From: Sabrina Dubroca <sd@queasysnail.net>
To: Antonio Quartulli <antonio@openvpn.net>
Cc: netdev@vger.kernel.org, Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Donald Hunter <donald.hunter@gmail.com>,
Shuah Khan <shuah@kernel.org>,
ryazanov.s.a@gmail.com, Andrew Lunn <andrew+netdev@lunn.ch>,
Simon Horman <horms@kernel.org>,
linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
Xiao Liang <shaw.leon@gmail.com>,
dsahern@kernel.org
Subject: Re: [PATCH net-next v15 11/22] ovpn: implement TCP transport
Date: Mon, 16 Dec 2024 14:59:08 +0100 [thread overview]
Message-ID: <Z2AyLOMazyOCDopc@hog> (raw)
In-Reply-To: <20241211-b4-ovpn-v15-11-314e2cad0618@openvpn.net>
2024-12-11, 22:15:15 +0100, Antonio Quartulli wrote:
> @@ -42,6 +56,31 @@ struct ovpn_peer {
> struct in6_addr ipv6;
> } vpn_addrs;
> struct ovpn_socket *sock;
> +
> + /* state of the TCP reading. Needed to keep track of how much of a
> + * single packet has already been read from the stream and how much is
> + * missing
> + */
nit: not so accurate since the switch to strp, can probably be dropped
since @tcp has a kdoc entry
> + struct {
> + struct strparser strp;
> + struct work_struct tx_work;
> + struct sk_buff_head user_queue;
> + struct sk_buff_head out_queue;
> + bool tx_in_progress;
> +
> + struct {
> + struct sk_buff *skb;
> + int offset;
> + int len;
> + } out_msg;
> +
> + struct {
> + void (*sk_data_ready)(struct sock *sk);
> + void (*sk_write_space)(struct sock *sk);
> + struct proto *prot;
> + const struct proto_ops *ops;
> + } sk_cb;
> + } tcp;
[...]
> +static void ovpn_tcp_send_sock_skb(struct ovpn_peer *peer, struct sk_buff *skb)
> +{
> + if (peer->tcp.out_msg.skb)
> + ovpn_tcp_send_sock(peer);
> +
> + if (peer->tcp.out_msg.skb) {
> + dev_core_stats_rx_dropped_inc(peer->ovpn->dev);
tx_dropped?
> + kfree_skb(skb);
> + return;
> + }
> +
> + peer->tcp.out_msg.skb = skb;
> + peer->tcp.out_msg.len = skb->len;
> + peer->tcp.out_msg.offset = 0;
> + ovpn_tcp_send_sock(peer);
> +}
> +
> +void ovpn_tcp_send_skb(struct ovpn_peer *peer, struct sk_buff *skb)
> +{
> + u16 len = skb->len;
> +
> + *(__be16 *)__skb_push(skb, sizeof(u16)) = htons(len);
> +
> + bh_lock_sock(peer->sock->sock->sk);
> + if (sock_owned_by_user(peer->sock->sock->sk)) {
> + if (skb_queue_len(&peer->tcp.out_queue) >=
> + READ_ONCE(net_hotdata.max_backlog)) {
> + dev_core_stats_rx_dropped_inc(peer->ovpn->dev);
tx_dropped?
> + kfree_skb(skb);
> + goto unlock;
> + }
> + __skb_queue_tail(&peer->tcp.out_queue, skb);
> + } else {
> + ovpn_tcp_send_sock_skb(peer, skb);
> + }
> +unlock:
> + bh_unlock_sock(peer->sock->sock->sk);
> +}
[...]
> +static void ovpn_tcp_close(struct sock *sk, long timeout)
> +{
> + struct ovpn_socket *sock;
> +
> + rcu_read_lock();
[can't sleep until unlock]
> + sock = rcu_dereference_sk_user_data(sk);
> +
> + strp_stop(&sock->peer->tcp.strp);
> +
> + tcp_close(sk, timeout);
void tcp_close(struct sock *sk, long timeout)
{
lock_sock(sk);
but this can sleep.
Is there anything that prevents delaying tcp_close until after
ovpn_peer_del and rcu_read_unlock?
> + ovpn_peer_del(sock->peer, OVPN_DEL_PEER_REASON_TRANSPORT_ERROR);
> + rcu_read_unlock();
> +}
[...]
