ovpn_peer, also the ovpn_bind object is introcued
as the two are strictly related.
An ovpn_bind object wraps a sockaddr representing the local
coordinates being used to talk to a specific peer.
Signed-off-by: Antonio Quartulli
---
drivers/net/Kconfig | 1 +
drivers/net/ovpn/Makefile
This change implements encryption/decryption and
encapsulation/decapsulation of OpenVPN packets.
Support for generic crypto state is added along with
a wrapper for the AEAD crypto kernel API.
Signed-off-by: Antonio Quartulli
---
drivers/net/Kconfig| 4 +
drivers/net/ovpn/Makefile
/ovpn/netlink-gen.h
Cc: donald.hun...@gmail.com
Signed-off-by: Antonio Quartulli
---
Documentation/netlink/specs/ovpn.yaml | 368 ++
MAINTAINERS | 2 +
drivers/net/ovpn/Makefile | 2 +
drivers/net/ovpn/main.c
Byte/packet counters for in-tunnel and transport streams
are now initialized and updated as needed.
To be exported via netlink.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/Makefile | 1 +
drivers/net/ovpn/io.c | 12 +++-
drivers/net/ovpn/peer.c | 2 ++
drivers/net
With this change an ovpn instance will be able to stay connected to
multiple remote endpoints.
This functionality is strictly required when running ovpn on an
OpenVPN server.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/main.c | 67 +++-
drivers/net/ovpn
This change introduces the netlink command needed to add, delete and
retrieve/dump known peers. Userspace is expected to use these commands
to handle known peer lifecycles.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/netlink.c | 629
OpenVPN supports configuring a periodic keepalive packet.
message to allow the remote endpoint detect link failures.
This change implements the keepalive sending and timer expiring logic.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/io.c | 77 +
drivers/net
a later
patch.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/Makefile | 2 +
drivers/net/ovpn/socket.c | 119 ++
drivers/net/ovpn/socket.h | 48 +++
drivers/net/ovpn/udp.c| 65 +
drivers/net/ovpn
An ovpn interface configured in MP mode will keep carrier always
on and let the user decide when to bring it administratively up and
down.
This way a MP node (i.e. a server) will keep its interface always
up and running, even when no peer is connected.
Signed-off-by: Antonio Quartulli
`ping`, `iperf` and `ovpn-cli`
itself.
In general it is useful only in case of failure, in order to
understand which step has failed and why.
Cc: linux-kselft...@vger.kernel.org
Signed-off-by: Antonio Quartulli
Reviewed-by: Shuah Khan
---
MAINTAINERS|1
Packets received over the socket are forwarded to the user device.
Implementation is UDP only. TCP will be added by a later patch.
Note: no decryption/decapsulation exists yet, packets are forwarded as
they arrive without much processing.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn
On 12/11/2024 17:47, Sabrina Dubroca wrote:
2024-11-09, 03:01:21 +0200, Sergey Ryazanov wrote:
On 29.10.2024 12:47, Antonio Quartulli wrote:
+/* When the OpenVPN protocol is ran in AEAD mode, use
+ * the OpenVPN packet ID as the AEAD nonce:
+ *
+ *0005 521c3b01 4308c041
+ *[seq
On 13/11/2024 11:36, Sabrina Dubroca wrote:
2024-11-12, 14:20:45 +0100, Antonio Quartulli wrote:
On 05/11/2024 19:10, Sabrina Dubroca wrote:
2024-10-29, 11:47:28 +0100, Antonio Quartulli wrote:
@@ -105,6 +132,9 @@ void ovpn_decrypt_post(void *data, int ret)
goto drop
On 13/11/2024 12:25, Sabrina Dubroca wrote:
2024-11-12, 15:03:00 +0100, Antonio Quartulli wrote:
On 12/11/2024 11:56, Sabrina Dubroca wrote:
2024-10-29, 11:47:30 +0100, Antonio Quartulli wrote:
diff --git a/drivers/net/ovpn/io.c b/drivers/net/ovpn/io.c
index
On 10/11/2024 20:52, Sergey Ryazanov wrote:
On 29.10.2024 12:47, Antonio Quartulli wrote:
[...]
