From: GangYan <gang.yan@linux.dev>
To: Geliang Tang <geliang@kernel.org>
Cc: mptcp@lists.linux.dev, Geliang Tang <tanggeliang@kylinos.cn>,
Gang Yan <yangang@kylinos.cn>
Subject: Re: [RFC mptcp-next v4 08/10] mptcp: enable TLS setsockopt
Date: Fri, 12 Dec 2025 15:23:59 +0800 [thread overview]
Message-ID: <aTvDDz10WD9VJ48i@thinkbook16p> (raw)
In-Reply-To: <03bbe5c5fa031651f0796c30f3c64a74083d8a7f.1765505775.git.tanggeliang@kylinos.cn>
Hi, Geliang:
> On Fri, Dec 12, 2025 at 10:27:18AM +0800, Geliang Tang wrote:
> From: Geliang Tang <tanggeliang@kylinos.cn>
>
> This patch adds MPTCP TLS setsockopt support. It allows setting the TCP_ULP
> option to 'tls' exclusively, and enables configuration of the TLS_TX and
> TLS_RX options at the SOL_TLS level.
>
> This option cannot be set when the socket is in CLOSE or LISTEN state.
>
> Co-developed-by: Gang Yan <yangang@kylinos.cn>
> Signed-off-by: Gang Yan <yangang@kylinos.cn>
> Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
> ---
> net/mptcp/sockopt.c | 18 +++++++++++++++++-
> 1 file changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c
> index f3db4f2e8f81..52ff75702404 100644
> --- a/net/mptcp/sockopt.c
> +++ b/net/mptcp/sockopt.c
> @@ -12,6 +12,7 @@
> #include <net/protocol.h>
> #include <net/tcp.h>
> #include <net/mptcp.h>
> +#include <net/tls.h>
> #include "protocol.h"
>
> #define MIN_INFO_OPTLEN_SIZE 16
> @@ -567,6 +568,7 @@ static bool mptcp_supported_sockopt(int level, int optname)
> case TCP_FASTOPEN_CONNECT:
> case TCP_FASTOPEN_KEY:
> case TCP_FASTOPEN_NO_COOKIE:
> + case TCP_ULP:
> return true;
> }
>
> @@ -576,6 +578,13 @@ static bool mptcp_supported_sockopt(int level, int optname)
> * TCP_REPAIR_WINDOW are not supported, better avoid this mess
> */
> }
> + if (level == SOL_TLS) {
> + switch (optname) {
> + case TLS_TX:
> + case TLS_RX:
> + return true;
> + }
> + }
> return false;
> }
>
> @@ -819,11 +828,18 @@ static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *msk, int optname,
> sockptr_t optval, unsigned int optlen)
> {
> struct sock *sk = (void *)msk;
> + char ulp[4] = "";
> int ret, val;
>
> switch (optname) {
> case TCP_ULP:
> - return -EOPNOTSUPP;
> + if (copy_from_user(ulp, optval.user, 4))
> + return -EFAULT;
> + if (strcmp(ulp, "tls\0"))
> + return -EOPNOTSUPP;
> + if ((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))
> + return -EINVAL;
Here should return -ENOTCONN
I'm running the tls selftest(tools/testing/selftest/net/tls.c), and the
'-EINVAL' will cause an error in 'non_established' test, it checks the
errno should be 'ENOTCONN'.
If we don't return here is also OK, because the
'tcp_setsockopt' can return too, but I think a state validation at the
MPTCP layer is necessary, and 'ENOTCONN' is more accurate for
'TCPF_CLOSE | TCPF_LISTEN'.
WDYT
Thanks
Gang
> + return tcp_setsockopt(sk, SOL_TCP, optname, optval, optlen);
> case TCP_CONGESTION:
> return mptcp_setsockopt_sol_tcp_congestion(msk, optval, optlen);
> case TCP_DEFER_ACCEPT:
> --
> 2.51.0
>
>
next prev parent reply other threads:[~2025-12-12 7:24 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-12 2:27 [RFC mptcp-next v4 00/10] MPTCP KTLS support Geliang Tang
2025-12-12 2:27 ` [RFC mptcp-next v4 01/10] mptcp: add sk_is_msk helper Geliang Tang
2025-12-12 2:27 ` [RFC mptcp-next v4 02/10] tls: switch to MPTCP_SKB_CB Geliang Tang
2025-12-12 2:27 ` [RFC mptcp-next v4 03/10] tls: switch to mptcp_inq Geliang Tang
2025-12-12 2:27 ` [RFC mptcp-next v4 04/10] tls: switch to mptcp_sendmsg_locked Geliang Tang
2025-12-12 2:27 ` [RFC mptcp-next v4 05/10] tls: switch to mptcp_recv_skb Geliang Tang
2025-12-12 2:27 ` [RFC mptcp-next v4 06/10] tls: switch to mptcp_read_done Geliang Tang
2025-12-12 2:27 ` [RFC mptcp-next v4 07/10] mptcp: update ULP getsockopt Geliang Tang
2025-12-12 2:27 ` [RFC mptcp-next v4 08/10] mptcp: enable TLS setsockopt Geliang Tang
2025-12-12 7:23 ` GangYan [this message]
2025-12-12 8:29 ` Geliang Tang
2025-12-12 2:27 ` [RFC mptcp-next v4 09/10] selftests: mptcp: connect: update sock_test_tcpulp Geliang Tang
2025-12-12 2:27 ` [RFC mptcp-next v4 10/10] selftests: mptcp: sockopt: implement MPTCP KTLS tests Geliang Tang
2025-12-12 4:52 ` [RFC mptcp-next v4 00/10] MPTCP KTLS support MPTCP CI
2025-12-12 9:17 ` MPTCP CI
2025-12-18 17:42 ` Matthieu Baerts
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aTvDDz10WD9VJ48i@thinkbook16p \
--to=gang.yan@linux.dev \
--cc=geliang@kernel.org \
--cc=mptcp@lists.linux.dev \
--cc=tanggeliang@kylinos.cn \
--cc=yangang@kylinos.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox