From nobody Thu Jan  8 11:56:10 2026
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id BDD7522F772
	for <mptcp@lists.linux.dev>; Sun,  4 Jan 2026 09:35:18 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1767519318; cv=none;
 b=FDU8kxkpuGCWb6U4jJzD/Hjjf2cFpa31fXxoaCHuoJUvBOTyNRLLYLHP9shb8JZytj7CBB1X3rSOUoQXq8aML4JejeG3t+q1c/0N0FDiInqhuLeDpExRU8oWY5E5gMcpeRQHI5ndN3e8Hylc1ZQlhie34uRAVK3Q3g+7ABbA8As=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1767519318; c=relaxed/simple;
	bh=6m+cE1u1XbpqaJNA0zd0drM14tcrscpRtKxOLtrWHzc=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=Ppjwv3oWAGKPYZvcSQJMQAz1Qwqe18XCCXJFxVR41G58Ihiqcd0UeRjTh6H9gyp1v6ZNHdrvrgk7d+KY6PFCJ0w2WaRpb871piQsaK4a29DEuN3SV0IQbB0Z2g+rBBLXHaf+XaQK7ZKYvPHpexSjUOf8gbjEENnWBT/A8OIqPIs=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=gd/O+IlR; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="gd/O+IlR"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id E0456C116C6;
	Sun,  4 Jan 2026 09:35:16 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1767519318;
	bh=6m+cE1u1XbpqaJNA0zd0drM14tcrscpRtKxOLtrWHzc=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=gd/O+IlRnFO2FHapk31q+ISmgZUzA5Np11K2m+9sJunTHN2EG2CxBkI43tujvhY4Q
	 s+VkrFyjGUH+42ksnKhaOJtAveskJUVaQ/T8yxznVs91hK0m/FV5rLw7kg1pCSDoJR
	 isePaOzUQ0Ai/IyZhqQo9OXRRTjviqMPcSR0aB4B/xq1J7ioJe0u8GxQ54qOMrqTIA
	 F+IVrC+z9dn6kfjyu12LxlIRd23LXseCcGcxBGyTvfO9CQCUhLy+cBRDiT3uS7WktH
	 oRvfvy+6O0noYiOKxFY7wD4gTOHdZFMp4Al1fq5wfXT6IwEnLvqtKFkjDnxzReKYjk
	 1PChEDP/seRgQ==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v6 01/10] tls: introduce struct tls_prot_ops
Date: Sun,  4 Jan 2026 17:35:02 +0800
Message-ID: 
 <f1c4f2b1536ad480364108a86df20405d5dd17c6.1767518836.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <cover.1767518836.git.tanggeliang@kylinos.cn>
References: <cover.1767518836.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

To extend MPTCP support based on TCP TLS, a tls_prot_ops structure has
been introduced for TLS, encapsulating TCP-specific helpers within this
structure.

Add registering, validating and finding functions for this structure to
add, validate and find a tls_prot_ops on the global list tls_prot_ops_list.

Register TCP-specific structure tls_tcp_ops in tls_init().

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 include/net/tls.h  | 17 +++++++++++
 net/tls/tls_main.c | 70 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 87 insertions(+)

diff --git a/include/net/tls.h b/include/net/tls.h
index ebd2550280ae..34c39d3d284f 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -220,6 +220,23 @@ struct tls_prot_info {
 	u16 tail_size;
 };
=20
+struct tls_prot_ops {
+	int			protocol;
+	struct module		*owner;
+	struct list_head	list;
+
+	int (*inq)(struct sock *sk);
+	int (*sendmsg_locked)(struct sock *sk, struct msghdr *msg, size_t size);
+	struct sk_buff *(*recv_skb)(struct sock *sk, u32 seq, u32 *off);
+	void (*read_done)(struct sock *sk, size_t len);
+	u32 (*get_seq)(struct sk_buff *skb);
+	int (*read_sock)(struct sock *sk, read_descriptor_t *desc,
+			 sk_read_actor_t recv_actor);
+	__poll_t (*poll)(struct file *file, struct socket *sock,
+			 struct poll_table_struct *wait);
+	bool (*epollin_ready)(const struct sock *sk, int target);
+};
+
 struct tls_context {
 	/* read-only cache line */
 	struct tls_prot_info prot_info;
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 56ce0bc8317b..42d72539ecd3 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -632,6 +632,57 @@ static int validate_crypto_info(const struct tls_crypt=
o_info *crypto_info,
 	return 0;
 }
=20
+static DEFINE_SPINLOCK(tls_prot_ops_lock);
+static LIST_HEAD(tls_prot_ops_list);
+
+/* Must be called with rcu read lock held */
+static struct tls_prot_ops *tls_prot_ops_find(int protocol)
+{
+	struct tls_prot_ops *ops, *ret =3D NULL;
+
+	list_for_each_entry_rcu(ops, &tls_prot_ops_list, list) {
+		if (ops->protocol =3D=3D protocol) {
+			ret =3D ops;
+			break;
+		}
+	}
+
+	return ret;
+}
+
+static int tls_validate_prot_ops(const struct tls_prot_ops *ops)
+{
+	if (!ops->inq || !ops->sendmsg_locked ||
+	    !ops->recv_skb || !ops->read_done ||
+	    !ops->get_seq || !ops->read_sock ||
+	    !ops->poll || !ops->epollin_ready) {
+		pr_err("%d does not implement required ops\n", ops->protocol);
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
+static int tls_register_prot_ops(struct tls_prot_ops *ops)
+{
+	int ret;
+
+	ret =3D tls_validate_prot_ops(ops);
+	if (ret)
+		return ret;
+
+	spin_lock(&tls_prot_ops_lock);
+	if (tls_prot_ops_find(ops->protocol)) {
+		spin_unlock(&tls_prot_ops_lock);
+		return -EEXIST;
+	}
+	list_add_tail_rcu(&ops->list, &tls_prot_ops_list);
+	spin_unlock(&tls_prot_ops_lock);
+
+	pr_debug("tls_prot_ops %d registered\n", ops->protocol);
+	return 0;
+}
+
 static int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval,
 				  unsigned int optlen, int tx)
 {
@@ -1044,6 +1095,23 @@ static void build_protos(struct proto prot[TLS_NUM_C=
ONFIG][TLS_NUM_CONFIG],
 #endif
 }
=20
+static u32 tcp_get_seq(struct sk_buff *skb)
+{
+	return TCP_SKB_CB(skb)->seq;
+}
+
+static struct tls_prot_ops tls_tcp_ops =3D {
+	.protocol	=3D IPPROTO_TCP,
+	.inq		=3D tcp_inq,
+	.sendmsg_locked	=3D tcp_sendmsg_locked,
+	.recv_skb	=3D tcp_recv_skb,
+	.read_done	=3D tcp_read_done,
+	.get_seq	=3D tcp_get_seq,
+	.read_sock	=3D tcp_read_sock,
+	.poll		=3D tcp_poll,
+	.epollin_ready	=3D tcp_epollin_ready,
+};
+
 static int tls_init(struct sock *sk)
 {
 	struct tls_context *ctx;
@@ -1051,6 +1119,8 @@ static int tls_init(struct sock *sk)
=20
 	tls_build_proto(sk);
=20
+	tls_register_prot_ops(&tls_tcp_ops);
+
 #ifdef CONFIG_TLS_TOE
 	if (tls_toe_bypass(sk))
 		return 0;
--=20
2.51.0
From nobody Thu Jan  8 11:56:10 2026
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D95E2248F47
	for <mptcp@lists.linux.dev>; Sun,  4 Jan 2026 09:35:20 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1767519320; cv=none;
 b=c0X48UILoLrkzNuzyqyRKVPADYMjoY1pGRO6+xkzZThSsa4sTMfAp/OSWL/HCOXPZfRtUPob9yGeQ+q4MRiePxBAng6jX4G5lHnBVUUW4Oo54WUcbvIyHqPsPRvvX5R75qmaBV1BkhzVgg0NcOvqmyP4rhKovyH6kKitM9DVFWg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1767519320; c=relaxed/simple;
	bh=hLu4//MUmVzrCtXNYRdgKzJ//Lk1VhPUAXEvOIqcENI=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=sjbQoYprYs5gUSFMdQSlk12ZW3JM+Fg6Ut0Y22JHaLU+gvXhVT4A9QBw7/Lx2ZbDwPGe7rdCBs9FKog3XkNPyXsROimCaigE/Y/m+G4wGg6j1hbaFOvE8TbnVNkuSVJSYlmhnzCV3hZiO/ft5udTyxQlSfJ6zmwXziMe9vjM9Ww=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=aEquVGZW; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="aEquVGZW"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id D3527C4CEF7;
	Sun,  4 Jan 2026 09:35:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1767519320;
	bh=hLu4//MUmVzrCtXNYRdgKzJ//Lk1VhPUAXEvOIqcENI=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=aEquVGZWcey3Ahresubi3diAdJEkWPBYZcRqu/el6immr2hPfekC3Zpni5483RpZ9
	 f1h0ZuEWM5GB65/p9d0Er2S9pZaZPbAZSOWNSw584w5OvSc7t4WMcTYSp5uioTjwsc
	 3aeGmfRyUepPEBh8Nf38WY2652cEj4pBt0UAm5DhlQ/olJ9RRs+j3VZaIOj0MYYOEO
	 lMnD1+ugJREe5tDBGdFBFWxxb5G2f5AbOeSNjoCqqQNyKzR6aBRg+lkJw7HypOcube
	 ZL8QjesEOT/KjCWkJF7cCk1v2+RBz8xPZO8jOmLEHk299t/QplJRcIQYO9ECXma10P
	 f0mIF9X+kY6Tg==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v6 02/10] tls: add ops in tls_context
Date: Sun,  4 Jan 2026 17:35:03 +0800
Message-ID: 
 <26e538fc7e23e250e041b872794a5b915e6cc0ec.1767518836.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <cover.1767518836.git.tanggeliang@kylinos.cn>
References: <cover.1767518836.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

