From nobody Wed Apr 24 13:01:49 2024
Delivered-To: wpasupplicant.patchew@gmail.com
Received: by 2002:a05:6638:3394:0:0:0:0 with SMTP id h20csp393382jav;
        Wed, 27 Oct 2021 07:53:43 -0700 (PDT)
X-Google-Smtp-Source: 
 ABdhPJz4R/EHnVQ3uquufCfQqqeDDJc/je1A949KMu4zazsH7QlrYvBOaVvkoRpx+z0apt/CvcqP
X-Received: by 2002:a9d:a4c:: with SMTP id 70mr8641160otg.40.1635346423547;
        Wed, 27 Oct 2021 07:53:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1635346423; cv=none;
        d=google.com; s=arc-20160816;
        b=HsbTwpMj+rLyZdXPheey7HnpEtJTxpNcPUWFch4mtHCYVMQ7RJU9J95c97d2LX4Oq4
         /qY6BglXbIAwyGlnzdi+Wk+rOVhtHO6/ZJlTJW+jj9Vic7OWSRvs1DlkVUUhFjUZa00d
         1ymKslUnnoTasSeUuTErksBLDFeF3/Fpbk5hvLOvxvToWvZ5qDkbeC1AGQc/dgVdQMWI
         lRbEOhHSX58wznpDM40+TNg8eBYVG/xMP5pkDOVsJdd0Vbxo5ft15SdMlgmwyUKhRgyU
         Pn2FlUWgdQ3xTSbBJt4RL9RjaumC8HZ7lMsn6ukNPKA/IeLWrh0Rp/ncuVsRRG5XFhJJ
         WRqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from;
        bh=ETGDg04/6LSH21BqoZRSmqIxpOLG37f2MnHZ/H2C55c=;
        b=x6OjlSTQwIFWyU+nOAgi/PQivwQtRwnwy5WOYDjWFFwHjKIM2Zqz7/J59MxPQ/D323
         lw9Wv4yiNAp2N+bX0Qyqh6g2AkRkFIEKM9ijJf7dwrCaVZzPXPbLfBOuaB4WlKZSpliO
         y2URyup2AsrRm6XGEkQB04ayrQ1l3tsFcOhZ7FPtcsqkYKMXzsvsHz6m+eymAWrR9Jiy
         fHZ8iI/lcaL2zIlCzHxzb7lYuFbqVnniKTkAT3vHMNu17VBAA8fuF+0Q6qMgd5HY63qk
         a7qohXezG2eyaYdBf6lPqxwatpv/shv3hFQLWtoT2wMCzf8eaiiVnm6MFKXKV8fiQ0aE
         rC0Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of
 mptcp+bounces-2286-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 147.75.197.195 as permitted sender)
 smtp.mailfrom="mptcp+bounces-2286-wpasupplicant.patchew=gmail.com@lists.linux.dev"
Return-Path: 
 <mptcp+bounces-2286-wpasupplicant.patchew=gmail.com@lists.linux.dev>
Received: from ewr.edge.kernel.org (ewr.edge.kernel.org. [147.75.197.195])
        by mx.google.com with ESMTPS id y17si243191oos.31.2021.10.27.07.53.43
        for <wpasupplicant.patchew@gmail.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 27 Oct 2021 07:53:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 mptcp+bounces-2286-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 147.75.197.195 as permitted sender) client-ip=147.75.197.195;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of
 mptcp+bounces-2286-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 147.75.197.195 as permitted sender)
 smtp.mailfrom="mptcp+bounces-2286-wpasupplicant.patchew=gmail.com@lists.linux.dev"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
 [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ewr.edge.kernel.org (Postfix) with ESMTPS id 82C0C1C095D
	for <wpasupplicant.patchew@gmail.com>; Wed, 27 Oct 2021 14:53:42 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id DD1B92CA4;
	Wed, 27 Oct 2021 14:53:40 +0000 (UTC)
X-Original-To: mptcp@lists.linux.dev
Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc
