[th/mptcp-2] support configuring MPTCP endpoint addresses
https://bugzilla.redhat.com/show_bug.cgi?id=2029636 See also: #819 (closed)
what this MR implements, and the current plan:
-
NetworkManage won't change the limits or toggle
/proc/sys/net/mptcp/enabled
. At least, that's the plan. Instead, your distro (or the admin) should setup reasonable defaults that make sense. All that NetworkManager is planned to be doing, is adding endpoints. -
NM gets a new
connection.mptcp-flags
property. See the code (andman nm-settings
) for possible values for the flag. If you leave the property unset (0x0, the default), then NM will automatically enable MPTCP handling depending on whether/proc/sys/net/mptcp/enabled
is on. So, in most cases this should require no configuration. Your distro ships with/proc/sys/net/mptcp/enabled
enabled, and NM will configure endpoints. -
one problem is strict
rp_filter
which breaks MPTCP use cases. So, there is a flag "rp-filter-relax" to loosen the filter. If you leaveconnection.mptcp-flags
at 0x0, then "rp-filter-relax" will be automatically used (if/proc/sys/net/mptcp/enabled
is on). -
kernel currently has a small limit for how many MPTCP endpoints can be configured (MPTCP_PM_ADDR_MAX). NetworkManager doesn't really care about it, it just ignores failures to configure an endpoint. However, it will try to add endpoints in a consistent order, so it will add them, until the limit is reached. Unclear how to improve that. Maybe it's good enough.
One unsolved problem is that a user might have mptcpd
running and update NetworkManager to a new version that supports MPTCP handling. Since we want that MPTCP handling works out of the box, NetworkManager will start competing with mptcpd about adding the addresses. That's a problem, unclear how to avoid. Maybe just document the problem and the user is supposed to either disable MPTCP handling in NetworkManager or mptcpd.
Edit: 20240509: "So, there is a flag "rp-filter-relax" to loosen the filter.". This flag was never added. NetworkManager always relaxes rp_filter on interfaces where it configures MPTCP. A flag for opting-out from that to not touch rp_filter could be added, but it may not be useful (why would you want that?).