From nobody Thu Apr 25 14:05:27 2024
Delivered-To: wpasupplicant.patchew@gmail.com
Received: by 2002:a02:956b:0:0:0:0:0 with SMTP id y98csp1437351jah;
        Fri, 29 Oct 2021 04:09:42 -0700 (PDT)
X-Google-Smtp-Source: 
 ABdhPJy5DDV3dvK6/xOjHbdmvlU/lrAlYT3c9nU5LYu7+8Cnx/n3BQJ+FWDu1e60xnDwsuLiByNH
X-Received: by 2002:a9d:d12:: with SMTP id 18mr7775581oti.85.1635505781888;
        Fri, 29 Oct 2021 04:09:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1635505781; cv=none;
        d=google.com; s=arc-20160816;
        b=V+68fnxrcBFslJYQ99afwz2FOd/z78Q6sCaw3z8Giefu3p+/CWxLLoIF+/YPtW7zjk
         Qi8YTbfi2y3rGAMo0In+77DHZXaeq+7kScDtrzmsvKM4IKW7DaFx344H6HfzzHnYngna
         pKo66rkT52DomDXi93YO2jcpXy1BiQLlwQob4HgraruqZv8/ySw4D0OMJf1duoeSFJJO
         jpdVUyXL7dLG9Qaib2lln5oFNPkV99yIwzoioqcyNZc0S2Z9xNB8uuuHwwXj3MiGdihP
         0+SGJJVaBVQ3YDIi6k3wJoHALMZGwt2vPLOe6GSqdoRP6zNjUjtHrCcpVZxZcHjxpote
         +WWA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from;
        bh=zstQvGomsWFvZW9vGnRmCtOAYudUDU0vKzzjQrMg0rk=;
        b=d8kGL/t9iwvGmcI9fmltucH/KWN/gIQOp16qxvEZxKQaV6+WMmgBxkZTzxdUDZnilR
         olM22C5XX3RqCZLi0jbRxKMkIuS0xJ8h0MnmBrmlKinQKUcNYtsWeI30PISODZ3IxzL9
         u8q1o2m/6uS7g3pSGEhu/GWYuYOlj7BYorD6zi7A5NY9ERRFFFEZc2G6OLwjyY6d1598
         Rj6GDXhc7bue4HEBIhOoFZLngc1syA65udGlS5LoDfajNai1gq5I+NBt4TpaqLu/XnBc
         hXEuIpvP8+ds8VG/ghvO5a7v5l9fS+c/+TauVw9XlegBseFxFZcT2QTUgDK+rAQKiMFU
         PXGA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of
 mptcp+bounces-2330-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 147.75.197.195 as permitted sender)
 smtp.mailfrom="mptcp+bounces-2330-wpasupplicant.patchew=gmail.com@lists.linux.dev"
Return-Path: 
 <mptcp+bounces-2330-wpasupplicant.patchew=gmail.com@lists.linux.dev>
Received: from ewr.edge.kernel.org (ewr.edge.kernel.org. [147.75.197.195])
        by mx.google.com with ESMTPS id
 m16si7622239oiw.275.2021.10.29.04.09.41
        for <wpasupplicant.patchew@gmail.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 29 Oct 2021 04:09:41 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 mptcp+bounces-2330-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 147.75.197.195 as permitted sender) client-ip=147.75.197.195;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of
 mptcp+bounces-2330-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 147.75.197.195 as permitted sender)
 smtp.mailfrom="mptcp+bounces-2330-wpasupplicant.patchew=gmail.com@lists.linux.dev"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
 [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ewr.edge.kernel.org (Postfix) with ESMTPS id 397F51C0D08
	for <wpasupplicant.patchew@gmail.com>; Fri, 29 Oct 2021 11:09:41 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id CBAC92C83;
	Fri, 29 Oct 2021 11:09:39 +0000 (UTC)
X-Original-To: mptcp@lists.linux.dev
Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc
 [193.142.43.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6908E29CA
	for <mptcp@lists.linux.dev>; Fri, 29 Oct 2021 11:09:38 +0000 (UTC)
Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92)
	(envelope-from <fw@breakpoint.cc>)
	id 1mgPlQ-000891-Mi; Fri, 29 Oct 2021 13:09:36 +0200
From: Florian Westphal <fw@strlen.de>
To: <mptcp@lists.linux.dev>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH mptcp-next v3 1/2] mptcp: sockopt: add SOL_IP freebind &
 transparent options
Date: Fri, 29 Oct 2021 13:09:26 +0200
Message-Id: <20211029110927.12315-2-fw@strlen.de>
X-Mailer: git-send-email 2.32.0
In-Reply-To: <20211029110927.12315-1-fw@strlen.de>
References: <20211029110927.12315-1-fw@strlen.de>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

These options also need to be set before bind, so do the sync of msk to
new ssk socket a bit earlier.

Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
---
 no changes
 net/mptcp/sockopt.c | 66 ++++++++++++++++++++++++++++++++++++++++++++-
 net/mptcp/subflow.c |  3 ++-
 2 files changed, 67 insertions(+), 2 deletions(-)

diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c
index b452571e8d9b..b818e91f2e09 100644
--- a/net/mptcp/sockopt.c
+++ b/net/mptcp/sockopt.c
@@ -390,6 +390,8 @@ static int mptcp_setsockopt_v6(struct mptcp_sock *msk, =
int optname,
=20
 	switch (optname) {
 	case IPV6_V6ONLY:
+	case IPV6_TRANSPARENT:
+	case IPV6_FREEBIND:
 		lock_sock(sk);
 		ssock =3D __mptcp_nmpc_socket(msk);
 		if (!ssock) {
@@ -398,8 +400,24 @@ static int mptcp_setsockopt_v6(struct mptcp_sock *msk,=
 int optname,
 		}
=20
 		ret =3D tcp_setsockopt(ssock->sk, SOL_IPV6, optname, optval, optlen);
-		if (ret =3D=3D 0)
+		if (ret !=3D 0) {
+			release_sock(sk);
+			return ret;
+		}
+
+		sockopt_seq_inc(msk);
+
+		switch (optname) {
+		case IPV6_V6ONLY:
 			sk->sk_ipv6only =3D ssock->sk->sk_ipv6only;
+			break;
+		case IPV6_TRANSPARENT:
+			inet_sk(sk)->transparent =3D inet_sk(ssock->sk)->transparent;
+			break;
+		case IPV6_FREEBIND:
+			inet_sk(sk)->freebind =3D inet_sk(ssock->sk)->freebind;
+			break;
+		}
=20
 		release_sock(sk);
 		break;
@@ -598,6 +616,46 @@ static int mptcp_setsockopt_sol_tcp_congestion(struct =
mptcp_sock *msk, sockptr_t
 	return ret;
 }
=20
+static int mptcp_setsockopt_sol_ip_set_transparent(struct mptcp_sock *msk,=
 int optname,
+						   sockptr_t optval, unsigned int optlen)
+{
+	struct sock *sk =3D (struct sock *)msk;
+	struct inet_sock *issk;
+	struct socket *ssock;
+	int ret, err;
+
+	err =3D ip_setsockopt(sk, SOL_IP, optname, optval, optlen);
+	if (err !=3D 0)
+		return err;
+
+	lock_sock(sk);
+
+	ssock =3D __mptcp_nmpc_socket(msk);
+	if (!ssock) {
+		release_sock(sk);
+		return -EINVAL;
+	}
+
+	issk =3D inet_sk(ssock->sk);
+
+	switch (optname) {
+	case IP_FREEBIND:
+		issk->freebind =3D inet_sk(sk)->freebind;
+		break;
+	case IP_TRANSPARENT:
+		issk->transparent =3D inet_sk(sk)->transparent;
+		break;
+	default:
+		release_sock(sk);
+		WARN_ON_ONCE(1);
+		return -EOPNOTSUPP;
+	}
+
+	sockopt_seq_inc(msk);
+	release_sock(sk);
+	return ret;
+}
+
 static int mptcp_setsockopt_v4_set_tos(struct mptcp_sock *msk, int optname,
 				       sockptr_t optval, unsigned int optlen)
 {
@@ -627,6 +685,9 @@ static int mptcp_setsockopt_v4(struct mptcp_sock *msk, =
int optname,
 			       sockptr_t optval, unsigned int optlen)
 {
 	switch (optname) {
+	case IP_FREEBIND:
+	case IP_TRANSPARENT:
+		return mptcp_setsockopt_sol_ip_set_transparent(msk, optname, optval, opt=
len);
 	case IP_TOS:
