From: Antonio Quartulli <antonio@openvpn.net>
To: netdev@vger.kernel.org
Cc: kuba@kernel.org, ryazanov.s.a@gmail.com, pabeni@redhat.com,
edumazet@google.com, andrew@lunn.ch, sd@queasysnail.net,
Antonio Quartulli <antonio@openvpn.net>
Subject: [PATCH net-next v4 07/25] ovpn: keep carrier always on
Date: Mon, 24 Jun 2024 13:31:04 +0200 [thread overview]
Message-ID: <20240624113122.12732-8-antonio@openvpn.net> (raw)
In-Reply-To: <20240624113122.12732-1-antonio@openvpn.net>
An ovpn interface will keep carrier always on and let the user
decide when an interface should be considered disconnected.
This way, even if an ovpn interface is not connected to any peer,
it can still retain all IPs and routes and thus prevent any data
leak.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
---
drivers/net/ovpn/main.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/ovpn/main.c b/drivers/net/ovpn/main.c
index 7e3e9963d2fc..d0abe8b91a86 100644
--- a/drivers/net/ovpn/main.c
+++ b/drivers/net/ovpn/main.c
@@ -50,6 +50,13 @@ static void ovpn_struct_free(struct net_device *net)
static int ovpn_net_open(struct net_device *dev)
{
+ /* ovpn keeps the carrier always on to avoid losing IP or route
+ * configuration upon disconnection. This way it can prevent leaks
+ * of traffic outside of the VPN tunnel.
+ * The user may override this behaviour by tearing down the interface
+ * manually.
+ */
+ netif_carrier_on(dev);
netif_tx_start_all_queues(dev);
return 0;
}
--
2.44.2
next prev parent reply other threads:[~2024-06-24 11:29 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-24 11:30 [PATCH net-next v4 00/25] Introducing OpenVPN Data Channel Offload Antonio Quartulli
2024-06-24 11:30 ` [PATCH net-next v4 01/25] netlink: add NLA_POLICY_MAX_LEN macro Antonio Quartulli
2024-06-24 11:30 ` [PATCH net-next v4 02/25] rtnetlink: don't crash on unregister if no dellink exists Antonio Quartulli
2024-06-24 11:31 ` [PATCH net-next v4 03/25] net: introduce OpenVPN Data Channel Offload (ovpn) Antonio Quartulli
2024-06-24 11:31 ` [PATCH net-next v4 04/25] ovpn: add basic netlink support Antonio Quartulli
2024-06-24 11:31 ` [PATCH net-next v4 05/25] ovpn: add basic interface creation/destruction/management routines Antonio Quartulli
2024-06-24 11:31 ` [PATCH net-next v4 06/25] ovpn: implement interface creation/destruction via netlink Antonio Quartulli
2024-06-24 11:31 ` Antonio Quartulli [this message]
2024-06-24 11:31 ` [PATCH net-next v4 08/25] ovpn: introduce the ovpn_peer object Antonio Quartulli
2024-06-24 11:31 ` [PATCH net-next v4 09/25] ovpn: introduce the ovpn_socket object Antonio Quartulli
2024-06-24 11:31 ` [PATCH net-next v4 10/25] ovpn: implement basic TX path (UDP) Antonio Quartulli
2024-06-24 11:31 ` [PATCH net-next v4 11/25] ovpn: implement basic RX " Antonio Quartulli
2024-06-24 11:31 ` [PATCH net-next v4 12/25] ovpn: implement packet processing Antonio Quartulli
2024-06-24 11:31 ` [PATCH net-next v4 13/25] ovpn: store tunnel and transport statistics Antonio Quartulli
2024-06-24 11:31 ` [PATCH net-next v4 14/25] ovpn: implement TCP transport Antonio Quartulli
2024-06-24 11:31 ` [PATCH net-next v4 15/25] ovpn: implement multi-peer support Antonio Quartulli
2024-06-24 11:31 ` [PATCH net-next v4 16/25] ovpn: implement peer lookup logic Antonio Quartulli
2024-06-24 11:31 ` [PATCH net-next v4 17/25] ovpn: implement keepalive mechanism Antonio Quartulli
2024-06-24 11:31 ` [PATCH net-next v4 18/25] ovpn: add support for updating local UDP endpoint Antonio Quartulli
2024-06-24 11:31 ` [PATCH net-next v4 19/25] ovpn: add support for peer floating Antonio Quartulli
2024-06-24 11:31 ` [PATCH net-next v4 20/25] ovpn: implement peer add/dump/delete via netlink Antonio Quartulli
2024-06-24 11:31 ` [PATCH net-next v4 21/25] ovpn: implement key add/del/swap " Antonio Quartulli
2024-06-24 11:31 ` [PATCH net-next v4 22/25] ovpn: kill key and notify userspace in case of IV exhaustion Antonio Quartulli
2024-06-24 11:31 ` [PATCH net-next v4 23/25] ovpn: notify userspace when a peer is deleted Antonio Quartulli
2024-06-24 11:31 ` [PATCH net-next v4 24/25] ovpn: add basic ethtool support Antonio Quartulli
2024-06-24 11:31 ` [PATCH net-next v4 25/25] testing/selftest: add test tool and scripts for ovpn module Antonio Quartulli
2024-06-25 15:14 ` Jakub Kicinski
2024-06-27 6:46 ` Antonio Quartulli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240624113122.12732-8-antonio@openvpn.net \
--to=antonio@openvpn.net \
--cc=andrew@lunn.ch \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=ryazanov.s.a@gmail.com \
--cc=sd@queasysnail.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).