[MPTCP] Re: [RFC PATCH] selinux: handle MPTCP consistently with TCP

Paul Moore paul at paul-moore.com
Fri Dec 4 02:24:39 UTC 2020

On Thu, Dec 3, 2020 at 6:54 PM Florian Westphal <fw at strlen.de> wrote:
> Paul Moore <paul at paul-moore.com> wrote:
> > I'm not very well versed in MPTCP, but this *seems* okay to me, minus
> > the else-crud chunk.  Just to confirm my understanding, while MPTCP
> > allows one TCP connection/stream to be subdivided and distributed
> > across multiple interfaces, it does not allow multiple TCP streams to
> > be multiplexed on a single connection, yes?
> Its the latter.  The application sees a TCP interface (socket), but
> data may be carried over multiple individual tcp streams on the wire.

Hmm, that may complicate things a bit from a SELinux perspective.  Maybe not.

Just to make sure I understand, with MPTCP, a client that
traditionally opened multiple TCP sockets to talk to a server would
now just open a single MPTCP socket and create multiple sub-flows
instead of multiple TCP sockets?

paul moore

More information about the Linux-security-module-archive mailing list