git: 9ea13f8547a9 - stable/14 - tcp: mark TCP stacks which can serve as a default stack

From: Michael Tuexen <tuexen_at_FreeBSD.org>
Date: Sat, 03 Aug 2024 23:10:06 UTC 
The branch stable/14 has been updated by tuexen:

URL: https://cgit.FreeBSD.org/src/commit/?id=9ea13f8547a98d4467d2095c4e97447309a2dd10

commit 9ea13f8547a98d4467d2095c4e97447309a2dd10
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2024-07-21 13:06:10 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2024-08-03 23:09:27 +0000

    tcp: mark TCP stacks which can serve as a default stack
    
    Allow a TCP function block (tfb) to become the default stack only if
    tfb->tfb_flags has the TCP_FUNC_DEFAULT_OK flags set. This allows a
    TCP function block, that is not suitable as a default function block
    to ensure that it is not set as the default via sysctl. In this case
    sysctl would return EINVAL.
    
    Reviewed by:            gallatin, Peter Lei
    Sponsored by:           Netflix, Inc.
    Differential Revision:  https://reviews.freebsd.org/D45419
    
    (cherry picked from commit e0b080f850cc0418353cc196cbfe81075cf76661)
---
 sys/netinet/tcp_stacks/bbr.c  | 2 +-
 sys/netinet/tcp_stacks/rack.c | 2 +-
 sys/netinet/tcp_subr.c        | 5 +++++
 sys/netinet/tcp_var.h         | 1 +
 4 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/sys/netinet/tcp_stacks/bbr.c b/sys/netinet/tcp_stacks/bbr.c
index 2bdab744e0d9..c1bbec3800fd 100644
--- a/sys/netinet/tcp_stacks/bbr.c
+++ b/sys/netinet/tcp_stacks/bbr.c
@@ -14151,7 +14151,7 @@ struct tcp_function_block __tcp_bbr = {
 	.tfb_tcp_mtu_chg = bbr_mtu_chg,
 	.tfb_pru_options = bbr_pru_options,
 	.tfb_switch_failed = bbr_switch_failed,
-	.tfb_flags = TCP_FUNC_OUTPUT_CANDROP,
+	.tfb_flags = TCP_FUNC_OUTPUT_CANDROP | TCP_FUNC_DEFAULT_OK,
 };
 
 /*
diff --git a/sys/netinet/tcp_stacks/rack.c b/sys/netinet/tcp_stacks/rack.c
index c27f745ade62..35ae371a082e 100644
--- a/sys/netinet/tcp_stacks/rack.c
+++ b/sys/netinet/tcp_stacks/rack.c
@@ -23800,7 +23800,7 @@ static struct tcp_function_block __tcp_rack = {
 	.tfb_switch_failed = rack_switch_failed,
 	.tfb_early_wake_check = rack_wake_check,
 	.tfb_compute_pipe = rack_compute_pipe,
-	.tfb_flags = TCP_FUNC_OUTPUT_CANDROP,
+	.tfb_flags = TCP_FUNC_OUTPUT_CANDROP | TCP_FUNC_DEFAULT_OK,
 };
 
 /*
diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index 5d87d0327148..9fc744c42e0c 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -402,6 +402,7 @@ static struct tcp_function_block tcp_def_funcblk = {
 	.tfb_tcp_fb_init = tcp_default_fb_init,
 	.tfb_tcp_fb_fini = tcp_default_fb_fini,
 	.tfb_switch_failed = tcp_default_switch_failed,
+	.tfb_flags = TCP_FUNC_DEFAULT_OK,
 };
 
 static int tcp_fb_cnt = 0;
@@ -719,6 +720,10 @@ sysctl_net_inet_default_tcp_functions(SYSCTL_HANDLER_ARGS)
 		error = ENOENT;
 		goto done;
 	}
+	if ((blk->tfb_flags & TCP_FUNC_DEFAULT_OK) == 0) {
+		error = EINVAL;
+		goto done;
+	}
 	V_tcp_func_set_ptr = blk;
 done:
 	rw_wunlock(&tcp_function_lock);
diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h
index 4632474c1d11..e7cccd60a95e 100644
--- a/sys/netinet/tcp_var.h
+++ b/sys/netinet/tcp_var.h
@@ -536,6 +536,7 @@ typedef enum {
 /* Flags for tcp functions */
 #define	TCP_FUNC_BEING_REMOVED	0x01   	/* Can no longer be referenced */
 #define	TCP_FUNC_OUTPUT_CANDROP	0x02   	/* tfb_tcp_output may ask tcp_drop */
+#define	TCP_FUNC_DEFAULT_OK	0x04   	/* Can be used as default */
 
 /**
  * If defining the optional tcp_timers, in the