A pointer to struct tls_prot_ops, named 'ops', has been added to struct
tls_context. The places originally calling TLS-specific helpers have now
been modified to indirectly invoke them via 'ops' pointer in tls_context.

In do_tls_setsockopt_conf(), ctx->ops is assigned either 'tls_mptcp_ops'
or 'tls_tcp_ops' based on the socket protocol.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 include/net/tls.h    |  1 +
 net/tls/tls_device.c |  4 ++--
 net/tls/tls_main.c   | 11 ++++++++---
 net/tls/tls_strp.c   | 28 +++++++++++++++++++---------
 net/tls/tls_sw.c     |  5 +++--
 5 files changed, 33 insertions(+), 16 deletions(-)

diff --git a/include/net/tls.h b/include/net/tls.h
index 34c39d3d284f..47b9b17d87ec 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -275,6 +275,7 @@ struct tls_context {
 	struct sock *sk;
=20
 	void (*sk_destruct)(struct sock *sk);
+	const struct tls_prot_ops *ops;
=20
 	union tls_crypto_context crypto_send;
 	union tls_crypto_context crypto_recv;
diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index 82ea407e520a..c03bd4c41bc8 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -805,7 +805,7 @@ void tls_device_rx_resync_new_rec(struct sock *sk, u32 =
rcd_len, u32 seq)
 		/* head of next rec is already in, note that the sock_inq will
 		 * include the currently parsed message when called from parser
 		 */
-		sock_data =3D tcp_inq(sk);
+		sock_data =3D tls_ctx->ops->inq(sk);
 		if (sock_data > rcd_len) {
 			trace_tls_device_rx_resync_nh_delay(sk, sock_data,
 							    rcd_len);
@@ -864,7 +864,7 @@ static void tls_device_core_ctrl_rx_resync(struct tls_c=
ontext *tls_ctx,
 	rxm =3D strp_msg(skb);
=20
 	/* head of next rec is already in, parser will sync for us */
-	if (tcp_inq(sk) > rxm->full_len) {
+	if (tls_ctx->ops->inq(sk) > rxm->full_len) {
 		trace_tls_device_rx_resync_nh_schedule(sk);
 		ctx->resync_nh_do_now =3D 1;
 	} else {
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 42d72539ecd3..5d58351e2a03 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -194,7 +194,7 @@ int tls_push_sg(struct sock *sk,
 		bvec_set_page(&bvec, p, size, offset);
 		iov_iter_bvec(&msg.msg_iter, ITER_SOURCE, &bvec, 1, size);
=20
-		ret =3D tcp_sendmsg_locked(sk, &msg, size);
+		ret =3D ctx->ops->sendmsg_locked(sk, &msg, size);
=20
 		if (ret !=3D size) {
 			if (ret > 0) {
@@ -409,14 +409,14 @@ static __poll_t tls_sk_poll(struct file *file, struct=
 socket *sock,
 	u8 shutdown;
 	int state;
=20
-	mask =3D tcp_poll(file, sock, wait);
+	tls_ctx =3D tls_get_ctx(sk);
+	mask =3D tls_ctx->ops->poll(file, sock, wait);
=20
 	state =3D inet_sk_state_load(sk);
 	shutdown =3D READ_ONCE(sk->sk_shutdown);
 	if (unlikely(state !=3D TCP_ESTABLISHED || shutdown & RCV_SHUTDOWN))
 		return mask;
=20
-	tls_ctx =3D tls_get_ctx(sk);
 	ctx =3D tls_sw_ctx_rx(tls_ctx);
 	psock =3D sk_psock_get(sk);
=20
@@ -809,6 +809,11 @@ static int do_tls_setsockopt_conf(struct sock *sk, soc=
kptr_t optval,
 		ctx->tx_conf =3D conf;
 	else
 		ctx->rx_conf =3D conf;
+	spin_lock(&tls_prot_ops_lock);
+	ctx->ops =3D tls_prot_ops_find(sk->sk_protocol);
+	spin_unlock(&tls_prot_ops_lock);
+	if (!ctx->ops)
+		return -EINVAL;
 	update_sk_prot(sk, ctx);
=20
 	if (update)
diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c
index 98e12f0ff57e..3e79a8cfaadf 100644
--- a/net/tls/tls_strp.c
+++ b/net/tls/tls_strp.c
@@ -120,6 +120,7 @@ struct sk_buff *tls_strp_msg_detach(struct tls_sw_conte=
xt_rx *ctx)
 int tls_strp_msg_cow(struct tls_sw_context_rx *ctx)
 {
 	struct tls_strparser *strp =3D &ctx->strp;
+	struct tls_context *tls_ctx;
 	struct sk_buff *skb;
=20
 	if (strp->copy_mode)
@@ -132,7 +133,8 @@ int tls_strp_msg_cow(struct tls_sw_context_rx *ctx)
 	tls_strp_anchor_free(strp);
 	strp->anchor =3D skb;
=20
-	tcp_read_done(strp->sk, strp->stm.full_len);
+	tls_ctx =3D tls_get_ctx(strp->sk);
+	tls_ctx->ops->read_done(strp->sk, strp->stm.full_len);
 	strp->copy_mode =3D 1;
=20
 	return 0;
@@ -376,6 +378,7 @@ static int tls_strp_copyin(read_descriptor_t *desc, str=
uct sk_buff *in_skb,
=20
 static int tls_strp_read_copyin(struct tls_strparser *strp)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	read_descriptor_t desc;
=20
 	desc.arg.data =3D strp;
@@ -383,13 +386,14 @@ static int tls_strp_read_copyin(struct tls_strparser =
*strp)
 	desc.count =3D 1; /* give more than one skb per call */
=20
 	/* sk should be locked here, so okay to do read_sock */
-	tcp_read_sock(strp->sk, &desc, tls_strp_copyin);
+	ctx->ops->read_sock(strp->sk, &desc, tls_strp_copyin);
=20
 	return desc.error;
 }
=20
 static int tls_strp_read_copy(struct tls_strparser *strp, bool qshort)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	struct skb_shared_info *shinfo;
 	struct page *page;
 	int need_spc, len;
@@ -398,7 +402,7 @@ static int tls_strp_read_copy(struct tls_strparser *str=
p, bool qshort)
 	 * to read the data out. Otherwise the connection will stall.
 	 * Without pressure threshold of INT_MAX will never be ready.
 	 */
-	if (likely(qshort && !tcp_epollin_ready(strp->sk, INT_MAX)))
+	if (likely(qshort && !ctx->ops->epollin_ready(strp->sk, INT_MAX)))
 		return 0;
=20
 	shinfo =3D skb_shinfo(strp->anchor);
@@ -434,12 +438,13 @@ static int tls_strp_read_copy(struct tls_strparser *s=
trp, bool qshort)
 static bool tls_strp_check_queue_ok(struct tls_strparser *strp)
 {
 	unsigned int len =3D strp->stm.offset + strp->stm.full_len;
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	struct sk_buff *first, *skb;