+static void ovpn_peer_release(struct ovpn_peer *peer)
+{
+ ovpn_bind_reset(peer, NULL);
+
nit: this empty line after ovpn_bind_reset() is removed in the
'implement basic TX path (UDP)&#
On 13/11/2024 17:56, Sabrina Dubroca wrote:
2024-11-12, 15:19:50 +0100, Antonio Quartulli wrote:
On 04/11/2024 16:14, Sabrina Dubroca wrote:
2024-10-29, 11:47:31 +0100, Antonio Quartulli wrote:
+static int ovpn_nl_peer_precheck(struct ovpn_struct *ovpn,
+struct
On 13/11/2024 15:28, Sabrina Dubroca wrote:
2024-11-12, 16:44:09 +0100, Antonio Quartulli wrote:
On 05/11/2024 11:33, Sabrina Dubroca wrote:
2024-10-29, 11:47:33 +0100, Antonio Quartulli wrote:
+int ovpn_nl_key_swap_notify(struct ovpn_peer *peer, u8 key_id)
+{
[...]
+
+ nla_nest_end
T_OVPN_UDP_H_
+#include
+#include
+
+struct ovpn_peer;
struct ovpn_struct;
+struct sk_buff;
This declaration looks odd since we already have skbuff.h included above.
I believe originally there was no include, then I need to add that.
Will double check,
Thanks a lot!
Regards,
--
Antonio Quartulli
OpenVPN Inc.
On 06/11/2024 02:18, Sergey Ryazanov wrote:
Hi Antonio,
On 29.10.2024 12:47, Antonio Quartulli wrote:
Notable changes from v10:
* extended commit message of 23/23 with brief description of the output
* Link to v10: https://lore.kernel.org/r/20241025-b4-ovpn-v10-0-
b87530777...@openvpn.net
On 13/11/2024 12:05, Sabrina Dubroca wrote:
2024-11-12, 15:26:59 +0100, Antonio Quartulli wrote:
On 11/11/2024 16:41, Sabrina Dubroca wrote:
2024-10-29, 11:47:31 +0100, Antonio Quartulli wrote:
+void ovpn_peer_hash_vpn_ip(struct ovpn_peer *peer)
+ __must_hold(&peer->ovpn->p
7;d like to keep it as it is to avoid the ovpn interface
to make decisions on its own.
I can spell this out in the comment (I think it definitely makes sense),
to clarify that the netcarrier is expected to be driven by userspace
(where the control plane is) rather than having the device make
decisions without having the full picture.
What do you think?
Regards,
--
Antonio Quartulli
OpenVPN Inc.
either.
Can you please point out the code where other virtual drivers are doing
what you are suggesting so I can have a look?
Wireguard is the closest module in terms of concept and I couldn't see
anything like that. Neither in ipsec.
But I may have overlooked something.
Please let me know.
Regards,
--
Antonio Quartulli
OpenVPN Inc.
On 26/11/2024 02:05, Sergey Ryazanov wrote:
Hi Antonio,
the question was addressed to Sabrina, but since I've already touched
this topic in the another patch, let me put my 2c here.
On 16.11.2024 02:33, Antonio Quartulli wrote:
On 31/10/2024 16:25, Sabrina Dubroca wrote:
2024-10-29,
On 26/11/2024 01:32, Sergey Ryazanov wrote:
On 15.11.2024 17:02, Antonio Quartulli wrote:
On 11/11/2024 02:54, Sergey Ryazanov wrote:
[...]
+/* Called after decrypt to write the IP packet to the device.
+ * This method is expected to manage/free the skb.
+ */
+static void ovpn_netdev_write
is done and can release
the peer.
Regards,
--
Antonio Quartulli
OpenVPN Inc.
On 29/11/2024 17:10, Sabrina Dubroca wrote:
2024-11-26, 02:32:38 +0200, Sergey Ryazanov wrote:
On 15.11.2024 17:02, Antonio Quartulli wrote:
On 11/11/2024 02:54, Sergey Ryazanov wrote:
[...]
+ skb_reset_transport_header(skb);
+ skb_probe_transport_header(skb
On 29/11/2024 18:00, Sabrina Dubroca wrote:
2024-11-14, 11:32:36 +0100, Antonio Quartulli wrote:
On 13/11/2024 12:05, Sabrina Dubroca wrote:
2024-11-12, 15:26:59 +0100, Antonio Quartulli wrote:
On 11/11/2024 16:41, Sabrina Dubroca wrote:
2024-10-29, 11:47:31 +0100, Antonio Quartulli wrote
On 29/11/2024 14:20, Sabrina Dubroca wrote:
2024-11-27, 02:40:02 +0100, Antonio Quartulli wrote:
On 26/11/2024 09:49, Antonio Quartulli wrote:
[...]
