As far as I understand, there are two ways to set the TCP Fast Open keys in Linux - system-wide and per-socket.
Per-socket
If the application is aware of TCP Fast Open, the application can ask for TCP Fast Open behavior using the TCP_FASTOPEN
option in setsockopt()
. When that is set, as can be seen in the implementation of do_tcp_setsockopt
, the key is generated by calling tcp_fastopen_init_key_once()
from some random bytes.
As far as I understand, the application can re-generate the key by calling setsockopt()
again with TCP_FASTOPEN
or, alternatively, set a specific key by calling TCP_FASTOPEN_KEY
with the correct key data. You can also do that initially, instead of setting TCP_FASTOPEN
. I'm guessing TCP_FASTOPEN_KEY
is useful for syncing keys across a cluster of unicast servers.
System-wide
You can use the sysctl tunable net.ipv4.tcp_fastopen_key
to set a system-wide TFO key to be used by processes that are not aware of TFO. Here is a discussion in Wikimedia's tech wiki of TFO - which I assume is for managing Wikimedia's servers TFO support - at the end of it they have sample code to update the system TFO key.
Summary
In Linux there is no planned rotation of TCP Fast Open keys - it is either the responsibility of the application, or the sys admin has to set up something.
As far as I understand, if the application is TFO-aware, then that is it - the application is responsible for whatever security measures they use and the system administrator cannot override that. This make sense to me as it lowers the cost of controlling and syncing TFO keys in a custom software cluster environment.
Note
In Linux, as of version 5.3, there are two TFO keys - a primary and a backup. This was done to reduce the cost of resetting the key - every time you reset the key, the previous key is copied to the backup position, so that if a client that has a cookie with the old key sends a SYN, that packet would still be valid. So if you want to flush all cookies on all clients, you'd need to set the TFO key twice.