The mentioned issues is fixed by any of this 2 patches.
The first one is a minimal fix that could land to stable,
the second one addresses the an underlaying state-management
bug, which needs some more complex changes.
The plan is to send them both to -net.
Paolo Abeni (2):
mptcp: more strict state checking for acks
mptcp: better msk-level shutdown.
net/mptcp/protocol.c | 64 +++++++++++++-------------------------------
1 file changed, 18 insertions(+), 46 deletions(-)
- drop the unused addr parameter in mptcp_nl_add_subflow_or_signal_addr
- use the pernet *_max values in mptcp_pm_create_subflow_or_signal_addr
instead of the per-msk values.
Address issue 19 "let PM netlink update live sockets on local addresses
list change". The removed addresses part of this issue is done, this
patchset only implemented the added addresses part.
Geliang Tang (3):
mptcp: create subflow or signal addr for newly added address
selftests: mptcp: use minus value for removing address numbers
selftests: mptcp: add testcases for newly added addresses
net/mptcp/pm_netlink.c | 43 ++++++--
.../testing/selftests/net/mptcp/mptcp_join.sh | 101 +++++++++++++++---
2 files changed, 123 insertions(+), 21 deletions(-)
The MPTCP protocol uses a specific protocol value, even if
it's an extension to TCP. Additionally, MPTCP sockets
could 'fall-back' to TCP at run-time, depending on peer MPTCP
support and available resources.
As a consequence of the specific protocol number, selinux
applies the raw_socket class to MPTCP sockets.
Existing TCP application converted to MPTCP - or forced to
use MPTCP socket with user-space hacks - will need an
updated policy to run successfully.
This change lets selinux attach the TCP socket class to
MPTCP sockets, too, so that no policy changes are needed in
the above scenario.
Note that the MPTCP is setting, propagating and updating the
security context on all the subflows and related request
Signed-off-by: Paolo Abeni <pabeni(a)redhat.com>
security/selinux/hooks.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 6fa593006802..451bded67d9c 100644
@@ -1120,7 +1120,8 @@ static inline u16 inode_mode_to_security_class(umode_t mode)
static inline int default_protocol_stream(int protocol)
- return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
+ return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP ||
+ protocol == IPPROTO_MPTCP);
static inline int default_protocol_dgram(int protocol)