 	u32 seq;
=20
 	first =3D skb_shinfo(strp->anchor)->frag_list;
 	skb =3D first;
-	seq =3D TCP_SKB_CB(first)->seq;
+	seq =3D ctx->ops->get_seq(first);
=20
 	/* Make sure there's no duplicate data in the queue,
 	 * and the decrypted status matches.
@@ -449,7 +454,7 @@ static bool tls_strp_check_queue_ok(struct tls_strparse=
r *strp)
 		len -=3D skb->len;
 		skb =3D skb->next;
=20
-		if (TCP_SKB_CB(skb)->seq !=3D seq)
+		if (ctx->ops->get_seq(skb) !=3D seq)
 			return false;
 		if (skb_cmp_decrypted(first, skb))
 			return false;
@@ -460,11 +465,12 @@ static bool tls_strp_check_queue_ok(struct tls_strpar=
ser *strp)
=20
 static void tls_strp_load_anchor_with_queue(struct tls_strparser *strp, in=
t len)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	struct tcp_sock *tp =3D tcp_sk(strp->sk);
 	struct sk_buff *first;
 	u32 offset;
=20
-	first =3D tcp_recv_skb(strp->sk, tp->copied_seq, &offset);
+	first =3D ctx->ops->recv_skb(strp->sk, tp->copied_seq, &offset);
 	if (WARN_ON_ONCE(!first))
 		return;
=20
@@ -483,6 +489,7 @@ static void tls_strp_load_anchor_with_queue(struct tls_=
strparser *strp, int len)
=20
 bool tls_strp_msg_load(struct tls_strparser *strp, bool force_refresh)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	struct strp_msg *rxm;
 	struct tls_msg *tlm;
=20
@@ -490,7 +497,7 @@ bool tls_strp_msg_load(struct tls_strparser *strp, bool=
 force_refresh)
 	DEBUG_NET_WARN_ON_ONCE(!strp->stm.full_len);
=20
 	if (!strp->copy_mode && force_refresh) {
-		if (unlikely(tcp_inq(strp->sk) < strp->stm.full_len)) {
+		if (unlikely(ctx->ops->inq(strp->sk) < strp->stm.full_len)) {
 			WRITE_ONCE(strp->msg_ready, 0);
 			memset(&strp->stm, 0, sizeof(strp->stm));
 			return false;
@@ -511,9 +518,10 @@ bool tls_strp_msg_load(struct tls_strparser *strp, boo=
l force_refresh)
 /* Called with lock held on lower socket */
 static int tls_strp_read_sock(struct tls_strparser *strp)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	int sz, inq;
=20
-	inq =3D tcp_inq(strp->sk);
+	inq =3D ctx->ops->inq(strp->sk);
 	if (inq < 1)
 		return 0;
=20
@@ -583,10 +591,12 @@ static void tls_strp_work(struct work_struct *w)
=20
 void tls_strp_msg_done(struct tls_strparser *strp)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
+
 	WARN_ON(!strp->stm.full_len);
=20
 	if (likely(!strp->copy_mode))
-		tcp_read_done(strp->sk, strp->stm.full_len);
+		ctx->ops->read_done(strp->sk, strp->stm.full_len);
 	else
 		tls_strp_flush_anchor_copy(strp);
=20
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 9937d4c810f2..a36f23aae603 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1952,13 +1952,14 @@ tls_read_flush_backlog(struct sock *sk, struct tls_=
prot_info *prot,
 		       size_t len_left, size_t decrypted, ssize_t done,
 		       size_t *flushed_at)
 {
+	struct tls_context *tls_ctx =3D tls_get_ctx(sk);
 	size_t max_rec;
=20
 	if (len_left <=3D decrypted)
 		return false;
=20
 	max_rec =3D prot->overhead_size - prot->tail_size + TLS_MAX_PAYLOAD_SIZE;
-	if (done - *flushed_at < SZ_128K && tcp_inq(sk) > max_rec)
+	if (done - *flushed_at < SZ_128K && tls_ctx->ops->inq(sk) > max_rec)
 		return false;
=20
 	*flushed_at =3D done;
@@ -2489,7 +2490,7 @@ int tls_rx_msg_size(struct tls_strparser *strp, struc=
t sk_buff *skb)
 	}
=20
 	tls_device_rx_resync_new_rec(strp->sk, data_len + TLS_HEADER_SIZE,
-				     TCP_SKB_CB(skb)->seq + strp->stm.offset);
+				     tls_ctx->ops->get_seq(skb) + strp->stm.offset);
 	return data_len + TLS_HEADER_SIZE;
=20
 read_failure:
--=20
2.51.0
From nobody Thu Jan  8 11:56:10 2026
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E21A622F772
	for <mptcp@lists.linux.dev>; Sun,  4 Jan 2026 09:35:22 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1767519323; cv=none;
 b=UkbXSxvLz/Mnnfi7cM1N7mhWjnItLRBy4JMEEx/MXrYNl8vI4ZRHsx+upsOwQhsjuowlkEzPW19n3Zkp76NE5uirfMNoVPXNMzD9SFHuRWdTbnwzp25wCn9eZbXSq+6/qdJywnfdxPRA6+okzq6NSpp202m69tfdyYpeKhugwL8=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1767519323; c=relaxed/simple;
	bh=HDha1aQuEeCE82OTJoPfDYOH05vj8RQ+G+8XoobS5G8=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=cpR7AtJiLIH16o2BHcDQaDKCMWz4PpR6gdwPATJrmXl8WORQZpqLFrBaD0IPOW3G3C45YsKCRq8AH8ESH4vtKLJLdgm3xfX53Gn4vkiHZ1m3Vig1VU3Kri3d2/xmBPtj174AW9OU6kE9UI8raLOoG8GtkpRWVKuI0zwn+H2AtXM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=sv/Fdor+; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="sv/Fdor+"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 03C7DC116C6;
	Sun,  4 Jan 2026 09:35:20 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1767519322;
	bh=HDha1aQuEeCE82OTJoPfDYOH05vj8RQ+G+8XoobS5G8=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=sv/Fdor+UptAyjuxX2Tw/xbURxJ3pAqK3A36VB6vw5w71bYA7FWyv249F9WTiASvF
	 ldNLa7kPANfoNQM3YQXlGrVgzlPBXGB0iiSyAfYHnhBxO3nfNCm8KFz2txEgNJnsGJ
	 x2wWT25u5vhdIGVdaBCvm0h9U/e5AVYiSUDNWoBW5QXcHwWncWVfRrZjRb3NGgJZAf
	 TFcRQBQqDs/OGsoMPOdR+nlSbsa8oWMiCY+1axLXlWh+eNy+C2bnKOE2tsG/2sZZ1i
	 IwGsBXWjh2kcuBq2ulFBIbGbFlUA/fSLrujLKrX6pQ2bKy8PKDii4JSH+NeZp2oiUp
	 5T4vUmImkiJRw==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v6 03/10] mptcp: implement tls_mptcp_ops
Date: Sun,  4 Jan 2026 17:35:04 +0800
Message-ID: 
 <a1a996887345314b95c487db3e334b0757c7596a.1767518836.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <cover.1767518836.git.tanggeliang@kylinos.cn>
References: <cover.1767518836.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

