via netlink
> ovpn: kill key and notify userspace in case of IV exhaustion
> ovpn: notify userspace when a peer is deleted
> ovpn: add basic ethtool support
> testing/selftests: add test tool and scripts for ovpn module
The changes since v25 lgtm:
Reviewed-by: Sabrina Dubroca
--
Sabrina
2025-04-11, 10:04:10 +0200, Antonio Quartulli wrote:
> Hi Jakub,
>
> thanks for taking the time to go through my patchset :)
>
> On 11/04/2025 04:54, Jakub Kicinski wrote:
> > On Mon, 07 Apr 2025 21:46:09 +0200 Antonio Quartulli wrote:
> > > +static int ovpn_netdev_notifier_call(struct notifier_b
UDP endpoint
> ovpn: implement peer add/get/dump/delete via netlink
> ovpn: implement key add/get/del/swap via netlink
> ovpn: kill key and notify userspace in case of IV exhaustion
> ovpn: notify userspace when a peer is deleted
> ovpn: add basic ethtool support
> testing/selftests: add test tool and scripts for ovpn module
For the series:
Reviewed-by: Sabrina Dubroca
Thanks again for your patience, Antonio.
--
Sabrina
2025-03-18, 02:40:46 +0100, Antonio Quartulli wrote:
> +static void ovpn_tcp_rcv(struct strparser *strp, struct sk_buff *skb)
> +{
[...]
> + /* we need the first byte of data to be accessible
nit: and "first byte" here too (that comment could maybe just be dropped?)
> + * to extract the
2025-03-18, 02:40:51 +0100, Antonio Quartulli wrote:
> @@ -124,6 +154,13 @@ void ovpn_decrypt_post(void *data, int ret)
> goto drop;
> }
>
> + if (ovpn_is_keepalive(skb)) {
> + net_dbg_ratelimited("%s: ping received from peer %u\
2025-03-18, 02:40:42 +0100, Antonio Quartulli wrote:
> +static int ovpn_udp_output(struct ovpn_peer *peer, struct dst_cache *cache,
> +struct sock *sk, struct sk_buff *skb)
> +{
> + struct ovpn_bind *bind;
> + int ret;
> +
> + /* set sk to null if skb is already
2025-03-18, 02:40:41 +0100, Antonio Quartulli wrote:
> +void ovpn_socket_release(struct ovpn_peer *peer)
> +{
> + struct ovpn_socket *sock;
> +
> + might_sleep();
> +
> + /* release may be invoked after socket was detached */
> + rcu_read_lock();
> + sock = rcu_dereference_prote
2025-03-18, 02:40:44 +0100, Antonio Quartulli wrote:
> +/* this swap is not atomic, but there will be a very short time frame where
> the
> + * old_secondary key won't be available. This should not be a big deal as
> most
> + * likely both peers are already using the new primary at this point.
>
2025-03-18, 02:40:43 +0100, Antonio Quartulli wrote:
> diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
> index
> 024458ef163c9e24dfb37aea2690b2030f6a0fbc..b30175e34230d3dbf5d253838df894f0625c705c
> 100644
> --- a/net/ipv6/udp.c
> +++ b/net/ipv6/udp.c
> @@ -1933,6 +1933,7 @@ struct proto udpv6_prot =
2025-03-28, 10:14:27 +0100, Antonio Quartulli wrote:
> Hi Sabrina,
>
> do you plan to drop more comments at the patchset at this point?
Yes, I had a couple of small comments here and there that I didn't
think strictly required a respin, but I'll send them out now since
there'll be more iteration.
2025-03-25, 00:15:48 +0100, Antonio Quartulli wrote:
> On 24/03/2025 11:48, Sabrina Dubroca wrote:
> > Hello Antonio,
> >
> > A few questions wrt the API:
> >
> > 2025-03-18, 02:40:53 +0100, Antonio Quartulli wrote:
> > > +static bool ovpn_nl_
2025-03-24, 21:53:02 +0100, Antonio Quartulli wrote:
> On 24/03/2025 12:02, Sabrina Dubroca wrote:
> > 2025-03-18, 02:40:44 +0100, Antonio Quartulli wrote:
> > > +int ovpn_crypto_state_reset(struct ovpn_crypto_state *cs,
> > > + const stru
2025-03-18, 02:40:44 +0100, Antonio Quartulli wrote:
> +int ovpn_crypto_state_reset(struct ovpn_crypto_state *cs,
> + const struct ovpn_peer_key_reset *pkr)
> +{
> + struct ovpn_crypto_key_slot *old = NULL, *new;
> + u8 idx;
> +
> + if (pkr->slot != OVPN_KEY_SLOT
Hello Antonio,
A few questions wrt the API:
2025-03-18, 02:40:53 +0100, Antonio Quartulli wrote:
> +static bool ovpn_nl_attr_sockaddr_remote(struct nlattr **attrs,
> + struct sockaddr_storage *ss)
> +{
> + struct sockaddr_in6 *sin6;
> + struct sockaddr
Hello,
A few comments since it seems you'll have to send one more version
(otherwise they could be fixed later).
