopen"

106
#define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN

107
#define OSSL_TFO_SERVER_SOCKOPT_VALUE 1

108
#define OSSL_TFO_CONNECTX 1

109
#define OSSL_TFO_DO_NOT_CONNECT 1

110
#define OSSL_TFO_CLIENT_FLAG 1

111
#define OSSL_TFO_SERVER_FLAG 2

112
#endif

113


114
#if defined(__FreeBSD__)

115
#if defined(TCP_FASTOPEN_PSK_LEN)

116
/* As of 12.0 these are the SYSCTLs */

117
#define OSSL_TFO_SYSCTL_SERVER "net.inet.tcp.fastopen.server_enable"

118
#define OSSL_TFO_SYSCTL_CLIENT "net.inet.tcp.fastopen.client_enable"

119
#define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN

120
#define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN

121
#define OSSL_TFO_CLIENT_SOCKOPT TCP_FASTOPEN

122
#define OSSL_TFO_DO_NOT_CONNECT 1

123
#define OSSL_TFO_SENDTO 0

124
/* These are the same because the sysctl are client/server-specific */

125
#define OSSL_TFO_CLIENT_FLAG 1

126
#define OSSL_TFO_SERVER_FLAG 1

127
#else

128
/* 10.3 through 11.4 SYSCTL - ONLY SERVER SUPPORT */

129
#define OSSL_TFO_SYSCTL "net.inet.tcp.fastopen.enabled"

130
#define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN

131
#define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN

132
#define OSSL_TFO_SERVER_FLAG 1

133
#endif

134
#endif

135


136
#if defined(OPENSSL_SYS_LINUX)

137
/* OSSL_TFO_PROC not used, but of interest */

138
#define OSSL_TFO_PROC "/proc/sys/net/ipv4/tcp_fastopen"

139
#define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN

140
#define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN

141
#if defined(TCP_FASTOPEN_CONNECT)

142
#define OSSL_TFO_CLIENT_SOCKOPT TCP_FASTOPEN_CONNECT

143
#else

144
#define OSSL_TFO_SENDTO MSG_FASTOPEN

145
#define OSSL_TFO_DO_NOT_CONNECT 1

146
#endif

147
#define OSSL_TFO_CLIENT_FLAG 1

148
#define OSSL_TFO_SERVER_FLAG 2

149
#endif

150


151
#endif

152


153