[v9] MPTCP KTLS support

[RFC mptcp-next v9 03/10] tls: add MPTCP SKB offset check in strp queue walk

Posted by Geliang Tang 1 week, 2 days ago

From: Gang Yan <yangang@kylinos.cn>

In MPTCP scenarios, subflow SKBs may have non-zero offsets due to
out-of-order packet handling or partial data delivery. When walking
the TLS strp queue to verify sequence numbers and decryption status,
we must also validate each SKB's offset using get_skb_off() to ensure
the queue state is consistent. This check is specific to MPTCP; TCP
does not require offset validation as its SKBs always start at offset 0.

If any SKB reports an invalid offset, return false to indicate the
queue is not in a consistent state and trigger a resynchronization.

Co-developed-by: Geliang Tang <geliang@kernel.org>
Signed-off-by: Geliang Tang <geliang@kernel.org>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
---
 net/tls/tls_strp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c
index ef1a8659ee18..4cf0dfbd7fb4 100644
--- a/net/tls/tls_strp.c
+++ b/net/tls/tls_strp.c
@@ -454,6 +454,8 @@ static bool tls_strp_check_queue_ok(struct tls_strparser *strp)
 		len -= skb->len;
 		skb = skb->next;
 
+		if (ctx->ops->get_skb_off(skb))
+			return false;
 		if (ctx->ops->get_skb_seq(skb) != seq)
 			return false;
 		if (skb_cmp_decrypted(first, skb))
-- 
2.53.0