Home | History | Annotate | Line # | Download | only in internal 
      1 /*
      2  * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
      3  *
      4  * Licensed under the Apache License 2.0 (the "License").  You may not use
      5  * this file except in compliance with the License.  You can obtain a copy
      6  * in the file LICENSE in the source distribution or at
      7  * https://www.openssl.org/source/license.html
      8  */
      9 
     10 /*
     11  * Contains definitions for simplifying the use of TCP Fast Open
     12  * (RFC7413) in OpenSSL socket BIOs.
     13  */
     14 
     15 /* If a supported OS is added here, update test/bio_tfo_test.c */
     16 #if defined(TCP_FASTOPEN) && !defined(OPENSSL_NO_TFO)
     17 
     18 #if defined(OPENSSL_SYS_MACOSX) || defined(__FreeBSD__)
     19 #include <sys/sysctl.h>
     20 #endif
     21 
     22 /*
     23  * OSSL_TFO_SYSCTL is used to determine if TFO is supported by
     24  * this kernel, and if supported, if it is enabled. This is more of
     25  * a problem on FreeBSD 10.3 ~ 11.4, where TCP_FASTOPEN was defined,
     26  * but not enabled by default in the kernel, and only for the server.
     27  * Linux does not have sysctlbyname(), and the closest equivalent
     28  * is to go into the /proc filesystem, but I'm not sure it's
     29  * worthwhile.
     30  *
     31  * On MacOS and Linux:
     32  * These operating systems use a single parameter to control TFO.
     33  * The OSSL_TFO_CLIENT_FLAG and OSSL_TFO_SERVER_FLAGS are used to
     34  * determine if TFO is enabled for the client and server respectively.
     35  *
     36  * OSSL_TFO_CLIENT_FLAG = 1 = client TFO enabled
     37  * OSSL_TFO_SERVER_FLAG = 2 = server TFO enabled
     38  *
     39  * Such that:
     40  * 0 = TFO disabled
     41  * 3 = server and client TFO enabled
     42  *
     43  * macOS 10.14 and later support TFO.
     44  * Linux kernel 3.6 added support for client TFO.
     45  * Linux kernel 3.7 added support for server TFO.
     46  * Linux kernel 3.13 enabled TFO by default.
     47  * Linux kernel 4.11 added the TCP_FASTOPEN_CONNECT option.
     48  *
     49  * On FreeBSD:
     50  * FreeBSD 10.3 ~ 11.4 uses a single sysctl for server enable.
     51  * FreeBSD 12.0 and later uses separate sysctls for server and
     52  * client enable.
     53  *
     54  * Some options are purposely NOT defined per-platform
     55  *
     56  * OSSL_TFO_SYSCTL
     57  *     Defined as a sysctlbyname() option to determine if
     58  *     TFO is enabled in the kernel (macOS, FreeBSD)
     59  *
     60  * OSSL_TFO_SERVER_SOCKOPT
     61  *     Defined to indicate the socket option used to enable
     62  *     TFO on a server socket (all)
     63  *
     64  * OSSL_TFO_SERVER_SOCKOPT_VALUE
     65  *     Value to be used with OSSL_TFO_SERVER_SOCKOPT
     66  *
     67  * OSSL_TFO_CONNECTX
     68  *     Use the connectx() function to make a client connection
     69  *     (macOS)
     70  *
     71  * OSSL_TFO_CLIENT_SOCKOPT
     72  *     Defined to indicate the socket option used to enable
     73  *     TFO on a client socket (FreeBSD, Linux 4.14 and later)
     74  *
     75  * OSSL_TFO_SENDTO
     76  *     Defined to indicate the sendto() message type to
     77  *     be used to initiate a TFO connection (FreeBSD,
     78  *     Linux pre-4.14)
     79  *
     80  * OSSL_TFO_DO_NOT_CONNECT
     81  *     Defined to skip calling connect() when creating a
     82  *     client socket (macOS, FreeBSD, Linux pre-4.14)
     83  */
     84 
     85 #if defined(OPENSSL_SYS_WINDOWS)
     86 /*
     87  * NO WINDOWS SUPPORT
     88  *
     89  * But this is what would be used on the server:
     90  *
     91  * define OSSL_TFO_SERVER_SOCKOPT       TCP_FASTOPEN
     92  * define OSSL_TFO_SERVER_SOCKOPT_VALUE 1
     93  *
     94  * Still have to figure out client support
     95  */
     96 #undef TCP_FASTOPEN
     97 #endif
     98 
     99 /* NO VMS SUPPORT */
    100 #if defined(OPENSSL_SYS_VMS)
    101 #undef TCP_FASTOPEN
    102 #endif
    103 
    104 #if defined(OPENSSL_SYS_MACOSX)
    105 #define OSSL_TFO_SYSCTL "net.inet.tcp.fastopen"
    106 #define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN
    107 #define OSSL_TFO_SERVER_SOCKOPT_VALUE 1
    108 #define OSSL_TFO_CONNECTX 1
    109 #define OSSL_TFO_DO_NOT_CONNECT 1
    110 #define OSSL_TFO_CLIENT_FLAG 1
    111 #define OSSL_TFO_SERVER_FLAG 2
    112 #endif
    113 
    114 #if defined(__FreeBSD__)
    115 #if defined(TCP_FASTOPEN_PSK_LEN)
    116 /* As of 12.0 these are the SYSCTLs */
    117 #define OSSL_TFO_SYSCTL_SERVER "net.inet.tcp.fastopen.server_enable"
    118 #define OSSL_TFO_SYSCTL_CLIENT "net.inet.tcp.fastopen.client_enable"
    119 #define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN
    120 #define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN
    121 #define OSSL_TFO_CLIENT_SOCKOPT TCP_FASTOPEN
    122 #define OSSL_TFO_DO_NOT_CONNECT 1
    123 #define OSSL_TFO_SENDTO 0
    124 /* These are the same because the sysctl are client/server-specific */
    125 #define OSSL_TFO_CLIENT_FLAG 1
    126 #define OSSL_TFO_SERVER_FLAG 1
    127 #else
    128 /* 10.3 through 11.4 SYSCTL - ONLY SERVER SUPPORT */
    129 #define OSSL_TFO_SYSCTL "net.inet.tcp.fastopen.enabled"
    130 #define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN
    131 #define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN
    132 #define OSSL_TFO_SERVER_FLAG 1
    133 #endif
    134 #endif
    135 
    136 #if defined(OPENSSL_SYS_LINUX)
    137 /* OSSL_TFO_PROC not used, but of interest */
    138 #define OSSL_TFO_PROC "/proc/sys/net/ipv4/tcp_fastopen"
    139 #define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN
    140 #define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN
    141 #if defined(TCP_FASTOPEN_CONNECT)
    142 #define OSSL_TFO_CLIENT_SOCKOPT TCP_FASTOPEN_CONNECT
    143 #else
    144 #define OSSL_TFO_SENDTO MSG_FASTOPEN
    145 #define OSSL_TFO_DO_NOT_CONNECT 1
    146 #endif
    147 #define OSSL_TFO_CLIENT_FLAG 1
    148 #define OSSL_TFO_SERVER_FLAG 2
    149 #endif
    150 
    151 #endif
    152