From nobody Sat Oct 11 05:58:18 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 868B24502F; Fri, 19 Sep 2025 22:51:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758322298; cv=none; b=A7DqVcjCXH9Uds3HkK/QR9+DIDAB01iiKIEsGm2WsvdqTBUUvt+YANQhwtbYdSfpJ6ToFtCvUjL7QJQkiTrsrOppXydV1UM5aEYkTjnJbHLBYmJBRMuUQbTsusfm7E2svF821Mq7e0L91m25oEs1SwVbH07objODcvQcJpIdpHc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758322298; c=relaxed/simple; bh=NRf6dt5LEGVQ+jnAd7hn9tHnmjIBK+uJHpPzbAsXCU0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=isca2e+coKYKf85WS4jxDgqJCsP6vsOtu0vEiB1KgxRipfwoIc9pn1ZzDlAb/RRl+ijDyMWS2H8Ruh6h5Iblx7ITWfRJqTFtSU4TaiPBLFCtzMqnsy0hQtXRMBhtSxvp1d9dcuIyFMUzDnKsATjv0FZcWzir6UbGXNz9pwAdj8I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=radljgRx; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="radljgRx" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 744DFC4CEF0; Fri, 19 Sep 2025 22:51:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1758322297; bh=NRf6dt5LEGVQ+jnAd7hn9tHnmjIBK+uJHpPzbAsXCU0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=radljgRxhw8xaTF1rr7wpMuUw0e9AyevKgppDFzF7JjRnZdSss2Sh6r/U/KVLh+s2 rNBtnLueD26VRpwN1vIUolBNyEdKBT8jllmYtE6qdijv82MUx5m+vLUuRtgA/0bX0B oBWFPmXXgqrL7GsIbMV/9Q81XHTD/pa6fCxzNnAB6vjrUJISrhldSHtWausYsYP4Ui fp+aIh1dC6jExF8/v29jkFbdKaxyHl8sYy57b661Kev9lCNJf2ok7V5Aw2eFpPfVqt Ogg9L+Rtx5UnkfgGmiNCI2UCbNY6lIGagXP8OOYIJJyrF8Hy8aWXv0fB3+vv10r+nw MvlcWTFpituQw== From: "Matthieu Baerts (NGI0)" To: mptcp@lists.linux.dev, stable@vger.kernel.org, gregkh@linuxfoundation.org Cc: "Matthieu Baerts (NGI0)" , sashal@kernel.org, Marek Majkowski , Mat Martineau , Jakub Kicinski Subject: [PATCH 6.1.y 1/2] mptcp: pm: nl: announce deny-join-id0 flag Date: Sat, 20 Sep 2025 00:51:20 +0200 Message-ID: <20250919225118.3781035-5-matttbe@kernel.org> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20250919225118.3781035-4-matttbe@kernel.org> References: <20250919225118.3781035-4-matttbe@kernel.org> Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4446; i=matttbe@kernel.org; h=from:subject; bh=NRf6dt5LEGVQ+jnAd7hn9tHnmjIBK+uJHpPzbAsXCU0=; b=owGbwMvMwCVWo/Th0Gd3rumMp9WSGDLO3ssoONDNGbvGkWVTedfygx09oY3Bcz8Hu9kfZJY0X 6B9cPuxjlIWBjEuBlkxRRbptsj8mc+reEu8/Cxg5rAygQxh4OIUgImYzWL4zb5eoTjs88kv7m/Y r8TuD9czU2RPzM4V2RdfNnfPq+3/yxkZrqo+8n6w+tesZROuzX+6esuvfa7HVIQaSn2UXhoULVq gyw4A X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" commit 2293c57484ae64c9a3c847c8807db8c26a3a4d41 upstream. During the connection establishment, a peer can tell the other one that it cannot establish new subflows to the initial IP address and port by setting the 'C' flag [1]. Doing so makes sense when the sender is behind a strict NAT, operating behind a legacy Layer 4 load balancer, or using anycast IP address for example. When this 'C' flag is set, the path-managers must then not try to establish new subflows to the other peer's initial IP address and port. The in-kernel PM has access to this info, but the userspace PM didn't. The RFC8684 [1] is strict about that: (...) therefore the receiver MUST NOT try to open any additional subflows toward this address and port. So it is important to tell the userspace about that as it is responsible for the respect of this flag. When a new connection is created