 		return mptcp_setsockopt_v4_set_tos(msk, optname, optval, optlen);
 	}
@@ -1068,6 +1129,9 @@ static void sync_socket_options(struct mptcp_sock *ms=
k, struct sock *ssk)
=20
 	if (inet_csk(sk)->icsk_ca_ops !=3D inet_csk(ssk)->icsk_ca_ops)
 		tcp_set_congestion_control(ssk, msk->ca_name, false, true);
+
+	inet_sk(ssk)->transparent =3D inet_sk(sk)->transparent;
+	inet_sk(ssk)->freebind =3D inet_sk(sk)->freebind;
 }
=20
 static void __mptcp_sockopt_sync(struct mptcp_sock *msk, struct sock *ssk)
diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
index 6172f380dfb7..72ccbd85941b 100644
--- a/net/mptcp/subflow.c
+++ b/net/mptcp/subflow.c
@@ -1425,6 +1425,8 @@ int __mptcp_subflow_connect(struct sock *sk, const st=
ruct mptcp_addr_info *loc,
 	if (addr.ss_family =3D=3D AF_INET6)
 		addrlen =3D sizeof(struct sockaddr_in6);
 #endif
+	mptcp_sockopt_sync(msk, ssk);
+
 	ssk->sk_bound_dev_if =3D ifindex;
 	err =3D kernel_bind(sf, (struct sockaddr *)&addr, addrlen);
 	if (err)
@@ -1441,7 +1443,6 @@ int __mptcp_subflow_connect(struct sock *sk, const st=
ruct mptcp_addr_info *loc,
 	mptcp_info2sockaddr(remote, &addr, ssk->sk_family);
=20
 	mptcp_add_pending_subflow(msk, subflow);
-	mptcp_sockopt_sync(msk, ssk);
 	err =3D kernel_connect(sf, (struct sockaddr *)&addr, addrlen, O_NONBLOCK);
 	if (err && err !=3D -EINPROGRESS)
 		goto failed_unlink;
--=20
2.32.0


From nobody Thu Apr 25 14:05:27 2024
Delivered-To: wpasupplicant.patchew@gmail.com
Received: by 2002:a02:956b:0:0:0:0:0 with SMTP id y98csp1437439jah;
        Fri, 29 Oct 2021 04:09:46 -0700 (PDT)
X-Google-Smtp-Source: 
 ABdhPJx0OXMa3ZD4L1sgNgwDsSaC7JMZDmcomWZu2ZJAsi+Wkep2jR92hW1yi6Sr0yB7RDqMcf14
X-Received: by 2002:aca:3f87:: with SMTP id m129mr12758237oia.5.1635505786357;
        Fri, 29 Oct 2021 04:09:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1635505786; cv=none;
        d=google.com; s=arc-20160816;
        b=POj5DSjGLVBAYTX8tScU/bBFpwX4aFDkCWlLKSvHng5ZxSqM+Ff7crKqJ4UCiSpFpu
         GygCGoiz8eFuvzA+sD6xYRbHXa9P2D3X1WPXBsHQ6JiFJcWzCiGu9mj8ThTvpJJ825Cx
         DR7Ui/vR9LFJWwltXj1g1tJJQV7h8BnziKVTbNHzk/vEH/np9obq6q/28kVEMUKaQL6R
         sV+MxpiT9kmHPs9AL4iK+eKDaHsIy/2y75+ZvqH2zU+Ak7QUarRxApafBjY8moE1dFOA
         E6Gqj0wCWdAu1hD/dGB1XbUzunhCR5iLMh6VrQXmVqEeRr/w27Nv8VqlOVA2sAZY3IUh
         v0Iw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from;
        bh=5oeRAj143DOufoqt2YIbkHvrsa0VMCzlmYuNej4euoM=;
        b=R9guAhBTLrEiipmX6L6YxJd0QhXHTjjeq2IrFBn6Wh70jidlVA2QBLJp0umVuW0f6v
         EIDjOGchCWFxdh8mbXCu6sQdgvh3Zv4LPpdC9YLbR4FqYeyScuADCqN9KkzzN7Y5s59B
         ypWCMP5c8KAIcZQQXJEsaDo69zR+lpQx5TPU5n9IT00NiHkQy7lmpuGZWGboUvxMnjQQ
