From: Geliang Tang <tanggeliang@kylinos.cn>

v4:
 - split "tls: add MPTCP protocol support" into smaller, more
   focused patches.
 - a new mptcp_inq helper has been implemented instead of directly
   using mptcp_inq_hint to fix the issue mentioned in [1].
 - add sk_is_msk helper.
 - the 'expect' parameter will no longer be added to sock_test_tcpulp.
   Instead, SOCK_TEST_TCPULP items causing the tests failure will be
   directly removed.
 - remove the "TCP KTLS" tests, keeping only the MPTCP-related ones.

[1]
https://patchwork.kernel.org/project/mptcp/patch/ce74452f4c095a1761ef493b767b4bd9f9c14359.1764333805.git.tanggeliang@kylinos.cn/

v3:
 - mptcp_read_sock() and mptcp_poll() are not exported, as mptcp_sockopt
   test does not use read_sock/poll interfaces. They will be exported when
   new tests are added in the future.
 - call mptcp_inq_hint in tls_device_rx_resync_new_rec(),
   tls_device_core_ctrl_rx_resync() and tls_read_flush_backlog() too.
 - update selftests.
 - Link: https://patchwork.kernel.org/project/mptcp/cover/cover.1763800601.git.tanggeliang@kylinos.cn/

v2:
 - fix disconnect.
 - update selftests.

This series adds KTLS support for MPTCP. Since the ULP of msk is not being
used, ULP KTLS can be directly configured onto msk without affecting its
communication.

Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/480

Geliang Tang (10):
  mptcp: add sk_is_msk helper
  tls: switch to MPTCP_SKB_CB
  tls: switch to mptcp_inq
  tls: switch to mptcp_sendmsg_locked
  tls: switch to mptcp_recv_skb
  tls: switch to mptcp_read_done
  mptcp: update ULP getsockopt
  mptcp: enable TLS setsockopt
  selftests: mptcp: connect: update sock_test_tcpulp
  selftests: mptcp: sockopt: implement MPTCP KTLS tests

 include/net/mptcp.h                           | 48 ++++++++++++
 net/mptcp/protocol.c                          | 66 ++++++++++++++--
 net/mptcp/protocol.h                          | 10 ---
 net/mptcp/sockopt.c                           | 30 +++++++-
 net/tls/tls_main.c                            |  4 +-
 net/tls/tls_strp.c                            | 24 ++++--
 net/tls/tls_sw.c                              |  8 +-
 tools/testing/selftests/net/mptcp/config      |  1 +
 .../selftests/net/mptcp/mptcp_connect.c       | 20 +++--
 .../selftests/net/mptcp/mptcp_sockopt.c       | 76 ++++++++++++++++++-
 .../selftests/net/mptcp/mptcp_sockopt.sh      | 36 +++++++++
 11 files changed, 289 insertions(+), 34 deletions(-)

-- 
2.51.0

Hi Geliang,

On 12/12/2025 03:27, Geliang Tang wrote:
> From: Geliang Tang <tanggeliang@kylinos.cn>
> 
> v4:
>  - split "tls: add MPTCP protocol support" into smaller, more
>    focused patches.
>  - a new mptcp_inq helper has been implemented instead of directly
>    using mptcp_inq_hint to fix the issue mentioned in [1].
>  - add sk_is_msk helper.
>  - the 'expect' parameter will no longer be added to sock_test_tcpulp.
>    Instead, SOCK_TEST_TCPULP items causing the tests failure will be
>    directly removed.
>  - remove the "TCP KTLS" tests, keeping only the MPTCP-related ones.

Thank you for the new version.

We briefly looked at the series with Mat yesterday, and we think that
this series would be better accepted by the KTLS maintainers if function
pointers are used instead of all the sk_is_msk() you added in many
places. In other words, adding a new layer, where "struct tls_strparser"
(or another one?) would have new fields with function pointer to call
tcp_inq() or mptcp_inq(), etc. e.g. strp->ops->tcp_inq(strp->sk).