2025-03-12, 21:54:27 +0100, Antonio Quartulli wrote:
> diff --git a/drivers/net/ovpn/netlink.c b/drivers/net/ovpn/netlink.c
> index
> 8d267d4c82283d9b5f989478102086ce385195d5..407b5b9
2025-03-10, 13:57:09 +0100, Antonio Quartulli wrote:
> On 07/03/2025 11:12, Sabrina Dubroca wrote:
> > 2025-03-06, 11:02:50 +0100, Antonio Quartulli wrote:
> > > On 05/03/2025 17:56, Sabrina Dubroca wrote:
> > > > 2025-03-05, 14:14:36 +0100, Antonio Quartulli wrote:
&g
2025-03-06, 11:02:50 +0100, Antonio Quartulli wrote:
> On 05/03/2025 17:56, Sabrina Dubroca wrote:
> > 2025-03-05, 14:14:36 +0100, Antonio Quartulli wrote:
> > > On 05/03/2025 12:20, Sabrina Dubroca wrote:
> > > > 2025-03-05, 00:19:32 +0100, Antonio Quartulli wrote:
2025-03-05, 14:14:36 +0100, Antonio Quartulli wrote:
> On 05/03/2025 12:20, Sabrina Dubroca wrote:
> > 2025-03-05, 00:19:32 +0100, Antonio Quartulli wrote:
> > > On 04/03/2025 19:37, Sabrina Dubroca wrote:
> > > > 2025-03-04, 01:33:48 +0100, Antonio Quartulli wrote:
2025-03-05, 00:19:32 +0100, Antonio Quartulli wrote:
> On 04/03/2025 19:37, Sabrina Dubroca wrote:
> > 2025-03-04, 01:33:48 +0100, Antonio Quartulli wrote:
> > > A peer connected via UDP may change its IP address without reconnecting
> > > (float).
> >
> >
2025-03-05, 02:00:21 +0100, Antonio Quartulli wrote:
> On 05/03/2025 00:09, Sabrina Dubroca wrote:
> > 2025-03-04, 13:11:28 +0100, Antonio Quartulli wrote:
> > > On 04/03/2025 13:00, Sabrina Dubroca wrote:
> > > > 2025-03-04, 01:33:50 +0100, Antonio Qua
2025-03-05, 00:35:09 +0100, Antonio Quartulli wrote:
> On 04/03/2025 20:02, Sabrina Dubroca wrote:
> > 2025-03-04, 01:33:39 +0100, Antonio Quartulli wrote:
> > [...]
> > > +static inline struct ovpn_crypto_key_slot *
> > > +ovpn_crypto_key_id_to_slot(const struct
2025-03-04, 13:11:28 +0100, Antonio Quartulli wrote:
> On 04/03/2025 13:00, Sabrina Dubroca wrote:
> > 2025-03-04, 01:33:50 +0100, Antonio Quartulli wrote:
> > > int ovpn_nl_key_new_doit(struct sk_buff *skb, struct genl_info *info)
> > > {
> > ...
&g
2025-03-04, 01:33:39 +0100, Antonio Quartulli wrote:
> +struct crypto_aead *ovpn_aead_init(const char *title, const char *alg_name,
> +const unsigned char *key,
> +unsigned int keylen)
nit: static? I don't see it used outside this fil
2025-03-04, 01:33:48 +0100, Antonio Quartulli wrote:
> A peer connected via UDP may change its IP address without reconnecting
> (float).
Should that trigger a reset of the peer->dst_cache? And same when
userspace updates the remote address? Otherwise it seems we could be
stuck with a cached dst t
2025-03-04, 01:33:49 +0100, Antonio Quartulli wrote:
> @@ -1317,11 +1336,16 @@ void ovpn_peer_keepalive_work(struct work_struct
> *work)
>
> /* prevent rearming if the interface is being destroyed */
> if (next_run > 0 && ovpn->registered) {
> + time64_t delta = next_run
2025-03-04, 01:33:50 +0100, Antonio Quartulli wrote:
> int ovpn_nl_key_new_doit(struct sk_buff *skb, struct genl_info *info)
> {
...
