Comment by skissane
4 months ago
z/OS has this interesting feature AT-TLS (Application Transparent TLS)-an app requesting a plaintext socket may silently get a TLS socket instead (with the TLS implemented in the OS), based on a policy defined by the system administrator.
Maybe the solution might be something similar… an app asks for a TCP socket, but (if the request matches a policy) it gets an MPTCP socket instead-so you could make apps use MPTCP even if they weren’t compiled to support it.
Maybe you could implement this using LD_PRELOAD/ptrace/eBPF/etc
There are different ways to force an app to use MPTCP, where the most convenient method is 'mptcpize run <cmd>', see: https://www.mptcp.dev/setup.html#force-applications-to-use-m...
But the best is to let the app (and their users) controlling that, with a nice option. With Chrome/Firefox/..., we could enable MPTCP per domain for example.