This patch implements the MPTCP-specific struct tls_prot_ops, named
'tls_mptcp_ops'.

Note that there is a slight difference between mptcp_inq() and
mptcp_inq_hint(), it does not return 1 when the socket is closed or
shut down; instead, it returns 0. Otherwise, it would break the
condition "inq < 1" in tls_strp_read_sock().

A direct call to mptcp_read_sock() could lead to a deadlock, as
'read_sock' interface of TLS might be invoked from within a softirq
context. In such a scenario, lock_sock_fast(), which is called by
mptcp_rcv_space_adjust() or mptcp_cleanup_rbuf(), would cause the
deadlocks. To resolve it, use in_softirq() to determine whether to
call mptcp_read_sock() or mptcp_read_sock_noack().

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 net/mptcp/protocol.c | 100 ++++++++++++++++++++++++++++++++++++++++---
 net/tls/tls_main.c   |   7 +++
 2 files changed, 101 insertions(+), 6 deletions(-)

diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index 900f26e21acd..da24e7b89637 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -24,11 +24,12 @@
 #include <net/mptcp.h>
 #include <net/hotdata.h>
 #include <net/xfrm.h>
+#include <net/tls.h>
 #include <asm/ioctls.h>
 #include "protocol.h"
 #include "mib.h"
=20
-static unsigned int mptcp_inq_hint(const struct sock *sk);
+static unsigned int mptcp_inq_hint(struct sock *sk);
=20
 #define CREATE_TRACE_POINTS
 #include <trace/events/mptcp.h>
@@ -1884,7 +1885,7 @@ static void mptcp_rps_record_subflows(const struct mp=
tcp_sock *msk)
 	}
 }
=20
-static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
+static int mptcp_sendmsg_locked(struct sock *sk, struct msghdr *msg, size_=
t len)
 {
 	struct mptcp_sock *msk =3D mptcp_sk(sk);
 	struct page_frag *pfrag;
@@ -1895,8 +1896,6 @@ static int mptcp_sendmsg(struct sock *sk, struct msgh=
dr *msg, size_t len)
 	/* silently ignore everything else */
 	msg->msg_flags &=3D MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL | MSG_FASTOPEN;
=20
-	lock_sock(sk);
-
 	mptcp_rps_record_subflows(msk);
=20
 	if (unlikely(inet_test_bit(DEFER_CONNECT, sk) ||
@@ -2004,7 +2003,6 @@ static int mptcp_sendmsg(struct sock *sk, struct msgh=
dr *msg, size_t len)
 		__mptcp_push_pending(sk, msg->msg_flags);
=20
 out:
-	release_sock(sk);
 	return copied;
=20
 do_error:
@@ -2015,6 +2013,17 @@ static int mptcp_sendmsg(struct sock *sk, struct msg=
hdr *msg, size_t len)
 	goto out;
 }
=20
+static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
+{
+	int ret;
+
+	lock_sock(sk);
+	ret =3D mptcp_sendmsg_locked(sk, msg, len);
+	release_sock(sk);
+
+	return ret;
+}
+
 static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied);
=20
 static void mptcp_eat_recv_skb(struct sock *sk, struct sk_buff *skb)
@@ -2242,7 +2251,7 @@ static bool mptcp_move_skbs(struct sock *sk)
 	return enqueued;
 }
=20
-static unsigned int mptcp_inq_hint(const struct sock *sk)
+static int mptcp_inq(struct sock *sk)
 {
 	const struct mptcp_sock *msk =3D mptcp_sk(sk);
 	const struct sk_buff *skb;
@@ -2257,6 +2266,16 @@ static unsigned int mptcp_inq_hint(const struct sock=
 *sk)
 		return (unsigned int)hint_val;
 	}
=20
+	return 0;
+}
+
+static unsigned int mptcp_inq_hint(struct sock *sk)
+{
+	unsigned int inq =3D mptcp_inq(sk);
+
+	if (inq)
+		return inq;
+
 	if (sk->sk_state =3D=3D TCP_CLOSE || (sk->sk_shutdown & RCV_SHUTDOWN))
 		return 1;
=20
@@ -4675,3 +4694,72 @@ int __init mptcp_proto_v6_init(void)
 	return err;
 }
 #endif
+
+static struct sk_buff *mptcp_recv_skb_tls(struct sock *sk, u32 seq, u32 *o=
ff)
+{
+	return mptcp_recv_skb(sk, off);
+}
+
+static void mptcp_read_done(struct sock *sk, size_t len)
+{
+	struct mptcp_sock *msk =3D mptcp_sk(sk);
+	struct sk_buff *skb;
+	size_t left;
+	u32 offset;
+
+	msk_owned_by_me(msk);
+
+	if (sk->sk_state =3D=3D TCP_LISTEN)
+		return;
+
+	left =3D len;
+	while (left && (skb =3D mptcp_recv_skb(sk, &offset)) !=3D NULL) {
+		int used;
+
+		used =3D min_t(size_t, skb->len - offset, left);
+		msk->bytes_consumed +=3D used;
+		MPTCP_SKB_CB(skb)->offset +=3D used;
+		MPTCP_SKB_CB(skb)->map_seq +=3D used;
+		left -=3D used;
+
+		if (skb->len > offset + used)
+			break;
+
+		mptcp_eat_recv_skb(sk, skb);
+	}
+
+	mptcp_rcv_space_adjust(msk, len - left);
+
+	/* Clean up data we have read: This will do ACK frames. */
+	if (left !=3D len)
+		mptcp_cleanup_rbuf(msk, len - left);
+}
+
+static u32 mptcp_get_seq(struct sk_buff *skb)
+{
+	return MPTCP_SKB_CB(skb)->map_seq;
+}
+
+static int mptcp_read_sock_tls(struct sock *sk, read_descriptor_t *desc,
+			       sk_read_actor_t recv_actor)
+{
+	return __mptcp_read_sock(sk, desc, recv_actor, in_softirq());
+}
+
+static bool mptcp_epollin_ready_tls(const struct sock *sk, int target)
+{
+	return mptcp_epollin_ready(sk);
+}
+
+struct tls_prot_ops tls_mptcp_ops =3D {
+	.protocol	=3D IPPROTO_MPTCP,
+	.inq		=3D mptcp_inq,
+	.sendmsg_locked	=3D mptcp_sendmsg_locked,
+	.recv_skb	=3D mptcp_recv_skb_tls,
+	.read_done	=3D mptcp_read_done,
+	.get_seq	=3D mptcp_get_seq,
+	.read_sock	=3D mptcp_read_sock_tls,
+	.poll		=3D mptcp_poll,
+	.epollin_ready	=3D mptcp_epollin_ready_tls,
+};
+EXPORT_SYMBOL(tls_mptcp_ops);
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 5d58351e2a03..db3c9ffabd76 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -1117,6 +1117,10 @@ static struct tls_prot_ops tls_tcp_ops =3D {
 	.epollin_ready	=3D tcp_epollin_ready,
 };
=20
+#ifdef CONFIG_MPTCP
+extern struct tls_prot_ops tls_mptcp_ops;
+#endif
+
 static int tls_init(struct sock *sk)
 {
 	struct tls_context *ctx;
@@ -1125,6 +1129,9 @@ static int tls_init(struct sock *sk)
 	tls_build_proto(sk);
=20
 	tls_register_prot_ops(&tls_tcp_ops);
+#ifdef CONFIG_MPTCP
+	tls_register_prot_ops(&tls_mptcp_ops);
+#endif
=20
 #ifdef CONFIG_TLS_TOE
 	if (tls_toe_bypass(sk))
--=20
2.51.0
From nobody Thu Jan  8 11:56:10 2026
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E664F248F47
	for <mptcp@lists.linux.dev>; Sun,  4 Jan 2026 09:35:24 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1767519325; cv=none;
 b=prHfnVLq4CPI/wSIPjY5HdQCQMdDsE2pGYOyY5yAuO694QW2xEp+SeUcLg9LT+coqbOAoHKMJkP9er6MtOLfHBU/2ddR0YVkEReb9+w6X4aV5yWBfDCMg8NgS8j/TohFm64eCYB84Pwq8uj3SObzlTu78k+SE5B12FdQAFkXfic=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1767519325; c=relaxed/simple;
	bh=iQjqsr6LyciaGbmny8udIYflydJoVM/BTsfKQtq23gk=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=MDyFFqihCi/vlPevkgjxD9q90X8eLaGtRWBCogIBdecQXBh7V7WPSbwPvFf8eK1Cxp4Drb9246aij9m6ptgrMqFpSuZOqb8RMdAyFtwC72xpru0gqj2Fip4RfD7raBW6HfAHnSQ90yKYZQ537tAWbTa1dVECA66TGcECnixXpds=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=irII4EL2; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="irII4EL2"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 28807C4CEF7;
	Sun,  4 Jan 2026 09:35:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1767519324;
	bh=iQjqsr6LyciaGbmny8udIYflydJoVM/BTsfKQtq23gk=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=irII4EL2p8/Yy1Or5/BVmFcjD6IUbQvguzk+0cZ6UvTn8lDa4B0cjer2Gettipvnf
	 rgw1Co+soUUfN/Sej2KeIjrsitRPt5S9XKY7d1zDspEjlCqy6RFPVAcfOAUqFFQXta
	 SctWNjGlYRCQnKL7GLQ1AYBDIm7yWySnDPEp0NGpFJvCzJ4xspPnKIMv5etT7X0zc1
	 9Hts/vwjZS9pHS/oIJwr6Y0JRYoV+yWsNjVJHPxRujnhx2NZwGIILAHiPvmc6Z+tsG
	 WPRB7EBX5o3HT7k0s0InLaxjsgUAMdknb6t0OuNIyoJb3TzKzEi6JTmo8AiaYokd9e
	 Q67CW0sQjkUxg==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v6 04/10] tcp: extract sock_get_ulp helper
Date: Sun,  4 Jan 2026 17:35:05 +0800
Message-ID: 
 <2e3f1bec789ab1685d4ffc41609b95adb770e2ff.1767518836.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <cover.1767518836.git.tanggeliang@kylinos.cn>
References: <cover.1767518836.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

