From: Sabrina Dubroca <sd@queasysnail.net>
To: Antonio Quartulli <antonio@openvpn.net>
Cc: Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Donald Hunter <donald.hunter@gmail.com>,
Shuah Khan <shuah@kernel.org>,
ryazanov.s.a@gmail.com, Andrew Lunn <andrew@lunn.ch>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-kselftest@vger.kernel.org
Subject: Re: [PATCH net-next v11 18/23] ovpn: implement peer add/get/dump/delete via netlink
Date: Mon, 11 Nov 2024 16:41:57 +0100 [thread overview]
Message-ID: <ZzIlxRbic7qLVD4F@hog> (raw)
In-Reply-To: <20241029-b4-ovpn-v11-18-de4698c73a25@openvpn.net>
2024-10-29, 11:47:31 +0100, Antonio Quartulli wrote:
> +static int ovpn_nl_peer_modify(struct ovpn_peer *peer, struct genl_info *info,
> + struct nlattr **attrs)
> +{
> + struct sockaddr_storage ss = {};
> + u32 sockfd, interv, timeout;
> + struct socket *sock = NULL;
> + u8 *local_ip = NULL;
> + bool rehash = false;
> + int ret;
> +
> + if (attrs[OVPN_A_PEER_SOCKET]) {
> + /* lookup the fd in the kernel table and extract the socket
> + * object
> + */
> + sockfd = nla_get_u32(attrs[OVPN_A_PEER_SOCKET]);
> + /* sockfd_lookup() increases sock's refcounter */
> + sock = sockfd_lookup(sockfd, &ret);
> + if (!sock) {
> + NL_SET_ERR_MSG_FMT_MOD(info->extack,
> + "cannot lookup peer socket (fd=%u): %d",
> + sockfd, ret);
> + return -ENOTSOCK;
> + }
> +
> + /* Only when using UDP as transport protocol the remote endpoint
> + * can be configured so that ovpn knows where to send packets
> + * to.
> + *
> + * In case of TCP, the socket is connected to the peer and ovpn
> + * will just send bytes over it, without the need to specify a
> + * destination.
> + */
> + if (sock->sk->sk_protocol != IPPROTO_UDP &&
> + (attrs[OVPN_A_PEER_REMOTE_IPV4] ||
> + attrs[OVPN_A_PEER_REMOTE_IPV6])) {
> + NL_SET_ERR_MSG_FMT_MOD(info->extack,
> + "unexpected remote IP address for non UDP socket");
> + sockfd_put(sock);
> + return -EINVAL;
> + }
> +
> + if (peer->sock)
> + ovpn_socket_put(peer->sock);
> +
> + peer->sock = ovpn_socket_new(sock, peer);
I don't see anything preventing concurrent updates of peer->sock. I
think peer->lock should be taken from the start of
ovpn_nl_peer_modify. Concurrent changes to peer->vpn_addrs and
peer->keepalive_* are also not prevented with the current code.
> + if (IS_ERR(peer->sock)) {
> + NL_SET_ERR_MSG_FMT_MOD(info->extack,
> + "cannot encapsulate socket: %ld",
> + PTR_ERR(peer->sock));
> + sockfd_put(sock);
> + peer->sock = NULL;
> + return -ENOTSOCK;
> + }
> + }
> +
> + if (ovpn_nl_attr_sockaddr_remote(attrs, &ss) != AF_UNSPEC) {
> + /* we carry the local IP in a generic container.
> + * ovpn_peer_reset_sockaddr() will properly interpret it
> + * based on ss.ss_family
> + */
> + local_ip = ovpn_nl_attr_local_ip(attrs);
> +
> + spin_lock_bh(&peer->lock);
> + /* set peer sockaddr */
> + ret = ovpn_peer_reset_sockaddr(peer, &ss, local_ip);
> + if (ret < 0) {
> + NL_SET_ERR_MSG_FMT_MOD(info->extack,
> + "cannot set peer sockaddr: %d",
> + ret);
> + spin_unlock_bh(&peer->lock);
> + return ret;
> + }
> + spin_unlock_bh(&peer->lock);
> + }
> +
> + if (attrs[OVPN_A_PEER_VPN_IPV4]) {
> + rehash = true;
> + peer->vpn_addrs.ipv4.s_addr =
> + nla_get_in_addr(attrs[OVPN_A_PEER_VPN_IPV4]);
> + }
> +
> + if (attrs[OVPN_A_PEER_VPN_IPV6]) {
> + rehash = true;
> + peer->vpn_addrs.ipv6 =
> + nla_get_in6_addr(attrs[OVPN_A_PEER_VPN_IPV6]);
> + }
> +
> + /* when setting the keepalive, both parameters have to be configured */
> + if (attrs[OVPN_A_PEER_KEEPALIVE_INTERVAL] &&
> + attrs[OVPN_A_PEER_KEEPALIVE_TIMEOUT]) {
> + interv = nla_get_u32(attrs[OVPN_A_PEER_KEEPALIVE_INTERVAL]);
> + timeout = nla_get_u32(attrs[OVPN_A_PEER_KEEPALIVE_TIMEOUT]);
> + ovpn_peer_keepalive_set(peer, interv, timeout);
> + }
> +
> + netdev_dbg(peer->ovpn->dev,
> + "%s: peer id=%u endpoint=%pIScp/%s VPN-IPv4=%pI4 VPN-IPv6=%pI6c\n",
> + __func__, peer->id, &ss,
> + peer->sock->sock->sk->sk_prot_creator->name,
> + &peer->vpn_addrs.ipv4.s_addr, &peer->vpn_addrs.ipv6);
> +
> + return rehash ? 1 : 0;
> +}
> +
[...]