> + pkr.slot = nla_get_u8(attrs[OVPN_A_KEYCONF_SLOT]);
> + pkr.key.key_id = nla_get_u16(attrs[OVPN_A_KEYCONF_KEY_ID]);
> + pkr.key.cipher_alg = nla_get_
2025-03-03, 15:45:23 +0100, Antonio Quartulli wrote:
> On 03/03/2025 14:08, Sabrina Dubroca wrote:
> > > + if (ovpn_sock && ovpn_sock->sock->sk == sk)
> > > + skip = false;
> > > + rcu_read_unlock
2025-02-27, 02:21:37 +0100, Antonio Quartulli wrote:
> @@ -94,11 +96,23 @@ void ovpn_socket_release(struct ovpn_peer *peer)
>* detached before it can be picked by a concurrent reader.
>*/
> lock_sock(sock->sock->sk);
> - ovpn_socket_put(peer, sock);
> + released = ovpn
Hello, a few minor coding style nits on this patch.
2025-02-27, 02:21:40 +0100, Antonio Quartulli wrote:
> @@ -197,9 +254,16 @@ static int ovpn_netdev_notifier_call(struct
> notifier_block *nb,
> netif_carrier_off(dev);
> ovpn->registered = false;
>
> - i
2025-02-27, 02:21:37 +0100, Antonio Quartulli wrote:
> Moreover export tcp_release_cb by means of EXPORT_SYMBOL instead of
> EXPORT_IPV6_MOD, so that other modules can use it, even if IPV6 is
> not compiled in.
Is that really needed? You're saving tcp.sk_cb.prot, so you could just
call peer->tcp.s
2025-02-27, 02:21:45 +0100, Antonio Quartulli wrote:
> @@ -1310,9 +1329,12 @@ void ovpn_peer_keepalive_work(struct work_struct *work)
> if (next_run > 0 && ovpn->registered) {
> netdev_dbg(ovpn->dev,
> "scheduling keepalive work: now=%llu next_run=%llu
(I'm still reviewing how everything fits together, but one small thing
here:)
2025-02-27, 02:21:34 +0100, Antonio Quartulli wrote:
> +static void ovpn_udp_close(struct sock *sk, long timeout)
> +{
> + struct ovpn_socket *sock;
> + struct ovpn_priv *ovpn;
> +
> + rcu_read_lock();
> +
2025-02-13, 12:46:34 +0100, Antonio Quartulli wrote:
> On 13/02/2025 00:34, Sabrina Dubroca wrote:
> > Hello,
> >
> > 2025-02-11, 01:39:53 +0100, Antonio Quartulli wrote:
> > > All minor and major reported problems have been finally addressed.
> > > Big
Hello,
2025-02-11, 01:39:53 +0100, Antonio Quartulli wrote:
> All minor and major reported problems have been finally addressed.
> Big thanks to Sabrina, who took the time to guide me through
> converting the peer socket to an RCU pointer.
Something is off (not sure if it's new to this version):
Hi Antonio,
Another one I should have spotted a long time ago :(
2025-01-13, 10:31:28 +0100, Antonio Quartulli wrote:
> +int ovpn_aead_encrypt(struct ovpn_peer *peer, struct ovpn_crypto_key_slot
> *ks,
> + struct sk_buff *skb)
> +{
> + const unsigned int tag_size = crypto_a
2025-02-03, 10:52:41 +0100, Sabrina Dubroca wrote:
> 2025-01-13, 10:31:26 +0100, Antonio Quartulli wrote:
> > +static void ovpn_encrypt_post(struct sk_buff *skb, int ret)
> > +{
> > + struct ovpn_peer *peer = ovpn_skb_cb(skb)->peer;
> > +
> > + if (unlikel
2025-02-03, 10:46:19 +0100, Antonio Quartulli wrote:
> On 03/02/2025 00:07, Sabrina Dubroca wrote:
> > 2025-01-13, 10:31:39 +0100, Antonio Quartulli wrote:
> > > + NL_SET_ERR_MSG_FMT_MOD(info->extack,
> > > +"unexpected r
2025-01-13, 10:31:31 +0100, Antonio Quartulli wrote:
> +static void ovpn_tcp_rcv(struct strparser *strp, struct sk_buff *skb)
> +{
[...]
