From nobody Mon Feb  9 01:21:08 2026
Delivered-To: wpasupplicant.patchew@gmail.com
Received: by 2002:a05:6638:bd2:0:0:0:0 with SMTP id g18csp1677123jad;
        Thu, 24 Feb 2022 07:50:30 -0800 (PST)
X-Google-Smtp-Source: 
 ABdhPJwmvfTBE98Pnodjem14/lmMG60f+Soo96kRBQHtUpbgn/1kgXZ7pT72VdpqCgEjsQQDEAx8
X-Received: by 2002:a65:4c0f:0:b0:373:f389:b7e0 with SMTP id
 u15-20020a654c0f000000b00373f389b7e0mr2659321pgq.411.1645717830834;
        Thu, 24 Feb 2022 07:50:30 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1645717830; cv=none;
        d=google.com; s=arc-20160816;
        b=kjgRihW4ex5aAA9rUtX2DgYEp0ZJgqGBYAuKGjifGXZUYvs4WwEO4L6xAd3Iz5FXWt
         EAYPbhyCARKCUYR4r4llIAcYuZxxfuGbiHEuEPaazMe9QhhO1b3ziJLGIjhP+XuKzWFZ
         1LAnSyNFZoF01lBFAbjtrC9Nq1J7XoWVldf3ADSwISCTbUdh3LnDk36JiYqmkEo53Sv3
         jqsx4g0pzgza0RR2OtVhjPri1dAq2wDo+MLr9xdGjbseCxEwQaGarjnVw5SHHqxXJlmA
         s+ItVxJKpajSm1ayLKQKJF01tW2v/ai0Xz6e01C1wlGJH4t8PMokzwHl+noq5BaQ+H/t
         Op+w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from;
        bh=Lj7v8n8CPI7ivzsWE4FHldpwlxQd/NVTJ2Urefl9AGA=;
        b=mkd9tTfg0ckfQFYoVNe5qt1HxSMwq6x6kmy23lsafU7rGf8o79Xj62alGw0L/f2nnE
         onTDVSyAZ0GqcgzfFZLyu2/2xWQsTwpiO4oxBufn6E4PnFTXK5scmqglmzpi6rkiTwSZ
         brM6bZfZBZdYv7XKl3q+4Wi9eOJgQPf9sO4XCLSlraMq44ROj/k2I36YOZv8b+4YhPjM
         g/kx2QbXU7Wa8hQfgwQ9bp436X0KEtYGP2xRc0c31R/jMRKoMXABvz7HSSbVGom+u1IT
         d667OfE+hBKWVdLh+44o2rsvaofmfJK+14LIg2SRPwuUdPFXQwFoI5mSfc8wmqFb7OSL
         7VVA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of
 mptcp+bounces-4007-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 147.75.69.165 as permitted sender)
 smtp.mailfrom="mptcp+bounces-4007-wpasupplicant.patchew=gmail.com@lists.linux.dev"
Return-Path: 
 <mptcp+bounces-4007-wpasupplicant.patchew=gmail.com@lists.linux.dev>
Received: from sjc.edge.kernel.org (sjc.edge.kernel.org. [147.75.69.165])
        by mx.google.com with ESMTPS id f4si2442185plr.596.2022.02.24.07.50.30
        for <wpasupplicant.patchew@gmail.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 24 Feb 2022 07:50:30 -0800 (PST)
Received-SPF: pass (google.com: domain of
 mptcp+bounces-4007-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 147.75.69.165 as permitted sender) client-ip=147.75.69.165;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of
 mptcp+bounces-4007-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 147.75.69.165 as permitted sender)
 smtp.mailfrom="mptcp+bounces-4007-wpasupplicant.patchew=gmail.com@lists.linux.dev"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
 [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sjc.edge.kernel.org (Postfix) with ESMTPS id 0FA873E0FB0
	for <wpasupplicant.patchew@gmail.com>; Thu, 24 Feb 2022 15:50:30 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 0022D748C;
	Thu, 24 Feb 2022 15:50:29 +0000 (UTC)
X-Original-To: mptcp@lists.linux.dev
Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc
 [193.142.43.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 87FCF7A
	for <mptcp@lists.linux.dev>; Thu, 24 Feb 2022 15:50:27 +0000 (UTC)
Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92)
	(envelope-from <fw@breakpoint.cc>)
	id 1nNGNn-0005Iz-Hs; Thu, 24 Feb 2022 16:50:19 +0100
From: Florian Westphal <fw@strlen.de>
To: <mptcp@lists.linux.dev>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH mptcp-next 1/4] mptcp: prefer ip address in syn skb instead of
 listen sk bound address
Date: Thu, 24 Feb 2022 16:50:07 +0100
Message-Id: <20220224155010.23676-2-fw@strlen.de>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220224155010.23676-1-fw@strlen.de>
References: <20220224155010.23676-1-fw@strlen.de>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Once we change mptcp to use tproxy-like scheme to steer mptcp join
requests to a special pernet socket, the 'sk bound address' becomes
meaningless because it will never be identical to the tcp dport/ip daddr
of the on-wire packet.

