From nobody Sun Mar 22 09:51:31 2026
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6B5D22F532F
	for <mptcp@lists.linux.dev>; Fri, 13 Mar 2026 01:43:14 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1773366194; cv=none;
 b=hTK3Jw6EE59McRmCTKWdc1aXcGYq1L53W4n85vJPVrnw18iAdQIjs19rzLyB2pGMvcAvLnmOsku7pUvUUQbrW3cxgvSmHppzVtrhV/o7d8KXE8ZicV9Gel5+HFNyCbZ2j7imKTun5OYonN7/vO4LLCBMxoDaQvijPPo3ueAn/p4=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1773366194; c=relaxed/simple;
	bh=NLLRueB9vNDOV5XD1EDm2D9tHXxCHElffXgzqG/7IX0=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=Pv3gKE/1dbZ4fqEkeMzymmUXLLdkADNzKv9LKa3I4Y9uU/H1do8xLK3daprA0NOjnV7J4aR0f0ddki8ao/VPauoFXeoY76HPoCKxdSwFdb0/gRlg1ibJl2XZHM9SpUE3zyOCLHVnPsjgizeAIx6ZXsHlCVggzR0D1I0q25aFcSI=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=rQWzKiyA; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="rQWzKiyA"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 04E2BC2BC87;
	Fri, 13 Mar 2026 01:43:12 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1773366194;
	bh=NLLRueB9vNDOV5XD1EDm2D9tHXxCHElffXgzqG/7IX0=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=rQWzKiyAuVOLvmDC5W1DakUCv6tJgGLOREjWx9Fe/9WqQKc5dJwwQIJG2yZ085LTz
	 BPxV82HVN75YVQr/Hrl7vjqLBXJ7/kWrwEijdiyG01oT6V+4Q3BR7F24G7Ktuaw8O5
	 9I/UnJqgPpqxsRsMJ2zvvxqEYQamNPpDyJ0YVrpyck8bIo0FmsPRD1nVgm04UbTeem
	 b6dlCLbcIeNt9uUcHOmC3HLHN/vazStROkFjqOdCivKK41a2culP2aEeJAO5HvHzNN
	 xjiMrc2l6lMQ5FvdaKQI7iWCln1xsgmM9VHdf8gcRiJJsXCZYSAZIHNFAxIY08gWe8
	 w4FDYJ5WFEQVw==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v9 01/10] tls: introduce struct tls_prot_ops
Date: Fri, 13 Mar 2026 09:42:43 +0800
Message-ID: 
 <2ebc54f2517c713f2969fe1b7b21f3e2517291ca.1773365606.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <cover.1773365606.git.tanggeliang@kylinos.cn>
References: <cover.1773365606.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

To extend MPTCP support based on TCP TLS, a tls_prot_ops structure has
been introduced for TLS, encapsulating TCP-specific helpers within this
structure.

Add registering, validating and finding functions for this structure to
add, validate and find a tls_prot_ops on the global list tls_prot_ops_list.

Register TCP-specific structure tls_tcp_ops in tls_init().

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 include/net/tls.h  | 19 ++++++++++
 net/tls/tls_main.c | 88 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 107 insertions(+)