         vQkrZZysr/Yqj+akMUbSbdI/cRFs0m3ozsxIJiz3R/EhXM6PnJsEve2WJ9LKd0Xjku7z
         U5134z+1kj332fwhP78krnT3/hXSlZldK/7Cqr7x/JTq8RuoQb94RXujB3w4f35aj6V7
         5D/A==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of
 mptcp+bounces-2331-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 147.75.197.195 as permitted sender)
 smtp.mailfrom="mptcp+bounces-2331-wpasupplicant.patchew=gmail.com@lists.linux.dev"
Return-Path: 
 <mptcp+bounces-2331-wpasupplicant.patchew=gmail.com@lists.linux.dev>
Received: from ewr.edge.kernel.org (ewr.edge.kernel.org. [147.75.197.195])
        by mx.google.com with ESMTPS id
 be30si6242479oib.241.2021.10.29.04.09.46
        for <wpasupplicant.patchew@gmail.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 29 Oct 2021 04:09:46 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 mptcp+bounces-2331-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 147.75.197.195 as permitted sender) client-ip=147.75.197.195;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of
 mptcp+bounces-2331-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 147.75.197.195 as permitted sender)
 smtp.mailfrom="mptcp+bounces-2331-wpasupplicant.patchew=gmail.com@lists.linux.dev"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
 [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ewr.edge.kernel.org (Postfix) with ESMTPS id 770AA1C0BFC
	for <wpasupplicant.patchew@gmail.com>; Fri, 29 Oct 2021 11:09:45 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 0E8072C87;
	Fri, 29 Oct 2021 11:09:44 +0000 (UTC)
X-Original-To: mptcp@lists.linux.dev
Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc
 [193.142.43.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 908D62C83
	for <mptcp@lists.linux.dev>; Fri, 29 Oct 2021 11:09:42 +0000 (UTC)
Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92)
	(envelope-from <fw@breakpoint.cc>)
	id 1mgPlU-00089B-SQ; Fri, 29 Oct 2021 13:09:40 +0200
From: Florian Westphal <fw@strlen.de>
To: <mptcp@lists.linux.dev>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH mptcp-next v3 2/2] selftests: mptcp: add tproxy test case
Date: Fri, 29 Oct 2021 13:09:27 +0200
Message-Id: <20211029110927.12315-3-fw@strlen.de>
X-Mailer: git-send-email 2.32.0
In-Reply-To: <20211029110927.12315-1-fw@strlen.de>
References: <20211029110927.12315-1-fw@strlen.de>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

No hard dependencies here, just skip if test environ lacks
nft binary or the needed kernel config options.

The test case spawns listener in ns2 but ns1 will connect
to the ip address of ns4.

policy routing + tproxy rule will redirect packets to ns2 instead
of forward.

