[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240917010734.1905-1-antonio@openvpn.net>
Date: Tue, 17 Sep 2024 03:07:09 +0200
From: Antonio Quartulli <antonio@...nvpn.net>
To: netdev@...r.kernel.org
Cc: kuba@...nel.org,
pabeni@...hat.com,
ryazanov.s.a@...il.com,
edumazet@...gle.com,
andrew@...n.ch,
sd@...asysnail.net,
Antonio Quartulli <antonio@...nvpn.net>
Subject: [PATCH net-next v7 00/25] Introducing OpenVPN Data Channel Offload
Hi all,
This is the 7th version of the ovpn patchset.
Thanks a lot to all those who have dedicated any amount of time to
review, report errors and send suggestions. Code quality (and even
performance!) has increased enormously compared to v1.
Notable changes from v6 are:
* converted NETIF_F_LLTX to dev->lltx
* added STREAM_PARSER to Kconfig
* regenerated netlink policies
* dropped skbs consistently in xmit() and ovpn_send() (drop only
single skb instead of list)
* stored skb->len before calling ovpn_udp_output()
* stored pkt->len before calling gro_cells_receive()
* added drop_noovpn label in udp_encap_recv()
* removed sk_user_data bogus initialization
* removed call to rcu_barrier() from ovpn_struct_free()
* reworked encrypt/decrypt_post() to properly release CB and clear
ctx member
* got rid of wrong kfree(sg)
* moved gro_cells_init() right before if (err) in ndo_init()
* added missing gro_cells_destroy() in error path in ndo_init()
* used call_rcu() to release peer and avoid deadlock
* moved hlist_add() after family check and rcu protected access
in peer_add_mp()
* went back to single lock only for peer hashtables
* skipped keepalive interval computation when tmp_next_run is 0
* switched crypto_state->mutex to spinlock
* converted slots to array[2]
* skipped rehashing upon float in P2P mode
* avoided double free of skb in case of skb_share_check() failure
(reported by smatch)
* turned ovpn_struct_init() into void as it always returns 0
(reported by cppcheck)
* turned ovpn_tcp_to_userspace() into void as it always returns 0
(reported by cppcheck)
* fixed typ0s reported by checkpatch --codespell
Moreover, I have smatch reporting the following:
drivers/net/ovpn/pktid.c:81 ovpn_pktid_recv() warn: potential spectre issue 'pr->history' [w]
drivers/net/ovpn/pktid.c:110 ovpn_pktid_recv() warn: possible spectre second half. '*p'
I don't think it's code that we should worry about, but I thought it
would make sense to hear your opinion.
Please note that patches previously reviewed by Andrew Lunn have
retained the Reviewed-by tag as they have been simply rebased without
any modification.
The latest code can also be found at:
https://github.com/OpenVPN/linux-kernel-ovpn
Thanks a lot!
Best Regards,
Antonio Quartulli
OpenVPN Inc.
======================
Antonio Quartulli (25):
netlink: add NLA_POLICY_MAX_LEN macro
rtnetlink: don't crash on unregister if no dellink exists
net: introduce OpenVPN Data Channel Offload (ovpn)
ovpn: add basic netlink support
ovpn: add basic interface creation/destruction/management routines
ovpn: implement interface creation/destruction via netlink
ovpn: keep carrier always on
ovpn: introduce the ovpn_peer object
ovpn: introduce the ovpn_socket object
ovpn: implement basic TX path (UDP)
ovpn: implement basic RX path (UDP)
ovpn: implement packet processing
ovpn: store tunnel and transport statistics
ovpn: implement TCP transport
ovpn: implement multi-peer support
ovpn: implement peer lookup logic
ovpn: implement keepalive mechanism
ovpn: add support for updating local UDP endpoint
ovpn: add support for peer floating
ovpn: implement peer add/dump/delete via netlink
ovpn: implement key add/del/swap via netlink
ovpn: kill key and notify userspace in case of IV exhaustion
ovpn: notify userspace when a peer is deleted
ovpn: add basic ethtool support
testing/selftest: add test tool and scripts for ovpn module
Documentation/netlink/specs/ovpn.yaml | 328 +++
