1 /* 2 * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * Contains definitions for simplifying the use of TCP Fast Open 12 * (RFC7413) in OpenSSL socket BIOs. 13 */ 14 15 /* If a supported OS is added here, update test/bio_tfo_test.c */ 16 #if defined(TCP_FASTOPEN) && !defined(OPENSSL_NO_TFO) 17 18 # if defined(OPENSSL_SYS_MACOSX) || defined(__FreeBSD__) 19 # include <sys/sysctl.h> 20 # endif 21 22 /* 23 * OSSL_TFO_SYSCTL is used to determine if TFO is supported by 24 * this kernel, and if supported, if it is enabled. This is more of 25 * a problem on FreeBSD 10.3 ~ 11.4, where TCP_FASTOPEN was defined, 26 * but not enabled by default in the kernel, and only for the server. 27 * Linux does not have sysctlbyname(), and the closest equivalent 28 * is to go into the /proc filesystem, but I'm not sure it's 29 * worthwhile. 30 * 31 * On MacOS and Linux: 32 * These operating systems use a single parameter to control TFO. 33 * The OSSL_TFO_CLIENT_FLAG and OSSL_TFO_SERVER_FLAGS are used to 34 * determine if TFO is enabled for the client and server respectively. 35 * 36 * OSSL_TFO_CLIENT_FLAG = 1 = client TFO enabled 37 * OSSL_TFO_SERVER_FLAG = 2 = server TFO enabled 38 * 39 * Such that: 40 * 0 = TFO disabled 41 * 3 = server and client TFO enabled 42 * 43 * macOS 10.14 and later support TFO. 44 * Linux kernel 3.6 added support for client TFO. 45 * Linux kernel 3.7 added support for server TFO. 46 * Linux kernel 3.13 enabled TFO by default. 47 * Linux kernel 4.11 added the TCP_FASTOPEN_CONNECT option. 48 * 49 * On FreeBSD: 50 * FreeBSD 10.3 ~ 11.4 uses a single sysctl for server enable. 51 * FreeBSD 12.0 and later uses separate sysctls for server and 52 * client enable. 53 * 54 * Some options are purposely NOT defined per-platform 55 * 56 * OSSL_TFO_SYSCTL 57 * Defined as a sysctlbyname() option to determine if 58 * TFO is enabled in the kernel (macOS, FreeBSD) 59 * 60 * OSSL_TFO_SERVER_SOCKOPT 61 * Defined to indicate the socket option used to enable 62 * TFO on a server socket (all) 63 * 64 * OSSL_TFO_SERVER_SOCKOPT_VALUE 65 * Value to be used with OSSL_TFO_SERVER_SOCKOPT 66 * 67 * OSSL_TFO_CONNECTX 68 * Use the connectx() function to make a client connection 69 * (macOS) 70 * 71 * OSSL_TFO_CLIENT_SOCKOPT 72 * Defined to indicate the socket option used to enable 73 * TFO on a client socket (FreeBSD, Linux 4.14 and later) 74 * 75 * OSSL_TFO_SENDTO 76 * Defined to indicate the sendto() message type to 77 * be used to initiate a TFO connection (FreeBSD, 78 * Linux pre-4.14) 79 * 80 * OSSL_TFO_DO_NOT_CONNECT 81 * Defined to skip calling connect() when creating a 82 * client socket (macOS, FreeBSD, Linux pre-4.14) 83 */ 84 85 # if defined(OPENSSL_SYS_WINDOWS) 86 /* 87 * NO WINDOWS SUPPORT 88 * 89 * But this is what would be used on the server: 90 * 91 * define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN 92 * define OSSL_TFO_SERVER_SOCKOPT_VALUE 1 93 * 94 * Still have to figure out client support 95 */ 96 # undef TCP_FASTOPEN 97 # endif 98 99 /* NO VMS SUPPORT */ 100 # if defined(OPENSSL_SYS_VMS) 101 # undef TCP_FASTOPEN 102 # endif 103 104 # if defined(OPENSSL_SYS_MACOSX) 105 # define OSSL_TFO_SYSCTL "net.inet.tcp.fastopen" 106 # define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN 107 # define OSSL_TFO_SERVER_SOCKOPT_VALUE 1 108 # define OSSL_TFO_CONNECTX 1 109 # define OSSL_TFO_DO_NOT_CONNECT 1 110 # define OSSL_TFO_CLIENT_FLAG 1 111 # define OSSL_TFO_SERVER_FLAG 2 112 # endif 113 114 # if defined(__FreeBSD__) 115 # if defined(TCP_FASTOPEN_PSK_LEN) 116 /* As of 12.0 these are the SYSCTLs */ 117 # define OSSL_TFO_SYSCTL_SERVER "net.inet.tcp.fastopen.server_enable" 118 # define OSSL_TFO_SYSCTL_CLIENT "net.inet.tcp.fastopen.client_enable" 119 # define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN 120 # define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN 121 # define OSSL_TFO_CLIENT_SOCKOPT TCP_FASTOPEN 122 # define OSSL_TFO_DO_NOT_CONNECT 1 123 # define OSSL_TFO_SENDTO 0 124 /* These are the same because the sysctl are client/server-specific */ 125 # define OSSL_TFO_CLIENT_FLAG 1 126 # define OSSL_TFO_SERVER_FLAG 1 127 # else 128 /* 10.3 through 11.4 SYSCTL - ONLY SERVER SUPPORT */ 129 # define OSSL_TFO_SYSCTL "net.inet.tcp.fastopen.enabled" 130 # define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN 131 # define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN 132 # define OSSL_TFO_SERVER_FLAG 1 133 # endif 134 # endif 135 136 # if defined(OPENSSL_SYS_LINUX) 137 /* OSSL_TFO_PROC not used, but of interest */ 138 # define OSSL_TFO_PROC "/proc/sys/net/ipv4/tcp_fastopen" 139 # define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN 140 # define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN 141 # if defined(TCP_FASTOPEN_CONNECT) 142 # define OSSL_TFO_CLIENT_SOCKOPT TCP_FASTOPEN_CONNECT 143 # else 144 # define OSSL_TFO_SENDTO MSG_FASTOPEN 145 # define OSSL_TFO_DO_NOT_CONNECT 1 146 # endif 147 # define OSSL_TFO_CLIENT_FLAG 1 148 # define OSSL_TFO_SERVER_FLAG 2 149 # endif 150 151 #endif 152