v3: - update mptcp/config (Mat Martineau)
    - more verbose SKIP messages in mptcp_connect.sh

Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
---
 tools/testing/selftests/net/mptcp/config      |  8 +-
 .../selftests/net/mptcp/mptcp_connect.c       | 51 +++++++++++-
 .../selftests/net/mptcp/mptcp_connect.sh      | 80 +++++++++++++++++++
 3 files changed, 136 insertions(+), 3 deletions(-)

diff --git a/tools/testing/selftests/net/mptcp/config b/tools/testing/selft=
ests/net/mptcp/config
index 0faaccd21447..419e71560fd1 100644
--- a/tools/testing/selftests/net/mptcp/config
+++ b/tools/testing/selftests/net/mptcp/config
@@ -13,5 +13,9 @@ CONFIG_NFT_COUNTER=3Dm
 CONFIG_NFT_COMPAT=3Dm
 CONFIG_NETFILTER_XTABLES=3Dm
 CONFIG_NETFILTER_XT_MATCH_BPF=3Dm
-CONFIG_NF_TABLES_IPV4=3Dy
-CONFIG_NF_TABLES_IPV6=3Dy
+CONFIG_NF_TABLES_INET=3Dy
+CONFIG_NFT_TPROXY=3Dm
+CONFIG_NFT_SOCKET=3Dm
+CONFIG_IP_ADVANCED_ROUTER=3Dy
+CONFIG_IP_MULTIPLE_TABLES=3Dy
+CONFIG_IPV6_MULTIPLE_TABLES=3Dy
diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.c b/tools/test=
ing/selftests/net/mptcp/mptcp_connect.c
index 95e81d557b08..ada9b80774d4 100644
--- a/tools/testing/selftests/net/mptcp/mptcp_connect.c
+++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c
@@ -75,7 +75,12 @@ struct cfg_cmsg_types {
 	unsigned int timestampns:1;
 };
=20
+struct cfg_sockopt_types {
+	unsigned int transparent:1;
+};
+
 static struct cfg_cmsg_types cfg_cmsg_types;
+static struct cfg_sockopt_types cfg_sockopt_types;
=20
 static void die_usage(void)
 {
@@ -93,6 +98,7 @@ static void die_usage(void)
 	fprintf(stderr, "\t-u -- check mptcp ulp\n");
 	fprintf(stderr, "\t-w num -- wait num sec before closing the socket\n");
 	fprintf(stderr, "\t-c cmsg -- test cmsg type <cmsg>\n");
+	fprintf(stderr, "\t-o option -- test sockopt <option>\n");
 	fprintf(stderr,
 		"\t-P [saveWithPeek|saveAfterPeek] -- save data with/after MSG_PEEK form=
 tcp socket\n");
 	exit(1);
@@ -185,6 +191,22 @@ static void set_mark(int fd, uint32_t mark)
 	}
 }
=20
+static void set_transparent(int fd, int pf)
+{
+	int one =3D 1;
+
+	switch (pf) {
+	case AF_INET:
+		if (-1 =3D=3D setsockopt(fd, SOL_IP, IP_TRANSPARENT, &one, sizeof(one)))
+			perror("IP_TRANSPARENT");
+		break;
+	case AF_INET6:
+		if (-1 =3D=3D setsockopt(fd, IPPROTO_IPV6, IPV6_TRANSPARENT, &one, sizeo=
f(one)))
+			perror("IPV6_TRANSPARENT");
+		break;
+	}
+}
+
 static int sock_listen_mptcp(const char * const listenaddr,
 			     const char * const port)
 {
@@ -212,6 +234,9 @@ static int sock_listen_mptcp(const char * const listena=
ddr,
 				     sizeof(one)))
 			perror("setsockopt");
=20
+		if (cfg_sockopt_types.transparent)
+			set_transparent(sock, pf);
+
 		if (bind(sock, a->ai_addr, a->ai_addrlen) =3D=3D 0)
 			break; /* success */
=20
@@ -944,6 +969,27 @@ static void parse_cmsg_types(const char *type)
 	exit(1);
 }
=20
+static void parse_setsock_options(const char *name)
+{
+	char *next =3D strchr(name, ',');
+	unsigned int len =3D 0;
+
+	if (next) {
+		parse_setsock_options(next + 1);
+		len =3D next - name;
+	} else {
+		len =3D strlen(name);
+	}
+
+	if (strncmp(name, "TRANSPARENT", len) =3D=3D 0) {
+		cfg_sockopt_types.transparent =3D 1;
