Commit 1d88db16 authored by Eric Dumazet's avatar Eric Dumazet Committed by Jakub Kicinski
Browse files

tcp: move tcp_do_parse_auth_options() to net/ipv4/tcp.c 



tcp_do_parse_auth_options() fast path user is tcp_inbound_hash().

Move tcp_do_parse_auth_options() right before tcp_inbound_hash()
so that it can be (auto)inlined by the compiler.

As a bonus, stack canary is removed from tcp_inbound_hash().

Also use EXPORT_IPV6_MOD(tcp_do_parse_auth_options).

$ scripts/bloat-o-meter -t vmlinux.0 vmlinux
add/remove: 0/0 grow/shrink: 1/0 up/down: 131/0 (131)
Function                                     old     new   delta
tcp_inbound_hash                             565     696    +131
Total: Before=25223788, After=25223919, chg +0.00%

Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Reviewed-by: default avatarKuniyuki Iwashima <kuniyu@google.com>
Link: https://patch.msgid.link/20260303191243.557245-1-edumazet@google.com


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent db739ff2

net/ipv4/tcp.c

+54 −0
Original line number Diff line number Diff line
@@ -4987,6 +4987,60 @@ tcp_inbound_md5_hash(const struct sock *sk, const struct sk_buff *skb, 


#endif



#if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)

/*

 * Parse Signature options

 */

int tcp_do_parse_auth_options(const struct tcphdr *th,

			      const u8 **md5_hash, const u8 **ao_hash)

{

	int length = (th->doff << 2) - sizeof(*th);

	const u8 *ptr = (const u8 *)(th + 1);

	unsigned int minlen = TCPOLEN_MD5SIG;



	if (IS_ENABLED(CONFIG_TCP_AO))

		minlen = sizeof(struct tcp_ao_hdr) + 1;



	*md5_hash = NULL;

	*ao_hash = NULL;



	/* If not enough data remaining, we can short cut */

	while (length >= minlen) {

		int opcode = *ptr++;

		int opsize;



		switch (opcode) {

		case TCPOPT_EOL:

			return 0;

		case TCPOPT_NOP:

			length--;

			continue;

		default:

			opsize = *ptr++;

			if (opsize < 2 || opsize > length)

				return -EINVAL;

			if (opcode == TCPOPT_MD5SIG) {

				if (opsize != TCPOLEN_MD5SIG)

					return -EINVAL;

				if (unlikely(*md5_hash || *ao_hash))

					return -EEXIST;

				*md5_hash = ptr;

			} else if (opcode == TCPOPT_AO) {

				if (opsize <= sizeof(struct tcp_ao_hdr))

					return -EINVAL;

				if (unlikely(*md5_hash || *ao_hash))

					return -EEXIST;

				*ao_hash = ptr;

			}

		}

		ptr += opsize - 2;

		length -= opsize;

	}

	return 0;

}

EXPORT_IPV6_MOD(tcp_do_parse_auth_options);

#endif



/* Called with rcu_read_lock() */

enum skb_drop_reason

tcp_inbound_hash(struct sock *sk, const struct request_sock *req,

net/ipv4/tcp_input.c

+0 −54
Original line number Diff line number Diff line
@@ -4714,60 +4714,6 @@ static bool tcp_fast_parse_options(const struct net *net, 
	return true;

}



#if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)

/*

 * Parse Signature options

 */

int tcp_do_parse_auth_options(const struct tcphdr *th,

			      const u8 **md5_hash, const u8 **ao_hash)

{

	int length = (th->doff << 2) - sizeof(*th);

	const u8 *ptr = (const u8 *)(th + 1);

	unsigned int minlen = TCPOLEN_MD5SIG;



	if (IS_ENABLED(CONFIG_TCP_AO))

		minlen = sizeof(struct tcp_ao_hdr) + 1;



	*md5_hash = NULL;

	*ao_hash = NULL;



	/* If not enough data remaining, we can short cut */

	while (length >= minlen) {

		int opcode = *ptr++;

		int opsize;



		switch (opcode) {

		case TCPOPT_EOL:

			return 0;

		case TCPOPT_NOP:

			length--;

			continue;

		default:

			opsize = *ptr++;

			if (opsize < 2 || opsize > length)

				return -EINVAL;

			if (opcode == TCPOPT_MD5SIG) {

				if (opsize != TCPOLEN_MD5SIG)

					return -EINVAL;

				if (unlikely(*md5_hash || *ao_hash))

					return -EEXIST;

				*md5_hash = ptr;

			} else if (opcode == TCPOPT_AO) {

				if (opsize <= sizeof(struct tcp_ao_hdr))

					return -EINVAL;

				if (unlikely(*md5_hash || *ao_hash))

					return -EEXIST;

				*ao_hash = ptr;

			}

		}

		ptr += opsize - 2;

		length -= opsize;

	}

	return 0;

}

EXPORT_SYMBOL(tcp_do_parse_auth_options);

#endif



/* Sorry, PAWS as specified is broken wrt. pure-ACKs -DaveM

 *

 * It is not fatal. If this ACK does _not_ change critical state (seqs, window)