> +void ovpn_peer_hash_vpn_ip(struct ovpn_peer *peer)
> + __must_hold(&peer->ovpn->peers->lock)
Changes to peer->vpn_addrs are not protected by peers->lock, so those
could be getting updated while we're rehashing (and taking peer->lock
in ovpn_nl_peer_modify as I'm suggesting above also wouldn't prevent
that).
> +{
> + struct hlist_nulls_head *nhead;
> +
> + if (peer->vpn_addrs.ipv4.s_addr != htonl(INADDR_ANY)) {
> + /* remove potential old hashing */
> + hlist_nulls_del_init_rcu(&peer->hash_entry_transp_addr);
> +
> + nhead = ovpn_get_hash_head(peer->ovpn->peers->by_vpn_addr,
> + &peer->vpn_addrs.ipv4,
> + sizeof(peer->vpn_addrs.ipv4));
> + hlist_nulls_add_head_rcu(&peer->hash_entry_addr4, nhead);
> + }
> +
> + if (!ipv6_addr_any(&peer->vpn_addrs.ipv6)) {
> + /* remove potential old hashing */
> + hlist_nulls_del_init_rcu(&peer->hash_entry_transp_addr);
> +
> + nhead = ovpn_get_hash_head(peer->ovpn->peers->by_vpn_addr,
> + &peer->vpn_addrs.ipv6,
> + sizeof(peer->vpn_addrs.ipv6));
> + hlist_nulls_add_head_rcu(&peer->hash_entry_addr6, nhead);
> + }
> +}
--
Sabrina
next prev parent reply other threads:[~2024-11-11 15:42 UTC|newest]
Thread overview: 158+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-29 10:47 [PATCH net-next v11 00/23] Introducing OpenVPN Data Channel Offload Antonio Quartulli
2024-10-29 10:47 ` [PATCH net-next v11 01/23] netlink: add NLA_POLICY_MAX_LEN macro Antonio Quartulli
2024-10-29 10:47 ` [PATCH net-next v11 02/23] net: introduce OpenVPN Data Channel Offload (ovpn) Antonio Quartulli
2024-11-06 0:31 ` Sergey Ryazanov
2024-11-15 9:56 ` Antonio Quartulli
2024-11-19 1:49 ` Sergey Ryazanov
2024-10-29 10:47 ` [PATCH net-next v11 03/23] ovpn: add basic netlink support Antonio Quartulli
2024-11-08 23:15 ` Sergey Ryazanov
2024-11-15 10:05 ` Antonio Quartulli
2024-11-19 2:05 ` Sergey Ryazanov
2024-11-19 8:12 ` Antonio Quartulli
2024-11-08 23:31 ` Sergey Ryazanov
2024-11-15 10:19 ` Antonio Quartulli
2024-11-19 2:23 ` Sergey Ryazanov
2024-11-19 8:16 ` Antonio Quartulli
2024-10-29 10:47 ` [PATCH net-next v11 04/23] ovpn: add basic interface creation/destruction/management routines Antonio Quartulli
2024-11-09 1:01 ` Sergey Ryazanov
2024-11-12 16:47 ` Sabrina Dubroca
2024-11-12 23:56 ` Sergey Ryazanov
2024-11-14 8:07 ` Antonio Quartulli
2024-11-14 22:57 ` Sergey Ryazanov
2024-11-15 13:45 ` Antonio Quartulli
2024-11-15 13:00 ` Antonio Quartulli
2024-11-10 20:42 ` Sergey Ryazanov
2024-11-15 14:03 ` Antonio Quartulli
2024-11-19 3:08 ` Sergey Ryazanov
2024-11-19 8:45 ` Antonio Quartulli
2024-10-29 10:47 ` [PATCH net-next v11 05/23] ovpn: keep carrier always on Antonio Quartulli
2024-11-09 1:11 ` Sergey Ryazanov
2024-11-15 14:13 ` Antonio Quartulli
2024-11-20 22:56 ` Sergey Ryazanov
2024-11-21 21:17 ` Antonio Quartulli
2024-11-23 22:25 ` Sergey Ryazanov
2024-11-23 22:52 ` Antonio Quartulli
2024-11-25 2:26 ` Sergey Ryazanov
2024-11-25 13:07 ` Antonio Quartulli
2024-11-25 21:32 ` Sergey Ryazanov