+		return;
+	}
+
+	fprintf(stderr, "Unrecognized setsockopt option %s\n", name);
+	exit(1);
+}
+
 int main_loop(void)
 {
 	int fd;
@@ -1047,7 +1093,7 @@ static void parse_opts(int argc, char **argv)
 {
 	int c;
=20
-	while ((c =3D getopt(argc, argv, "6jr:lp:s:hut:T:m:S:R:w:M:P:c:")) !=3D -=
1) {
+	while ((c =3D getopt(argc, argv, "6jr:lp:s:hut:T:m:S:R:w:M:P:c:o:")) !=3D=
 -1) {
 		switch (c) {
 		case 'j':
 			cfg_join =3D true;
@@ -1108,6 +1154,9 @@ static void parse_opts(int argc, char **argv)
 		case 'c':
 			parse_cmsg_types(optarg);
 			break;
+		case 'o':
+			parse_setsock_options(optarg);
+			break;
 		}
 	}
=20
diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.sh b/tools/tes=
ting/selftests/net/mptcp/mptcp_connect.sh
index 559173a8e387..a4226b608c68 100755
--- a/tools/testing/selftests/net/mptcp/mptcp_connect.sh
+++ b/tools/testing/selftests/net/mptcp/mptcp_connect.sh
@@ -671,6 +671,82 @@ run_tests()
 	run_tests_lo $1 $2 $3 0
 }
=20
+run_test_transparent()
+{
+	local connect_addr=3D"$1"
+	local msg=3D"$2"
+
+	local connector_ns=3D"$ns1"
+	local listener_ns=3D"$ns2"
+	local lret=3D0
+	local r6flag=3D""
+
+	# skip if we don't want v6
+	if ! $ipv6 && is_v6 "${connect_addr}"; then
+		return 0
+	fi
+
+ip netns exec "$listener_ns" nft -f /dev/stdin <<"EOF"
+flush ruleset
+table inet mangle {
+	chain divert {
+		type filter hook prerouting priority -150;
+
+		meta l4proto tcp socket transparent 1 meta mark set 1 accept
+		tcp dport 20000 tproxy to :20000 meta mark set 1 accept
+	}
+}
+EOF
+	if [ $? -ne 0 ]; then
+		echo "SKIP: $msg, could not load nft ruleset"
+		return
+	fi
+
+	local local_addr
+	if is_v6 "${connect_addr}"; then
+		local_addr=3D"::"
+		r6flag=3D"-6"
+	else
+		local_addr=3D"0.0.0.0"
+	fi
+
+	ip -net "$listener_ns" $r6flag rule add fwmark 1 lookup 100
+	if [ $? -ne 0 ]; then
+		ip netns exec "$listener_ns" nft flush ruleset
+		echo "SKIP: $msg, ip $r6flag rule failed"
+		return
+	fi
+
+	ip -net "$listener_ns" route add local $local_addr/0 dev lo table 100
+	if [ $? -ne 0 ]; then
+		ip netns exec "$listener_ns" nft flush ruleset
+		ip -net "$listener_ns" $r6flag rule del fwmark 1 lookup 100
+		echo "SKIP: $msg, ip route add local $local_addr failed"
+		return
+	fi
+
+	echo "INFO: test $msg"
+
+	TEST_COUNT=3D10000
+	local extra_args=3D"-o TRANSPARENT"
+	do_transfer ${listener_ns} ${connector_ns} MPTCP MPTCP \
+		    ${connect_addr} ${local_addr} "${extra_args}"
+	lret=3D$?
+
+	ip netns exec "$listener_ns" nft flush ruleset
+	ip -net "$listener_ns" $r6flag rule del fwmark 1 lookup 100
+	ip -net "$listener_ns" route del local $local_addr/0 dev lo table 100
+
+	if [ $lret -ne 0 ]; then
+		echo "FAIL: $msg, mptcp connection error" 1>&2
+		ret=3D$lret
+		return 1
+	fi
+
+	echo "PASS: $msg"
+	return 0
+}
+
 run_tests_peekmode()
 {
 	local peekmode=3D"$1"
@@ -794,5 +870,9 @@ run_tests_peekmode "saveWithPeek"
 run_tests_peekmode "saveAfterPeek"
 stop_if_error "Tests with peek mode have failed"
=20
+# connect to ns4 ip address, ns2 should intercept/proxy
+run_test_transparent 10.0.3.1 "tproxy ipv4"
+run_test_transparent dead:beef:3::1 "tproxy ipv6"
+
 display_time
 exit $ret
--=20
2.32.0