 [193.142.43.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 756D172
	for <mptcp@lists.linux.dev>; Wed, 27 Oct 2021 14:53:39 +0000 (UTC)
Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92)
	(envelope-from <fw@breakpoint.cc>)
	id 1mfjx5-0005Yo-KB; Wed, 27 Oct 2021 16:30:51 +0200
From: Florian Westphal <fw@strlen.de>
To: <mptcp@lists.linux.dev>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH mptcp-next 1/2] mptcp: sockopt: add SOL_IP freebind &
 transparent options
Date: Wed, 27 Oct 2021 16:30:40 +0200
Message-Id: <20211027143041.28449-2-fw@strlen.de>
X-Mailer: git-send-email 2.32.0
In-Reply-To: <20211027143041.28449-1-fw@strlen.de>
References: <20211027143041.28449-1-fw@strlen.de>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

These options also need to be set before bind, so do the sync of msk to
new ssk socket a bit earlier.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 net/mptcp/sockopt.c | 66 ++++++++++++++++++++++++++++++++++++++++++++-
 net/mptcp/subflow.c |  3 ++-
 2 files changed, 67 insertions(+), 2 deletions(-)

diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c
index 74d304b7784e..9e1c68438771 100644
--- a/net/mptcp/sockopt.c
+++ b/net/mptcp/sockopt.c
@@ -390,6 +390,8 @@ static int mptcp_setsockopt_v6(struct mptcp_sock *msk, =
int optname,
=20
 	switch (optname) {
 	case IPV6_V6ONLY:
+	case IPV6_TRANSPARENT:
+	case IPV6_FREEBIND:
 		lock_sock(sk);
 		ssock =3D __mptcp_nmpc_socket(msk);
 		if (!ssock) {
@@ -398,8 +400,24 @@ static int mptcp_setsockopt_v6(struct mptcp_sock *msk,=
 int optname,
 		}
=20
 		ret =3D tcp_setsockopt(ssock->sk, SOL_IPV6, optname, optval, optlen);
-		if (ret =3D=3D 0)
+		if (ret !=3D 0) {
+			release_sock(sk);
+			return ret;
+		}
+
+		sockopt_seq_inc(msk);
+
+		switch (optname) {
+		case IPV6_V6ONLY:
 			sk->sk_ipv6only =3D ssock->sk->sk_ipv6only;
+			break;
+		case IPV6_TRANSPARENT:
+			inet_sk(sk)->transparent =3D inet_sk(ssock->sk)->transparent;
+			break;
+		case IPV6_FREEBIND:
+			inet_sk(sk)->freebind =3D inet_sk(ssock->sk)->freebind;
+			break;
+		}
=20
 		release_sock(sk);
 		break;
@@ -598,6 +616,46 @@ static int mptcp_setsockopt_sol_tcp_congestion(struct =
mptcp_sock *msk, sockptr_t
 	return ret;
 }
=20
+static int mptcp_setsockopt_sol_ip_set_transparent(struct mptcp_sock *msk,=
 int optname,
+						   sockptr_t optval, unsigned int optlen)
+{
+	struct sock *sk =3D (struct sock *)msk;
+	struct inet_sock *issk;
+	struct socket *ssock;
+	int ret, err;
+
+	err =3D ip_setsockopt(sk, SOL_IP, optname, optval, optlen);
+	if (err !=3D 0)
+		return err;
+
+	lock_sock(sk);
+
+	ssock =3D __mptcp_nmpc_socket(msk);
+	if (!ssock) {
+		release_sock(sk);
+		return -EINVAL;
+	}
+
+	issk =3D inet_sk(ssock->sk);
+
+	switch (optname) {
+	case IP_FREEBIND:
+		issk->freebind =3D inet_sk(sk)->freebind;
+		break;
+	case IP_TRANSPARENT:
