tempesta-tech · EvgeniiMekhanik · Jun 27, 2024 · Dec 22, 2023 · Jul 28, 2023 · Sep 12, 2023
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
@@ -731,12 +731,10 @@ struct sk_buff {
 				 */
 				unsigned long		dev_scratch;
 #ifdef CONFIG_SECURITY_TEMPESTA
-                                struct {
-                                        __u8    present : 1;
-                                        __u8    tls_type : 7;
-                                        __u16   flags : 16;
-                                        unsigned int cb;
-                                } tfw_cb;
+				struct {
+					__u8		present : 1;
+					__u8		tls_type : 7;
+				} tfw_cb;
 #endif
 			};
 		};
@@ -806,7 +804,7 @@ struct sk_buff {
 	__u8			active_extensions;
 #endif
 #ifdef CONFIG_SECURITY_TEMPESTA
-        __u8                    tail_lock:1;
+	__u8			tail_lock:1;
 #endif
 	/* fields enclosed in headers_start/headers_end are copied
 	 * using a single memcpy() in __copy_skb_header()
@@ -951,27 +949,6 @@ struct sk_buff {
 #define SKB_ALLOC_NAPI		0x04
 
 #ifdef CONFIG_SECURITY_TEMPESTA
-enum {
-	/* This skb contains start of http2 frame. */
-	SS_F_HTTP2_FRAME_START                  = 0x01,
-	/* This skb contains new hpack dynamic table size. */
-	SS_F_HTTT2_HPACK_TBL_SZ_ENCODED         = 0x02,
-	/* This skb contains headers frame. */
-	SS_F_HTTT2_FRAME_HEADERS                = 0x04,
-	/* This skb contains data frame. */
-	SS_F_HTTT2_FRAME_DATA                   = 0x08,
-	/* This skb was already prepared. */
-	SS_F_HTTP2_FRAME_PREPARED               = 0x10,
-	/* This skb acks new hpack dynamic tbl size. */
-	SS_F_HTTP2_ACK_FOR_HPACK_TBL_RESIZING   = 0x20,
-	/*
-	 * These flags should be cleared when we copy flags
-	 * from one skb to another one.
-	 */
-	TEMPESTA_SKB_FLAG_CLEAR_MASK	= SS_F_HTTP2_ACK_FOR_HPACK_TBL_RESIZING |
-					  SS_F_HTTT2_HPACK_TBL_SZ_ENCODED |
-					  SS_F_HTTP2_FRAME_START,
-};
 
 static inline unsigned long
 skb_tfw_is_present(struct sk_buff *skb)
@@ -982,9 +959,9 @@ skb_tfw_is_present(struct sk_buff *skb)
 static inline void
 skb_set_tfw_tls_type(struct sk_buff *skb, unsigned char tls_type)
 {
-        BUG_ON(tls_type > 0x7F);
-        skb->tfw_cb.present = 1;
-        skb->tfw_cb.tls_type = tls_type;
+	BUG_ON(tls_type > 0x7F);
+	skb->tfw_cb.present = 1;
+	skb->tfw_cb.tls_type = tls_type;
 }
 
 static inline unsigned char
@@ -993,38 +970,6 @@ skb_tfw_tls_type(struct sk_buff *skb)
 	return skb->tfw_cb.present ? skb->tfw_cb.tls_type : 0;
 }
 
-static inline void
-skb_set_tfw_flags(struct sk_buff *skb, unsigned short flags)
-{
-        skb->tfw_cb.present = 1;
-        skb->tfw_cb.flags |= flags;
-}
-
-static inline void
-skb_clear_tfw_flag(struct sk_buff *skb, unsigned short flag)
-{
-        skb->tfw_cb.flags &= ~flag;
-}
-
-static inline unsigned short
-skb_tfw_flags(struct sk_buff *skb)
-{
-        return skb->tfw_cb.present ? skb->tfw_cb.flags : 0;
-}
-
-static inline void
-skb_set_tfw_cb(struct sk_buff *skb, unsigned int cb)
-{
-        skb->tfw_cb.present = 1;
-        skb->tfw_cb.cb = cb;
-}
-
-static inline unsigned int
-skb_tfw_cb(struct sk_buff *skb)
-{
-        return skb->tfw_cb.present ? skb->tfw_cb.cb : 0;
-}
-
 static inline void
 skb_copy_tfw_cb(struct sk_buff *dst, struct sk_buff *src)
 {

