This change introduces the netlink commands needed to add, get, delete
and swap keys for a specific peer.
Userspace is expected to use these commands to create, inspect (non
sensitive data only), destroy and rotate session keys for a specific
peer.
Signed-off-by: Antonio Quartulli
---
drivers
On 02/02/2025 23:56, Sabrina Dubroca wrote:
2025-01-13, 10:31:24 +0100, Antonio Quartulli wrote:
+static int ovpn_peer_del_p2p(struct ovpn_peer *peer,
+enum ovpn_del_peer_reason reason)
+{
+ struct ovpn_peer *tmp;
+
+ lockdep_assert_held(&peer->ovp
ff-by: Antonio Quartulli
---
MAINTAINERS | 8
drivers/net/Kconfig | 7 +++
drivers/net/Makefile | 1 +
drivers/net/ovpn/Makefile | 10 +
drivers/net/ovpn/main.c | 112 ++
5 files changed, 138 insertions(+)
diff
since no major code modification has happened since the review.
The latest code can also be found at:
https://github.com/OpenVPN/linux-kernel-ovpn
Thanks a lot!
Best Regards,
Antonio Quartulli
OpenVPN Inc.
---
Antonio Quartulli (22):
net: introduce OpenVPN Data Channel Offload (ovpn
/ovpn/netlink-gen.h
Cc: donald.hun...@gmail.com
Signed-off-by: Antonio Quartulli
---
Documentation/netlink/specs/ovpn.yaml | 372 ++
MAINTAINERS | 2 +
drivers/net/ovpn/Makefile | 2 +
drivers/net/ovpn/main.c
ovpn_peer, also the ovpn_bind object is introcued
as the two are strictly related.
An ovpn_bind object wraps a sockaddr representing the local
coordinates being used to talk to a specific peer.
Signed-off-by: Antonio Quartulli
---
drivers/net/Kconfig | 1 +
drivers/net/ovpn/Makefile
Packets sent over the ovpn interface are processed and transmitted to the
connected peer, if any.
Implementation is UDP only. TCP will be added by a later patch.
Note: no crypto/encapsulation exists yet. Packets are just captured and
sent.
Signed-off-by: Antonio Quartulli
---
drivers/net
Packets received over the socket are forwarded to the user device.
Implementation is UDP only. TCP will be added by a later patch.
Note: no decryption/decapsulation exists yet, packets are forwarded as
they arrive without much processing.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn
a later
patch.
Cc: willemdebruijn.ker...@gmail.com
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/Makefile | 2 +
drivers/net/ovpn/socket.c | 119 ++
drivers/net/ovpn/socket.h | 48 +++
drivers/net/ovpn/udp.c| 65
Add basic infrastructure for handling ovpn interfaces.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/Makefile | 1 +
drivers/net/ovpn/io.c | 22 +
drivers/net/ovpn/io.h | 24 ++
drivers/net/ovpn/main.c | 102
An ovpn interface configured in MP mode will keep carrier always
on and let the user decide when to bring it administratively up and
down.
This way a MP node (i.e. a server) will keep its interface always
up and running, even when no peer is connected.
Signed-off-by: Antonio Quartulli
This change implements encryption/decryption and
encapsulation/decapsulation of OpenVPN packets.
Support for generic crypto state is added along with
a wrapper for the AEAD crypto kernel API.
Signed-off-by: Antonio Quartulli
---
drivers/net/Kconfig| 4 +
drivers/net/ovpn/Makefile
Byte/packet counters for in-tunnel and transport streams
are now initialized and updated as needed.
To be exported via netlink.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/Makefile | 1 +
drivers/net/ovpn/io.c | 12 +++-
drivers/net/ovpn/peer.c | 2 ++
drivers/net
ess inet6_stream_ops, which is declared
as extern in the IPv6 module, but it is not fully exported.
Therefore this patch is also adding EXPORT_SYMBOL_GPL(inet6_stream_ops)
to net/ipv6/af_inet6.c.