> + /* we need the first byte of data to be accessible
> + * to extract the opcode and the key ID later on
> + */
> + if (!pskb_may_pull(skb, 1)
2025-01-13, 10:31:26 +0100, Antonio Quartulli wrote:
> +static void ovpn_encrypt_post(struct sk_buff *skb, int ret)
> +{
> + struct ovpn_peer *peer = ovpn_skb_cb(skb)->peer;
> +
> + if (unlikely(ret < 0))
> + goto err;
> +
> + skb_mark_not_on_list(skb);
> +
> + switch (p
2025-01-13, 10:31:27 +0100, Antonio Quartulli wrote:
> +/**
> + * ovpn_opcode_from_skb - extract OP code from skb at specified offset
> + * @skb: the packet to extract the OP code from
> + * @offset: the offset in the data buffer where the OP code is located
> + *
> + * Note: this function assumes
2025-01-13, 10:31:36 +0100, Antonio Quartulli wrote:
> +void ovpn_xmit_special(struct ovpn_peer *peer, const void *data,
> +const unsigned int len)
> +{
> + struct ovpn_priv *ovpn;
> + struct sk_buff *skb;
> +
> + ovpn = peer->ovpn;
> + if (unlikely(!ovpn))
> +
2025-01-13, 10:31:39 +0100, Antonio Quartulli wrote:
> +static int ovpn_nl_attr_sockaddr_remote(struct nlattr **attrs,
> + struct sockaddr_storage *ss)
> +{
> + struct sockaddr_in6 *sin6;
> + struct sockaddr_in *sin;
> + struct in6_addr *in6;
> +
2025-01-13, 10:31:34 +0100, Antonio Quartulli wrote:
> static int ovpn_newlink(struct net *src_net, struct net_device *dev,
> struct nlattr *tb[], struct nlattr *data[],
> struct netlink_ext_ack *extack)
> {
> struct ovpn_priv *ovpn = netdev_priv(
2025-01-13, 10:31:24 +0100, Antonio Quartulli wrote:
> +static int ovpn_peer_del_p2p(struct ovpn_peer *peer,
> + enum ovpn_del_peer_reason reason)
> +{
> + struct ovpn_peer *tmp;
> +
> + lockdep_assert_held(&peer->ovpn->lock);
> +
> + tmp = rcu_dereference_prote
2025-01-22, 01:40:47 +0100, Antonio Quartulli wrote:
> On 17/01/2025 12:48, Sabrina Dubroca wrote:
> [...]
> > With the delayed socket release (which is similar to what was in v11,
> > but now with refcounting on the netdevice which should make
> > rtnl_link_unregis
2025-01-22, 00:26:50 +0100, Antonio Quartulli wrote:
> On 20/01/2025 15:52, Antonio Quartulli wrote:
> > On 17/01/2025 12:48, Sabrina Dubroca wrote:
> > [...]
> > > 8<
> > >
> > > diff --git a/drivers/net/ovpn/netlink.c b/driver
2025-01-20, 22:20:40 +0100, Antonio Quartulli wrote:
> On 20/01/2025 11:45, Antonio Quartulli wrote:
> [...]
> > > > > > > I'm not sure what this (and the peer flushing on NETDEV_DOWN) is
> > > > > > > trying to accomplish. Is it a problem to keep peers
> > > > > > > when the netdevice
> > > > > >
2025-01-20, 11:45:55 +0100, Antonio Quartulli wrote:
> On 20/01/2025 11:09, Sabrina Dubroca wrote:
> > 2025-01-19, 14:12:05 +0100, Antonio Quartulli wrote:
> > > On 17/01/2025 18:12, Sabrina Dubroca wrote:
> > > > 2025-01-17, 13:59:35 +0100, Antonio Quartulli wrote:
2025-01-20, 15:12:28 +0100, Antonio Quartulli wrote:
> On 17/01/2025 18:14, Sabrina Dubroca wrote:
> > 2025-01-13, 10:31:31 +0100, Antonio Quartulli wrote:
> > > +static int ovpn_tcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t
> > > len,
> > >
2025-01-19, 14:12:05 +0100, Antonio Quartulli wrote:
> On 17/01/2025 18:12, Sabrina Dubroca wrote:
> > 2025-01-17, 13:59:35 +0100, Antonio Quartulli wrote:
> > > On 17/01/2025 12:48, Sabrina Dubroca wrote:
> > > > 2025-01-13, 10:31:39 +0100, Antonio Qua
2025-01-13, 10:31:31 +0100, Antonio Quartulli wrote:
> +static int ovpn_tcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
> + int flags, int *addr_len)
> +{
> + int err = 0, off, copied = 0, ret;
> + struct ovpn_socket *sock;
> + struct ovpn_peer *peer
2025-01-17, 13:59:35 +0100, Antonio Quartulli wrote:
