Re: [MPTCP] Brief news from LPC2019

Re: [MPTCP] Brief news from LPC2019

[Mat Martineau]

[-- Attachment #1: Type: text/plain, Size: 1838 bytes --]

On Tue, 10 Sep 2019, Matthieu Baerts wrote:

> Hi Florian,
>
> On Tue, Sep 10, 2019 at 12:21 AM Florian Westphal <fw(a)strlen.de> wrote:
>>
>> Matthieu Baerts <matthieu.baerts(a)tessares.net> wrote:
>>> Briefly:
>>>  - IPv6 support will be required for the initial patch-set
>>
>> Shouldn't be too hard, I think we can add it once we can deal
>> with multiple subflows without problems.
>
> Indeed, should not be a problem and better to work on other important
> topics for this initial patch set first.
>
>>>  - Creating MPTCP socket can be done by any app as long as we have a
>>> way to block the creation of new sockets in case of issues (CGroup,
>>> etc.)
>>
>> I assume that means the sysctl is acceptable?
>
> To be honest, I will have to refresh my mind by watching the recording
> because a few different people jumped into the discussion :)
> - It should not be disabled by default (if compiled) because the goal
> is to have people testing it: no sysctl needed
> - But we should be able to block the creation of new MPTCP sockets in
> case of problem: yes for the sysctl but enabled by default
> - But for Android, each app is launched in a netns and for them the
> sysctl is not a good protection
> - But there are others ways to block it: cgroup and (...), I don't
> remember the second way.

Looks like we were replying at the same time. Thanks for the detail, 
Matthieu.

The second way was using security frameworks (like SELinux) to block 
MPTCP. Another point someone made was that it's also important to pay 
careful attention to the MPTCP code in the receive path that might still 
be accessed when MPTCP is supposed to be turned off.

>
> So I don't know what we should do with this sysctl :-D
> If it is there, it should be "on" by default.
>

--
Mat Martineau
Intel

Re: [MPTCP] Brief news from LPC2019

[Mat Martineau]

[-- Attachment #1: Type: text/plain, Size: 617 bytes --]


On Tue, 10 Sep 2019, Florian Westphal wrote:

> Matthieu Baerts <matthieu.baerts(a)tessares.net> wrote:
>> Briefly:
>>  - IPv6 support will be required for the initial patch-set
>
> Shouldn't be too hard, I think we can add it once we can deal
> with multiple subflows without problems.
>
>>  - Creating MPTCP socket can be done by any app as long as we have a
>> way to block the creation of new sockets in case of issues (CGroup,
>> etc.)
>
> I assume that means the sysctl is acceptable?

Yes, and the preference in the discussion was to have it enabled by 
default.

--
Mat Martineau
Intel

Re: [MPTCP] Brief news from LPC2019

[Matthieu Baerts]

[-- Attachment #1: Type: text/plain, Size: 1780 bytes --]

Hi Florian,

On Tue, Sep 10, 2019 at 12:21 AM Florian Westphal <fw(a)strlen.de> wrote:
>
> Matthieu Baerts <matthieu.baerts(a)tessares.net> wrote:
> > Briefly:
> >  - IPv6 support will be required for the initial patch-set
>
> Shouldn't be too hard, I think we can add it once we can deal
> with multiple subflows without problems.

Indeed, should not be a problem and better to work on other important
topics for this initial patch set first.

> >  - Creating MPTCP socket can be done by any app as long as we have a
> > way to block the creation of new sockets in case of issues (CGroup,
> > etc.)
>
> I assume that means the sysctl is acceptable?

To be honest, I will have to refresh my mind by watching the recording
because a few different people jumped into the discussion :)
- It should not be disabled by default (if compiled) because the goal
is to have people testing it: no sysctl needed
- But we should be able to block the creation of new MPTCP sockets in
case of problem: yes for the sysctl but enabled by default
- But for Android, each app is launched in a netns and for them the
sysctl is not a good protection
- But there are others ways to block it: cgroup and (...), I don't
remember the second way.

So I don't know what we should do with this sysctl :-D
If it is there, it should be "on" by default.

Cheers,
Matt

PS: oh and also my colleagues pointed me to this article:
https://www.heise.de/newsticker/meldung/Multipath-TCP-Unterstuetzung-soll-endlich-in-Linux-einziehen-4518447.html
More something for you or Christoph to read :-)

-- 
Matthieu Baerts | R&D Engineer
matthieu.baerts(a)tessares.net
Tessares SA | Hybrid Access Solutions
www.tessares.net
1 Avenue Jean Monnet, 1348 Louvain-la-Neuve, Belgium

Re: [MPTCP] Brief news from LPC2019

[Florian Westphal]

[-- Attachment #1: Type: text/plain, Size: 441 bytes --]

Matthieu Baerts <matthieu.baerts(a)tessares.net> wrote:
> Briefly:
>  - IPv6 support will be required for the initial patch-set

Shouldn't be too hard, I think we can add it once we can deal
with multiple subflows without problems.

>  - Creating MPTCP socket can be done by any app as long as we have a
> way to block the creation of new sockets in case of issues (CGroup,
> etc.)

I assume that means the sysctl is acceptable?

[MPTCP] Brief news from LPC2019

[Matthieu Baerts]

[-- Attachment #1: Type: text/plain, Size: 754 bytes --]

Hello,

Just to say that the presentation went well, we got some answers to
the questions we asked.

https://twitter.com/davem_dokebi/status/1171024374373244930

Briefly:
 - IPv6 support will be required for the initial patch-set
 - Supporting only MPTCPv1 is to good way to go
 - Creating MPTCP socket can be done by any app as long as we have a
way to block the creation of new sockets in case of issues (CGroup,
etc.)
 - I certainly forget things, maybe Peter took some notes when we were speaking.
 - Recording should be available "soon"

Cheers,
Matt
-- 
Matthieu Baerts | R&D Engineer
matthieu.baerts(a)tessares.net
Tessares SA | Hybrid Access Solutions
www.tessares.net
1 Avenue Jean Monnet, 1348 Louvain-la-Neuve, Belgium