2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * Contains definitions for simplifying the use of TCP Fast Open
12 * (RFC7413) in OpenSSL socket BIOs.
15 /* If a supported OS is added here, update test/bio_tfo_test.c */
16 #if defined(TCP_FASTOPEN) && !defined(OPENSSL_NO_TFO)
18 # if defined(OPENSSL_SYS_MACOSX) || defined(__FreeBSD__)
19 # include <sys/sysctl.h>
23 * OSSL_TFO_SYSCTL is used to determine if TFO is supported by
24 * this kernel, and if supported, if it is enabled. This is more of
25 * a problem on FreeBSD 10.3 ~ 11.4, where TCP_FASTOPEN was defined,
26 * but not enabled by default in the kernel, and only for the server.
27 * Linux does not have sysctlbyname(), and the closest equivalent
28 * is to go into the /proc filesystem, but I'm not sure it's
32 * These operating systems use a single parameter to control TFO.
33 * The OSSL_TFO_CLIENT_FLAG and OSSL_TFO_SERVER_FLAGS are used to
34 * determine if TFO is enabled for the client and server respectively.
36 * OSSL_TFO_CLIENT_FLAG = 1 = client TFO enabled
37 * OSSL_TFO_SERVER_FLAG = 2 = server TFO enabled
41 * 3 = server and client TFO enabled
43 * macOS 10.14 and later support TFO.
44 * Linux kernel 3.6 added support for client TFO.
45 * Linux kernel 3.7 added support for server TFO.
46 * Linux kernel 3.13 enabled TFO by default.
47 * Linux kernel 4.11 added the TCP_FASTOPEN_CONNECT option.
50 * FreeBSD 10.3 ~ 11.4 uses a single sysctl for server enable.
51 * FreeBSD 12.0 and later uses separate sysctls for server and
54 * Some options are purposely NOT defined per-platform
57 * Defined as a sysctlbyname() option to to determine if
58 * TFO is enabled in the kernel (macOS, FreeBSD)
60 * OSSL_TFO_SERVER_SOCKOPT
61 * Defined to indicate the socket option used to enable
62 * TFO on a server socket (all)
64 * OSSL_TFO_SERVER_SOCKOPT_VALUE
65 * Value to be used with OSSL_TFO_SERVER_SOCKOPT
68 * Use the connectx() function to make a client connection
71 * OSSL_TFO_CLIENT_SOCKOPT
72 * Defined to indicate the socket option used to enable
73 * TFO on a client socket (FreeBSD, Linux 4.14 and later)
76 * Defined to indicate the sendto() message type to
77 * be used to initiate a TFO connection (FreeBSD,
80 * OSSL_TFO_DO_NOT_CONNECT
81 * Defined to skip calling conect() when creating a
82 * client socket (macOS, FreeBSD, Linux pre-4.14)
85 # if defined(OPENSSL_SYS_WINDOWS)
89 * But this is is what would be used on the server:
91 * define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN
92 * define OSSL_TFO_SERVER_SOCKOPT_VALUE 1
94 * Still have to figure out client support
100 # if defined(OPENSSL_SYS_VMS)
104 # if defined(OPENSSL_SYS_MACOSX)
105 # define OSSL_TFO_SYSCTL "net.inet.tcp.fastopen"
106 # define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN
107 # define OSSL_TFO_SERVER_SOCKOPT_VALUE 1
108 # define OSSL_TFO_CONNECTX 1
109 # define OSSL_TFO_DO_NOT_CONNECT 1
110 # define OSSL_TFO_CLIENT_FLAG 1
111 # define OSSL_TFO_SERVER_FLAG 2
114 # if defined(__FreeBSD__)
115 # if defined(TCP_FASTOPEN_PSK_LEN)
116 /* As of 12.0 these are the SYSCTLs */
117 # define OSSL_TFO_SYSCTL_SERVER "net.inet.tcp.fastopen.server_enable"
118 # define OSSL_TFO_SYSCTL_CLIENT "net.inet.tcp.fastopen.client_enable"
119 # define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN
120 # define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN
121 # define OSSL_TFO_CLIENT_SOCKOPT TCP_FASTOPEN
122 # define OSSL_TFO_DO_NOT_CONNECT 1
123 # define OSSL_TFO_SENDTO 0
124 /* These are the same because the sysctl are client/server-specific */
125 # define OSSL_TFO_CLIENT_FLAG 1
126 # define OSSL_TFO_SERVER_FLAG 1
128 /* 10.3 through 11.4 SYSCTL - ONLY SERVER SUPPORT */
129 # define OSSL_TFO_SYSCTL "net.inet.tcp.fastopen.enabled"
130 # define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN
131 # define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN
132 # define OSSL_TFO_SERVER_FLAG 1
136 # if defined(OPENSSL_SYS_LINUX)
137 /* OSSL_TFO_PROC not used, but of interest */
138 # define OSSL_TFO_PROC "/proc/sys/net/ipv4/tcp_fastopen"
139 # define OSSL_TFO_SERVER_SOCKOPT TCP_FASTOPEN
140 # define OSSL_TFO_SERVER_SOCKOPT_VALUE MAX_LISTEN
141 # if defined(TCP_FASTOPEN_CONNECT)
142 # define OSSL_TFO_CLIENT_SOCKOPT TCP_FASTOPEN_CONNECT
144 # define OSSL_TFO_SENDTO MSG_FASTOPEN
145 # define OSSL_TFO_DO_NOT_CONNECT 1
147 # define OSSL_TFO_CLIENT_FLAG 1
148 # define OSSL_TFO_SERVER_FLAG 2