git: e0b080f850cc - main - tcp: mark TCP stacks which can serve as a default stack

From: Michael Tuexen <tuexen_at_FreeBSD.org>
Date: Sun, 21 Jul 2024 23:57:32 UTC
The branch main has been updated by tuexen:

URL: https://cgit.FreeBSD.org/src/commit/?id=e0b080f850cc0418353cc196cbfe81075cf76661

commit e0b080f850cc0418353cc196cbfe81075cf76661
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2024-07-21 13:06:10 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2024-07-21 13:06:10 +0000

    tcp: mark TCP stacks which can serve as a default stack
    
    Allow a TCP function block (tfb) to become the default stack only if
    tfb->tfb_flags has the TCP_FUNC_DEFAULT_OK flags set. This allows a
    TCP function block, that is not suitable as a default function block
    to ensure that it is not set as the default via sysctl. In this case
    sysctl would return EINVAL.
    
    Reviewed by:            gallatin, Peter Lei
    Sponsored by:           Netflix, Inc.
    Differential Revision:  https://reviews.freebsd.org/D45419
---
 sys/netinet/tcp_stacks/bbr.c  | 2 +-
 sys/netinet/tcp_stacks/rack.c | 2 +-
 sys/netinet/tcp_subr.c        | 5 +++++
 sys/netinet/tcp_var.h         | 1 +
 4 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/sys/netinet/tcp_stacks/bbr.c b/sys/netinet/tcp_stacks/bbr.c
index 445ba064b316..cf64451f0c87 100644
--- a/sys/netinet/tcp_stacks/bbr.c
+++ b/sys/netinet/tcp_stacks/bbr.c
@@ -14181,7 +14181,7 @@ struct tcp_function_block __tcp_bbr = {
 	.tfb_tcp_mtu_chg = bbr_mtu_chg,
 	.tfb_pru_options = bbr_pru_options,
 	.tfb_switch_failed = bbr_switch_failed,
-	.tfb_flags = TCP_FUNC_OUTPUT_CANDROP,
+	.tfb_flags = TCP_FUNC_OUTPUT_CANDROP | TCP_FUNC_DEFAULT_OK,
 };
 
 /*
diff --git a/sys/netinet/tcp_stacks/rack.c b/sys/netinet/tcp_stacks/rack.c
index bd7583d3843a..44ddfac2a6ca 100644
--- a/sys/netinet/tcp_stacks/rack.c
+++ b/sys/netinet/tcp_stacks/rack.c
@@ -25289,7 +25289,7 @@ static struct tcp_function_block __tcp_rack = {
 	.tfb_compute_pipe = rack_compute_pipe,
 	.tfb_stack_info = rack_stack_information,
 	.tfb_inherit = rack_inherit,
-	.tfb_flags = TCP_FUNC_OUTPUT_CANDROP,
+	.tfb_flags = TCP_FUNC_OUTPUT_CANDROP | TCP_FUNC_DEFAULT_OK,
 
 };
 
diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index 6dc8e0c1c46e..42d29d64e09f 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -359,6 +359,7 @@ static struct tcp_function_block tcp_def_funcblk = {
 	.tfb_tcp_fb_init = tcp_default_fb_init,
 	.tfb_tcp_fb_fini = tcp_default_fb_fini,
 	.tfb_switch_failed = tcp_default_switch_failed,
+	.tfb_flags = TCP_FUNC_DEFAULT_OK,
 };
 
 static int tcp_fb_cnt = 0;
@@ -676,6 +677,10 @@ sysctl_net_inet_default_tcp_functions(SYSCTL_HANDLER_ARGS)
 		error = ENOENT;
 		goto done;
 	}
+	if ((blk->tfb_flags & TCP_FUNC_DEFAULT_OK) == 0) {
+		error = EINVAL;
+		goto done;
+	}
 	V_tcp_func_set_ptr = blk;
 done:
 	rw_wunlock(&tcp_function_lock);
diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h
index 099fb32ee613..52fd0f181e01 100644
--- a/sys/netinet/tcp_var.h
+++ b/sys/netinet/tcp_var.h
@@ -540,6 +540,7 @@ typedef enum {
 /* Flags for tcp functions */
 #define	TCP_FUNC_BEING_REMOVED	0x01   	/* Can no longer be referenced */
 #define	TCP_FUNC_OUTPUT_CANDROP	0x02   	/* tfb_tcp_output may ask tcp_drop */
+#define	TCP_FUNC_DEFAULT_OK	0x04   	/* Can be used as default */
 
 /**
  * tfb_tcp_handoff_ok is a mandatory function allowing