diff --git a/include/net/sock.h b/include/net/sock.h
@@ -507,16 +507,28 @@ struct sock {
 	void			(*sk_data_ready)(struct sock *sk);
 	void			(*sk_write_space)(struct sock *sk);
 #ifdef CONFIG_SECURITY_TEMPESTA
-	int			(*sk_prepare_xmit)(struct sock *sk,
-						   struct sk_buff *skb,
-						   unsigned int mss_now,
-						   unsigned int *limit,
-						   unsigned int *skbs);
+				/*
+				 * Tempesta FW callback to ecrypt one
+				 * or more skb in socket write queue
+				 * before sending.
+				 */
 	int			(*sk_write_xmit)(struct sock *sk,
 						 struct sk_buff *skb,
 						 unsigned int mss_now,
-						 unsigned int limit,
-						 unsigned int skbs);
+						 unsigned int limit);
+				/*
+				 * Tempesta FW callback to prepare and push
+				 * skbs from Tempesta FW private scheduler
+				 * to socket write queue according sender
+				 * and receiver window.
+				 */
+	int			(*sk_fill_write_queue)(struct sock *sk,
+						       unsigned int mss_now,
+						       int ss_action);
+				/*
+				 * Tempesta FW callback to free all private
+				 * resources associated with socket.
+				 */
 	void			(*sk_destroy_cb)(struct sock *sk);
 #endif
 	void			(*sk_error_report)(struct sock *sk);
@@ -876,6 +888,7 @@ enum sock_flags {
 	SOCK_TSTAMP_NEW, /* Indicates 64 bit timestamps always */
 #ifdef CONFIG_SECURITY_TEMPESTA
 	SOCK_TEMPESTA, /* The socket is managed by Tempesta FW */
+	SOCK_TEMPESTA_HAS_DATA /* The socket has data in Tempesta FW write queue */
 #endif
 };
 

diff --git a/include/net/tcp.h b/include/net/tcp.h
@@ -585,8 +585,6 @@ enum tcp_queue {
 	TCP_FRAG_IN_WRITE_QUEUE,
 	TCP_FRAG_IN_RTX_QUEUE,
 };
-int tso_fragment(struct sock *sk, struct sk_buff *skb, unsigned int len,
-		 unsigned int mss_now, gfp_t gfp);
 int tcp_fragment(struct sock *sk, enum tcp_queue tcp_queue,
 		 struct sk_buff *skb, u32 len,
 		 unsigned int mss_now, gfp_t gfp);
@@ -1877,11 +1875,51 @@ static inline void tcp_rtx_queue_unlink_and_free(struct sk_buff *skb, struct soc
 	sk_wmem_free_skb(sk, skb);
 }
 
+#ifdef CONFIG_SECURITY_TEMPESTA
+/**
+ * This function is similar to `tcp_write_err` except that we send
+ * TCP RST to remote peer.  We call this function when an error occurs
+ * while sending data from which we cannot recover, so we close the
+ * connection with TCP RST.
+ */
+static inline void
+tcp_tfw_handle_error(struct sock *sk, int error)
+{
+	tcp_send_active_reset(sk, GFP_ATOMIC);
+	sk->sk_err = error;
+	sk->sk_error_report(sk);
+	tcp_write_queue_purge(sk);
+	tcp_done(sk);
+}
+#endif
+
 static inline void tcp_push_pending_frames(struct sock *sk)
 {
+#ifdef CONFIG_SECURITY_TEMPESTA
+	unsigned int mss_now = 0;
+
+	if (sock_flag(sk, SOCK_TEMPESTA_HAS_DATA)
+	    && sk->sk_fill_write_queue)
+	{
+		int result;
+
+		mss_now = tcp_current_mss(sk);
+		result = sk->sk_fill_write_queue(sk, mss_now, 0);
+		if (unlikely(result < 0 && result != -ENOMEM)) {
+			tcp_tfw_handle_error(sk, result);
+			return;
+		}
+	}
+#endif
 	if (tcp_send_head(sk)) {
 		struct tcp_sock *tp = tcp_sk(sk);
 
+#ifdef CONFIG_SECURITY_TEMPESTA
+		if (mss_now != 0) {
+			int nonagle = TCP_NAGLE_OFF | TCP_NAGLE_PUSH;
+			__tcp_push_pending_frames(sk, mss_now, nonagle);
+		} else
+#endif
 		__tcp_push_pending_frames(sk, tcp_current_mss(sk), tp->nonagle);
 	}
 }