Cc: dsah...@kernel.org
Signed-off-by: Antonio Quartulli
---
drivers/net/Kconfig | 1 +
drivers/net/o
: Antonio Quartulli
---
drivers/net/ovpn/peer.c | 301 ++--
1 file changed, 291 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c
index
9f213ccacfaf8170b9c23730498f156360774d7e
With this change an ovpn instance will be able to stay connected to
multiple remote endpoints.
This functionality is strictly required when running ovpn on an
OpenVPN server.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/main.c | 67 -
drivers/net/ovpn
This change introduces the netlink command needed to add, delete and
retrieve/dump known peers. Userspace is expected to use these commands
to handle known peer lifecycles.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/netlink.c | 640
OpenVPN supports configuring a periodic keepalive packet.
message to allow the remote endpoint detect link failures.
This change implements the keepalive sending and timer expiring logic.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/io.c | 77 +
drivers/net
A peer connected via UDP may change its IP address without reconnecting
(float).
Add support for detecting and updating the new peer IP/port in case of
floating.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/bind.c | 9 +-
drivers/net/ovpn/io.c | 4 +
drivers/net/ovpn/peer.c
This change introduces the netlink commands needed to add, get, delete
and swap keys for a specific peer.
Userspace is expected to use these commands to create, inspect (non
sensitive data only), destroy and rotate session keys for a specific
peer.
Signed-off-by: Antonio Quartulli
---
drivers
amount of traffic by
periodically polling GET_PEER and fetching the VPN/LINK stats.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/crypto.c | 19
drivers/net/ovpn/crypto.h | 2 ++
drivers/net/ovpn/io.c | 13 +++
drivers/net/ovpn/netlink.c | 55
Whenever a peer is deleted, send a notification to userspace so that it
can react accordingly.
This is most important when a peer is deleted due to ping timeout,
because it all happens in kernelspace and thus userspace has no direct
way to learn about it.
Signed-off-by: Antonio Quartulli
`ping`, `iperf` and `ovpn-cli`
itself.
In general it is useful only in case of failure, in order to
understand which step has failed and why.
Cc: linux-kselft...@vger.kernel.org
Signed-off-by: Antonio Quartulli
Reviewed-by: Shuah Khan
---
MAINTAINERS|1
Implement support for basic ethtool functionality.
Note that ovpn is a virtual device driver, therefore
various ethtool APIs are just not meaningful and thus
not implemented.
Signed-off-by: Antonio Quartulli
Reviewed-by: Andrew Lunn
---
drivers/net/ovpn/main.c | 15 +++
1 file
In case of UDP links, the local endpoint used to communicate with a
given peer may change without a connection restart.
Add support for learning the new address in case of change.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/peer.c | 45
Hi Xiao and thanks for chiming in,
On 11/12/2024 04:08, Xiao Liang wrote:
On Mon, Dec 9, 2024 at 6:48 PM Antonio Quartulli wrote:
[...]
+/**
+ * ovpn_nl_peer_modify - modify the peer attributes according to the incoming
msg
+ * @peer: the peer to modify
+ * @info: generic netlink info from
On 11/12/2024 13:35, Xiao Liang wrote:
On Wed, Dec 11, 2024 at 7:30 PM Antonio Quartulli wrote:
Hi Xiao and thanks for chiming in,
On 11/12/2024 04:08, Xiao Liang wrote:
On Mon, Dec 9, 2024 at 6:48 PM Antonio Quartulli wrote:
[...]
+/**
+ * ovpn_nl_peer_modify - modify the peer attributes
On 11/12/2024 14:53, Xiao Liang wrote:
On Wed, Dec 11, 2024 at 8:51 PM Antonio Quartulli wrote:
On 11/12/2024 13:35, Xiao Liang wrote:
On Wed, Dec 11, 2024 at 7:30 PM Antonio Quartulli wrote:
Hi Xiao and thanks for chiming in,
On 11/12/2024 04:08, Xiao Liang wrote:
On Mon, Dec 9, 2024
On 10/12/2024 17:44, Simon Horman wrote:
On Mon, Dec 09, 2024 at 09:53:17AM +0100, Antonio Quartulli wrote:
Packets received over the socket are forwarded to the user device.
Implementation is UDP only. TCP will be added by a later patch.