+		issk->transparent =3D inet_sk(sk)->transparent;
+		break;
+	default:
+		release_sock(sk);
+		WARN_ON_ONCE(1);
+		return -EOPNOTSUPP;
+	}
+
+	sockopt_seq_inc(msk);
+	release_sock(sk);
+	return ret;
+}
+
 static int mptcp_setsockopt_v4_set_tos(struct mptcp_sock *msk, int optname,
 				       sockptr_t optval, unsigned int optlen)
 {
@@ -628,6 +686,9 @@ static int mptcp_setsockopt_v4(struct mptcp_sock *msk, =
int optname,
 			       sockptr_t optval, unsigned int optlen)
 {
 	switch (optname) {
+	case IP_FREEBIND:
+	case IP_TRANSPARENT:
+		return mptcp_setsockopt_sol_ip_set_transparent(msk, optname, optval, opt=
len);
 	case IP_TOS:
 		return mptcp_setsockopt_v4_set_tos(msk, optname, optval, optlen);
 	}
@@ -1069,6 +1130,9 @@ static void sync_socket_options(struct mptcp_sock *ms=
k, struct sock *ssk)
=20
 	if (inet_csk(sk)->icsk_ca_ops !=3D inet_csk(ssk)->icsk_ca_ops)
 		tcp_set_congestion_control(ssk, msk->ca_name, false, true);
+
+	inet_sk(ssk)->transparent =3D inet_sk(sk)->transparent;
+	inet_sk(ssk)->freebind =3D inet_sk(sk)->freebind;
 }
=20
 static void __mptcp_sockopt_sync(struct mptcp_sock *msk, struct sock *ssk)
diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
index 6172f380dfb7..72ccbd85941b 100644
--- a/net/mptcp/subflow.c
+++ b/net/mptcp/subflow.c
@@ -1425,6 +1425,8 @@ int __mptcp_subflow_connect(struct sock *sk, const st=
ruct mptcp_addr_info *loc,
 	if (addr.ss_family =3D=3D AF_INET6)
 		addrlen =3D sizeof(struct sockaddr_in6);
 #endif
+	mptcp_sockopt_sync(msk, ssk);
+
 	ssk->sk_bound_dev_if =3D ifindex;
 	err =3D kernel_bind(sf, (struct sockaddr *)&addr, addrlen);
 	if (err)
@@ -1441,7 +1443,6 @@ int __mptcp_subflow_connect(struct sock *sk, const st=
ruct mptcp_addr_info *loc,
 	mptcp_info2sockaddr(remote, &addr, ssk->sk_family);
=20
 	mptcp_add_pending_subflow(msk, subflow);
-	mptcp_sockopt_sync(msk, ssk);
 	err =3D kernel_connect(sf, (struct sockaddr *)&addr, addrlen, O_NONBLOCK);
 	if (err && err !=3D -EINPROGRESS)
 		goto failed_unlink;
--=20
2.32.0


From nobody Wed Apr 24 13:01:49 2024
Delivered-To: wpasupplicant.patchew@gmail.com
Received: by 2002:a05:6638:3394:0:0:0:0 with SMTP id h20csp371063jav;
        Wed, 27 Oct 2021 07:31:02 -0700 (PDT)
X-Google-Smtp-Source: 
 ABdhPJw867Kc0FU5uHQe0Eb/tt/F0SLvSPgCdjci5R4U8AZAhN8oSG24vk89TKj1ztiNCWDVYrXX
X-Received: by 2002:a05:6808:243:: with SMTP id
 m3mr3970516oie.14.1635345062234;
        Wed, 27 Oct 2021 07:31:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1635345062; cv=none;
        d=google.com; s=arc-20160816;
        b=Xii7a8QdP1qsbijvjxXVlDka/Znp7d7xIvE7TK4S6JHj247MDxarSJV4slGywB3D/b
         3EIGYsG6Uo5ZJKF46SnK3eM54Tx1oSlcQJvB2vN8s1F1hQdJgEiBW8gz8oOPEQx73uVd
         ZYLXj1oMedQID8OU2cAmrxwTR1oxQm8PXVDLf2jPyGQtHftJZgMrgPWUPJb/psVwM72B
         eBsvTq4EtYpEDDD5/uI8OKjSJ3hc88t9aEAgUWaW3CSVd+9l7rwny7dv/PHtV+tm2J+k
         IApPyr3JdhYIW4oojjkWq322DvrY9DPSE1IsOlMwT0LjMhBY2XpsIttwfWXWBybY1z0J