diff --git a/include/net/tls.h b/include/net/tls.h
index ebd2550280ae..40001110bccb 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -220,6 +220,25 @@ struct tls_prot_info {
 	u16 tail_size;
 };
=20
+struct tls_prot_ops {
+	int			protocol;
+	struct module		*owner;
+	struct list_head	list;
+
+	int (*inq)(struct sock *sk);
+	int (*sendmsg_locked)(struct sock *sk, struct msghdr *msg, size_t size);
+	struct sk_buff *(*recv_skb)(struct sock *sk, u32 *off);
+	int (*read_sock)(struct sock *sk, read_descriptor_t *desc,
+			 sk_read_actor_t recv_actor);
+	void (*read_done)(struct sock *sk, size_t len);
+	u32 (*get_skb_off)(struct sk_buff *skb);
+	u32 (*get_skb_seq)(struct sk_buff *skb);
+	__poll_t (*poll)(struct file *file, struct socket *sock,
+			 struct poll_table_struct *wait);
+	bool (*epollin_ready)(const struct sock *sk);
+	void (*check_app_limited)(struct sock *sk);
+};
+
 struct tls_context {
 	/* read-only cache line */
 	struct tls_prot_info prot_info;
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index fd39acf41a61..b123e35a153d 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -128,6 +128,24 @@ static struct proto_ops tls_proto_ops[TLS_NUM_PROTS][T=
LS_NUM_CONFIG][TLS_NUM_CON
 static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG],
 			 const struct proto *base);
=20
+static DEFINE_SPINLOCK(tls_prot_ops_lock);
+static LIST_HEAD(tls_prot_ops_list);
+
+/* Must be called with rcu read lock held */
+static struct tls_prot_ops *tls_prot_ops_find(int protocol)
+{
+	struct tls_prot_ops *ops, *ret =3D NULL;
+
+	list_for_each_entry_rcu(ops, &tls_prot_ops_list, list) {
+		if (ops->protocol =3D=3D protocol) {
+			ret =3D ops;
+			break;
+		}
+	}
+
+	return ret;
+}
+
 void update_sk_prot(struct sock *sk, struct tls_context *ctx)
 {
 	int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4;
@@ -1236,6 +1254,74 @@ static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mos=
tly =3D {
 	.get_info_size		=3D tls_get_info_size,
 };
=20
+static int tls_validate_prot_ops(const struct tls_prot_ops *ops)
+{
+	if (!ops->inq || !ops->sendmsg_locked ||
+	    !ops->recv_skb || !ops->read_sock || !ops->read_done ||
+	    !ops->get_skb_off || !ops->get_skb_seq ||
+	    !ops->poll || !ops->epollin_ready ||
+	    !ops->check_app_limited) {
+		pr_err("%d does not implement required ops\n", ops->protocol);
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
+static int tls_register_prot_ops(struct tls_prot_ops *ops)
+{
+	int ret;
+
+	ret =3D tls_validate_prot_ops(ops);
+	if (ret)
+		return ret;
+
+	spin_lock(&tls_prot_ops_lock);
+	if (tls_prot_ops_find(ops->protocol)) {
+		spin_unlock(&tls_prot_ops_lock);
+		return -EEXIST;
+	}
+	list_add_tail_rcu(&ops->list, &tls_prot_ops_list);
+	spin_unlock(&tls_prot_ops_lock);
+
+	pr_debug("tls_prot_ops %d registered\n", ops->protocol);
+	return 0;
+}
+
+static struct sk_buff *tls_tcp_recv_skb(struct sock *sk, u32 *off)
+{
+	return tcp_recv_skb(sk, tcp_sk(sk)->copied_seq, off);
+}
+
+static u32 tls_tcp_get_skb_off(struct sk_buff *skb)
+{
+	return 0;
+}
+
+static u32 tls_tcp_get_skb_seq(struct sk_buff *skb)
+{
+	return TCP_SKB_CB(skb)->seq;
+}
+
+static bool tls_tcp_epollin_ready(const struct sock *sk)
+{
+	return tcp_epollin_ready(sk, INT_MAX);
+}
+
+static struct tls_prot_ops tls_tcp_ops =3D {
+	.protocol		=3D IPPROTO_TCP,
+	.inq			=3D tcp_inq,
+	.sendmsg_locked		=3D tcp_sendmsg_locked,
+	.recv_skb		=3D tls_tcp_recv_skb,
+	.read_sock		=3D tcp_read_sock,
+	.read_done		=3D tcp_read_done,
+	.get_skb_off		=3D tls_tcp_get_skb_off,
+	.get_skb_seq		=3D tls_tcp_get_skb_seq,
+	.poll			=3D tcp_poll,
+	.epollin_ready		=3D tls_tcp_epollin_ready,
+	.check_app_limited	=3D tcp_rate_check_app_limited,
+};
+
 static int __init tls_register(void)
 {
 	int err;
@@ -1254,6 +1340,8 @@ static int __init tls_register(void)
=20
 	tcp_register_ulp(&tcp_tls_ulp_ops);
=20
+	tls_register_prot_ops(&tls_tcp_ops);
+
 	return 0;
 err_strp:
 	tls_strp_dev_exit();
--=20
2.53.0