MPTCP would then only be checked once at the initialisation, not before
each call.

Notes: If adding an indirection is an issue for the KTLS maintainers,
INDIRECT_CALL_*(...) macros can be used. Also, it might be good to send
the RFC to KTLS people, but probably best to wait for the read-sock
series to be in net-next? But if you are not sure about the new
suggested way, I guess it is always possible to email KTLS maintainers,
and ask for their feedback.

Cheers,
Matt
-- 
Sponsored by the NGI0 Core fund.

Hi Geliang,

Thank you for your modifications, that's great!

Our CI did some validations and here is its report:

- KVM Validation: normal (except selftest_mptcp_join): Unstable: 1 failed test(s): selftest_simult_flows 🔴
- KVM Validation: normal (only selftest_mptcp_join): Success! ✅
- KVM Validation: debug (except selftest_mptcp_join): Unstable: 1 failed test(s): packetdrill_add_addr 🔴
- KVM Validation: debug (only selftest_mptcp_join): Success! ✅
- KVM Validation: btf-normal (only bpftest_all): Success! ✅
- KVM Validation: btf-debug (only bpftest_all): Success! ✅
- Task: https://github.com/multipath-tcp/mptcp_net-next/actions/runs/20154532531

Initiator: Patchew Applier
Commits: https://github.com/multipath-tcp/mptcp_net-next/commits/397a7ac03cb4
Patchwork: https://patchwork.kernel.org/project/mptcp/list/?series=1032489


If there are some issues, you can reproduce them using the same environment as
the one used by the CI thanks to a docker image, e.g.:

    $ cd [kernel source code]
    $ docker run -v "${PWD}:${PWD}:rw" -w "${PWD}" --privileged --rm -it \
        --pull always mptcp/mptcp-upstream-virtme-docker:latest \
        auto-normal

For more details:

    https://github.com/multipath-tcp/mptcp-upstream-virtme-docker


Please note that despite all the efforts that have been already done to have a
stable tests suite when executed on a public CI like here, it is possible some
reported issues are not due to your modifications. Still, do not hesitate to
help us improve that ;-)

Cheers,
MPTCP GH Action bot
Bot operated by Matthieu Baerts (NGI0 Core)

Hi Geliang,

Thank you for your modifications, that's great!

Our CI did some validations and here is its report:

- KVM Validation: normal (except selftest_mptcp_join): Unstable: 1 failed test(s): selftest_simult_flows 🔴
- KVM Validation: normal (only selftest_mptcp_join): Success! ✅
- KVM Validation: debug (except selftest_mptcp_join): Unstable: 1 failed test(s): packetdrill_add_addr 🔴
- KVM Validation: debug (only selftest_mptcp_join): Critical: 2 Call Trace(s) - Critical: Unexpected stop of the VM ❌
- KVM Validation: btf-normal (only bpftest_all): Success! ✅
- KVM Validation: btf-debug (only bpftest_all): Success! ✅
- Task: https://github.com/multipath-tcp/mptcp_net-next/actions/runs/20154532531

Initiator: Patchew Applier
Commits: https://github.com/multipath-tcp/mptcp_net-next/commits/397a7ac03cb4
Patchwork: https://patchwork.kernel.org/project/mptcp/list/?series=1032489


If there are some issues, you can reproduce them using the same environment as
the one used by the CI thanks to a docker image, e.g.:

    $ cd [kernel source code]
    $ docker run -v "${PWD}:${PWD}:rw" -w "${PWD}" --privileged --rm -it \
        --pull always mptcp/mptcp-upstream-virtme-docker:latest \
        auto-normal

For more details:

    https://github.com/multipath-tcp/mptcp-upstream-virtme-docker


Please note that despite all the efforts that have been already done to have a
stable tests suite when executed on a public CI like here, it is possible some
reported issues are not due to your modifications. Still, do not hesitate to
help us improve that ;-)

Cheers,
MPTCP GH Action bot
Bot operated by Matthieu Baerts (NGI0 Core)