2024-11-26 8:17 ` Antonio Quartulli
2024-12-02 10:40 ` Antonio Quartulli
2024-10-29 10:47 ` [PATCH net-next v11 06/23] ovpn: introduce the ovpn_peer object Antonio Quartulli
2024-10-30 16:37 ` Sabrina Dubroca
2024-10-30 20:47 ` Antonio Quartulli
2024-11-05 13:12 ` Sabrina Dubroca
2024-11-12 10:12 ` Antonio Quartulli
2024-11-10 13:38 ` Sergey Ryazanov
2024-11-12 17:31 ` Sabrina Dubroca
2024-11-13 1:37 ` Sergey Ryazanov
2024-11-13 10:03 ` Sabrina Dubroca
2024-11-20 23:22 ` Sergey Ryazanov
2024-11-21 21:23 ` Antonio Quartulli
2024-11-23 21:05 ` Sergey Ryazanov
2024-11-10 19:52 ` Sergey Ryazanov
2024-11-14 14:55 ` Antonio Quartulli
2024-11-20 11:56 ` Sabrina Dubroca
2024-11-21 21:27 ` Antonio Quartulli
2024-10-29 10:47 ` [PATCH net-next v11 07/23] ovpn: introduce the ovpn_socket object Antonio Quartulli
2024-11-10 18:26 ` Sergey Ryazanov
2024-11-15 14:28 ` Antonio Quartulli
2024-11-19 13:44 ` Antonio Quartulli
2024-11-20 23:34 ` Sergey Ryazanov
2024-11-21 21:29 ` Antonio Quartulli
2024-11-20 23:58 ` Sergey Ryazanov
2024-11-21 21:36 ` Antonio Quartulli
2024-11-22 8:08 ` Sergey Ryazanov
2024-10-29 10:47 ` [PATCH net-next v11 08/23] ovpn: implement basic TX path (UDP) Antonio Quartulli
2024-10-30 17:14 ` Sabrina Dubroca
2024-10-30 20:58 ` Antonio Quartulli
2024-11-10 22:32 ` Sergey Ryazanov
2024-11-12 17:28 ` Sabrina Dubroca
2024-11-14 15:25 ` Antonio Quartulli
2024-11-10 23:54 ` Sergey Ryazanov
2024-11-15 14:39 ` Antonio Quartulli
2024-11-21 0:29 ` Sergey Ryazanov
2024-11-21 21:39 ` Antonio Quartulli
2024-11-20 11:45 ` Sabrina Dubroca
2024-11-21 21:41 ` Antonio Quartulli
2024-10-29 10:47 ` [PATCH net-next v11 09/23] ovpn: implement basic RX " Antonio Quartulli
2024-10-31 11:29 ` Sabrina Dubroca
2024-10-31 13:04 ` Antonio Quartulli
2024-11-11 1:54 ` Sergey Ryazanov
2024-11-15 15:02 ` Antonio Quartulli
2024-11-26 0:32 ` Sergey Ryazanov
2024-11-26 8:49 ` Antonio Quartulli
2024-11-27 1:40 ` Antonio Quartulli
2024-11-29 13:20 ` Sabrina Dubroca
2024-12-01 23:34 ` Antonio Quartulli
2024-11-29 16:10 ` Sabrina Dubroca
2024-12-01 23:39 ` Antonio Quartulli
2024-12-02 3:53 ` Antonio Quartulli
2024-11-12 0:16 ` Sergey Ryazanov
2024-11-15 15:05 ` Antonio Quartulli
2024-10-29 10:47 ` [PATCH net-next v11 10/23] ovpn: implement packet processing Antonio Quartulli
2024-10-29 10:47 ` [PATCH net-next v11 11/23] ovpn: store tunnel and transport statistics Antonio Quartulli
2024-10-31 11:37 ` Sabrina Dubroca
2024-10-31 13:12 ` Antonio Quartulli
2024-10-29 10:47 ` [PATCH net-next v11 12/23] ovpn: implement TCP transport Antonio Quartulli
2024-10-31 14:30 ` Antonio Quartulli
2024-10-31 15:25 ` Sabrina Dubroca
2024-11-16 0:33 ` Antonio Quartulli
2024-11-26 1:05 ` Sergey Ryazanov
2024-11-26 8:51 ` Antonio Quartulli
2024-10-29 10:47 ` [PATCH net-next v11 13/23] ovpn: implement multi-peer support Antonio Quartulli
2024-10-29 10:47 ` [PATCH net-next v11 14/23] ovpn: implement peer lookup logic Antonio Quartulli
2024-11-04 11:26 ` Sabrina Dubroca
2024-11-12 1:18 ` Sergey Ryazanov