The potential issue is tricky since we create it patch-by-patch.
Up to this patch the socket releasing procedure looks solid and
reliable. E.g
A peer connected via UDP may change its IP address without reconnecting
(float).
Add support for detecting and updating the new peer IP/port in case of
floating.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/bind.c | 9 +-
drivers/net/ovpn/io.c | 4 +
drivers/net/ovpn/peer.c
On 02/12/2024 16:07, Antonio Quartulli wrote:
[...]
+/**
+ * ovpn_udp_output - transmit skb using udp-tunnel
+ * @peer: the destination peer
+ * @cache: dst cache
+ * @sk: the socket to send the packet over
+ * @skb: the packet to send
+ *
+ * rcu_read_lock should be held on entry.
+ * On return
On 02/12/2024 16:07, Antonio Quartulli wrote:
[...]
+#define ovpn_get_hash_slot(_key, _key_len, _tbl) ({\
+ typeof(_tbl) *__tbl = &(_tbl); \
+ jhash(_key, _key_len, 0) % HASH_SIZE(*__tbl); \
+})
+
+#define ovpn_get_hash_head(_tbl, _key, _key
On 03/12/2024 15:58, Paolo Abeni wrote:
On 12/2/24 16:07, Antonio Quartulli wrote:
@@ -286,6 +292,31 @@ struct ovpn_peer *ovpn_peer_get_by_dst(struct ovpn_priv
*ovpn,
return peer;
}
+/**
+ * ovpn_peer_check_by_src - check that skb source is routed via peer
+ * @ovpn: the openvpn
This is a no-op after the previous call. You should drop it.
Thanks Paolo, I'll drop it.
Regards,
--
Antonio Quartulli
OpenVPN Inc.
On 02/12/2024 16:07, Antonio Quartulli wrote:
[...]
+
+/**
+ * ovpn_peer_unhash - remove peer reference from all hashtables
+ * @peer: the peer to remove
+ * @reason: the delete reason to attach to the peer
+ */
+static void ovpn_peer_unhash(struct ovpn_peer *peer
On 03/12/2024 17:09, Sabrina Dubroca wrote:
2024-12-03, 15:58:17 +0100, Antonio Quartulli wrote:
On 02/12/2024 16:07, Antonio Quartulli wrote:
[...]
+#define ovpn_get_hash_slot(_key, _key_len, _tbl) ({\
+ typeof(_tbl) *__tbl = &(_tbl); \
+ jhash(
On 03/12/2024 18:46, Paolo Abeni wrote:
On 12/2/24 16:07, Antonio Quartulli wrote:
+/**
+ * ovpn_nl_peer_modify - modify the peer attributes according to the incoming
msg
+ * @peer: the peer to modify
+ * @info: generic netlink info from the user request
+ * @attrs: the attributes from the
On 03/12/2024 16:19, Paolo Abeni wrote:
On 12/2/24 16:07, Antonio Quartulli wrote:
+void ovpn_tcp_socket_detach(struct socket *sock)
+{
+ struct ovpn_socket *ovpn_sock;
+ struct ovpn_peer *peer;
+
+ if (!sock)
+ return;
+
+ rcu_read_lock
On 04/12/2024 09:28, Antonio Quartulli wrote:
On 03/12/2024 17:09, Sabrina Dubroca wrote:
2024-12-03, 15:58:17 +0100, Antonio Quartulli wrote:
On 02/12/2024 16:07, Antonio Quartulli wrote:
[...]
+#define ovpn_get_hash_slot(_key, _key_len, _tbl) ({ \
+ typeof(_tbl) *__tbl = &(
On 04/12/2024 12:15, Antonio Quartulli wrote:
[...]
+static void ovpn_tcp_close(struct sock *sk, long timeout)
+{
+ struct ovpn_socket *sock;
+
+ rcu_read_lock();
+ sock = rcu_dereference_sk_user_data(sk);
+
+ strp_stop(&sock->peer->tcp.strp);
+ barrier();
Again, is no
Paolo,
On 04/12/2024 12:15, Antonio Quartulli wrote:
[...]
+ mutex_lock(&tcp6_prot_mutex);
+ if (!ovpn_tcp6_prot.recvmsg)
+ ovpn_tcp_build_protos(&ovpn_tcp6_prot, &ovpn_tcp6_ops,
+ sock->sk->sk_prot,
+
On 04/12/2024 23:52, Antonio Quartulli wrote:
Paolo,
On 04/12/2024 12:15, Antonio Quartulli wrote:
[...]
