Re: [PATCH net] net: ovpn: refuse TCP socket layering with an active ULP

Next message: Komal Bajaj: "Re: [PATCH 2/2] remoteproc: qcom: pas: Add Shikra remoteproc support"
Previous message: Oleksij Rempel: "Re: [PATCH net] net: pse-pd: fix sign on -ENOENT check in of_load_pse_pis()"
In reply to: Antonio Quartulli: "Re: [PATCH net] net: ovpn: refuse TCP socket layering with an active ULP"
Next in thread: Antonio Quartulli: "Re: [PATCH net] net: ovpn: refuse TCP socket layering with an active ULP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Michael Bommarito

Date: Tue May 19 2026 - 11:16:07 EST

On Tue, May 19, 2026 at 10:37 AM Antonio Quartulli <antonio@xxxxxxxxxxx> wrote:
> > This is a whole commit message, not a code comment.
>
> I am also not sure what would happen if ovpn goes away first and then
> kTLS is left with the ovpn CBs saved in its captured sk_proto.
>
> Anyway, if we can prevent this from happening at all, as per Sabrina's
> comment above, we would make our life much simpler.

Yeah, I had to iterate on this 2 or 3 times before catching these
loose ends. Here are some cscope/clang+Claude notes that might help:

1. ULP before ovpn needed the attach-side inet_csk_has_ulp() refusal.
2. ovpn before ULP made simple detach restoration unsafe because it
overwrote the TLS sk_prot and skipped tls_sk_proto_close().
3. The second design, leaving ULP callbacks intact on detach,
exposed the close-chain issue: TLS had captured ovpn_tcp_close as its
lower close, but ovpn detach had already cleared sk_user_data.
4. That explains the “extra junk”: the sent patch’s ovpn_tcp_close()
fallback to base TCP close was the S1 fix for that close-chain case.

I have no horse in the race when it comes to keeping my patch or
throwing it away in favor of a better design.

Most useful thing I can provide is probably the setup to reproduce the
issue. Let me know and I'll send off chain.

Thanks,Mike