Note: no decryption/decapsulation exists yet, packets
On 10/12/2024 17:47, Simon Horman wrote:
On Mon, Dec 09, 2024 at 09:53:31AM +0100, Antonio Quartulli wrote:
The ovpn-cli tool can be compiled and used as selftest for the ovpn
kernel module.
[NOTE: it depends on libmedtls for decoding base64-encoded keys]
ovpn-cli implements the netlink and
On 16/12/2024 14:59, Sabrina Dubroca wrote:
2024-12-11, 22:15:15 +0100, Antonio Quartulli wrote:
@@ -42,6 +56,31 @@ struct ovpn_peer {
struct in6_addr ipv6;
} vpn_addrs;
struct ovpn_socket *sock;
+
+ /* state of the TCP reading. Needed to keep track of how
attaching part, it may be worth throwing in
those typ0 fixes too :)
ACK, I'll send them out.
Thanks.
Regards,
--
Antonio Quartulli
OpenVPN Inc.
On 16/12/2024 12:50, Antonio Quartulli wrote:
On 16/12/2024 12:09, Sabrina Dubroca wrote:
[...]
Maybe we should call cancel_sync_work(&ovpn_sock->work) inside
ovpn_socket_get()?
So the latter will return NULL only when it is sure that the socket
has been
detached.
At that point we c
d Hunter and Shuah Khan. They have retained the Reviewed-by tag
since no major code modification has happened since the review.
The latest code can also be found at:
https://github.com/OpenVPN/linux-kernel-ovpn
Thanks a lot!
Best Regards,
Antonio Quartulli
OpenVPN Inc.
---
Antonio Quartulli (26
An ovpn interface configured in MP mode will keep carrier always
on and let the user decide when to bring it administratively up and
down.
This way a MP node (i.e. a server) will keep its interface always
up and running, even when no peer is connected.
Signed-off-by: Antonio Quartulli
Add basic infrastructure for handling ovpn interfaces.
Signed-off-by: Antonio Quartulli
---
Documentation/netlink/specs/rt_link.yaml | 16 +
drivers/net/ovpn/Makefile| 1 +
drivers/net/ovpn/io.c| 22 ++
drivers/net/ovpn/io.h
/ovpn/netlink-gen.h
Cc: donald.hun...@gmail.com
Signed-off-by: Antonio Quartulli
---
Documentation/netlink/specs/ovpn.yaml | 372 ++
MAINTAINERS | 2 +
drivers/net/ovpn/Makefile | 2 +
drivers/net/ovpn/main.c
ff-by: Antonio Quartulli
---
MAINTAINERS | 8
drivers/net/Kconfig | 8
drivers/net/Makefile | 1 +
drivers/net/ovpn/Makefile | 10 +
drivers/net/ovpn/main.c | 112 ++
5 files changed, 139 insertions(+)
ovpn_peer, also the ovpn_bind object is introcued
as the two are strictly related.
An ovpn_bind object wraps a sockaddr representing the local
coordinates being used to talk to a specific peer.
Signed-off-by: Antonio Quartulli
---
drivers/net/Kconfig | 1 +
drivers/net/ovpn/Makefile
(maintainer:ATOMIC INFRASTRUCTURE)
Cc: Boqun Feng (reviewer:ATOMIC INFRASTRUCTURE)
Cc: Mark Rutland (reviewer:ATOMIC INFRASTRUCTURE)
Cc: Andrew Morton
Signed-off-by: Antonio Quartulli
---
include/linux/kref.h | 11 +++
include/linux/refcount.h | 3 +++
lib/refcount.c | 32
Packets received over the socket are forwarded to the user device.
Implementation is UDP only. TCP will be added by a later patch.
Note: no decryption/decapsulation exists yet, packets are forwarded as
they arrive without much processing.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn
a later
patch.
Cc: willemdebruijn.ker...@gmail.com
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/Makefile | 2 +
drivers/net/ovpn/socket.c | 163 ++
drivers/net/ovpn/socket.h | 38 +++
drivers/net/ovpn/udp.c| 73
OpenVPN supports configuring a periodic keepalive packet.
message to allow the remote endpoint detect link failures.