+ mutex_lock(&tcp6_prot_mutex);
+ if (!ovpn_tcp6_prot.recvmsg)
+ ovpn_tcp_build_protos(&ovpn_tcp6_prot, &ovpn_tcp6_ops,
+ sock-
On 09/12/2024 11:46, Matthieu Baerts wrote:
Hi Antonio,
Thank you for working on this, and sharing your work here!
On 05/12/2024 00:09, Antonio Quartulli wrote:
On 04/12/2024 23:52, Antonio Quartulli wrote:
Paolo,
On 04/12/2024 12:15, Antonio Quartulli wrote:
[...]
+ mutex_lock
/ovpn/netlink-gen.h
Cc: donald.hun...@gmail.com
Signed-off-by: Antonio Quartulli
---
Documentation/netlink/specs/ovpn.yaml | 368 ++
MAINTAINERS | 2 +
drivers/net/ovpn/Makefile | 2 +
drivers/net/ovpn/main.c
since the review.
The latest code can also be found at:
https://github.com/OpenVPN/linux-kernel-ovpn
Thanks a lot!
Best Regards,
Antonio Quartulli
OpenVPN Inc.
---
Antonio Quartulli (22):
net: introduce OpenVPN Data Channel Offload (ovpn)
ovpn: add basic netlink support
ovpn
Packets received over the socket are forwarded to the user device.
Implementation is UDP only. TCP will be added by a later patch.
Note: no decryption/decapsulation exists yet, packets are forwarded as
they arrive without much processing.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn
ovpn_peer, also the ovpn_bind object is introcued
as the two are strictly related.
An ovpn_bind object wraps a sockaddr representing the local
coordinates being used to talk to a specific peer.
Signed-off-by: Antonio Quartulli
---
drivers/net/Kconfig | 1 +
drivers/net/ovpn/Makefile
Packets sent over the ovpn interface are processed and transmitted to the
connected peer, if any.
Implementation is UDP only. TCP will be added by a later patch.
Note: no crypto/encapsulation exists yet. Packets are just captured and
sent.
Signed-off-by: Antonio Quartulli
---
drivers/net
a later
patch.
Cc: willemdebruijn.ker...@gmail.com
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/Makefile | 2 +
drivers/net/ovpn/socket.c | 119 ++
drivers/net/ovpn/socket.h | 48 +++
drivers/net/ovpn/udp.c| 65
An ovpn interface configured in MP mode will keep carrier always
on and let the user decide when to bring it administratively up and
down.
This way a MP node (i.e. a server) will keep its interface always
up and running, even when no peer is connected.
Signed-off-by: Antonio Quartulli
With this change an ovpn instance will be able to stay connected to
multiple remote endpoints.
This functionality is strictly required when running ovpn on an
OpenVPN server.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/main.c | 67 -
drivers/net/ovpn
: Antonio Quartulli
---
drivers/net/ovpn/peer.c | 301 ++--
1 file changed, 291 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c
index
9f213ccacfaf8170b9c23730498f156360774d7e
This change introduces the netlink command needed to add, delete and
retrieve/dump known peers. Userspace is expected to use these commands
to handle known peer lifecycles.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/netlink.c | 631
A peer connected via UDP may change its IP address without reconnecting
(float).
Add support for detecting and updating the new peer IP/port in case of
floating.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/bind.c | 9 +-
drivers/net/ovpn/io.c | 4 +
drivers/net/ovpn/peer.c
Whenever a peer is deleted, send a notification to userspace so that it
can react accordingly.
This is most important when a peer is deleted due to ping timeout,
because it all happens in kernelspace and thus userspace has no direct
way to learn about it.
Signed-off-by: Antonio Quartulli
ff-by: Antonio Quartulli
---
MAINTAINERS | 8
drivers/net/Kconfig | 7 +++
drivers/net/Makefile | 1 +
drivers/net/ovpn/Makefile | 10 +
drivers/net/ovpn/main.c | 112 ++
5 files changed, 138 insertions(+)
diff
Add basic infrastructure for handling ovpn interfaces.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/Makefile | 1 +
drivers/net/ovpn/io.c | 22 +
drivers/net/ovpn/io.h | 24 ++
drivers/net/ovpn/main.c | 102
This change implements encryption/decryption and
encapsulation/decapsulation of OpenVPN packets.