> On 17/01/2025 12:48, Sabrina Dubroca wrote:
> > 2025-01-13, 10:31:39 +0100, Antonio Quartulli wrote:
> > > int ovpn_nl_peer_new_doit(struct sk_buff *skb, struct genl_info *info)
> > > {
> > > - retur
2025-01-13, 10:31:28 +0100, Antonio Quartulli wrote:
> static bool ovpn_encrypt_one(struct ovpn_peer *peer, struct sk_buff *skb)
> {
> - ovpn_skb_cb(skb)->peer = peer;
> + struct ovpn_crypto_key_slot *ks;
> +
> + if (unlikely(skb->ip_summed == CHECKSUM_PARTIAL &&
> +
2025-01-13, 10:31:24 +0100, Antonio Quartulli wrote:
> +static void ovpn_peer_release(struct ovpn_peer *peer)
> +{
> + ovpn_bind_reset(peer, NULL);
> + netdev_put(peer->ovpn->dev, &peer->dev_tracker);
I think this needs to move after the call_rcu. Otherwise, module
unload could proceed (no
2025-01-13, 10:31:39 +0100, Antonio Quartulli wrote:
> int ovpn_nl_peer_new_doit(struct sk_buff *skb, struct genl_info *info)
> {
> - return -EOPNOTSUPP;
> + struct nlattr *attrs[OVPN_A_PEER_MAX + 1];
> + struct ovpn_priv *ovpn = info->user_ptr[0];
> + struct ovpn_socket *ovpn_soc
@maintainers could I get another day or two to poke at the new socket
release mechanism? I haven't had time to look at it in depth yet.
Just a small thing I saw on this patch:
2025-01-13, 10:31:31 +0100, Antonio Quartulli wrote:
> +int ovpn_tcp_socket_attach(struct socket *sock, struct ovpn_peer
2025-01-06, 00:27:28 +0100, Antonio Quartulli wrote:
> Hi Sabrina,
>
> On 03/01/2025 18:00, Sabrina Dubroca wrote:
> > Hello Antonio,
> >
> > 2024-12-19, 02:42:01 +0100, Antonio Quartulli wrote:
> > > +static void ovpn_socket_release_kref(struct kref *kre
Hello Antonio,
2024-12-19, 02:42:01 +0100, Antonio Quartulli wrote:
> +static void ovpn_socket_release_kref(struct kref *kref)
> + __releases(sock->sock->sk)
> +{
> + struct ovpn_socket *sock = container_of(kref, struct ovpn_socket,
> + refcount)
(just a few nits here)
2024-12-11, 22:15:13 +0100, Antonio Quartulli wrote:
> +static inline struct ovpn_crypto_key_slot *
> +ovpn_crypto_key_id_to_slot(const struct ovpn_crypto_state *cs, u8 key_id)
> +{
> + struct ovpn_crypto_key_slot *ks;
> + u8 idx;
> +
> + if (unlikely(!cs))
> +
2024-12-16, 15:09:17 +0100, Antonio Quartulli wrote:
> On 16/12/2024 14:59, Sabrina Dubroca wrote:
> > 2024-12-11, 22:15:15 +0100, Antonio Quartulli wrote:
> > > +static void ovpn_tcp_close(struct sock *sk, long timeout)
> > > +{
> > > + struct ovpn_socket
2024-12-11, 22:15:14 +0100, Antonio Quartulli wrote:
> diff --git a/drivers/net/ovpn/peer.h b/drivers/net/ovpn/peer.h
> index
> 1b427870df2cf972e0f572e046452378358f245a..61c54fb864d990ff3d746f18c9a06d4c950bd1ac
> 100644
> --- a/drivers/net/ovpn/peer.h
> +++ b/drivers/net/ovpn/peer.h
> @@ -13,6 +1
2024-12-11, 22:15:15 +0100, Antonio Quartulli wrote:
> @@ -42,6 +56,31 @@ struct ovpn_peer {
> struct in6_addr ipv6;
> } vpn_addrs;
> struct ovpn_socket *sock;
> +
> + /* state of the TCP reading. Needed to keep track of how much of a
> + * single packet has alrea
2024-12-12, 23:46:11 +0100, Antonio Quartulli wrote:
> On 12/12/2024 17:19, Sabrina Dubroca wrote:
> > 2024-12-11, 22:15:10 +0100, Antonio Quartulli wrote:
> > > +static struct ovpn_socket *ovpn_socket_get(struct socket *sock)
> > > +{
> >
2024-12-11, 22:15:10 +0100, Antonio Quartulli wrote:
> +static struct ovpn_socket *ovpn_socket_get(struct socket *sock)
> +{
> + struct ovpn_socket *ovpn_sock;
> +
> + rcu_read_lock();
> + ovpn_sock = rcu_dereference_sk_user_data(sock->sk);
> + if (WARN_ON(!ovpn_socket_hold(ovpn_soc
2024-12-03, 15:58:17 +0100, Antonio Quartulli wrote:
> On 02/12/2024 16:07, Antonio Quartulli wrote:
> [...]
