• Christoph Paasch's avatar
    tcp: Configure TFO without cookie per socket and/or per route · 71c02379
    Christoph Paasch authored
    We already allow to enable TFO without a cookie by using the
    fastopen-sysctl and setting it to TFO_SERVER_COOKIE_NOT_REQD (or
    TFO_CLIENT_NO_COOKIE).
    This is safe to do in certain environments where we know that there
    isn't a malicous host (aka., data-centers) or when the
    application-protocol already provides an authentication mechanism in the
    first flight of data.
    
    A server however might be providing multiple services or talking to both
    sides (public Internet and data-center). So, this server would want to
    enable cookie-less TFO for certain services and/or for connections that
    go to the data-center.
    
    This patch exposes a socket-option and a per-route attribute to enable such
    fine-grained configurations.
    Signed-off-by: default avatarChristoph Paasch <cpaasch@apple.com>
    Reviewed-by: default avatarYuchung Cheng <ycheng@google.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    71c02379
tcp.c 93.3 KB