         uZOA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from;
        bh=2XI9+rB1ozuM4cjkPCWvcBFDSkjz5yd4/WBqswO1czI=;
        b=YMebyt+zrT8tay5/ynzPpLMlpSZXqOmM3N0xddItgqfx1xR7o0+z2l4nsSH+oJyepa
         TJbLVO+7xEbxhnzcZDsh3N7cJxrLO716J9Oi8iXpOf78FirAfg69Oo1w3CvH2oggSgqU
         2Y2wk/AUG2RjUgRJI2WrV/cxPP1PmDPKRjooeu6qv8Wn7OzCnPO4kBn/SCU9eWAOK9ya
         Enul4RvHl53NkVoeFvhvjaSUXq5/MX80UJiYtI+sebaljXvyqp9/qNZ+r5Nn8GDkoc/+
         6VYrFGHdtSjMM51VqhgxHZHWZF8XgMe73IsySRuifU6E27avM0zHJfXO+6VM2JtWu7VZ
         LJQA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of
 mptcp+bounces-2283-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 2604:1380:1:3600::1 as permitted sender)
 smtp.mailfrom="mptcp+bounces-2283-wpasupplicant.patchew=gmail.com@lists.linux.dev"
Return-Path: 
 <mptcp+bounces-2283-wpasupplicant.patchew=gmail.com@lists.linux.dev>
Received: from ewr.edge.kernel.org (ewr.edge.kernel.org.
 [2604:1380:1:3600::1])
        by mx.google.com with ESMTPS id u9si123522ooj.37.2021.10.27.07.31.01
        for <wpasupplicant.patchew@gmail.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 27 Oct 2021 07:31:02 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 mptcp+bounces-2283-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 2604:1380:1:3600::1 as permitted sender) client-ip=2604:1380:1:3600::1;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of
 mptcp+bounces-2283-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 2604:1380:1:3600::1 as permitted sender)
 smtp.mailfrom="mptcp+bounces-2283-wpasupplicant.patchew=gmail.com@lists.linux.dev"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
 [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ewr.edge.kernel.org (Postfix) with ESMTPS id 18ECD1C06ED
	for <wpasupplicant.patchew@gmail.com>; Wed, 27 Oct 2021 14:31:01 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 8FD282CA4;
	Wed, 27 Oct 2021 14:30:59 +0000 (UTC)
X-Original-To: mptcp@lists.linux.dev
Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc
 [193.142.43.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0085A72
	for <mptcp@lists.linux.dev>; Wed, 27 Oct 2021 14:30:57 +0000 (UTC)
Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92)
	(envelope-from <fw@breakpoint.cc>)
	id 1mfjx9-0005Yx-Rq; Wed, 27 Oct 2021 16:30:55 +0200
From: Florian Westphal <fw@strlen.de>
To: <mptcp@lists.linux.dev>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH mptcp-next 2/2] selftests: mptcp: add tproxy test case
Date: Wed, 27 Oct 2021 16:30:41 +0200
Message-Id: <20211027143041.28449-3-fw@strlen.de>
X-Mailer: git-send-email 2.32.0
In-Reply-To: <20211027143041.28449-1-fw@strlen.de>
References: <20211027143041.28449-1-fw@strlen.de>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

No hard dependencies here, just skip if test environ lacks
nft binary or the needed kernel config options.