> > +#define ovpn_get_hash_slot(_key, _key_len, _tbl) ({\
> > + typeof(_tbl) *__tbl = &(_tbl); \
> > + jhash(_key, _key_len, 0) % HASH_SIZE(*__tbl); \
> > +})
2024-11-14, 11:32:36 +0100, Antonio Quartulli wrote:
> On 13/11/2024 12:05, Sabrina Dubroca wrote:
> > 2024-11-12, 15:26:59 +0100, Antonio Quartulli wrote:
> > > On 11/11/2024 16:41, Sabrina Dubroca wrote:
> > > > 2024-10-29, 11:47:31 +0100, Antonio Qu
2024-11-26, 02:32:38 +0200, Sergey Ryazanov wrote:
> On 15.11.2024 17:02, Antonio Quartulli wrote:
> > On 11/11/2024 02:54, Sergey Ryazanov wrote:
> > [...]
> > > > + skb_reset_transport_header(skb);
> > > > + skb_probe_transport_header(skb);
> > > > + skb_reset_inner_headers(skb);
> > > >
2024-11-27, 02:40:02 +0100, Antonio Quartulli wrote:
> On 26/11/2024 09:49, Antonio Quartulli wrote:
> [...]
> > >
> > > The potential issue is tricky since we create it patch-by-patch.
> > >
> > > Up to this patch the socket releasing procedure looks solid and
> > > reliable. E.g. the P2P netdev
2024-11-22, 10:41:26 +0100, Antonio Quartulli wrote:
> On 12/11/2024 14:20, Antonio Quartulli wrote:
> [...]
> > > > +static int ovpn_peer_del_nolock(struct ovpn_peer *peer,
> > > > + enum ovpn_del_peer_reason reason)
> > > > +{
> > > > + switch (peer->ovpn->mode) {
> > > > + c
[I'm still thinking about the locking problems for ovpn_peer_float,
but just noticed this while staring at the rehash code]
2024-10-29, 11:47:31 +0100, Antonio Quartulli wrote:
> +void ovpn_peer_hash_vpn_ip(struct ovpn_peer *peer)
> + __must_hold(&peer->ovpn->peers->lock)
> +{
> + struct h
2024-11-20, 12:34:08 +0100, Antonio Quartulli wrote:
> On 20/11/2024 12:12, Sabrina Dubroca wrote:
[...]
> > > > I don't know when userspace would use v4mapped addresses,
> > >
> > > It happens when listening on [::] with a v6 socket that has no
> >
2024-11-14, 11:38:51 +0100, Antonio Quartulli wrote:
> On 13/11/2024 15:28, Sabrina Dubroca wrote:
> > Around that same "which netns" question, ovpn_udp{4,6}_output uses the
> > socket's, but ovpn_nexthop_from_rt{4,6} uses the netdev's.
>
> I think thi
2024-10-29, 11:47:19 +0100, Antonio Quartulli wrote:
> +/**
> + * struct ovpn_peer - the main remote peer object
> + * @ovpn: main openvpn instance this peer belongs to
> + * @id: unique identifier
> + * @vpn_addrs: IP addresses assigned over the tunnel
> + * @vpn_addrs.ipv4: IPv4 assigned to peer
2024-10-29, 11:47:21 +0100, Antonio Quartulli wrote:
> +static int ovpn_udp4_output(struct ovpn_struct *ovpn, struct ovpn_bind *bind,
> + struct dst_cache *cache, struct sock *sk,
> + struct sk_buff *skb)
> +{
[...]
