[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <855e6fee-5f0a-439d-a6c5-6829db4ecbfa@openvpn.net>
Date: Tue, 19 Nov 2024 09:45:51 +0100
From: Antonio Quartulli <antonio@...nvpn.net>
To: Sergey Ryazanov <ryazanov.s.a@...il.com>
Cc: Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>, Donald Hunter <donald.hunter@...il.com>,
Shuah Khan <shuah@...nel.org>, sd@...asysnail.net,
Andrew Lunn <andrew@...n.ch>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org
Subject: Re: [PATCH net-next v11 04/23] ovpn: add basic interface
creation/destruction/management routines
On 19/11/2024 04:08, Sergey Ryazanov wrote:
> On 15.11.2024 16:03, Antonio Quartulli wrote:
>> On 10/11/2024 21:42, Sergey Ryazanov wrote:
>>> Missed the most essential note regarding this patch :)
>>>
>>> On 29.10.2024 12:47, Antonio Quartulli wrote:
>>>> +static int ovpn_net_open(struct net_device *dev)
>>>> +{
>>>> + netif_tx_start_all_queues(dev);
>>>> + return 0;
>>>> +}
>>>> +
>>>> +static int ovpn_net_stop(struct net_device *dev)
>>>> +{
>>>> + netif_tx_stop_all_queues(dev);
>>>
>>> Here we stop a user generated traffic in downlink. Shall we take care
>>> about other kinds of traffic: keepalive, uplink?
>>
>> Keepalive is "metadata" and should continue to flow, regardless of
>> whether the user interface is brought down.
>>
>> Uplink traffic directed to *this* device should just be dropped at
>> delivery time.
>>
>> Incoming traffic directed to other peers will continue to work.
>
> How it's possible? AFAIU, the module uses the kernel IP routing
> subsystem. Putting the interface down will effectively block a client-
> to-client packet to reenter the interface.
True.
At least part of the traffic is stopped (traffic directed to the VPN IP
of a peer will still flow as it does not require a routing table lookup).
I circled this discussion through the other devs to see what perspective
they would bring and we also agree that if something is stopping, better
stop the entire infra.
Also, if a user is fumbling with the link state, they are probably
trying to bring the VPN down.
I will go that way and basically perform the same cleanup as if the
interface is being deleted.
"the party is over"[cit.] :)
Regards,
--
Antonio Quartulli
OpenVPN Inc.
Powered by blists - more mailing lists