Prepare for this: pass the skbuff and use the packet data instead of
the address the listener socket is bound to.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 net/mptcp/pm_netlink.c | 17 +++++++++++++++--
 net/mptcp/protocol.h   |  2 +-
 net/mptcp/subflow.c    |  5 +++--
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c
index e3b0384ff79a..dcbc11d6b767 100644
--- a/net/mptcp/pm_netlink.c
+++ b/net/mptcp/pm_netlink.c
@@ -269,13 +269,26 @@ mptcp_lookup_anno_list_by_saddr(const struct mptcp_so=
ck *msk,
 	return NULL;
 }
=20
-bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, const struct sock=
 *sk)
+static void skb_fetch_src_address(const struct sk_buff *skb,
+				  struct mptcp_addr_info *addr)
+{
+	addr->port =3D tcp_hdr(skb)->dest;
+	if (addr->family =3D=3D AF_INET)
+		addr->addr.s_addr =3D ip_hdr(skb)->daddr;
+#if IS_ENABLED(CONFIG_MPTCP_IPV6)
+	else if (addr->family =3D=3D AF_INET6)
+		addr->addr6 =3D ipv6_hdr(skb)->daddr;
+#endif
+}
+
+bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, int af, const str=
uct sk_buff *skb)
 {
 	struct mptcp_pm_add_entry *entry;
 	struct mptcp_addr_info saddr;
 	bool ret =3D false;
=20
-	local_address((struct sock_common *)sk, &saddr);
+	saddr.family =3D af;
+	skb_fetch_src_address(skb, &saddr);
=20
 	spin_lock_bh(&msk->pm.lock);
 	list_for_each_entry(entry, &msk->pm.anno_list, list) {
diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h
index c8bada4537e2..6b2d7f60c8ad 100644
--- a/net/mptcp/protocol.h
+++ b/net/mptcp/protocol.h
@@ -761,7 +761,7 @@ void mptcp_pm_rm_addr_received(struct mptcp_sock *msk,
 void mptcp_pm_mp_prio_received(struct sock *sk, u8 bkup);
 void mptcp_pm_mp_fail_received(struct sock *sk, u64 fail_seq);
 void mptcp_pm_free_anno_list(struct mptcp_sock *msk);
-bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, const struct sock=
 *sk);
+bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, int af, const str=
uct sk_buff *skb);
 struct mptcp_pm_add_entry *
 mptcp_pm_del_add_timer(struct mptcp_sock *msk,
 		       const struct mptcp_addr_info *addr, bool check_id);
diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
index 30ffb00661bb..77da5f744a17 100644
--- a/net/mptcp/subflow.c
+++ b/net/mptcp/subflow.c
@@ -216,7 +216,8 @@ static int subflow_check_req(struct request_sock *req,
 			pr_debug("syn inet_sport=3D%d %d",
 				 ntohs(inet_sk(sk_listener)->inet_sport),
 				 ntohs(inet_sk((struct sock *)subflow_req->msk)->inet_sport));
-			if (!mptcp_pm_sport_in_anno_list(subflow_req->msk, sk_listener)) {
+			if (!mptcp_pm_sport_in_anno_list(subflow_req->msk,
+							 sk_listener->sk_family, skb)) {
 				SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MISMATCHPORTSYNRX);
 				return -EPERM;
 			}
@@ -793,7 +794,7 @@ static struct sock *subflow_syn_recv_sock(const struct =
sock *sk,
 				pr_debug("ack inet_sport=3D%d %d",
 					 ntohs(inet_sk(sk)->inet_sport),
 					 ntohs(inet_sk((struct sock *)owner)->inet_sport));
-				if (!mptcp_pm_sport_in_anno_list(owner, sk)) {
+				if (!mptcp_pm_sport_in_anno_list(owner, sk->sk_family, skb)) {
 					SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MISMATCHPORTACKRX);
 					goto dispose_child;
 				}
--=20
2.34.1