The test case spawns listener in ns2 but ns1 will connect
to the ip address of ns4.

policy routing + tproxy rule will redirect packets to ns2 instead
of forward.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 .../selftests/net/mptcp/mptcp_connect.c       | 51 +++++++++++-
 .../selftests/net/mptcp/mptcp_connect.sh      | 80 +++++++++++++++++++
 2 files changed, 130 insertions(+), 1 deletion(-)

diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.c b/tools/test=
ing/selftests/net/mptcp/mptcp_connect.c
index 95e81d557b08..ada9b80774d4 100644
--- a/tools/testing/selftests/net/mptcp/mptcp_connect.c
+++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c
@@ -75,7 +75,12 @@ struct cfg_cmsg_types {
 	unsigned int timestampns:1;
 };
=20
+struct cfg_sockopt_types {
+	unsigned int transparent:1;
+};
+
 static struct cfg_cmsg_types cfg_cmsg_types;
+static struct cfg_sockopt_types cfg_sockopt_types;
=20
 static void die_usage(void)
 {
@@ -93,6 +98,7 @@ static void die_usage(void)
 	fprintf(stderr, "\t-u -- check mptcp ulp\n");
 	fprintf(stderr, "\t-w num -- wait num sec before closing the socket\n");
 	fprintf(stderr, "\t-c cmsg -- test cmsg type <cmsg>\n");
+	fprintf(stderr, "\t-o option -- test sockopt <option>\n");
 	fprintf(stderr,
 		"\t-P [saveWithPeek|saveAfterPeek] -- save data with/after MSG_PEEK form=
 tcp socket\n");
 	exit(1);
@@ -185,6 +191,22 @@ static void set_mark(int fd, uint32_t mark)
 	}
 }
=20
+static void set_transparent(int fd, int pf)
+{
+	int one =3D 1;
+
+	switch (pf) {
+	case AF_INET:
+		if (-1 =3D=3D setsockopt(fd, SOL_IP, IP_TRANSPARENT, &one, sizeof(one)))
+			perror("IP_TRANSPARENT");
+		break;
+	case AF_INET6:
+		if (-1 =3D=3D setsockopt(fd, IPPROTO_IPV6, IPV6_TRANSPARENT, &one, sizeo=
f(one)))
+			perror("IPV6_TRANSPARENT");
+		break;
+	}
+}
+
 static int sock_listen_mptcp(const char * const listenaddr,
 			     const char * const port)
 {
@@ -212,6 +234,9 @@ static int sock_listen_mptcp(const char * const listena=
ddr,
 				     sizeof(one)))
 			perror("setsockopt");
=20
+		if (cfg_sockopt_types.transparent)
+			set_transparent(sock, pf);
+
 		if (bind(sock, a->ai_addr, a->ai_addrlen) =3D=3D 0)
 			break; /* success */
=20
@@ -944,6 +969,27 @@ static void parse_cmsg_types(const char *type)
 	exit(1);
 }
=20
+static void parse_setsock_options(const char *name)
+{
+	char *next =3D strchr(name, ',');
+	unsigned int len =3D 0;
+
+	if (next) {
+		parse_setsock_options(next + 1);
+		len =3D next - name;
+	} else {
+		len =3D strlen(name);
+	}
+
+	if (strncmp(name, "TRANSPARENT", len) =3D=3D 0) {
+		cfg_sockopt_types.transparent =3D 1;
+		return;
+	}
+
+	fprintf(stderr, "Unrecognized setsockopt option %s\n", name);
+	exit(1);
+}
+
 int main_loop(void)
 {
 	int fd;
@@ -1047,7 +1093,7 @@ static void parse_opts(int argc, char **argv)
 {
 	int c;
=20