and established, the Netlink events now contain the existing but not currently used 'flags' attribute. When MPTCP_PM_EV_FLAG_DENY_JOIN_ID0 is set, it means no other subflows to the initial IP address and port -- info that are also part of the event -- can be established. Link: https://datatracker.ietf.org/doc/html/rfc8684#section-3.1-20.6 [1] Fixes: 702c2f646d42 ("mptcp: netlink: allow userspace-driven subflow establ= ishment") Reported-by: Marek Majkowski Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/532 Reviewed-by: Mat Martineau Signed-off-by: Matthieu Baerts (NGI0) Link: https://patch.msgid.link/20250912-net-mptcp-pm-uspace-deny_join_id0-v= 1-2-40171884ade8@kernel.org Signed-off-by: Jakub Kicinski [ Conflicts in mptcp_pm.yaml, and mptcp_pm.h, because these files have been added later by commit bc8aeb2045e2 ("Documentation: netlink: add a YAML spec for mptcp"), and commit 9d1ed17f93ce ("uapi: mptcp: use header file generated from YAML spec"), which are not in this version. Applying the same modifications, but only in mptcp.h. Conflict in pm_netlink.c, because of a difference in the context, introduced by commit b9f4554356f6 ("mptcp: annotate lockless access for token"), which is not in this version. ] Signed-off-by: Matthieu Baerts (NGI0) --- include/uapi/linux/mptcp.h | 6 ++++-- net/mptcp/pm_netlink.c | 7 +++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/include/uapi/linux/mptcp.h b/include/uapi/linux/mptcp.h index dfe19bf13f4c..dacc7af2ea1e 100644 --- a/include/uapi/linux/mptcp.h +++ b/include/uapi/linux/mptcp.h @@ -81,6 +81,8 @@ enum { =20 #define MPTCP_PM_ADDR_ATTR_MAX (__MPTCP_PM_ADDR_ATTR_MAX - 1) =20 +#define MPTCP_PM_EV_FLAG_DENY_JOIN_ID0 _BITUL(0) + #define MPTCP_PM_ADDR_FLAG_SIGNAL (1 << 0) #define MPTCP_PM_ADDR_FLAG_SUBFLOW (1 << 1) #define MPTCP_PM_ADDR_FLAG_BACKUP (1 << 2) @@ -127,13 +129,13 @@ struct mptcp_info { =20 /* * MPTCP_EVENT_CREATED: token, family, saddr4 | saddr6, daddr4 | daddr6, - * sport, dport + * sport, dport, server-side, [flags] * A new MPTCP connection has been created. It is the good time to allocate * memory and send ADD_ADDR if needed. Depending on the traffic-patterns * it can take a long time until the MPTCP_EVENT_ESTABLISHED is sent. * * MPTCP_EVENT_ESTABLISHED: token, family, saddr4 | saddr6, daddr4 | daddr= 6, - * sport, dport + * sport, dport, server-side, [flags] * A MPTCP connection is established (can start new subflows). * * MPTCP_EVENT_CLOSED: token diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index cf9244a3644f..7e72862a6b54 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -2242,6 +2242,7 @@ static int mptcp_event_created(struct sk_buff *skb, const struct sock *ssk) { int err =3D nla_put_u32(skb, MPTCP_ATTR_TOKEN, msk->token); + u16 flags =3D 0; =20 if (err) return err; @@ -2249,6 +2250,12 @@ static int mptcp_event_created(struct sk_buff *skb, if (nla_put_u8(skb, MPTCP_ATTR_SERVER_SIDE, READ_ONCE(msk->pm.server_side= ))) return -EMSGSIZE; =20 + if (READ_ONCE(msk->pm.remote_deny_join_id0)) + flags |=3D MPTCP_PM_EV_FLAG_DENY_JOIN_ID0; + + if (flags && nla_put_u16(skb, MPTCP_ATTR_FLAGS, flags)) + return -EMSGSIZE; + return mptcp_event_add_subflow(skb, ssk); } =20 --=20 2.51.0 From nobody Sat Oct 11 05:58:18 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7D8364502F; Fri, 