[RFC net-next 16/17] mptcp: implement ulp setsockopt for tls support

[RFC net-next 00/17] MPTCP KTLS support · Geliang Tang <geliang@kernel.org> · 2026-06-22
[RFC net-next 01/17] tls: make tls_ctx_create and update_sk_prot static · Geliang Tang <geliang@kernel.org> · 2026-06-22
[RFC net-next 02/17] tls: factor out __tls_build_proto for mptcp support · Geliang Tang <geliang@kernel.org> · 2026-06-22
[RFC net-next 03/17] tls: add protocol dimension to tls operation cache · Geliang Tang <geliang@kernel.org> · 2026-06-22
[RFC net-next 04/17] mptcp: add sendmsg_locked to proto_ops · Geliang Tang <geliang@kernel.org> · 2026-06-22
[RFC net-next 05/17] tls: use sendmsg_locked from the underlying socket · Geliang Tang <geliang@kernel.org> · 2026-06-22
[RFC net-next 06/17] mptcp: implement peek_len for proto_ops · Geliang Tang <geliang@kernel.org> · 2026-06-22
[RFC net-next 07/17] tls: replace tcp_inq with socket peek_len · Geliang Tang <geliang@kernel.org> · 2026-06-22
[RFC net-next 08/17] tls: store original read_sock for non-tcp sockets · Geliang Tang <geliang@kernel.org> · 2026-06-22
[RFC net-next 09/17] tls: introduce tls protocol ops structure · Geliang Tang <geliang@kernel.org> · 2026-06-22
[RFC net-next 10/17] tls: use protocol ops via tls_context · Geliang Tang <geliang@kernel.org> · 2026-06-22
[RFC net-next 11/17] mptcp: implement mptcp-specific tls protocol ops · Geliang Tang <geliang@kernel.org> · 2026-06-22
[RFC net-next 12/17] tls: add mptcp support for sk_poll · Geliang Tang <geliang@kernel.org> · 2026-06-22
[RFC net-next 13/17] tls: disable device offload for mptcp sockets · Geliang Tang <geliang@kernel.org> · 2026-06-22
[RFC net-next 14/17] mptcp: update mptcp_check_readable helper · Geliang Tang <geliang@kernel.org> · 2026-06-22
[RFC net-next 15/17] mptcp: implement ulp getsockopt for tls support · Geliang Tang <geliang@kernel.org> · 2026-06-22
[RFC net-next 16/17] mptcp: implement ulp setsockopt for tls support · Geliang Tang <geliang@kernel.org> · 2026-06-22
[RFC net-next 17/17] selftests: mptcp: connect: use espintcp for ulp test · Geliang Tang <geliang@kernel.org> · 2026-06-22
Re: [RFC net-next 00/17] MPTCP KTLS support · Jakub Kicinski <kuba@kernel.org> · 2026-06-22
Re: [RFC net-next 00/17] MPTCP KTLS support · Cong Wang <hidden> · 2026-06-26
Re: [RFC net-next 00/17] MPTCP KTLS support · Geliang Tang <geliang@kernel.org> · 2026-06-26
Re: [RFC net-next 00/17] MPTCP KTLS support · Jakub Kicinski <kuba@kernel.org> · 2026-06-26

From: Geliang Tang <geliang@kernel.org>
Date: 2026-06-22 10:45:47
Also in: mptcp
Subsystem: networking [general], networking [mptcp], the rest · Maintainers: "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, Matthieu Baerts, Mat Martineau, Linus Torvalds

From: Geliang Tang <redacted>

Allow MPTCP sockets to set the TCP_ULP socket option to enable TLS.
Add mptcp_setsockopt_tcp_ulp() which validates the socket state (must
not be CLOSE or LISTEN), only accepts "tls" as the ULP name, and then
calls tcp_set_ulp().

Include TCP_ULP in the list of supported options in supported_sockopt(),
and handle it in setsockopt_sol_tcp() instead of returning -EOPNOTSUPP.

Call tcp_cleanup_ulp() in mptcp_destroy_common() to release ULP module's
reference count.

Co-developed-by: Gang Yan <redacted>
Signed-off-by: Gang Yan <redacted>
Co-developed-by: Zqiang <qiang.zhang@linux.dev>
Signed-off-by: Zqiang <qiang.zhang@linux.dev>
Signed-off-by: Geliang Tang <redacted>
---
 net/mptcp/protocol.c |  1 +
 net/mptcp/sockopt.c  | 34 +++++++++++++++++++++++++++++++++-
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index 4951b1dd013b..a13acee67688 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c

@@ -3765,6 +3765,7 @@ static void mptcp_destroy(struct sock *sk)
 	/* allow the following to close even the initial subflow */
 	msk->free_first = 1;
 	mptcp_destroy_common(msk);
+	tcp_cleanup_ulp(sk);
 	sk_sockets_allocated_dec(sk);
 }

diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c
index cc45491cd3b2..eeb348336195 100644
--- a/net/mptcp/sockopt.c
+++ b/net/mptcp/sockopt.c

@@ -577,6 +577,7 @@ static bool mptcp_supported_sockopt(int level, int optname)
 		case TCP_FASTOPEN_CONNECT:
 		case TCP_FASTOPEN_KEY:
 		case TCP_FASTOPEN_NO_COOKIE:
+		case TCP_ULP:
 			return true;
 		}

@@ -830,6 +831,37 @@ static int mptcp_setsockopt_all_sf(struct mptcp_sock *msk, int level,
 	return ret;
 }
 
+static int mptcp_setsockopt_tcp_ulp(struct sock *sk, sockptr_t optval,
+				    unsigned int optlen)
+{
+	char name[TCP_ULP_NAME_MAX];
+	int err = 0;
+	size_t len;
+	int val;
+
+	if (optlen < 1)
+		return -EINVAL;
+
+	len = min_t(long, TCP_ULP_NAME_MAX - 1, optlen);
+	val = strncpy_from_sockptr(name, optval, len);
+	if (val < 0)
+		return -EFAULT;
+	name[val] = 0;
+
+	if (strcmp(name, "tls"))
+		return -EOPNOTSUPP;
+
+	sockopt_lock_sock(sk);
+	if ((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN)) {
+		err = -ENOTCONN;
+		goto out;
+	}
+	err = tcp_set_ulp(sk, name);
+out:
+	sockopt_release_sock(sk);
+	return err;
+}
+
 static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *msk, int optname,
 				    sockptr_t optval, unsigned int optlen)
 {

@@ -838,7 +870,7 @@ static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *msk, int optname,
 
 	switch (optname) {
 	case TCP_ULP:
-		return -EOPNOTSUPP;
+		return mptcp_setsockopt_tcp_ulp(sk, optval, optlen);
 	case TCP_CONGESTION:
 		return mptcp_setsockopt_sol_tcp_congestion(msk, optval, optlen);
 	case TCP_DEFER_ACCEPT:

-- 
2.53.0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help