Extract the TCP_ULP getsockopt operation into a tcp_sock_get_ulp() helper
so that it can also be used in MPTCP.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 include/linux/tcp.h |  1 +
 net/ipv4/tcp.c      | 36 ++++++++++++++++++++++--------------
 2 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/include/linux/tcp.h b/include/linux/tcp.h
index 20b8c6e21fef..6f0becc26402 100644
--- a/include/linux/tcp.h
+++ b/include/linux/tcp.h
@@ -644,6 +644,7 @@ void tcp_sock_set_quickack(struct sock *sk, int val);
 int tcp_sock_set_syncnt(struct sock *sk, int val);
 int tcp_sock_set_user_timeout(struct sock *sk, int val);
 int tcp_sock_set_maxseg(struct sock *sk, int val);
+int tcp_sock_get_ulp(struct sock *sk, sockptr_t optval, sockptr_t optlen);
=20
 static inline bool dst_tcp_usec_ts(const struct dst_entry *dst)
 {
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 40ad9656dc9e..1ba5794574c7 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -4438,6 +4438,27 @@ struct sk_buff *tcp_get_timestamping_opt_stats(const=
 struct sock *sk,
 	return stats;
 }
=20
+int tcp_sock_get_ulp(struct sock *sk, sockptr_t optval, sockptr_t optlen)
+{
+	struct inet_connection_sock *icsk =3D inet_csk(sk);
+	int len;
+
+	if (copy_from_sockptr(&len, optlen, sizeof(int)))
+		return -EFAULT;
+	len =3D min_t(unsigned int, len, TCP_ULP_NAME_MAX);
+	if (!icsk->icsk_ulp_ops) {
+		len =3D 0;
+		if (copy_to_sockptr(optlen, &len, sizeof(int)))
+			return -EFAULT;
+		return 0;
+	}
+	if (copy_to_sockptr(optlen, &len, sizeof(int)))
+		return -EFAULT;
+	if (copy_to_sockptr(optval, icsk->icsk_ulp_ops->name, len))
+		return -EFAULT;
+	return 0;
+}
+
 int do_tcp_getsockopt(struct sock *sk, int level,
 		      int optname, sockptr_t optval, sockptr_t optlen)
 {
@@ -4547,20 +4568,7 @@ int do_tcp_getsockopt(struct sock *sk, int level,
 		return 0;
=20
 	case TCP_ULP:
-		if (copy_from_sockptr(&len, optlen, sizeof(int)))
-			return -EFAULT;
-		len =3D min_t(unsigned int, len, TCP_ULP_NAME_MAX);
-		if (!icsk->icsk_ulp_ops) {
-			len =3D 0;
-			if (copy_to_sockptr(optlen, &len, sizeof(int)))
-				return -EFAULT;
-			return 0;
-		}
-		if (copy_to_sockptr(optlen, &len, sizeof(int)))
-			return -EFAULT;
-		if (copy_to_sockptr(optval, icsk->icsk_ulp_ops->name, len))
-			return -EFAULT;
-		return 0;
+		return tcp_sock_get_ulp(sk, optval, optlen);
=20
 	case TCP_FASTOPEN_KEY: {
 		u64 key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(u64)];
--=20
2.51.0
From nobody Thu Jan  8 11:56:10 2026
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E9A4D22F772
	for <mptcp@lists.linux.dev>; Sun,  4 Jan 2026 09:35:26 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1767519327; cv=none;
 b=W6oMohgKU+YIBC+o0x3ESpTNPi/fsj/WvNp3wXfif3p+LBiRWL3SkfmVfa20kuLetRAM1E55q64gGvVoSLkLAzquNQzdN+VGZoThYglj1g13uTGno9WF6tehzK5ILNzvRL6UmiblffCQ2rcQ6OnUTNIRgrJI4WG2QSU2dMBM39s=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1767519327; c=relaxed/simple;
	bh=4oauVhKzuKU+hQA0Uk5WLPAvFYM6MFS2TtqTIXtIEUA=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=UJ6kfVck9c+20JoScfpLqdK9noDv6NWPpp/StB6VrVqNANAuKbOIjoAotmyU6qeNvEMq7RhZ4+niOKwZWH3UKEX3Rkc88JPzhHlKGTESvmbR8ubcrQBJ7tYut6TgCCg1CM3KV5U/eksfcQvWrfB5nPpPqFfuO4YtySpsppSZfEU=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=I13IFIk9; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="I13IFIk9"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 341E5C4CEF7;
	Sun,  4 Jan 2026 09:35:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1767519326;
	bh=4oauVhKzuKU+hQA0Uk5WLPAvFYM6MFS2TtqTIXtIEUA=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=I13IFIk9bjNC0Wtb0GaT792OHQrb/YxoTCNeRYwcjLkNNliRhgbEaTgNeHe9epk6y
	 KnzUn/zvB9MqrYly8a7NUo1PUTeJU9mvdDr/D6RLO+lgQ5+F4XbE7zRFMoHsjBgKwN
	 YNe3CYPdRPUYROmPvgqQQSU13r311iFs7i77gw0Udvcyjw+Dor/A0qRjtzXQ+C4pe2
	 js6QoKsJPLElBZMqOYUltno3mO2F97Gj0zF0xUyanQJBZ1mH+K1Xb0uhmZt77/BPG6
	 6ULDUEc05jmqBLfHDfJJ25NWusBORtF6anOKpxCsaNGq8Pbg5u3YCH7wcSP/EEbNgL
	 boX3S+pXl8mGg==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v6 05/10] mptcp: update ULP getsockopt
Date: Sun,  4 Jan 2026 17:35:06 +0800
Message-ID: 
 <1334df7f5af5b86909c8e05ea882e2528534d563.1767518836.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <cover.1767518836.git.tanggeliang@kylinos.cn>
References: <cover.1767518836.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

TCP_ULP was obtained by calling mptcp_getsockopt_first_sf_only() to get
the ULP of the first subflow. Now that the mechanism has changed, a new
helper needs to be implemented to get the ULP of the msk.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 net/mptcp/sockopt.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c
index de90a2897d2d..a6230f7910fd 100644
--- a/net/mptcp/sockopt.c
+++ b/net/mptcp/sockopt.c
@@ -1393,6 +1393,17 @@ static int mptcp_put_int_option(struct mptcp_sock *m=
sk, char __user *optval,
 	return 0;
 }
=20
+static int mptcp_getsockopt_tcp_ulp(struct sock *sk, char __user *optval,
+				    int __user *optlen)
+{
+	int ret;
+
+	lock_sock(sk);
+	ret =3D tcp_sock_get_ulp(sk, USER_SOCKPTR(optval), USER_SOCKPTR(optlen));
+	release_sock(sk);
+	return ret;
+}
+
 static int mptcp_getsockopt_sol_tcp(struct mptcp_sock *msk, int optname,
 				    char __user *optval, int __user *optlen)
 {
@@ -1400,6 +1411,7 @@ static int mptcp_getsockopt_sol_tcp(struct mptcp_sock=
 *msk, int optname,
=20
 	switch (optname) {
 	case TCP_ULP:
+		return mptcp_getsockopt_tcp_ulp(sk, optval, optlen);
 	case TCP_CONGESTION:
 	case TCP_INFO:
 	case TCP_CC_INFO:
--=20
2.51.0
From nobody Thu Jan  8 11:56:10 2026
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 142D7248F47
	for <mptcp@lists.linux.dev>; Sun,  4 Jan 2026 09:35:28 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1767519329; cv=none;
 b=izHValyUoHNDXFohPVZxeavV9QWOqe2rNXsvR8DW+L6KRORCsgJG5Euspz6OU3785prpbkyvMqjRVUWy8MT4dQsN6E1yysELLmfYe2TZ4F9PRyIir/9xaNatlnCf3sLByV2VqOe2pzrf01ceVkx1te9G6zsKzWgBa08LxPNnqcY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1767519329; c=relaxed/simple;
	bh=EHZH+pSQqIMFf7gQSg0qm/9xfnNosjk+CcxMt4kMvT8=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=HU7WV6pgdTm22m+yWD06kfm3i1iATMyN81WzFR3XiVLWXGNfLqLl8LSlSWqantTwsOJkqrIWhzVHDOAj4iQGZ1Hw+TTQwJpWSyRINEWUhV8kV/AWHwJn/ANvcoyzujZzbm+o8AWUQqnY+9cFAKdmMBuoKH8bOfCHcl0hiEgjJOU=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=T/lOVSEr; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="T/lOVSEr"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 27276C4CEF7;
	Sun,  4 Jan 2026 09:35:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1767519328;
	bh=EHZH+pSQqIMFf7gQSg0qm/9xfnNosjk+CcxMt4kMvT8=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=T/lOVSEryFWqVPoJysX4nBsNQ1Ej30S6FQ5K9/F69lHoSH0ox6gcY55aq8KSQQW9U
	 SipRGSusuYCz3gUPiIKvCffz/dNlsM9znuzs/me79PHPBX6G4WoIxNbDcSz97/GYC4
	 v0ZC9Pzzm/TuCcSrwbN0/LtG//O0cs9V01AdHSopKHwfI+91qu1HceNxJUTuJZMgaa
	 +xutS6jOEpCDjASfTWcVBfh4+S7bgdwjwGkKlZSIJdnKlbdgZ+thR6V51GRHxXErrq
	 scqaDaXEqM3/9Iig11v44zBcm2DwygYyi2Uqw2sKU24Y+rr+a7IzjVJr9fCiYF1DOf
	 jP6DjqhC9FoFg==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v6 06/10] tcp: extract sock_set_ulp helper
Date: Sun,  4 Jan 2026 17:35:07 +0800
Message-ID: 
 <4542d190db86f7e3069d0b17cad1ae5afebf28a2.1767518836.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <cover.1767518836.git.tanggeliang@kylinos.cn>
References: <cover.1767518836.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

