From: Paolo Abeni <pabeni@redhat.com>
To: Antonio Quartulli <antonio@openvpn.net>, netdev@vger.kernel.org
Cc: Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
Sabrina Dubroca <sd@queasysnail.net>,
Gert Doering <gert@greenie.muc.de>
Subject: Re: [PATCH net-next 04/10] ovpn: don't drop skb's dst when xmitting packet
Date: Tue, 13 May 2025 09:45:13 +0200 [thread overview]
Message-ID: <3a173ede-e2db-463e-a135-7dc9c7976cd7@redhat.com> (raw)
In-Reply-To: <20250509142630.6947-5-antonio@openvpn.net>
On 5/9/25 4:26 PM, Antonio Quartulli wrote:
> When routing a packet to a LAN behind a peer, ovpn needs to
> inspect the route entry that brought the packet there in the
> first place.
>
> If this packet is truly routable, the route entry provides the
> GW to be used when looking up the VPN peer to send the packet to.
>
> However, the route entry is currently dropped before entering
> the ovpn xmit function, because the IFF_XMIT_DST_RELEASE priv_flag
> is enabled by default.
>
> Clear the IFF_XMIT_DST_RELEASE flag during interface setup to allow
> the route entry (skb's dst) to survive and thus be inspected
> by the ovpn routing logic.
>
> Fixes: a3aaef8cd173 ("ovpn: implement peer lookup logic")
> Reported-by: Gert Doering <gert@greenie.muc.de>
> Tested-by: Gert Doering <gert@greenie.muc.de>
> Acked-by: Gert Doering <gert@greenie.muc.de> # as a primary user
> Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
> ---
> drivers/net/ovpn/io.c | 2 ++
> drivers/net/ovpn/main.c | 5 +++++
> 2 files changed, 7 insertions(+)
>
> diff --git a/drivers/net/ovpn/io.c b/drivers/net/ovpn/io.c
> index dd8a8055d967..7e4b89484c9d 100644
> --- a/drivers/net/ovpn/io.c
> +++ b/drivers/net/ovpn/io.c
> @@ -398,6 +398,8 @@ netdev_tx_t ovpn_net_xmit(struct sk_buff *skb, struct net_device *dev)
> netdev_name(ovpn->dev));
> goto drop;
> }
> + /* dst was needed for peer selection - it can now be dropped */
> + skb_dst_drop(skb);
>
> ovpn_peer_stats_increment_tx(&peer->vpn_stats, skb->len);
> ovpn_send(ovpn, skb_list.next, peer);
> diff --git a/drivers/net/ovpn/main.c b/drivers/net/ovpn/main.c
> index 0acb0934c1be..dcc094bf3ade 100644
> --- a/drivers/net/ovpn/main.c
> +++ b/drivers/net/ovpn/main.c
> @@ -157,6 +157,11 @@ static void ovpn_setup(struct net_device *dev)
> dev->type = ARPHRD_NONE;
> dev->flags = IFF_POINTOPOINT | IFF_NOARP;
> dev->priv_flags |= IFF_NO_QUEUE;
> + /* when routing packets to a LAN behind a client, we rely on the
> + * route entry that originally brought the packet into ovpn, so
> + * don't release it
> + */
> + dev->priv_flags &= ~IFF_XMIT_DST_RELEASE;
See commit 0287587884b15041203b3a362d485e1ab1f24445; the above should be
netif_keep_dst(dev);
and no need to additional comment, as the helper nails it.
Thanks,
Paolo
next prev parent reply other threads:[~2025-05-13 7:45 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-09 14:26 [PATCH net-next 00/10] pull request for net-next: ovpn 2025-05-09 Antonio Quartulli
2025-05-09 14:26 ` [PATCH net-next 01/10] MAINTAINERS: add Sabrina as official reviewer for ovpn Antonio Quartulli
2025-05-09 14:34 ` Andrew Lunn
2025-05-12 8:22 ` Antonio Quartulli
2025-05-13 1:17 ` Jakub Kicinski
2025-05-09 14:26 ` [PATCH net-next 02/10] MAINTAINERS: update git URL " Antonio Quartulli
2025-05-09 14:26 ` [PATCH net-next 03/10] ovpn: set skb->ignore_df = 1 before sending IPv6 packets out Antonio Quartulli
2025-05-13 7:37 ` Paolo Abeni
2025-05-13 7:49 ` Gert Doering
2025-05-13 7:51 ` Antonio Quartulli
2025-05-13 8:51 ` Paolo Abeni
2025-05-13 9:01 ` Antonio Quartulli
2025-05-09 14:26 ` [PATCH net-next 04/10] ovpn: don't drop skb's dst when xmitting packet Antonio Quartulli
2025-05-13 7:45 ` Paolo Abeni [this message]
2025-05-13 7:54 ` Antonio Quartulli
2025-05-09 14:26 ` [PATCH net-next 05/10] selftest/net/ovpn: fix crash in case of getaddrinfo() failure Antonio Quartulli
2025-05-13 7:48 ` Paolo Abeni
2025-05-13 8:02 ` Antonio Quartulli
2025-05-09 14:26 ` [PATCH net-next 06/10] ovpn: fix ndo_start_xmit return value on error Antonio Quartulli
2025-05-09 14:26 ` [PATCH net-next 07/10] selftest/net/ovpn: extend coverage with more test cases Antonio Quartulli
2025-05-09 14:26 ` [PATCH net-next 08/10] ovpn: drop useless reg_state check in keepalive worker Antonio Quartulli
2025-05-09 14:26 ` [PATCH net-next 09/10] ovpn: improve 'no route to host' debug message Antonio Quartulli
2025-05-13 7:53 ` Paolo Abeni
2025-05-13 8:04 ` Antonio Quartulli
2025-05-09 14:26 ` [PATCH net-next 10/10] ovpn: ensure sk is still valid during cleanup Antonio Quartulli
2025-05-13 1:37 ` Jakub Kicinski
2025-05-13 8:21 ` Paolo Abeni
2025-05-13 9:19 ` Antonio Quartulli
2025-05-13 14:55 ` Antonio Quartulli
2025-05-09 14:40 ` [PATCH net-next 00/10] pull request for net-next: ovpn 2025-05-09 Andrew Lunn
2025-05-09 14:55 ` Antonio Quartulli
-- strict thread matches above, loose matches on Subject: below --
2025-05-15 11:13 [PATCH net-next 00/10] ovpn: pull request for net-next: ovpn 2025-05-15 Antonio Quartulli
2025-05-15 11:13 ` [PATCH net-next 04/10] ovpn: don't drop skb's dst when xmitting packet Antonio Quartulli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3a173ede-e2db-463e-a135-7dc9c7976cd7@redhat.com \
--to=pabeni@redhat.com \
--cc=antonio@openvpn.net \
--cc=edumazet@google.com \
--cc=gert@greenie.muc.de \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sd@queasysnail.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.