Multipath TCP and bro


Multipath TCP is a recent extension to TCP (RFC6824) that allows the utilisation of multiple paths for a single TCP connection. This TCP extension has several use cases including smartphones that could use WiFi at 3G for the same TCP connection, dual-stack hosts that would use IPv6 and IPv4 packets for the same TCP connection, ...

These benefits could also impact the middleboxes, such as those running bro, that usually expect to receive all packets from a given TCP bytestream inside a single TCP connection identified by the classical four-tuple. This is not necessarily always the case anymore with Multipath TCP. The utilisation of Multipath TCP could have an impact on the algorithms used by bro but also on bro deployments.

An implementation of Multipath TCP exists in the Linux kernel, but it is not yet part of the official kernel. To enable middlebox developpers and users to test the interoperability between Multipath TCP and their middlebox, we have developped a special test suite. This test suite is implemented as a set of scritps running on a virtualbox image containing a modified Multipath TCP kernel. This image interact with Multipath TCP capable servers and uses applications like http, ftp, scp on top of Multipath TCP. To ease the debugging of possible problems, all packets sent and received by the test suite are collected and the trace is available at the end of the test. Usually, the test runs in about 15 minutes.

You can download it from

It currently runs on Linux and Mac.

Best regards,

Olivier Bonaventure