19 Sep 2025 22:51:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758322299; cv=none; b=s5z/5ueAIBPvzP9CKNR0KHZ9I3HmqUozohWhnuMRTu1OIRlXM8qTjkJsBPHqciTS3/xRQA3V/WXP70YWoMZwx3eS3NQxXSFrt9fYhaARNvcJ52jobAI+eX8BZRXbS87M1em116xz/xYiOGALhQpL5/Z2JMH1LxqBoGzOgoJzsIM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758322299; c=relaxed/simple; bh=8ji9X0rLDh/Hy2xMwhr0qtVmgvReDn8OvJZn2UJbZ3k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=C2W80RN4ANjM6g/tFOfGr1Sf7En5yBOJmewPSgDxxnwb6kCSaFaaY+KH01mKuVpYhWWY0Hud/hpTg75FcUrO/vztnfH8jZud9AGlS7zIXNF1yMWQC2AcD1HPYIIkioBrVxKuvVGrY3hxOdJ/y45TPyGB6jOtONa8xLodesMh5Ks= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=d0iVGCJk; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="d0iVGCJk" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7C5F6C4CEF5; Fri, 19 Sep 2025 22:51:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1758322298; bh=8ji9X0rLDh/Hy2xMwhr0qtVmgvReDn8OvJZn2UJbZ3k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=d0iVGCJk9d1ueXtVEedeC5+uKvKHNwbmWM1r9f8EYITRS9VUBLL80rNrunWJOLCR0 77tsB+OLioNrV+hR/7BO0cBU7GTXwH6i09dg11Hb+l1S6+jx3MFnKsY6+7KYouPP1U Cp+oyafk2nePhk6mI3/9eLsOYFTahogmYM4DMohMaHZpKTRD0dQPR7rLlmjaQz2FZJ 2uMOe66/mibAPL3vTlIs81t0LHfrPcl7vKBk+gU2ayC+curPBBUCPCiJXNJ/kwTRGl fRazHfYT+zwPrYqToQ1ttCqfGrmR7X6j6ZDdYV1WUGgZaG88GOpgNvhwhc+OZeEphA Dxontcg3dFpJg== From: "Matthieu Baerts (NGI0)" To: mptcp@lists.linux.dev, stable@vger.kernel.org, gregkh@linuxfoundation.org Cc: "Matthieu Baerts (NGI0)" , sashal@kernel.org, Mat Martineau , Jakub Kicinski Subject: [PATCH 6.1.y 2/2] selftests: mptcp: userspace pm: validate deny-join-id0 flag Date: Sat, 20 Sep 2025 00:51:21 +0200 Message-ID: <20250919225118.3781035-6-matttbe@kernel.org> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20250919225118.3781035-4-matttbe@kernel.org> References: <20250919225118.3781035-4-matttbe@kernel.org> Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4691; i=matttbe@kernel.org; h=from:subject; bh=8ji9X0rLDh/Hy2xMwhr0qtVmgvReDn8OvJZn2UJbZ3k=; b=owGbwMvMwCVWo/Th0Gd3rumMp9WSGDLO3suaN3eTW0hS88oO4c6+OQc+zwsUfD/l74uXXZ6PB Walh11h7yhlYRDjYpAVU2SRbovMn/m8irfEy88CZg4rE8gQBi5OAZiI/SxGhssfDOfteT73+Cc3 Pvsvx3+JP/t03SJuY3C+n6db24n+txwM/7Rubdp5U6X2kDZrpNLzw4VvvjlI6bwIn8NWNKFF72Z MGhcA X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" commit 24733e193a0d68f20d220e86da0362460c9aa812 upstream. The previous commit adds the MPTCP_PM_EV_FLAG_DENY_JOIN_ID0 flag. Make sure it is correctly announced by the other peer when it has been received. pm_nl_ctl will now display 'deny_join_id0:1' when monitoring the events, and when this flag was set by the other peer. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: 702c2f646d42 ("mptcp: netlink: allow userspace-driven subflow establ= ishment") Reviewed-by: Mat Martineau Signed-off-by: Matthieu Baerts (NGI0) Link: https://patch.msgid.link/20250912-net-mptcp-pm-uspace-deny_join_id0-v= 1-3-40171884ade8@kernel.org Signed-off-by: Jakub Kicinski [ Conflict in userspace_pm.sh, because of a difference in the context, introduced by commit c66fb480a330 ("selftests: userspace pm: avoid relaunching pm events"), which is not in this version. The same lines can still be added at the same place. Conflicts in userspace_pm.sh, because