Extract the TCP_ULP setsockopt operation into a tcp_sock_set_ulp() helper
so that it can also be used in MPTCP.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 include/linux/tcp.h |  1 +
 net/ipv4/tcp.c      | 42 ++++++++++++++++++++++++------------------
 2 files changed, 25 insertions(+), 18 deletions(-)

diff --git a/include/linux/tcp.h b/include/linux/tcp.h
index 6f0becc26402..46b83895908c 100644
--- a/include/linux/tcp.h
+++ b/include/linux/tcp.h
@@ -645,6 +645,7 @@ int tcp_sock_set_syncnt(struct sock *sk, int val);
 int tcp_sock_set_user_timeout(struct sock *sk, int val);
 int tcp_sock_set_maxseg(struct sock *sk, int val);
 int tcp_sock_get_ulp(struct sock *sk, sockptr_t optval, sockptr_t optlen);
+int tcp_sock_set_ulp(struct sock *sk, sockptr_t optval, unsigned int optle=
n);
=20
 static inline bool dst_tcp_usec_ts(const struct dst_entry *dst)
 {
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 1ba5794574c7..1ad7e5ed6f25 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -3809,6 +3809,28 @@ int tcp_sock_set_maxseg(struct sock *sk, int val)
 	return 0;
 }
=20
+int tcp_sock_set_ulp(struct sock *sk, sockptr_t optval, unsigned int optle=
n)
+{
+	char name[TCP_ULP_NAME_MAX];
+	int err =3D 0;
+	size_t len;
+	int val;
+
+	if (optlen < 1)
+		return -EINVAL;
+
+	len =3D min_t(long, TCP_ULP_NAME_MAX - 1, optlen);
+	val =3D strncpy_from_sockptr(name, optval, len);
+	if (val < 0)
+		return -EFAULT;
+	name[val] =3D 0;
+
+	sockopt_lock_sock(sk);
+	err =3D tcp_set_ulp(sk, name);
+	sockopt_release_sock(sk);
+	return err;
+}
+
 /*
  *	Socket option code for TCP.
  */
@@ -3842,24 +3864,8 @@ int do_tcp_setsockopt(struct sock *sk, int level, in=
t optname,
 		sockopt_release_sock(sk);
 		return err;
 	}
-	case TCP_ULP: {
-		char name[TCP_ULP_NAME_MAX];
-
-		if (optlen < 1)
-			return -EINVAL;
-
-		val =3D strncpy_from_sockptr(name, optval,
-					min_t(long, TCP_ULP_NAME_MAX - 1,
-					      optlen));
-		if (val < 0)
-			return -EFAULT;
-		name[val] =3D 0;
-
-		sockopt_lock_sock(sk);
-		err =3D tcp_set_ulp(sk, name);
-		sockopt_release_sock(sk);
-		return err;
-	}
+	case TCP_ULP:
+		return tcp_sock_set_ulp(sk, optval, optlen);
 	case TCP_FASTOPEN_KEY: {
 		__u8 key[TCP_FASTOPEN_KEY_BUF_LENGTH];
 		__u8 *backup_key =3D NULL;
--=20
2.51.0
From nobody Thu Jan  8 11:56:10 2026
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id CE602248F47
	for <mptcp@lists.linux.dev>; Sun,  4 Jan 2026 09:35:30 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1767519330; cv=none;
 b=hQhJE5FOGUMxOELd9OWJeWZVNr2/EWgDxGpu21NeBE5VxmnIQBJNC7reHITTvFG9BCI1rntq46nlAMk29BtzF/7rxfodAnBFoI7V+vwPt9hQyT+EDkc6uSkfTUnc7/EOxM1vSPkQPET59fSzEIDW/ELJBXwBBFAN6VdJqA86/zA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1767519330; c=relaxed/simple;
	bh=uWL3fO1iDoOzolqOJnBXMAGcRaBP1c1QBpJbhFJbSfg=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=Ol77R18vlRQkLQsUxcS5FCXJoB3I8d2VsjintCyg5czN1hBOYVjss7DyoIIeFpsEz8M9tvbcBdm8uvQ3sLvS0IVAkLBCMArZ7nBTm1acFOalkiwE3dyRdKupjLQ2hIuTJApoVY5Z+msocFI3nm0KduUycbs33AtqAm5vY0eRgaM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=r1jW/aIe; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="r1jW/aIe"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4B910C4CEF7;
	Sun,  4 Jan 2026 09:35:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1767519330;
	bh=uWL3fO1iDoOzolqOJnBXMAGcRaBP1c1QBpJbhFJbSfg=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=r1jW/aIeTOeUj9QNmqLoy9yGbB43txlYHq5McSk2ejcr7c0WHRXSaSzqw8O0yFqOT
	 cejpQoJbEnVyKaQ8EPmcx1IzFfVKUOWrMpUyBwAN/oiINNCtrtwtN5H4Conqo9r/04
	 vczKwRGumX3nkV/jd91ESt/oiqNYGbA43nZX6/7ws/pbzUpOCDvSNxydgZ0eZ35UKB
	 GNgAXqpTBp0iPSn/49rNkqNxmFg0dhFLpsROzscTWOFD49y/2Jb5NmHvILhpX1TEr5
	 1g/U+xbs61WfoN/PUmySqobIXuEhgzigQHSKsnqP38Nyx26OTRe2GNl3eDfv514pUk
	 cbDpzIujLbIpA==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v6 07/10] mptcp: enable TLS setsockopt
Date: Sun,  4 Jan 2026 17:35:08 +0800
Message-ID: 
 <fc85f7184251bc82d9fa268d399ed312e5b2b827.1767518836.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <cover.1767518836.git.tanggeliang@kylinos.cn>
References: <cover.1767518836.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

This patch adds MPTCP TLS setsockopt support. It allows setting the TCP_ULP
option to 'tls' exclusively, and enables configuration of the TLS_TX and
TLS_RX options at the SOL_TLS level.

This option cannot be set when the socket is in CLOSE or LISTEN state.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 net/mptcp/sockopt.c | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c
index a6230f7910fd..c0c95c405b43 100644
--- a/net/mptcp/sockopt.c
+++ b/net/mptcp/sockopt.c
@@ -12,6 +12,7 @@
 #include <net/protocol.h>
 #include <net/tcp.h>
 #include <net/mptcp.h>
+#include <net/tls.h>
 #include "protocol.h"
=20
 #define MIN_INFO_OPTLEN_SIZE		16
@@ -567,6 +568,7 @@ static bool mptcp_supported_sockopt(int level, int optn=
ame)
 		case TCP_FASTOPEN_CONNECT:
 		case TCP_FASTOPEN_KEY:
 		case TCP_FASTOPEN_NO_COOKIE:
+		case TCP_ULP:
 			return true;
 		}
=20
@@ -576,6 +578,13 @@ static bool mptcp_supported_sockopt(int level, int opt=
name)
 		 * TCP_REPAIR_WINDOW are not supported, better avoid this mess
 		 */
 	}
+	if (level =3D=3D SOL_TLS) {
+		switch (optname) {
+		case TLS_TX:
+		case TLS_RX:
+			return true;
+		}
+	}
 	return false;
 }
=20
@@ -815,6 +824,19 @@ static int mptcp_setsockopt_all_sf(struct mptcp_sock *=
msk, int level,
 	return ret;
 }
=20
+static int mptcp_setsockopt_tcp_ulp(struct sock *sk, sockptr_t optval, uns=
igned int optlen)
+{
+	char ulp[4] =3D "";
+
+	if (copy_from_user(ulp, optval.user, 4))
+		return -EFAULT;
+	if (strcmp(ulp, "tls\0"))
+		return -EOPNOTSUPP;
+	if ((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))
+		return -ENOTCONN;
+	return tcp_sock_set_ulp(sk, optval, optlen);
+}
+
 static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *msk, int optname,
 				    sockptr_t optval, unsigned int optlen)
 {
@@ -823,7 +845,7 @@ static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *=
msk, int optname,
=20
 	switch (optname) {
 	case TCP_ULP:
-		return -EOPNOTSUPP;
+		return mptcp_setsockopt_tcp_ulp(sk, optval, optlen);
 	case TCP_CONGESTION:
 		return mptcp_setsockopt_sol_tcp_congestion(msk, optval, optlen);
 	case TCP_DEFER_ACCEPT:
--=20
2.51.0
From nobody Thu Jan  8 11:56:10 2026
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 45B39248F47
	for <mptcp@lists.linux.dev>; Sun,  4 Jan 2026 09:35:32 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1767519333; cv=none;
 b=am+8uD3ROxiwFNQRzrzJNbBah0CXU79gzcKWevgOaAN/HEvLtFDTo4/v6qQGPWH1nPtRb0S7rmm5B5YaEfd7CD3UmPNW7kBVLsEKTqgApD4lCbgDAm9Dqv2LryOqAh1Yu3lqtnY6Y9z2qpl/a3UStOTNrPnYmyKCHpl1Fs6PF/I=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1767519333; c=relaxed/simple;
	bh=Szr/lToEsIj3M3xclaxfxA1Ft51MKqPAHn8KZoDp0PA=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=rMxcITTwjZHm222P5RpEO3vJdU4jUFxY/vYJios6GueMwoKQubfuIdOckvINo4ZazwPY7uroKr1Moi9oHbcnKKLgeGOdhnx4oOwSYx9pBLjHqgfVNOTtBSaSlai0K3oZJyjds+jl6dcBCKa4Of4RDny1s2KSqTVTtvt3zKA7+ck=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=QOw6Arpx; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="QOw6Arpx"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3E646C4CEF7;
	Sun,  4 Jan 2026 09:35:31 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1767519332;
	bh=Szr/lToEsIj3M3xclaxfxA1Ft51MKqPAHn8KZoDp0PA=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=QOw6ArpxRdxM3glQAG9hIngraqHqbFD+RqyXuC+RGrl2B2PNV44W6zhwT/D0ed5gN
	 qpnqf7X2/lzDnHk6pjnXAxjq4U6+4g72CCh8nDRTvCJHpI5qfdlo/oEdLXA4Ozvgbs
	 bGfXORy+vSnm0RCPsVPBmUJ+zGJt+I7V1T+/PeYLEJGk0j6SU41nZlVii65QurzTeR
	 oy1Tba23n6x5w+09Fim11/UCgu5YRca4QW2MRSr5I/p7NWtJt5uESA0fgrXE/98Kjk
	 bH1mW9WjTwAp2bLsjcVSEjLk/XJSQ7/Ce8xGGUXEELFFIwNZ1wrrSzPvetlsRMtu10
	 7yGhEpyQnbHJg==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v6 08/10] selftests: mptcp: connect: update
 sock_test_tcpulp
Date: Sun,  4 Jan 2026 17:35:09 +0800
Message-ID: 
 <60062870d6cf5189817dca821a9f5f46402597d4.1767518836.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <cover.1767518836.git.tanggeliang@kylinos.cn>
References: <cover.1767518836.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