This change implements the keepalive sending and timer expiring logic.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/io.c | 77 +
drivers/net
With this change an ovpn instance will be able to stay connected to
multiple remote endpoints.
This functionality is strictly required when running ovpn on an
OpenVPN server.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/main.c | 67 +-
drivers/net/ovpn
A peer connected via UDP may change its IP address without reconnecting
(float).
Add support for detecting and updating the new peer IP/port in case of
floating.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/io.c | 4 +
drivers/net/ovpn/peer.c | 243
On 12/12/2024 17:19, Sabrina Dubroca wrote:
2024-12-11, 22:15:10 +0100, Antonio Quartulli wrote:
+static struct ovpn_socket *ovpn_socket_get(struct socket *sock)
+{
+ struct ovpn_socket *ovpn_sock;
+
+ rcu_read_lock();
+ ovpn_sock = rcu_dereference_sk_user_data(sock->
On 13/12/2024 13:32, Donald Hunter wrote:
On Wed, 11 Dec 2024 at 21:32, Antonio Quartulli wrote:
static int ovpn_newlink(struct net *src_net, struct net_device *dev,
struct nlattr *tb[], struct nlattr *data[],
struct netlink_ext_ack *extack
On 13/12/2024 17:45, Donald Hunter wrote:
On Wed, 11 Dec 2024 at 21:32, Antonio Quartulli wrote:
+name: peer
+type: nest
+doc: |
+ The peer object containing the attributed of interest for the
specific
typo: attributes
+ operation
+nested
This change implements encryption/decryption and
encapsulation/decapsulation of OpenVPN packets.
Support for generic crypto state is added along with
a wrapper for the AEAD crypto kernel API.
Signed-off-by: Antonio Quartulli
---
drivers/net/Kconfig| 4 +
drivers/net/ovpn/Makefile
: Antonio Quartulli
---
drivers/net/ovpn/peer.c | 301 ++--
1 file changed, 291 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c
index
956104183f40c7c44f4fbbb8f2a4c48748d6b56f
In case of UDP links, the local endpoint used to communicate with a
given peer may change without a connection restart.
Add support for learning the new address in case of change.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/peer.c | 45
`ping`, `iperf` and `ovpn-cli`
itself.
In general it is useful only in case of failure, in order to
understand which step has failed and why.
Cc: linux-kselft...@vger.kernel.org
Signed-off-by: Antonio Quartulli
Reviewed-by: Shuah Khan
---
MAINTAINERS|1
Implement support for basic ethtool functionality.
Note that ovpn is a virtual device driver, therefore
various ethtool APIs are just not meaningful and thus
not implemented.
Signed-off-by: Antonio Quartulli
Reviewed-by: Andrew Lunn
---
drivers/net/ovpn/main.c | 15 +++
1 file
Packets sent over the ovpn interface are processed and transmitted to the
connected peer, if any.
Implementation is UDP only. TCP will be added by a later patch.
Note: no crypto/encapsulation exists yet. Packets are just captured and
sent.
Signed-off-by: Antonio Quartulli
---
drivers/net
Kicinski
Cc: Paolo Abeni
Cc: Simon Horman
Signed-off-by: Antonio Quartulli
---
net/ipv6/af_inet6.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index
f60ec8b0f8ea40b2d635d802a3bc4f9b9d844417..3e812187e125cec7deac88413b85a35dd5b22a2d
100644
--- a/net
This change introduces the netlink commands needed to add, get, delete
and swap keys for a specific peer.
Userspace is expected to use these commands to create, inspect (non
sensitive data only), destroy and rotate session keys for a specific
peer.
Signed-off-by: Antonio Quartulli
---
drivers
This change introduces the netlink command needed to add, delete and
retrieve/dump known peers. Userspace is expected to use these commands
to handle known peer lifecycles.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/netlink.c | 629
amount of traffic by
periodically polling GET_PEER and fetching the VPN/LINK stats.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/crypto.c | 19
drivers/net/ovpn/crypto.h | 2 ++
drivers/net/ovpn/io.c | 13 +++
drivers/net/ovpn/netlink.c | 55
Whenever a peer is deleted, send a notification to userspace so that it
can react accordingly.