2024-11-12 12:32 ` Antonio Quartulli
2024-10-29 10:47 ` [PATCH net-next v11 15/23] ovpn: implement keepalive mechanism Antonio Quartulli
2024-11-05 18:10 ` Sabrina Dubroca
2024-11-12 13:20 ` Antonio Quartulli
2024-11-13 10:36 ` Sabrina Dubroca
2024-11-14 8:12 ` Antonio Quartulli
2024-11-14 9:03 ` Sabrina Dubroca
2024-11-22 9:41 ` Antonio Quartulli
2024-11-22 16:18 ` Sabrina Dubroca
2024-11-24 0:28 ` Antonio Quartulli
2024-10-29 10:47 ` [PATCH net-next v11 16/23] ovpn: add support for updating local UDP endpoint Antonio Quartulli
2024-10-29 10:47 ` [PATCH net-next v11 17/23] ovpn: add support for peer floating Antonio Quartulli
2024-11-04 11:24 ` Sabrina Dubroca
2024-11-12 13:52 ` Antonio Quartulli
2024-11-12 10:56 ` Sabrina Dubroca
2024-11-12 14:03 ` Antonio Quartulli
2024-11-13 11:25 ` Sabrina Dubroca
2024-11-14 8:26 ` Antonio Quartulli
2024-10-29 10:47 ` [PATCH net-next v11 18/23] ovpn: implement peer add/get/dump/delete via netlink Antonio Quartulli
2024-11-04 15:14 ` Sabrina Dubroca
2024-11-12 14:19 ` Antonio Quartulli
2024-11-13 16:56 ` Sabrina Dubroca
2024-11-14 9:21 ` Antonio Quartulli
2024-11-20 11:12 ` Sabrina Dubroca
2024-11-20 11:34 ` Antonio Quartulli
2024-11-20 12:10 ` Sabrina Dubroca
2024-11-11 15:41 ` Sabrina Dubroca [this message]
2024-11-12 14:26 ` Antonio Quartulli
2024-11-13 11:05 ` Sabrina Dubroca
2024-11-14 10:32 ` Antonio Quartulli
2024-11-29 17:00 ` Sabrina Dubroca
2024-12-01 23:43 ` Antonio Quartulli
2024-11-21 16:02 ` Sabrina Dubroca
2024-11-21 21:43 ` Antonio Quartulli
2024-10-29 10:47 ` [PATCH net-next v11 19/23] ovpn: implement key add/get/del/swap " Antonio Quartulli
2024-11-05 10:16 ` Sabrina Dubroca
2024-11-12 15:40 ` Antonio Quartulli
2024-10-29 10:47 ` [PATCH net-next v11 20/23] ovpn: kill key and notify userspace in case of IV exhaustion Antonio Quartulli
2024-11-05 10:33 ` Sabrina Dubroca
2024-11-12 15:44 ` Antonio Quartulli
2024-11-13 14:28 ` Sabrina Dubroca
2024-11-14 10:38 ` Antonio Quartulli
2024-11-20 12:17 ` Sabrina Dubroca
2024-10-29 10:47 ` [PATCH net-next v11 21/23] ovpn: notify userspace when a peer is deleted Antonio Quartulli
2024-10-29 10:47 ` [PATCH net-next v11 22/23] ovpn: add basic ethtool support Antonio Quartulli
2024-10-29 10:47 ` [PATCH net-next v11 23/23] testing/selftests: add test tool and scripts for ovpn module Antonio Quartulli
2024-10-31 10:00 ` [PATCH net-next v11 00/23] Introducing OpenVPN Data Channel Offload Antonio Quartulli
2024-11-01 2:12 ` Jakub Kicinski
2024-11-01 2:20 ` patchwork-bot+netdevbpf
2024-11-06 1:18 ` Sergey Ryazanov
2024-11-14 15:33 ` Antonio Quartulli
2024-11-14 22:10 ` Sergey Ryazanov
2024-11-15 15:08 ` Antonio Quartulli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZzIlxRbic7qLVD4F@hog \
--to=sd@queasysnail.net \
--cc=andrew@lunn.ch \
--cc=antonio@openvpn.net \
--cc=donald.hunter@gmail.com \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=ryazanov.s.a@gmail.com \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.