> +void __init ovpn_tcp_init(void)
> +{
> + ovpn_tcp_build_protos(&ovpn_tcp_prot, &ovpn_tcp_ops, &tcp_prot,
> + &inet_stream_ops);
> +
> +#if IS_ENABLED(CONFIG_IPV6)
> + ovpn_tcp_build_protos(&ovpn_tcp6_prot, &ovpn_tcp6_ops, &tcpv6_prot,
> + &inet6_stream_ops);
I don't think that works for CONFIG_OVPN=y and CONFIG_IPV6=m. You can
either go back to the ugly thing espintcp and tls do, or use the
traditional Kconfig hack:
depends on IPV6 || !IPV6
(you can find it sprinkled in various places of drivers/net/Kconfig
and net/)
--
Sabrina
next prev parent reply other threads:[~2024-12-16 13:59 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-11 21:15 [PATCH net-next v15 00/22] Introducing OpenVPN Data Channel Offload Antonio Quartulli
2024-12-11 21:15 ` [PATCH net-next v15 01/22] net: introduce OpenVPN Data Channel Offload (ovpn) Antonio Quartulli
2024-12-11 21:15 ` [PATCH net-next v15 02/22] ovpn: add basic netlink support Antonio Quartulli
2024-12-13 16:45 ` Donald Hunter
2024-12-13 17:00 ` Antonio Quartulli
2024-12-11 21:15 ` [PATCH net-next v15 03/22] ovpn: add basic interface creation/destruction/management routines Antonio Quartulli
2024-12-13 12:32 ` Donald Hunter
2024-12-13 12:37 ` Antonio Quartulli
2024-12-11 21:15 ` [PATCH net-next v15 04/22] ovpn: keep carrier always on for MP interfaces Antonio Quartulli
2024-12-11 21:15 ` [PATCH net-next v15 05/22] ovpn: introduce the ovpn_peer object Antonio Quartulli
2024-12-11 21:15 ` [PATCH net-next v15 06/22] ovpn: introduce the ovpn_socket object Antonio Quartulli
2024-12-12 16:19 ` Sabrina Dubroca
2024-12-12 22:46 ` Antonio Quartulli
2024-12-16 11:09 ` Sabrina Dubroca
2024-12-16 11:50 ` Antonio Quartulli
2024-12-17 0:40 ` Antonio Quartulli
2024-12-11 21:15 ` [PATCH net-next v15 07/22] ovpn: implement basic TX path (UDP) Antonio Quartulli
2024-12-11 21:15 ` [PATCH net-next v15 08/22] ovpn: implement basic RX " Antonio Quartulli
2024-12-11 21:15 ` [PATCH net-next v15 09/22] ovpn: implement packet processing Antonio Quartulli
2024-12-16 14:58 ` Sabrina Dubroca
2024-12-11 21:15 ` [PATCH net-next v15 10/22] ovpn: store tunnel and transport statistics Antonio Quartulli
2024-12-16 14:20 ` Sabrina Dubroca
2024-12-11 21:15 ` [PATCH net-next v15 11/22] ovpn: implement TCP transport Antonio Quartulli
2024-12-16 13:59 ` Sabrina Dubroca [this message]
2024-12-16 14:09 ` Antonio Quartulli
2024-12-16 14:19 ` Sabrina Dubroca
2024-12-11 21:15 ` [PATCH net-next v15 12/22] ovpn: implement multi-peer support Antonio Quartulli
2024-12-11 21:15 ` [PATCH net-next v15 13/22] ovpn: implement peer lookup logic Antonio Quartulli
2024-12-11 21:15 ` [PATCH net-next v15 14/22] ovpn: implement keepalive mechanism Antonio Quartulli
2024-12-11 21:15 ` [PATCH net-next v15 15/22] ovpn: add support for updating local UDP endpoint Antonio Quartulli
2024-12-11 21:15 ` [PATCH net-next v15 16/22] ovpn: add support for peer floating Antonio Quartulli
2024-12-11 21:15 ` [PATCH net-next v15 17/22] ovpn: implement peer add/get/dump/delete via netlink Antonio Quartulli
2024-12-11 21:15 ` [PATCH net-next v15 18/22] ovpn: implement key add/get/del/swap " Antonio Quartulli
2024-12-11 21:15 ` [PATCH net-next v15 19/22] ovpn: kill key and notify userspace in case of IV exhaustion Antonio Quartulli
2024-12-11 21:15 ` [PATCH net-next v15 20/22] ovpn: notify userspace when a peer is deleted Antonio Quartulli
2024-12-11 21:15 ` [PATCH net-next v15 21/22] ovpn: add basic ethtool support Antonio Quartulli
2024-12-11 21:15 ` [PATCH net-next v15 22/22] testing/selftests: add test tool and scripts for ovpn module Antonio Quartulli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z2AyLOMazyOCDopc@hog \
--to=sd@queasysnail.net \
--cc=andrew+netdev@lunn.ch \
--cc=antonio@openvpn.net \
--cc=donald.hunter@gmail.com \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=ryazanov.s.a@gmail.com \
--cc=shaw.leon@gmail.com \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.