This is most important when a peer is deleted due to ping timeout,
because it all happens in kernelspace and thus userspace has no direct
way to learn about it.
Signed-off-by: Antonio Quartulli
ess inet6_stream_ops, which is declared
as extern in the IPv6 module, but it is not fully exported.
Therefore this patch is also adding EXPORT_SYMBOL_GPL(inet6_stream_ops)
to net/ipv6/af_inet6.c.
Signed-off-by: Antonio Quartulli
---
drivers/net/Kconfig | 1 +
drivers/net/ovpn/Makefile |
Byte/packet counters for in-tunnel and transport streams
are now initialized and updated as needed.
To be exported via netlink.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/Makefile | 1 +
drivers/net/ovpn/io.c | 12 +++-
drivers/net/ovpn/peer.c | 2 ++
drivers/net
and add a
new interface named skb_send_sock_locked_with_flags().
Cc: Eric Dumazet
Cc: Jakub Kicinski
Cc: Paolo Abeni
Cc: Simon Horman
Signed-off-by: Antonio Quartulli
---
include/linux/skbuff.h | 2 ++
net/core/skbuff.c | 18 +-
2 files changed, 15 insertions(+), 5 delet
Userspace may want to pass the MSG_NOSIGNAL flag to
tcp_sendmsg() in order to avoid generating a SIGPIPE.
To pass this flag down the TCP stack a new skb sending API
accepting a flags argument is introduced.
Cc: Eric Dumazet
Cc: Paolo Abeni
Signed-off-by: Antonio Quartulli
---
drivers/net
On 21/11/2024 01:29, Sergey Ryazanov wrote:
On 15.11.2024 16:39, Antonio Quartulli wrote:
On 11/11/2024 00:54, Sergey Ryazanov wrote:
Another one forgotten question, sorry about this. Please find the
question inlined.
On 29.10.2024 12:47, Antonio Quartulli wrote:
/* Send user data to the
On 21/11/2024 00:34, Sergey Ryazanov wrote:
On 19.11.2024 15:44, Antonio Quartulli wrote:
On 15/11/2024 15:28, Antonio Quartulli wrote:
[...]
+}
+
+static struct ovpn_socket *ovpn_socket_get(struct socket *sock)
+{
+ struct ovpn_socket *ovpn_sock;
+
+ rcu_read_lock();
+ ovpn_sock
On 21/11/2024 00:22, Sergey Ryazanov wrote:
On 13.11.2024 12:03, Sabrina Dubroca wrote:
2024-11-13, 03:37:13 +0200, Sergey Ryazanov wrote:
On 12.11.2024 19:31, Sabrina Dubroca wrote:
2024-11-10, 15:38:27 +0200, Sergey Ryazanov wrote:
On 29.10.2024 12:47, Antonio Quartulli wrote:
An
On 20/11/2024 12:45, Sabrina Dubroca wrote:
2024-10-29, 11:47:21 +0100, Antonio Quartulli wrote:
+static int ovpn_udp4_output(struct ovpn_struct *ovpn, struct ovpn_bind *bind,
+ struct dst_cache *cache, struct sock *sk,
+ struct sk_buff *skb
On 21/11/2024 17:02, Sabrina Dubroca wrote:
[I'm still thinking about the locking problems for ovpn_peer_float,
but just noticed this while staring at the rehash code]
2024-10-29, 11:47:31 +0100, Antonio Quartulli wrote:
+void ovpn_peer_hash_vpn_ip(struct ovpn_peer *peer)
+ __must
On 20/11/2024 12:56, Sabrina Dubroca wrote:
2024-10-29, 11:47:19 +0100, Antonio Quartulli wrote:
+/**
+ * struct ovpn_peer - the main remote peer object
+ * @ovpn: main openvpn instance this peer belongs to
+ * @id: unique identifier
+ * @vpn_addrs: IP addresses assigned over the tunnel
On 21/11/2024 00:58, Sergey Ryazanov wrote:
On 15.11.2024 16:28, Antonio Quartulli wrote:
On 10/11/2024 19:26, Sergey Ryazanov wrote:
On 29.10.2024 12:47, Antonio Quartulli wrote:
[...]