Support for generic crypto state is added along with
a wrapper for the AEAD crypto kernel API.
Signed-off-by: Antonio Quartulli
---
drivers/net/Kconfig| 4 +
drivers/net/ovpn/Makefile
Byte/packet counters for in-tunnel and transport streams
are now initialized and updated as needed.
To be exported via netlink.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/Makefile | 1 +
drivers/net/ovpn/io.c | 12 +++-
drivers/net/ovpn/peer.c | 2 ++
drivers/net
OpenVPN supports configuring a periodic keepalive packet.
message to allow the remote endpoint detect link failures.
This change implements the keepalive sending and timer expiring logic.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/io.c | 77 +
drivers/net
This change introduces the netlink commands needed to add, get, delete
and swap keys for a specific peer.
Userspace is expected to use these commands to create, inspect (non
sensitive data only), destroy and rotate session keys for a specific
peer.
Signed-off-by: Antonio Quartulli
---
drivers
In case of UDP links, the local endpoint used to communicate with a
given peer may change without a connection restart.
Add support for learning the new address in case of change.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/peer.c | 45
amount of traffic by
periodically polling GET_PEER and fetching the VPN/LINK stats.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/crypto.c | 19
drivers/net/ovpn/crypto.h | 2 ++
drivers/net/ovpn/io.c | 13 +++
drivers/net/ovpn/netlink.c | 55
`ping`, `iperf` and `ovpn-cli`
itself.
In general it is useful only in case of failure, in order to
understand which step has failed and why.
Cc: linux-kselft...@vger.kernel.org
Signed-off-by: Antonio Quartulli
Reviewed-by: Shuah Khan
---
MAINTAINERS|1
Implement support for basic ethtool functionality.
Note that ovpn is a virtual device driver, therefore
various ethtool APIs are just not meaningful and thus
not implemented.
Signed-off-by: Antonio Quartulli
Reviewed-by: Andrew Lunn
---
drivers/net/ovpn/main.c | 15 +++
1 file
ess inet6_stream_ops, which is declared
as extern in the IPv6 module, but it is not fully exported.
Therefore this patch is also adding EXPORT_SYMBOL_GPL(inet6_stream_ops)
to net/ipv6/af_inet6.c.
Cc: dsah...@kernel.org
Signed-off-by: Antonio Quartulli
---
drivers/net/Kconfig | 1 +
drivers/net/o
On 09/12/2024 12:31, Matthieu Baerts wrote:
On 09/12/2024 11:58, Antonio Quartulli wrote:
On 09/12/2024 11:46, Matthieu Baerts wrote:
Hi Antonio,
Thank you for working on this, and sharing your work here!
On 05/12/2024 00:09, Antonio Quartulli wrote:
On 04/12/2024 23:52, Antonio Quartulli
Hi Sabrina,
On 03/01/2025 18:00, Sabrina Dubroca wrote:
Hello Antonio,
2024-12-19, 02:42:01 +0100, Antonio Quartulli wrote:
+static void ovpn_socket_release_kref(struct kref *kref)
+ __releases(sock->sock->sk)
+{
+ struct ovpn_socket *sock = container_of(kref, struct ovpn_
On 03/02/2025 00:07, Sabrina Dubroca wrote:
2025-01-13, 10:31:39 +0100, Antonio Quartulli wrote:
+static int ovpn_nl_attr_sockaddr_remote(struct nlattr **attrs,
+ struct sockaddr_storage *ss)
+{
+ struct sockaddr_in6 *sin6;
+ struct sockaddr_in
On 03/02/2025 10:30, Sabrina Dubroca wrote:
2025-01-13, 10:31:27 +0100, Antonio Quartulli wrote:
+/**
+ * ovpn_opcode_from_skb - extract OP code from skb at specified offset
+ * @skb: the packet to extract the OP code from
+ * @offset: the offset in the data buffer where the OP code is
On 03/02/2025 10:20, Sabrina Dubroca wrote:
2025-01-13, 10:31:36 +0100, Antonio Quartulli wrote:
+void ovpn_xmit_special(struct ovpn_peer *peer, const void *data,
+ const unsigned int len)
+{
+ struct ovpn_priv *ovpn;
+ struct sk_buff *skb;
+
+ ovpn = peer
On 03/02/2025 00:00, Sabrina Dubroca wrote:
2025-01-13, 10:31:34 +0100, Antonio Quartulli wrote:
static int ovpn_newlink(struct net *src_net, struct net_device *dev,
struct nlattr *tb[], struct nlattr *data[],
struct netlink_ext_ack *extack
On 03/02/2025 11:05, Sabrina Dubroca wrote:
2025-01-13, 10:31:31 +0100, Antonio Quartulli wrote:
+static void ovpn_tcp_rcv(struct strparser *strp, struct sk_buff *skb)
+{
[...]
