|
| 1 | +--- |
| 2 | +layout: post |
| 3 | +title: "More improvements for end users" |
| 4 | +--- |
| 5 | + |
| 6 | +Here is a small update on what happened recently, like various small |
| 7 | +improvements to help the end users, a new mptcpd version and more to come. Read |
| 8 | +on to find out more about that! |
| 9 | + |
| 10 | +<!--more--> |
| 11 | + |
| 12 | +## Assisting users |
| 13 | + |
| 14 | +Thanks to the [NLnet foundation](https://nlnet.nl) |
| 15 | +[support](https://nlnet.nl/project/MPTCP-deployability-II/), a better focus on |
| 16 | +the end user experience is being done. For example: |
| 17 | + |
| 18 | +- The [mptcp.dev](https://www.mptcp.dev) website has been modified to: |
| 19 | + - [List Linux distributions](https://www.mptcp.dev/apps.html#linux-distributions) |
| 20 | + supporting MPTCP on the kernel side, and have`mptcpd` and `mptcpize` |
| 21 | + packages. |
| 22 | + - The [in-kernel path-manager](https://www.mptcp.dev/pm.html#in-kernel-path-manager) |
| 23 | + section has been improved to inform users about automatic configuration: |
| 24 | + [NetworkManager](https://networkmanager.dev/blog/networkmanager-1-40/#mptcp-support) |
| 25 | + 1.40 or newer, present in most stable Linux distributions, automatically |
| 26 | + configures MPTCP endpoints with the `subflow` flag ("*client*" mode) by |
| 27 | + default, similar to what `mptcpd` does by default. The manual configuration |
| 28 | + is then likely not needed in most common cases. |
| 29 | + |
| 30 | +- `mptcpd` [website](https://mptcpd.mptcp.dev) has been improved: instead of |
| 31 | + only describing `mptcpd` in a generic (and vague) way, mentioned now is how it |
| 32 | + behaves, how to install it, and where to find the documentation to write new |
| 33 | + plugins. The [README](https://mptcpd.mptcp.dev/README.html) file also lists |
| 34 | + which versions are available in the different Linux distributions. |
| 35 | + |
| 36 | +- [check.mptcp.dev](https://check.mptcp.dev) service now has a clearer message: |
| 37 | + the browser might not support MPTCP, but maybe the system does. |
| 38 | + |
| 39 | +- A new [form](https://github.com/multipath-tcp/mptcp_net-next/issues/new/choose) |
| 40 | + has been added to report issues related to MPTCP: this guides the user to |
| 41 | + provide useful info, and avoid a few back-and-forth. |
| 42 | + |
| 43 | +## `mptcpd` 0.13 |
| 44 | + |
| 45 | +A new version has recently been released, including: |
| 46 | +- Support for [ELL](https://git.kernel.org/pub/scm/libs/ell/ell.git/) >= 0.68. |
| 47 | +- Documentation improvements for the `check_route` address notification flag. |
| 48 | +- Optional listening socket creation for user space path manager plugins. |
| 49 | +- Support for listener events. |
| 50 | +- A new `/usr/libexec/mptcp-get-debug` script to help simplify information |
| 51 | + collection for MPTCP related bug reports, not just for `mptcpd` alone. |
| 52 | +- A fix for a crash in the tests when `/etc/protocols` is not available. |
| 53 | + |
| 54 | +This new version is already available in a few Linux distributions, e.g. |
| 55 | +ArchLinux, Debian, Fedora, and Gentoo. |
| 56 | + |
| 57 | +Please note that `mptcpd` is getting proposed for inclusion in |
| 58 | +[NixOS](https://github.com/NixOS/nixpkgs/pull/355928) and |
| 59 | +[AlpineLinux](https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/75529). |
| 60 | +Do not hesitate to help with the review! Similarly, if `mptcpd` is not packaged |
| 61 | +in your distribution or is outdated, do not hesitate to help with the packaging |
| 62 | +:-) |
| 63 | + |
| 64 | +## Bug-fixes and small improvements |
| 65 | + |
| 66 | +Similar to the [previous post]({% post_url 2024-10-28-summer-update %}), a few |
| 67 | +more issues have been fixed, and a few additions have been done on the kernel |
| 68 | +side: `ip mptcp endpoint` was wrongly restricted to the net administrators, some |
| 69 | +fixes have been added for issues coming from very uncommon paths and reported by |
| 70 | +[Syzbot](https://syzkaller.appspot.com), the MPTCP endpoints are now dumped |
| 71 | +while doing a lockless list traversal. |
| 72 | + |
| 73 | +Please note that an external security audit of MPTCP code in the kernel was |
| 74 | +completed a few months ago, thanks to the [NLnet foundation](https://nlnet.nl) |
| 75 | +[support](https://nlnet.nl/project/MPTCP-deployability/). We are happy that |
| 76 | +[RadicallyOpenSecurity](https://radicallyopensecurity.com/) performed this |
| 77 | +audit. The report can be found [here](assets/202406-mptcp-security-report.pdf). |
| 78 | +Only low and unknown thread issues have been reported. After investigation, it |
| 79 | +looks like no further action is required. The 'low' thread one would require |
| 80 | +quite a few changes, something different from what is usually done on the kernel |
| 81 | +side, and potentially introducing new issues. The other issues were marked as |
| 82 | +false-positive ones. We would like to thank ROC, NLnet and the EU commission for |
| 83 | +this report! |
| 84 | + |
| 85 | +## What's next? |
| 86 | + |
| 87 | +A performance lab is being prepared. Many regression tests are in place, and |
| 88 | +automatically validated to make sure all the features continue to work as |
| 89 | +expected. These tests are [covering](https://ci-results.mptcp.dev/lcov/export/) |
| 90 | +a major part of the code, but only a very small part tries to cover the |
| 91 | +performance side. Plus this is done from the same VM, with a high tolerance. |
| 92 | +Proper performance tests are done manually so far. By not being tracked |
| 93 | +regularly, it makes performance regressions harder to fix and easier to miss. It |
| 94 | +is then required to automate the performance tests and track regressions. |
| 95 | + |
| 96 | +A new lab is being setup, using multiple VMs to generate traffic. The goal is to |
| 97 | +start with a fully virtual environment that can be setup on the same machine to |
| 98 | +start, but reusable on bare metal later on. |
| 99 | + |
| 100 | +Linked to that, a few improvements have been added on the `virtme-ng` side: it |
| 101 | +is now possible to set multiple |
| 102 | +[network](https://github.com/arighi/virtme-ng/pull/194) |
| 103 | +[interfaces](https://github.com/arighi/virtme-ng/pull/195), but also a simple |
| 104 | +way to get a [remote](https://github.com/arighi/virtme-ng/pull/197) |
| 105 | +[console](https://github.com/arighi/virtme-ng/pull/198) to existing VM using a |
| 106 | +[`vsock`](https://wiki.qemu.org/Features/VirtioVsock)! |
| 107 | + |
| 108 | +## Team work |
| 109 | + |
| 110 | +As always, it is important to note that what I presented here so far is mostly |
| 111 | +what I was working on. But I'm not alone in this project. For example, Geliang |
| 112 | +continued to look at BPF `iter` for the subflows, and having a path-manage |
| 113 | +controlled with BPF ; Paolo helped fix some issues found by Syzbot, but also |
| 114 | +some improvements on the received path ; Mat helped with the code reviews ; |
| 115 | +Christoph continued to fix the SyzKaller infrastructure dedicated to MPTCP. |
| 116 | + |
| 117 | +A great community! |
0 commit comments