git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Shardul Bankar <shardul.b@mpiricsoftware.com>
	Fri, 1 May 2026 19:35:35 +0000 (21:35 +0200)
committer	Jakub Kicinski <kuba@kernel.org>
	Tue, 5 May 2026 02:20:50 +0000 (19:20 -0700)
commit	a6da02d4c00fdda2417e42ad2b762a9209e6cc49
tree	79e0efe213dd637a5b477a2a6e30cb6f961b0324	tree \| snapshot
parent	c4a99a921949cddc590b22bb14eeb23dffcc3ba6	commit \| diff

mptcp: use MPTCP_RST_EMPTCP for ACK HMAC validation failure

When HMAC validation fails on a received ACK + MP_JOIN in
subflow_syn_recv_sock(), the subflow is reset with reason
MPTCP_RST_EPROHIBIT ("Administratively prohibited"). This is
incorrect: HMAC validation failure is an MPTCP protocol-level
error, not an administrative policy denial.

The mirror site on the client, in subflow_finish_connect(), already
uses MPTCP_RST_EMPTCP ("MPTCP-specific error") for the same kind of
HMAC failure on the SYN/ACK + MP_JOIN. Use the same reason on the
server side for symmetry and accuracy.

Suggested-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Fixes: 443041deb5ef ("mptcp: fix NULL pointer in can_accept_new_subflow")
Cc: stable@vger.kernel.org
Signed-off-by: Shardul Bankar <shardul.b@mpiricsoftware.com>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://patch.msgid.link/20260501-net-mptcp-misc-fixes-7-1-rc3-v1-2-b70118df778e@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>