> + if (unlikely(!inet_confirm_
2024-11-14, 10:21:18 +0100, Antonio Quartulli wrote:
> On 13/11/2024 17:56, Sabrina Dubroca wrote:
> > 2024-11-12, 15:19:50 +0100, Antonio Quartulli wrote:
> > > On 04/11/2024 16:14, Sabrina Dubroca wrote:
> > > > 2024-10-29, 11:47:31 +0100, Antonio Quartull
2024-11-14, 09:12:01 +0100, Antonio Quartulli wrote:
> On 13/11/2024 11:36, Sabrina Dubroca wrote:
> > 2024-11-12, 14:20:45 +0100, Antonio Quartulli wrote:
> > > On 05/11/2024 19:10, Sabrina Dubroca wrote:
> > > > 2024-10-29, 11:47:28 +0100, Antonio Quartulli wrote
2024-11-12, 15:19:50 +0100, Antonio Quartulli wrote:
> On 04/11/2024 16:14, Sabrina Dubroca wrote:
> > 2024-10-29, 11:47:31 +0100, Antonio Quartulli wrote:
> > > +static int ovpn_nl_peer_precheck(struct ovpn_struct *ovpn,
> > > +
2024-11-12, 16:44:09 +0100, Antonio Quartulli wrote:
> On 05/11/2024 11:33, Sabrina Dubroca wrote:
> > 2024-10-29, 11:47:33 +0100, Antonio Quartulli wrote:
> > > +int ovpn_nl_key_swap_notify(struct ovpn_peer *peer, u8 key_id)
> > > +{
> > [...]
> &g
2024-11-12, 15:03:00 +0100, Antonio Quartulli wrote:
> On 12/11/2024 11:56, Sabrina Dubroca wrote:
> > 2024-10-29, 11:47:30 +0100, Antonio Quartulli wrote:
> > > diff --git a/drivers/net/ovpn/io.c b/drivers/net/ovpn/io.c
> > > index
> > > 63c1
2024-11-12, 15:26:59 +0100, Antonio Quartulli wrote:
> On 11/11/2024 16:41, Sabrina Dubroca wrote:
> > 2024-10-29, 11:47:31 +0100, Antonio Quartulli wrote:
> > > +void ovpn_peer_hash_vpn_ip(struct ovpn_peer *peer)
> > > + __must_hold(&peer->ovpn->peers->l
2024-11-12, 14:20:45 +0100, Antonio Quartulli wrote:
> On 05/11/2024 19:10, Sabrina Dubroca wrote:
> > 2024-10-29, 11:47:28 +0100, Antonio Quartulli wrote:
> > > @@ -105,6 +132,9 @@ void ovpn_decrypt_post(void *data, int ret)
> > > goto drop;
> &
2024-11-13, 03:37:13 +0200, Sergey Ryazanov wrote:
> On 12.11.2024 19:31, Sabrina Dubroca wrote:
> > 2024-11-10, 15:38:27 +0200, Sergey Ryazanov wrote:
> > > On 29.10.2024 12:47, Antonio Quartulli wrote:
> > > > An ovpn_peer object holds the whole status of a r
2024-11-09, 03:01:21 +0200, Sergey Ryazanov wrote:
> On 29.10.2024 12:47, Antonio Quartulli wrote:
> > +/* When the OpenVPN protocol is ran in AEAD mode, use
> > + * the OpenVPN packet ID as the AEAD nonce:
> > + *
> > + *0005 521c3b01 4308c041
> > + *[seq # ] [ nonce_tail ]
> > + *
2024-11-10, 15:38:27 +0200, Sergey Ryazanov wrote:
> On 29.10.2024 12:47, Antonio Quartulli wrote:
> > An ovpn_peer object holds the whole status of a remote peer
> > (regardless whether it is a server or a client).
> >
> > This includes status for crypto, tx/rx buffers, napi, etc.
> >
> > Only s
2024-11-11, 00:32:51 +0200, Sergey Ryazanov wrote:
> On 29.10.2024 12:47, Antonio Quartulli wrote:
> > +static void ovpn_encrypt_post(struct sk_buff *skb, int ret)
> > +{
> > + struct ovpn_peer *peer = ovpn_skb_cb(skb)->peer;
> > +
> > + if (unlikely(ret < 0))
> > + goto err;
> > +
>
2024-10-29, 11:47:30 +0100, Antonio Quartulli wrote:
> diff --git a/drivers/net/ovpn/io.c b/drivers/net/ovpn/io.c
> index
> 63c140138bf98e5d1df79a2565b666d86513323d..0e8a6f2c76bc7b2ccc287ad1187cf50f033bf261
> 100644
> --- a/drivers/net/ovpn/io.c
> +++ b/drivers/net/ovpn/io.c
> @@ -135,6 +135,15 @
2024-10-29, 11:47:31 +0100, Antonio Quartulli wrote:
> +static int ovpn_nl_peer_modify(struct ovpn_peer *peer, struct genl_info
> *info,
> +struct nlattr **attrs)
> +{
> + struct sockaddr_storage ss = {};
> + u32 sockfd, interv, timeout;
> + struct socket *s
2024-10-29, 11:47:28 +0100, Antonio Quartulli wrote:
> @@ -105,6 +132,9 @@ void ovpn_decrypt_post(void *data, int ret)
> goto drop;
> }
>
> + /* keep track of last received authenticated packet for keepalive */
> + peer->last_recv = ktime_get_real_seconds();
It doesn'
2024-10-30, 21:47:58 +0100, Antonio Quartulli wrote:
> On 30/10/2024 17:37, Sabrina Dubroca wrote:
> > 2024-10-29, 11:47:19 +0100, Antonio Quartulli wrote:
> > > +static void ovpn_peer_release(struct ovpn_peer *peer)
> > > +{
> > > + ovpn_bind_reset(peer, NULL
2024-10-29, 11:47:33 +0100, Antonio Quartulli wrote:
> +int ovpn_nl_key_swap_notify(struct ovpn_peer *peer, u8 key_id)
> +{
[...]