Update sock_test_tcpulp() to ensure the mptcp_connect.c tests are not
broken when CONFIG_TLS is enabled.

With KTLS being implemented, "tls" should no longer be used in
sock_test_tcpulp(), another ULP name, "smc", is set instead in this
patch.

is_mptcp() has been added to determine whether the current test mode is
MPTCP or fallback. In MPTCP mode, the getsockopt TCP_ULP value should be
"tls", while in fallback mode, it should be "mptcp".

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 .../selftests/net/mptcp/mptcp_connect.c        | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.c b/tools/test=
ing/selftests/net/mptcp/mptcp_connect.c
index b82df82e0594..9da32701d2d0 100644
--- a/tools/testing/selftests/net/mptcp/mptcp_connect.c
+++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c
@@ -271,6 +271,18 @@ static int do_ulp_so(int sock, const char *name)
 	return setsockopt(sock, IPPROTO_TCP, TCP_ULP, name, strlen(name));
 }
=20
+static int is_mptcp(int fd)
+{
+	socklen_t optlen;
+	int mptcp =3D 0;
+
+	optlen =3D sizeof(mptcp);
+	if (getsockopt(fd, IPPROTO_TCP, TCP_IS_MPTCP, &mptcp, &optlen) =3D=3D -1)
+		perror("TCP_IS_MPTCP");
+
+	return mptcp;
+}
+
 #define X(m)	xerror("%s:%u: %s: failed for proto %d at line %u", __FILE__,=
 __LINE__, (m), proto, line)
 static void sock_test_tcpulp(int sock, int proto, unsigned int line)
 {
@@ -282,13 +294,13 @@ static void sock_test_tcpulp(int sock, int proto, uns=
igned int line)
 		X("getsockopt");
=20
 	if (buflen > 0) {
-		if (strcmp(buf, "mptcp") !=3D 0)
+		if (strcmp(buf, is_mptcp(sock) ? "tls" : "mptcp") !=3D 0)
 			xerror("unexpected ULP '%s' for proto %d at line %u", buf, proto, line);
-		ret =3D do_ulp_so(sock, "tls");
+		ret =3D do_ulp_so(sock, "smc");
 		if (ret =3D=3D 0)
 			X("setsockopt");
 	} else if (proto =3D=3D IPPROTO_MPTCP) {
-		ret =3D do_ulp_so(sock, "tls");
+		ret =3D do_ulp_so(sock, "smc");
 		if (ret !=3D -1)
 			X("setsockopt");
 	}
--=20
2.51.0
From nobody Thu Jan  8 11:56:10 2026
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 064DB22F772
	for <mptcp@lists.linux.dev>; Sun,  4 Jan 2026 09:35:35 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1767519335; cv=none;
 b=hkaJEUGn4CJk7X1t8BDfa8OH0jZ3nVxJrw71GjM+EHhdWLrnY+zF91TXJXQ6NqIz5agCeD4dYP4P7bp1znXhZpoxCRB0cMfKCQ74gDNkTeiIeYePXaBjTeiGovt6hkcTE1jFonPGnvSFSQJcGemfyIDZ/HfSYUehgWf1Yqj2gRk=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1767519335; c=relaxed/simple;
	bh=qBrl+DpO/Sk+ePK3jgJZurfHDEprIEjBG1Lfob5lho4=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=QMuWB/xK1vOaYX3QpzuQu5np0ucJ1mMulTS1FkMx6XmUQhDYE66LYU5XyXvGLxFsTlyLLKUz9P0C4iJwh5NeN99IJUXwwyEODTqFCmAIlNtpiiiKaCt6reH50/4p6hTDpuC5LIJh6bQzT/fYj0e+yVNJ2kv3MpW0X5sKLOFv46o=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=SedIalXm; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="SedIalXm"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7C484C4CEF7;
	Sun,  4 Jan 2026 09:35:33 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1767519334;
	bh=qBrl+DpO/Sk+ePK3jgJZurfHDEprIEjBG1Lfob5lho4=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=SedIalXmvOMYafEBf3XuDkwRLS8yXLTC0eYDxJWHYCKTvj/u12TB6CO3OTFgcIbN3
	 CUIO1n2CVJtk2T09UfJeK8QtpDDUkpvcdx6gWTct38SH4EUqXfUetXeCSx/29iTO6i
	 J2VmnELk4/ETQdqK4m4WsD1i741ZBuLYpGG1J7xEUT5fnkmSl5bv54bHOJlZFvHf1n
	 a0O6qyq7/Hsia0+PonUwquQ2wbdsmEniierYALs76JxNOhVTZJLDBiBharPTJhW/FO
	 gNOZF8HkAO9Jb76pZ/eaFSdr9HEkpEGJO6qp99hcrGnKf8Pj2U8OkQD2ODo3d42HP2
	 l/i06/rc9yYjw==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v6 09/10] selftests: mptcp: connect: add tls sockopt
 type
Date: Sun,  4 Jan 2026 17:35:10 +0800
Message-ID: 
 <357baa10e3d1ca30150e7517c1fc688ae74e1658.1767518836.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <cover.1767518836.git.tanggeliang@kylinos.cn>
References: <cover.1767518836.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

A new TLS type has been added to cfg_sockopt_types, enabled via the
parameter "-o TLS". do_setsockopt_tls() has been implemented to set
TLS parameters for both the server and client.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 .../selftests/net/mptcp/mptcp_connect.c       | 47 ++++++++++++++++++-
 1 file changed, 46 insertions(+), 1 deletion(-)

diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.c b/tools/test=
ing/selftests/net/mptcp/mptcp_connect.c
index 9da32701d2d0..3dd22d7e0460 100644
--- a/tools/testing/selftests/net/mptcp/mptcp_connect.c
+++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c
@@ -33,6 +33,7 @@
 #include <linux/tcp.h>
 #include <linux/time_types.h>
 #include <linux/sockios.h>
+#include <linux/tls.h>
=20
 extern int optind;
=20
@@ -88,6 +89,7 @@ struct cfg_cmsg_types {
 struct cfg_sockopt_types {
 	unsigned int transparent:1;
 	unsigned int mptfo:1;
+	unsigned int tls:1;
 };
=20
 struct tcp_inq_state {
@@ -283,6 +285,39 @@ static int is_mptcp(int fd)
 	return mptcp;
 }
=20
+static void do_setsockopt_tls(int fd)
+{
+	struct tls12_crypto_info_aes_gcm_128 tls_tx =3D {
+		.info =3D {
+			.version     =3D TLS_1_2_VERSION,
+			.cipher_type =3D TLS_CIPHER_AES_GCM_128,
+		},
+	};
+	struct tls12_crypto_info_aes_gcm_128 tls_rx =3D {
+		.info =3D {
+			.version     =3D TLS_1_2_VERSION,
+			.cipher_type =3D TLS_CIPHER_AES_GCM_128,
+		},
+	};
+	int so_buf =3D 6553500;
+	int err;
+
+	err =3D do_ulp_so(fd, "tls");
+	if (err)
+		xerror("setsockopt TCP_ULP");
+
+	err =3D setsockopt(fd, SOL_TLS, TLS_TX, (void *)&tls_tx, sizeof(tls_tx));
+	if (err)
+		xerror("setsockopt TLS_TX");
+
+	err =3D setsockopt(fd, SOL_TLS, TLS_RX, (void *)&tls_rx, sizeof(tls_rx));
+	if (err)
+		xerror("setsockopt TLS_RX");
+
+	set_sndbuf(fd, so_buf);
+	set_rcvbuf(fd, so_buf);
+}
+
 #define X(m)	xerror("%s:%u: %s: failed for proto %d at line %u", __FILE__,=
 __LINE__, (m), proto, line)
 static void sock_test_tcpulp(int sock, int proto, unsigned int line)
 {
@@ -436,8 +471,11 @@ static int sock_connect_mptcp(const char * const remot=
eaddr,
 	}
=20
 	freeaddrinfo(addr);
-	if (sock !=3D -1)
+	if (sock !=3D -1) {
 		SOCK_TEST_TCPULP(sock, proto);
+		if (cfg_sockopt_types.tls)
+			do_setsockopt_tls(sock);
+	}
 	return sock;
 }
=20
@@ -1210,6 +1248,8 @@ int main_loop_s(int listensock)
 		}
=20
 		SOCK_TEST_TCPULP(remotesock, 0);
+		if (cfg_sockopt_types.tls)
+			do_setsockopt_tls(remotesock);
=20
 		memset(&winfo, 0, sizeof(winfo));
 		err =3D copyfd_io(fd, remotesock, 1, true, &winfo);
@@ -1310,6 +1350,11 @@ static void parse_setsock_options(const char *name)
 		return;
 	}
=20
+	if (strncmp(name, "TLS", len) =3D=3D 0) {
+		cfg_sockopt_types.tls =3D 1;
+		return;
+	}
+
 	fprintf(stderr, "Unrecognized setsockopt option %s\n", name);
 	exit(1);
 }
--=20
2.51.0
From nobody Thu Jan  8 11:56:10 2026
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6C57527CCF2
	for <mptcp@lists.linux.dev>; Sun,  4 Jan 2026 09:35:37 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1767519337; cv=none;
 b=XFcYdDbc7INgREnZ/Y78hayEsgR09NXGEvdBp6ObC5QbMbx51SyY5VUYMJEnjzzJ6ic8vJDpDdsI1ttTen2SiV9Dr+PUe2sMv6GJDtGiRnJl9IO+u9ikjpOvrXitum1jlmv7IVTjOPlWX8gBDfaAkxxz5kN5FUtjzEiIabx/aVM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1767519337; c=relaxed/simple;
	bh=YP619uoPdFqrL1xDwUUmU2zSIN5YKjfpgIip1hXDzyo=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=NN2kczabcJnQk7PnmgEhl/EdM6EIyRyTD1LuUEnXCEFXoV1uZANFZVe+VoSGCnGI5DhZuymI2+Tsqc6FoA0DTZ3OFeGKS3vbX2ZRa3WcZyy4aC8C6Wh4v21KYQOtAFGRtjM+u0yFUZaRvZkpCbffYS6exju2tX8Anoj/Tc9T2u8=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=SAE9hs4f; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="SAE9hs4f"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 87EC7C4CEF7;
	Sun,  4 Jan 2026 09:35:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1767519337;
	bh=YP619uoPdFqrL1xDwUUmU2zSIN5YKjfpgIip1hXDzyo=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=SAE9hs4f0V6INr/+wkQor0nJEG1b3bj5T8zqebqGLz7YZdMRDcNdDoTmez8g8/aD0
	 9ZTM0Cj8gq+0fZDtB1A1oxuDEBZhy+vuGbmtqtWhBfw8KLID0rFCXl0elEJH6X9b1Q
	 i/TnBGwJWEjKdL5ZB91X4e0dUjR82n3FOO7FY6vUeiJCFtGNSzPqka4fb9rmLU+8cb
	 wIra5DECGVm8ab5+GyQWtuwkOsZF5/iInEiyWQkoCWsoz7HBiNdegBuIfFwVqnycms
	 CJW0xs98enj7OIj+vFqkv/5BIyodflnKIc1irzF1PS7PFT0PYFA3y4Rk/zhIeplesq
	 kNzXqoVO9A1cg==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v6 10/10] selftests: mptcp: join: add mptcp tls tests
Date: Sun,  4 Jan 2026 17:35:11 +0800
Message-ID: 
 <6f4bd896b6ecd35613bd5c41b9f6d208bf403386.1767518836.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <cover.1767518836.git.tanggeliang@kylinos.cn>
References: <cover.1767518836.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

Two MPTCP TLS tests have been added to mptcp_join.sh. The command
'./mptcp_join.sh -c' can be used to run the tests.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 tools/testing/selftests/net/mptcp/config      |  1 +
 .../testing/selftests/net/mptcp/mptcp_join.sh | 32 +++++++++++++++++++
 2 files changed, 33 insertions(+)

diff --git a/tools/testing/selftests/net/mptcp/config b/tools/testing/selft=
ests/net/mptcp/config
index 59051ee2a986..18bd29ac5b24 100644
--- a/tools/testing/selftests/net/mptcp/config
+++ b/tools/testing/selftests/net/mptcp/config
@@ -34,3 +34,4 @@ CONFIG_NFT_SOCKET=3Dm
 CONFIG_NFT_TPROXY=3Dm
 CONFIG_SYN_COOKIES=3Dy
 CONFIG_VETH=3Dy
+CONFIG_TLS=3Dy
diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testin=
g/selftests/net/mptcp/mptcp_join.sh
index b2e6e548f796..f4cf7b5e2388 100755
--- a/tools/testing/selftests/net/mptcp/mptcp_join.sh
+++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh
@@ -63,6 +63,7 @@ unset fastclose
 unset fullmesh
 unset speed
 unset bind_addr
+unset tls
 unset join_syn_rej
 unset join_csum_ns1
 unset join_csum_ns2
@@ -974,6 +975,7 @@ do_transfer()
 	local fastclose=3D${fastclose:-""}
 	local speed=3D${speed:-"fast"}
 	local bind_addr=3D${bind_addr:-"::"}
+	local tls=3D${tls:-"::"}
 	local listener_in=3D"${sin}"
 	local connector_in=3D"${cin}"
 	port=3D$(get_port)
@@ -995,6 +997,10 @@ do_transfer()
 		extra_args=3D"-r ${speed}"
 	fi
=20
+	if [ -n "${tls}" ]; then
+		extra_args=3D"$extra_args -o TLS"
+	fi
+
 	local extra_cl_args=3D""
 	local extra_srv_args=3D""
 	local trunc_size=3D""
@@ -4306,6 +4312,31 @@ endpoint_tests()
 	fi
 }
=20
+tls_tests()
+{
+	# multiple subflows, tls tests
+	if reset "multiple subflows, tls tests"; then
+		pm_nl_set_limits $ns1 0 2
+		pm_nl_set_limits $ns2 0 2
+		pm_nl_add_endpoint $ns2 10.0.2.2 flags subflow
+		pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow
+		tls=3D1 run_tests $ns1 $ns2 10.0.1.1
+		chk_join_nr 2 2 2
+	fi
+
+	# multiple subflows, signal, tls tests
+	if reset "multiple subflows, signal, tls tests"; then
+		pm_nl_set_limits $ns1 0 3
+		pm_nl_add_endpoint $ns1 10.0.2.1 dev ns1eth2 flags signal
+		pm_nl_set_limits $ns2 1 3
+		pm_nl_add_endpoint $ns2 10.0.3.2 dev ns2eth3 flags subflow
+		pm_nl_add_endpoint $ns2 10.0.4.2 dev ns2eth4 flags subflow
+		tls=3D1 run_tests $ns1 $ns2 10.0.1.1
+		chk_join_nr 3 3 3
+		chk_add_nr 1 1
+	fi
+}
+
 # [$1: error message]
 usage()
 {
@@ -4356,6 +4387,7 @@ all_tests_sorted=3D(
 	F@fail_tests
 	u@userspace_tests
 	I@endpoint_tests
+	c@tls_tests
 )
=20
 all_tests_args=3D""
--=20
2.51.0