+static bool ovpn_socket_hold(struct ovpn_socket *sock)
+{
+ return kref_get_unless_zero(&
On 20/11/2024 23:56, Sergey Ryazanov wrote:
On 15.11.2024 16:13, Antonio Quartulli wrote:
On 09/11/2024 02:11, Sergey Ryazanov wrote:
On 29.10.2024 12:47, Antonio Quartulli wrote:
An ovpn interface will keep carrier always on and let the user
decide when an interface should be considered
An ovpn interface configured in MP mode will keep carrier always
on and let the user decide when to bring it administratively up and
down.
This way a MP node (i.e. a server) will keep its interface always
up and running, even when no peer is connected.
Signed-off-by: Antonio Quartulli
This change implements encryption/decryption and
encapsulation/decapsulation of OpenVPN packets.
Support for generic crypto state is added along with
a wrapper for the AEAD crypto kernel API.
Signed-off-by: Antonio Quartulli
---
drivers/net/Kconfig| 4 +
drivers/net/ovpn/Makefile
ovpn_peer, also the ovpn_bind object is introcued
as the two are strictly related.
An ovpn_bind object wraps a sockaddr representing the local
coordinates being used to talk to a specific peer.
Signed-off-by: Antonio Quartulli
---
drivers/net/Kconfig | 1 +
drivers/net/ovpn/Makefile
Packets received over the socket are forwarded to the user device.
Implementation is UDP only. TCP will be added by a later patch.
Note: no decryption/decapsulation exists yet, packets are forwarded as
they arrive without much processing.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn
a later
patch.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/Makefile | 2 +
drivers/net/ovpn/socket.c | 119 ++
drivers/net/ovpn/socket.h | 48 +++
drivers/net/ovpn/udp.c| 65 +
drivers/net/ovpn
With this change an ovpn instance will be able to stay connected to
multiple remote endpoints.
This functionality is strictly required when running ovpn on an
OpenVPN server.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/main.c | 67 -
drivers/net/ovpn
: Antonio Quartulli
---
drivers/net/ovpn/peer.c | 301 ++--
1 file changed, 291 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c
index
9f213ccacfaf8170b9c23730498f156360774d7e
Byte/packet counters for in-tunnel and transport streams
are now initialized and updated as needed.
To be exported via netlink.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/Makefile | 1 +
drivers/net/ovpn/io.c | 12 +++-
drivers/net/ovpn/peer.c | 2 ++
drivers/net
ess inet6_stream_ops, which is declared
as extern in the IPv6 module, but it is not fully exported.
Therefore this patch is also adding EXPORT_SYMBOL_GPL(inet6_stream_ops)
to net/ipv6/af_inet6.c.
Signed-off-by: Antonio Quartulli
---
drivers/net/Kconfig | 1 +
drivers/net/ovpn/Makefile |
This change introduces the netlink command needed to add, delete and
retrieve/dump known peers. Userspace is expected to use these commands
to handle known peer lifecycles.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/netlink.c | 631
This change introduces the netlink commands needed to add, get, delete
and swap keys for a specific peer.
Userspace is expected to use these commands to create, inspect (non
sensitive data only), destroy and rotate session keys for a specific
peer.
Signed-off-by: Antonio Quartulli
---
drivers
A peer connected via UDP may change its IP address without reconnecting
(float).
Add support for detecting and updating the new peer IP/port in case of
floating.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/bind.c | 9 +-
drivers/net/ovpn/io.c | 4 +
drivers/net/ovpn/peer.c
In case of UDP links, the local endpoint used to communicate with a
given peer may change without a connection restart.
Add support for learning the new address in case of change.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/peer.c | 45
`ping`, `iperf` and `ovpn-cli`
itself.
In general it is useful only in case of failure, in order to
understand which step has failed and why.
Cc: linux-kselft...@vger.kernel.org
Signed-off-by: Antonio Quartulli
Reviewed-by: Shuah Khan
---
MAINTAINERS|1
Implement support for basic ethtool functionality.
