tcp_comp: allow ignore local tcp connections

hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4PNEK CVE: NA ------------------------------------------------- Tcp compression is used to reduce the amount of data transmitted between multiple machines, which can increase the transmission capacity. The local tcp connection is a single machine transfer, so there is no meaning to use tcp compression. Ignore it by default. Enable by sysctl: echo 1 > /proc/net/ipv4/tcp_compression_local Signed-off-by: N Wang Hai <wanghai38@huawei.com> Signed-off-by: N Wei Yongjun <weiyongjun1@huawei.com> Signed-off-by: N Wang Yufen <wangyufen@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com> Signed-off-by: N Lu Wei <luwei32@huawei.com> Reviewed-by: N Wei Yongjun <weiyongjun1@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>

tcp_comp: allow ignore local tcp connections
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4PNEK CVE: NA ------------------------------------------------- Tcp compression is used to reduce the amount of data transmitted between multiple machines, which can increase the transmission capacity. The local tcp connection is a single machine transfer, so there is no meaning to use tcp compression. Ignore it by default. Enable by sysctl: echo 1 > /proc/net/ipv4/tcp_compression_local Signed-off-by: N Wang Hai <wanghai38@huawei.com> Signed-off-by: N Wei Yongjun <weiyongjun1@huawei.com> Signed-off-by: N Wang Yufen <wangyufen@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com> Signed-off-by: N Lu Wei <luwei32@huawei.com> Reviewed-by: N Wei Yongjun <weiyongjun1@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>
f14b0352 · Wang Hai · Zheng Zengkai · d8a6de61 · f14b0352 · f14b0352
Showing with 46 addition and 10 deletion

include/net/tcp.h include/net/tcp.h +11 -1

net/ipv4/sysctl_net_ipv4.c net/ipv4/sysctl_net_ipv4.c +9 -0

net/ipv4/tcp_comp.c net/ipv4/tcp_comp.c +24 -7

net/ipv4/tcp_output.c net/ipv4/tcp_output.c +2 -2

未找到文件。
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -2384,8 +2384,11 @@ static inline u64 tcp_transmit_time(const struct sock *sk)
 extern struct static_key_false tcp_have_comp;
 extern unsigned long *sysctl_tcp_compression_ports;
+extern int sysctl_tcp_compression_local;
-bool tcp_syn_comp_enabled(const struct sock *sk, bool active);
+bool tcp_syn_comp_enabled(const struct sock *sk);
+bool tcp_synack_comp_enabled(const struct sock *sk,
+			     const struct inet_request_sock *ireq);
 void tcp_init_compression(struct sock *sk);
 void tcp_cleanup_compression(struct sock *sk);
 #else
@@ -2393,6 +2396,13 @@ static inline bool tcp_syn_comp_enabled(const struct tcp_sock *tp)
 {
 	return false;
 }
+static inline bool tcp_synack_comp_enabled(const struct sock *sk,
+					   const struct inet_request_sock *ireq)
+{
+	return false;
+}
 static inline void tcp_init_compression(struct sock *sk)
 {
 }

--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -620,6 +620,15 @@ static struct ctl_table ipv4_table[] = {
 		.mode		= 0644,
 		.proc_handler	= proc_tcp_compression_ports,
 	},
+	{
+		.procname	= "tcp_compression_local",
+		.data		= &sysctl_tcp_compression_local,
+		.maxlen		= sizeof(int),
+		.mode		= 0644,
+		.proc_handler	= proc_dointvec_minmax,
+		.extra1		= SYSCTL_ZERO,
+		.extra2		= SYSCTL_ONE,
+	},
 #endif
 	{ }
 };

--- a/net/ipv4/tcp_comp.c
+++ b/net/ipv4/tcp_comp.c
@@ -10,18 +10,35 @@
 static unsigned long tcp_compression_ports[65536 / 8];
 unsigned long *sysctl_tcp_compression_ports = tcp_compression_ports;
+int sysctl_tcp_compression_local __read_mostly;
-bool tcp_syn_comp_enabled(const struct sock *sk, bool active)
+static bool tcp_comp_enabled(__be32 saddr, __be32 daddr, int port)
+{
+	if (!sysctl_tcp_compression_local &&
+	    (saddr == daddr || ipv4_is_loopback(daddr)))
+		return false;
+	return test_bit(port, sysctl_tcp_compression_ports);
+}
+bool tcp_syn_comp_enabled(const struct sock *sk)
 {
 	struct inet_sock *inet = inet_sk(sk);
-	int port;
-	if (active)
+	return tcp_comp_enabled(inet->inet_saddr, inet->inet_daddr,
-		port = ntohs(inet->inet_dport);
+				ntohs(inet->inet_dport));
-	else
+}
-		port = ntohs(inet->inet_sport);
-	return test_bit(port, sysctl_tcp_compression_ports);
+bool tcp_synack_comp_enabled(const struct sock *sk,
+			     const struct inet_request_sock *ireq)
+{
+	struct inet_sock *inet = inet_sk(sk);
+	if (!ireq->comp_ok)
+		return false;
+	return tcp_comp_enabled(ireq->ir_loc_addr, ireq->ir_rmt_addr,
+				ntohs(inet->inet_sport));
 }
 void tcp_init_compression(struct sock *sk)

--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -742,7 +742,7 @@ static void comp_set_option(const struct sock *sk,
 {
 #if IS_ENABLED(CONFIG_TCP_COMP)
 	if (static_branch_unlikely(&tcp_have_comp)) {
-		if (tcp_syn_comp_enabled(sk, true)) {
+		if (tcp_syn_comp_enabled(sk)) {
 			if (*remaining >= TCPOLEN_EXP_COMP_BASE) {
 				opts->options |= OPTION_COMP;
 				*remaining -= TCPOLEN_EXP_COMP_BASE;
@@ -759,7 +759,7 @@ static void comp_set_option_cond(const struct sock *sk,
 {
 #if IS_ENABLED(CONFIG_TCP_COMP)
 	if (static_branch_unlikely(&tcp_have_comp)) {
-		if (tcp_syn_comp_enabled(sk, false) && ireq->comp_ok) {
+		if (tcp_synack_comp_enabled(sk, ireq)) {
 			if (*remaining >= TCPOLEN_EXP_COMP_BASE) {
 				opts->options |= OPTION_COMP;
 				*remaining -= TCPOLEN_EXP_COMP_BASE;