-	while ((c =3D getopt(argc, argv, "6jr:lp:s:hut:T:m:S:R:w:M:P:c:")) !=3D -=
1) {
+	while ((c =3D getopt(argc, argv, "6jr:lp:s:hut:T:m:S:R:w:M:P:c:o:")) !=3D=
 -1) {
 		switch (c) {
 		case 'j':
 			cfg_join =3D true;
@@ -1108,6 +1154,9 @@ static void parse_opts(int argc, char **argv)
 		case 'c':
 			parse_cmsg_types(optarg);
 			break;
+		case 'o':
+			parse_setsock_options(optarg);
+			break;
 		}
 	}
=20
diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.sh b/tools/tes=
ting/selftests/net/mptcp/mptcp_connect.sh
index 559173a8e387..205e9f0c4296 100755
--- a/tools/testing/selftests/net/mptcp/mptcp_connect.sh
+++ b/tools/testing/selftests/net/mptcp/mptcp_connect.sh
@@ -671,6 +671,82 @@ run_tests()
 	run_tests_lo $1 $2 $3 0
 }
=20
+run_test_transparent()
+{
+	local connect_addr=3D"$1"
+	local msg=3D"$2"
+
+	local connector_ns=3D"$ns1"
+	local listener_ns=3D"$ns2"
+	local lret=3D0
+	local r6flag=3D""
+
+	# skip if we don't want v6
+	if ! $ipv6 && is_v6 "${connect_addr}"; then
+		return 0
+	fi
+
+ip netns exec "$listener_ns" nft -f /dev/stdin <<"EOF"
+flush ruleset
+table inet mangle {
+	chain divert {
+		type filter hook prerouting priority -150;
+
+		meta l4proto tcp socket transparent 1 meta mark set 1 accept
+		tcp dport 20000 tproxy to :20000 meta mark set 1 accept
+	}
+}
+EOF
+	if [ $? -ne 0 ]; then
+		echo "SKIP: $msg"
+		return
+	fi
+
+	local local_addr
+	if is_v6 "${connect_addr}"; then
+		local_addr=3D"::"
+		r6flag=3D"-6"
+	else
+		local_addr=3D"0.0.0.0"
+	fi
+
+	ip -net "$listener_ns" $r6flag rule add fwmark 1 lookup 100
+	if [ $? -ne 0 ]; then
+		ip netns exec "$listener_ns" nft flush ruleset
+		echo "SKIP: $msg"
+		return
+	fi
+
+	ip -net "$listener_ns" route add local $local_addr/0 dev lo table 100
+	if [ $? -ne 0 ]; then
+		ip netns exec "$listener_ns" nft flush ruleset
+		ip -net "$listener_ns" $r6flag rule del fwmark 1 lookup 100
+		echo "SKIP: $msg"
+		return
+	fi
+
+	echo "INFO: test $msg"
+
+	TEST_COUNT=3D10000
+	local extra_args=3D"-o TRANSPARENT"
+	do_transfer ${listener_ns} ${connector_ns} MPTCP MPTCP \
+		    ${connect_addr} ${local_addr} "${extra_args}"
+	lret=3D$?
+
+	ip netns exec "$listener_ns" nft flush ruleset
+	ip -net "$listener_ns" $r6flag rule del fwmark 1 lookup 100
+	ip -net "$listener_ns" route del local $local_addr/0 dev lo table 100
+
+	if [ $lret -ne 0 ]; then
+		echo "FAIL: $msg" 1>&2
+		ret=3D$lret
+		return 1
+	fi
+
+	echo "PASS: $msg"
+	return 0
+}
+
 run_tests_peekmode()
 {
 	local peekmode=3D"$1"
@@ -794,5 +870,9 @@ run_tests_peekmode "saveWithPeek"
 run_tests_peekmode "saveAfterPeek"
 stop_if_error "Tests with peek mode have failed"
=20
+# connect to ns4 ip address, ns2 should intercept/proxy
+run_test_transparent 10.0.3.1 "tproxy ipv4"
+run_test_transparent dead:beef:3::1 "tproxy ipv6"
+
 display_time
 exit $ret
--=20
2.32.0