Note that ovpn is a virtual device driver, therefore
various ethtool APIs are just not meaningful and thus
not implemented.
Signed-off-by: Antonio Quartulli
Reviewed-by: Andrew Lunn
---
drivers/net/ovpn/main.c | 15 +++
1 file
Whenever a peer is deleted, send a notification to userspace so that it
can react accordingly.
This is most important when a peer is deleted due to ping timeout,
because it all happens in kernelspace and thus userspace has no direct
way to learn about it.
Signed-off-by: Antonio Quartulli
Packets sent over the ovpn interface are processed and transmitted to the
connected peer, if any.
Implementation is UDP only. TCP will be added by a later patch.
Note: no crypto/encapsulation exists yet. Packets are just captured and
sent.
Signed-off-by: Antonio Quartulli
---
drivers/net
amount of traffic by
periodically polling GET_PEER and fetching the VPN/LINK stats.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/crypto.c | 19
drivers/net/ovpn/crypto.h | 2 ++
drivers/net/ovpn/io.c | 13 +++
drivers/net/ovpn/netlink.c | 55
They have retained the Reviewed-by tag
since no major code modification has happened since the review.
Patch
The latest code can also be found at:
https://github.com/OpenVPN/linux-kernel-ovpn
Thanks a lot!
Best Regards,
Antonio Quartulli
OpenVPN Inc.
---
Antonio Quartulli (22):
net:
/ovpn/netlink-gen.h
Cc: donald.hun...@gmail.com
Signed-off-by: Antonio Quartulli
---
Documentation/netlink/specs/ovpn.yaml | 368 ++
MAINTAINERS | 2 +
drivers/net/ovpn/Makefile | 2 +
drivers/net/ovpn/main.c
ff-by: Antonio Quartulli
---
MAINTAINERS | 8
drivers/net/Kconfig | 7 +++
drivers/net/Makefile | 1 +
drivers/net/ovpn/Makefile | 10 +
drivers/net/ovpn/main.c | 112 ++
5 files changed, 138 insertions(+)
diff
Add basic infrastructure for handling ovpn interfaces.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/Makefile | 1 +
drivers/net/ovpn/io.c | 22 +
drivers/net/ovpn/io.h | 24 ++
drivers/net/ovpn/main.c | 102
OpenVPN supports configuring a periodic keepalive packet.
message to allow the remote endpoint detect link failures.
This change implements the keepalive sending and timer expiring logic.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/io.c | 77 +
drivers/net
Hey Jakub,
I just realized that I forgot to fix the nla_get_uint clash triggered on
Fedora.
However, I'd rather not send a new patchset right away...
Maybe we will be happy with this version and then I will just resend
this patch alone.
Best Regards,
--
Antonio Quartulli
OpenVPN Inc.
With this change an ovpn instance will be able to stay connected to
multiple remote endpoints.
This functionality is strictly required when running ovpn on an
OpenVPN server.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/main.c | 67 +-
drivers/net/ovpn
In case of UDP links, the local endpoint used to communicate with a
given peer may change without a connection restart.
Add support for learning the new address in case of change.
Signed-off-by: Antonio Quartulli
---
drivers/net/ovpn/peer.c | 45
ess inet6_stream_ops, which is declared
as extern in the IPv6 module, but it is not fully exported.
Therefore this patch is also adding EXPORT_SYMBOL_GPL(inet6_stream_ops)
to net/ipv6/af_inet6.c.
Signed-off-by: Antonio Quartulli
---
drivers/net/Kconfig | 1 +
drivers/net/ovpn/Makefile |
: Antonio Quartulli
---
drivers/net/ovpn/peer.c | 301 ++--
1 file changed, 291 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c
index
ae712b64e5092cc5759fb7141d98444dbde7aac7
Userspace may want to pass the MSG_NOSIGNAL flag to
tcp_sendmsg() in order to avoid generating a SIGPIPE.
To pass this flag down the TCP stack a new skb sending API
accepting a flags argument is introduced.
Cc: Eric Dumazet
Cc: Paolo Abeni
Signed-off-by: Antonio Quartulli
---
drivers/net
301 - 400 of 683 matches
Mail list logo
