tcp: Configure TFO without cookie per socket and/or per route
We already allow to enable TFO without a cookie by using the fastopen-sysctl and setting it to TFO_SERVER_COOKIE_NOT_REQD (or TFO_CLIENT_NO_COOKIE). This is safe to do in certain environments where we know that there isn't a malicous host (aka., data-centers) or when the application-protocol already provides an authentication mechanism in the first flight of data. A server however might be providing multiple services or talking to both sides (public Internet and data-center). So, this server would want to enable cookie-less TFO for certain services and/or for connections that go to the data-center. This patch exposes a socket-option and a per-route attribute to enable such fine-grained configurations. Signed-off-by: Christoph Paasch <cpaasch@apple.com> Reviewed-by: Yuchung Cheng <ycheng@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Christoph Paasch
committed by
David S. Miller
David S. Miller
parent
b6f4f8484d
commit
71c02379c7
@@ -430,6 +430,8 @@ enum {
|
||||
#define RTAX_QUICKACK RTAX_QUICKACK
|
||||
RTAX_CC_ALGO,
|
||||
#define RTAX_CC_ALGO RTAX_CC_ALGO
|
||||
RTAX_FASTOPEN_NO_COOKIE,
|
||||
#define RTAX_FASTOPEN_NO_COOKIE RTAX_FASTOPEN_NO_COOKIE
|
||||
__RTAX_MAX
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user