From 788b9ba61132936ee6e4db851b91a920c6e6f348 Mon Sep 17 00:00:00 2001 From: Wang Yufen Date: Mon, 2 Aug 2021 16:00:00 +0800 Subject: [PATCH] tcp_comp: only enable compression for give server ports hulk inclusion category: feature bugzilla: NA CVE: NA ------------------------------------------------- Only enable compression for give server ports, this means we will check either dport when send SYN or sport when send SYN-ACK. Signed-off-by: Wei Yongjun Signed-off-by: Wang Yufen Reviewed-by: Wei Yongjun Reviewed-by: Wei Yongjun Reviewed-by: Yue Haibing Signed-off-by: Yang Yingliang --- include/net/tcp.h | 2 +- net/ipv4/tcp_comp.c | 18 ++++++++++++++++-- net/ipv4/tcp_output.c | 12 ++++++------ 3 files changed, 23 insertions(+), 9 deletions(-) diff --git a/include/net/tcp.h b/include/net/tcp.h index d3961e3e368e..41f7ebbc0091 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -2215,7 +2215,7 @@ extern struct static_key_false tcp_have_comp; extern unsigned long *sysctl_tcp_compression_ports; -bool tcp_syn_comp_enabled(const struct tcp_sock *tp); +bool tcp_syn_comp_enabled(const struct sock *sk, bool active); void tcp_init_compression(struct sock *sk); void tcp_cleanup_compression(struct sock *sk); #else diff --git a/net/ipv4/tcp_comp.c b/net/ipv4/tcp_comp.c index 3493255d34df..a71f23fceec6 100644 --- a/net/ipv4/tcp_comp.c +++ b/net/ipv4/tcp_comp.c @@ -11,13 +11,27 @@ static unsigned long tcp_compression_ports[65536 / 8]; unsigned long *sysctl_tcp_compression_ports = tcp_compression_ports; -bool tcp_syn_comp_enabled(const struct tcp_sock *tp) +bool tcp_syn_comp_enabled(const struct sock *sk, bool active) { - return true; + struct inet_sock *inet = inet_sk(sk); + int port; + + if (active) + port = ntohs(inet->inet_dport); + else + port = ntohs(inet->inet_sport); + + return test_bit(port, sysctl_tcp_compression_ports); } void tcp_init_compression(struct sock *sk) { + struct tcp_sock *tp = tcp_sk(sk); + + if (!tp->rx_opt.smc_ok) + return; + + sock_set_flag(sk, SOCK_COMP); } void tcp_cleanup_compression(struct sock *sk) diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 37da02707400..9453a98c936f 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -587,13 +587,13 @@ static void smc_set_option_cond(const struct tcp_sock *tp, #endif } -static void comp_set_option(const struct tcp_sock *tp, +static void comp_set_option(const struct sock *sk, struct tcp_out_options *opts, unsigned int *remaining) { #if IS_ENABLED(CONFIG_TCP_COMP) if (static_branch_unlikely(&tcp_have_comp)) { - if (tcp_syn_comp_enabled(tp)) { + if (tcp_syn_comp_enabled(sk, true)) { if (*remaining >= TCPOLEN_EXP_COMP_BASE) { opts->options |= OPTION_COMP; *remaining -= TCPOLEN_EXP_COMP_BASE; @@ -603,14 +603,14 @@ static void comp_set_option(const struct tcp_sock *tp, #endif } -static void comp_set_option_cond(const struct tcp_sock *tp, +static void comp_set_option_cond(const struct sock *sk, const struct inet_request_sock *ireq, struct tcp_out_options *opts, unsigned int *remaining) { #if IS_ENABLED(CONFIG_TCP_COMP) if (static_branch_unlikely(&tcp_have_comp)) { - if (tcp_syn_comp_enabled(tp) && ireq->comp_ok) { + if (tcp_syn_comp_enabled(sk, false) && ireq->comp_ok) { if (*remaining >= TCPOLEN_EXP_COMP_BASE) { opts->options |= OPTION_COMP; *remaining -= TCPOLEN_EXP_COMP_BASE; @@ -688,7 +688,7 @@ static unsigned int tcp_syn_options(struct sock *sk, struct sk_buff *skb, smc_set_option(tp, opts, &remaining); - comp_set_option(tp, opts, &remaining); + comp_set_option(sk, opts, &remaining); return MAX_TCP_OPTION_SPACE - remaining; } @@ -755,7 +755,7 @@ static unsigned int tcp_synack_options(const struct sock *sk, smc_set_option_cond(tcp_sk(sk), ireq, opts, &remaining); - comp_set_option_cond(tcp_sk(sk), ireq, opts, &remaining); + comp_set_option_cond(sk, ireq, opts, &remaining); return MAX_TCP_OPTION_SPACE - remaining; } -- GitLab