+ /* we need the first byte of data to be accessible
+* to extract the opcode and the key ID later on
On 04/02/2025 17:18, Sabrina Dubroca wrote:
2025-02-03, 10:52:41 +0100, Sabrina Dubroca wrote:
2025-01-13, 10:31:26 +0100, Antonio Quartulli wrote:
+static void ovpn_encrypt_post(struct sk_buff *skb, int ret)
+{
+ struct ovpn_peer *peer = ovpn_skb_cb(skb)->peer;
+
+ if (unlik
On 05/02/2025 22:50, Sabrina Dubroca wrote:
Hi Antonio,
Another one I should have spotted a long time ago :(
better late than never (I think..)
2025-01-13, 10:31:28 +0100, Antonio Quartulli wrote:
+int ovpn_aead_encrypt(struct ovpn_peer *peer, struct ovpn_crypto_key_slot *ks
/ovpn/netlink-gen.h
Reviewed-by: Donald Hunter
Signed-off-by: Antonio Quartulli
---
Documentation/netlink/specs/ovpn.yaml | 372 ++
MAINTAINERS | 2 +
drivers/net/ovpn/Makefile | 2 +
drivers/net/ovpn/main.c
ff-by: Antonio Quartulli
---
MAINTAINERS | 8
drivers/net/Kconfig | 8
drivers/net/Makefile | 1 +
drivers/net/ovpn/Makefile | 10 +
drivers/net/ovpn/main.c | 112 ++
5 files changed, 139 insertions(+)
This change implements encryption/decryption and
encapsulation/decapsulation of OpenVPN packets.
Support for generic crypto state is added along with
a wrapper for the AEAD crypto kernel API.
Signed-off-by: Antonio Quartulli
---
drivers/net/Kconfig| 4 +
drivers/net/ovpn/Makefile
Kicinski
Cc: Paolo Abeni
Cc: Simon Horman
Signed-off-by: Antonio Quartulli
---
net/ipv6/af_inet6.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index
f60ec8b0f8ea40b2d635d802a3bc4f9b9d844417..3e812187e125cec7deac88413b85a35dd5b22a2d
100644
--- a/net
With this change an ovpn instance will be able to stay connected to
multiple remote endpoints.
This functionality is strictly required when running ovpn on an
OpenVPN server.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/main.c | 67 ++-
drivers/net/ovpn/ovpnpriv.h
: Antonio Quartulli
---
drivers/net/ovpn/peer.c | 301 ++--
1 file changed, 291 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c
index
ede0e2afc05b22882e1720aa44cdacb44a42bcf4
ess inet6_stream_ops, which is declared
as extern in the IPv6 module, but it is not fully exported.
Therefore this patch is also adding EXPORT_SYMBOL_GPL(inet6_stream_ops)
to net/ipv6/af_inet6.c.
Signed-off-by: Antonio Quartulli
---
drivers/net/Kconfig | 1 +
drivers/net/ovpn/Makefile | 1 +
driv
Packets sent over the ovpn interface are processed and transmitted to the
connected peer, if any.
Implementation is UDP only. TCP will be added by a later patch.
Note: no crypto/encapsulation exists yet. Packets are just captured and
sent.
Signed-off-by: Antonio Quartulli
---
drivers/net
Byte/packet counters for in-tunnel and transport streams
are now initialized and updated as needed.
To be exported via netlink.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/Makefile | 1 +
drivers/net/ovpn/io.c | 12 +++-
drivers/net/ovpn/peer.c | 2 ++
drivers/net
and add a
new interface named skb_send_sock_locked_with_flags().
Cc: Eric Dumazet
Cc: Jakub Kicinski
Cc: Paolo Abeni
Cc: Simon Horman
Signed-off-by: Antonio Quartulli
---
include/linux/skbuff.h | 2 ++
net/core/skbuff.c | 18 +-
2 files changed, 15 insertions(+), 5 delet
Userspace may want to pass the MSG_NOSIGNAL flag to
tcp_sendmsg() in order to avoid generating a SIGPIPE.