> +
> + nla_nest_end(msg, k_attr);
> + genlmsg_end(msg, hdr);
> +
> + genlmsg_multicast_netns(&ovpn_nl_family, dev_net(peer->ovpn->dev), msg,
> +
2024-10-29, 11:47:32 +0100, Antonio Quartulli wrote:
> This change introduces the netlink commands needed to add, get, delete
> and swap keys for a specific peer.
>
> Userspace is expected to use these commands to create, inspect (non
> sensible data only), destroy and rotate session keys for a sp
2024-10-29, 11:47:31 +0100, Antonio Quartulli wrote:
> +static int ovpn_nl_peer_precheck(struct ovpn_struct *ovpn,
> + struct genl_info *info,
> + struct nlattr **attrs)
> +{
> + if (NL_REQ_ATTR_CHECK(info->extack, info->attrs[OVPN_A_PEE
2024-10-29, 11:47:30 +0100, Antonio Quartulli wrote:
> +static int ovpn_peer_reset_sockaddr(struct ovpn_peer *peer,
> + const struct sockaddr_storage *ss,
> + const u8 *local_ip)
> + __must_hold(&peer->lock)
> +{
> + struct ovp
2024-10-29, 11:47:27 +0100, Antonio Quartulli wrote:
> struct ovpn_peer *ovpn_peer_get_by_transp_addr(struct ovpn_struct *ovpn,
> struct sk_buff *skb)
> {
> - struct ovpn_peer *peer = NULL;
> + struct ovpn_peer *tmp, *peer = NULL;
> struc
2024-10-29, 11:47:25 +0100, Antonio Quartulli wrote:
> +static void ovpn_socket_release_work(struct work_struct *work)
> +{
> + struct ovpn_socket *sock = container_of(work, struct ovpn_socket, work);
> +
> + ovpn_socket_detach(sock->sock);
> + kfree_rcu(sock, rcu);
> +}
> +
> +static v
2024-10-29, 11:47:24 +0100, Antonio Quartulli wrote:
> @@ -136,6 +139,10 @@ void ovpn_decrypt_post(void *data, int ret)
> goto drop;
> }
>
> + /* increment RX stats */
> + ovpn_peer_stats_increment_rx(&peer->vpn_stats, skb->len);
> + ovpn_peer_stats_increment_rx(&p
2024-10-29, 11:47:22 +0100, Antonio Quartulli wrote:
> +static int ovpn_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
> +{
[...]
> + opcode = ovpn_opcode_from_skb(skb, sizeof(struct udphdr));
> + if (unlikely(opcode != OVPN_DATA_V2)) {
> + /* DATA_V1 is not supported */
>
2024-10-29, 11:47:21 +0100, Antonio Quartulli wrote:
> +static void ovpn_send(struct ovpn_struct *ovpn, struct sk_buff *skb,
> + struct ovpn_peer *peer)
> +{
> + struct sk_buff *curr, *next;
> +
> + if (likely(!peer))
> + /* retrieve peer serving the destinatio
2024-10-29, 11:47:19 +0100, Antonio Quartulli wrote:
> +static void ovpn_peer_release(struct ovpn_peer *peer)
> +{
> + ovpn_bind_reset(peer, NULL);
> +
> + dst_cache_destroy(&peer->dst_cache);
Is it safe to destroy the cache at this time? In the same function, we
use rcu to free the peer,
2019-08-20, 12:01:40 +0200, Antoine Tenart wrote:
> So it seems the ability to enable or disable the offloading on a given
> interface is the main missing feature. I'll add that, however I'll
> probably (at least at first):
>
> - Have the interface to be fully offloaded or fully handled in s/w (wi
1 - 100 of 178 matches
Mail list logo