of different refactoring, like with commit ae1fa39da991 ("selftests: mptcp: add evts_get_info helper"), and commit e198ad759273 ("selftests: mptcp: userspace_pm: uniform results printing"). The modifications have been adapted to the old version, without the new helpers. ] Signed-off-by: Matthieu Baerts (NGI0) --- tools/testing/selftests/net/mptcp/pm_nl_ctl.c | 7 +++++++ tools/testing/selftests/net/mptcp/userspace_pm.sh | 14 ++++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/net/mptcp/pm_nl_ctl.c b/tools/testing/= selftests/net/mptcp/pm_nl_ctl.c index 1887bd61bd9a..17e5b7ec53b6 100644 --- a/tools/testing/selftests/net/mptcp/pm_nl_ctl.c +++ b/tools/testing/selftests/net/mptcp/pm_nl_ctl.c @@ -188,6 +188,13 @@ static int capture_events(int fd, int event_group) fprintf(stderr, ",error:%u", *(__u8 *)RTA_DATA(attrs)); else if (attrs->rta_type =3D=3D MPTCP_ATTR_SERVER_SIDE) fprintf(stderr, ",server_side:%u", *(__u8 *)RTA_DATA(attrs)); + else if (attrs->rta_type =3D=3D MPTCP_ATTR_FLAGS) { + __u16 flags =3D *(__u16 *)RTA_DATA(attrs); + + /* only print when present, easier */ + if (flags & MPTCP_PM_EV_FLAG_DENY_JOIN_ID0) + fprintf(stderr, ",deny_join_id0:1"); + } =20 attrs =3D RTA_NEXT(attrs, msg_len); } diff --git a/tools/testing/selftests/net/mptcp/userspace_pm.sh b/tools/test= ing/selftests/net/mptcp/userspace_pm.sh index cb6c28d40129..a82ac12e816d 100755 --- a/tools/testing/selftests/net/mptcp/userspace_pm.sh +++ b/tools/testing/selftests/net/mptcp/userspace_pm.sh @@ -139,6 +139,9 @@ make_connection() is_v6=3D"v4" fi =20 + # set this on the client side only: will not affect the rest + ip netns exec "$ns2" sysctl -q net.mptcp.allow_join_initial_addr_port=3D0 + # Capture netlink events over the two network namespaces running # the MPTCP client and server local client_evts @@ -173,21 +176,28 @@ make_connection() local client_token local client_port local client_serverside + local client_nojoin local server_token local server_serverside + local server_nojoin =20 client_token=3D$(sed --unbuffered -n 's/.*\(token:\)\([[:digit:]]*\).*$/\= 2/p;q' "$client_evts") client_port=3D$(sed --unbuffered -n 's/.*\(sport:\)\([[:digit:]]*\).*$/\2= /p;q' "$client_evts") client_serverside=3D$(sed --unbuffered -n 's/.*\(server_side:\)\([[:digit= :]]*\).*$/\2/p;q'\ "$client_evts") + client_nojoin=3D$(sed --unbuffered -n 's/.*\(deny_join_id0:\)\([[:digit:]= ]*\).*$/\2/p;q'\ + "$client_evts") kill_wait $server_evts_pid server_token=3D$(sed --unbuffered -n 's/.*\(token:\)\([[:digit:]]*\).*$/\= 2/p;q' "$server_evts") server_serverside=3D$(sed --unbuffered -n 's/.*\(server_side:\)\([[:digit= :]]*\).*$/\2/p;q'\ "$server_evts") + server_nojoin=3D$(sed --unbuffered -n 's/.*\(deny_join_id0:\)\([[:digit:]= ]*\).*$/\2/p;q'\ + "$server_evts") rm -f "$client_evts" "$server_evts" "$file" =20 - if [ "$client_token" !=3D "" ] && [ "$server_token" !=3D "" ] && [ "$clie= nt_serverside" =3D 0 ] && - [ "$server_serverside" =3D 1 ] + if [ "${client_token}" !=3D "" ] && [ "${server_token}" !=3D "" ] && + [ "${client_serverside}" =3D 0 ] && [ "${server_serverside}" =3D 1 ] && + [ "${client_nojoin:-0}" =3D 0 ] && [ "${server_nojoin:-0}" =3D 1 ] then stdbuf -o0 -e0 printf "Established IP%s MPTCP Connection ns2 =3D> ns1 = \t\t[OK]\n" $is_v6 else --=20 2.51.0