To pass this flag down the TCP stack a new skb sending API
accepting a flags argument is introduced.
Cc: Eric Dumazet
Cc: Paolo Abeni
Signed-off-by: Antonio Quartulli
---
drivers/net
ovpn_peer, also the ovpn_bind object is introcued
as the two are strictly related.
An ovpn_bind object wraps a sockaddr representing the local
coordinates being used to talk to a specific peer.
Signed-off-by: Antonio Quartulli
---
drivers/net/Kconfig | 1 +
drivers/net/ovpn/Makefile | 2
Add basic infrastructure for handling ovpn interfaces.
Tested-by: Donald Hunter
Signed-off-by: Antonio Quartulli
---
Documentation/netlink/specs/rt_link.yaml | 16 +
drivers/net/ovpn/Makefile| 1 +
drivers/net/ovpn/io.c| 22 ++
drivers/net/ovpn
Packets received over the socket are forwarded to the user device.
Implementation is UDP only. TCP will be added by a later patch.
Note: no decryption/decapsulation exists yet, packets are forwarded as
they arrive without much processing.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn
a later
patch.
Cc: willemdebruijn.ker...@gmail.com
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/Makefile | 2 +
drivers/net/ovpn/peer.c | 5 ++
drivers/net/ovpn/peer.h | 4 +
drivers/net/ovpn/socket.c | 190 ++
drivers/net/ovpn
An ovpn interface configured in MP mode will keep carrier always
on and let the user decide when to bring it administratively up and
down.
This way a MP node (i.e. a server) will keep its interface always
up and running, even when no peer is connected.
Signed-off-by: Antonio Quartulli
OpenVPN supports configuring a periodic keepalive packet.
message to allow the remote endpoint detect link failures.
This change implements the keepalive sending and timer expiring logic.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/io.c | 74 +
drivers/net/ovpn
A peer connected via UDP may change its IP address without reconnecting
(float).
Add support for detecting and updating the new peer IP/port in case of
floating.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/io.c | 8 ++
drivers/net/ovpn/peer.c | 243
In case of UDP links, the local endpoint used to communicate with a
given peer may change without a connection restart.
Add support for learning the new address in case of change.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/peer.c | 45
This change introduces the netlink command needed to add, delete and
retrieve/dump known peers. Userspace is expected to use these commands
to handle known peer lifecycles.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/netlink.c | 676
Implement support for basic ethtool functionality.
Note that ovpn is a virtual device driver, therefore
various ethtool APIs are just not meaningful and thus
not implemented.
Signed-off-by: Antonio Quartulli
Reviewed-by: Andrew Lunn
---
drivers/net/ovpn/main.c | 15 +++
1 file
I: 7ffd9d3763c0
[ 1056.319740] RBP: 7ffd9d3763d0 R08: R09: 00034608
[ 1056.319740] R10: 7fa5fb829000 R11: 0297 R12: 7ffd9d376450
[ 1056.319740] R13: 7ffd9d3763c0 R14: 00000001 R15: 0001
[ 1056.319740]
Thanks a lot!
Best Regards,
Antoni
amount of traffic by
periodically polling GET_PEER and fetching the VPN/LINK stats.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/crypto.c | 19 ++
drivers/net/ovpn/crypto.h | 2 ++
drivers/net/ovpn/io.c | 13 ++
drivers/net/ovpn/netlink.c | 64
anto...@openvpn.net is still used for sending
patches under the OpenVPN Inc. umbrella, therefore this
address should not be re-mapped.
Cc: Andrew Morton
Signed-off-by: Antonio Quartulli
---
.mailmap | 1 -
1 file changed, 1 deletion(-)
diff --git a/.mailmap b/.mailmap
index
Whenever a peer is deleted, send a notification to userspace so that it
can react accordingly.
This is most important when a peer is deleted due to ping timeout,
because it all happens in kernelspace and thus userspace has no direct
way to learn about it.
Signed-off-by: Antonio Quartulli
`ping`, `iperf` and `ovpn-cli`
itself.
In general it is useful only in case of failure, in order to
understand which step has failed and why.
Cc: linux-kselft...@vger.kernel.org
Signed-off-by: Antonio Quartulli
Reviewed-by: Shuah Khan
---
MAINTAINERS|1
201 - 300 of 683 matches
Mail list logo