MAINTAINERS | 8 +
drivers/net/Kconfig | 15 +
drivers/net/Makefile | 1 +
drivers/net/ovpn/Makefile | 22 +
drivers/net/ovpn/bind.c | 54 +
drivers/net/ovpn/bind.h | 117 ++
drivers/net/ovpn/crypto.c | 172 ++
drivers/net/ovpn/crypto.h | 138 ++
drivers/net/ovpn/crypto_aead.c | 356 ++++
drivers/net/ovpn/crypto_aead.h | 31 +
drivers/net/ovpn/io.c | 459 +++++
drivers/net/ovpn/io.h | 25 +
drivers/net/ovpn/main.c | 364 ++++
drivers/net/ovpn/main.h | 29 +
drivers/net/ovpn/netlink-gen.c | 206 ++
drivers/net/ovpn/netlink-gen.h | 41 +
drivers/net/ovpn/netlink.c | 1052 ++++++++++
drivers/net/ovpn/netlink.h | 18 +
drivers/net/ovpn/ovpnstruct.h | 59 +
drivers/net/ovpn/packet.h | 40 +
drivers/net/ovpn/peer.c | 1192 +++++++++++
drivers/net/ovpn/peer.h | 171 ++
drivers/net/ovpn/pktid.c | 130 ++
drivers/net/ovpn/pktid.h | 87 +
drivers/net/ovpn/proto.h | 104 +
drivers/net/ovpn/skb.h | 61 +
drivers/net/ovpn/socket.c | 165 ++
drivers/net/ovpn/socket.h | 53 +
drivers/net/ovpn/stats.c | 21 +
drivers/net/ovpn/stats.h | 47 +
drivers/net/ovpn/tcp.c | 506 +++++
drivers/net/ovpn/tcp.h | 43 +
drivers/net/ovpn/udp.c | 406 ++++
drivers/net/ovpn/udp.h | 26 +
include/net/netlink.h | 1 +
include/uapi/linux/ovpn.h | 108 +
include/uapi/linux/udp.h | 1 +
net/core/rtnetlink.c | 8 +-
tools/net/ynl/ynl-gen-c.py | 2 +
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/net/ovpn/.gitignore | 2 +
tools/testing/selftests/net/ovpn/Makefile | 17 +
tools/testing/selftests/net/ovpn/config | 8 +
.../selftests/net/ovpn/data-test-tcp.sh | 9 +
tools/testing/selftests/net/ovpn/data-test.sh | 150 ++
tools/testing/selftests/net/ovpn/data64.key | 5 +
.../testing/selftests/net/ovpn/float-test.sh | 115 ++
tools/testing/selftests/net/ovpn/ovpn-cli.c | 1820 +++++++++++++++++
.../testing/selftests/net/ovpn/tcp_peers.txt | 5 +
.../testing/selftests/net/ovpn/udp_peers.txt | 5 +
51 files changed, 8802 insertions(+), 2 deletions(-)
create mode 100644 Documentation/netlink/specs/ovpn.yaml
create mode 100644 drivers/net/ovpn/Makefile
create mode 100644 drivers/net/ovpn/bind.c
create mode 100644 drivers/net/ovpn/bind.h
create mode 100644 drivers/net/ovpn/crypto.c
create mode 100644 drivers/net/ovpn/crypto.h
create mode 100644 drivers/net/ovpn/crypto_aead.c
create mode 100644 drivers/net/ovpn/crypto_aead.h
create mode 100644 drivers/net/ovpn/io.c
create mode 100644 drivers/net/ovpn/io.h
create mode 100644 drivers/net/ovpn/main.c
create mode 100644 drivers/net/ovpn/main.h
create mode 100644 drivers/net/ovpn/netlink-gen.c
create mode 100644 drivers/net/ovpn/netlink-gen.h
create mode 100644 drivers/net/ovpn/netlink.c
create mode 100644 drivers/net/ovpn/netlink.h
create mode 100644 drivers/net/ovpn/ovpnstruct.h
create mode 100644 drivers/net/ovpn/packet.h
create mode 100644 drivers/net/ovpn/peer.c
create mode 100644 drivers/net/ovpn/peer.h
create mode 100644 drivers/net/ovpn/pktid.c
create mode 100644 drivers/net/ovpn/pktid.h
create mode 100644 drivers/net/ovpn/proto.h
create mode 100644 drivers/net/ovpn/skb.h
create mode 100644 drivers/net/ovpn/socket.c
create mode 100644 drivers/net/ovpn/socket.h
create mode 100644 drivers/net/ovpn/stats.c
create mode 100644 drivers/net/ovpn/stats.h
create mode 100644 drivers/net/ovpn/tcp.c
create mode 100644 drivers/net/ovpn/tcp.h
create mode 100644 drivers/net/ovpn/udp.c
create mode 100644 drivers/net/ovpn/udp.h
create mode 100644 include/uapi/linux/ovpn.h
create mode 100644 tools/testing/selftests/net/ovpn/.gitignore
create mode 100644 tools/testing/selftests/net/ovpn/Makefile
create mode 100644 tools/testing/selftests/net/ovpn/config
create mode 100755 tools/testing/selftests/net/ovpn/data-test-tcp.sh
create mode 100755 tools/testing/selftests/net/ovpn/data-test.sh
create mode 100644 tools/testing/selftests/net/ovpn/data64.key
create mode 100755 tools/testing/selftests/net/ovpn/float-test.sh
create mode 100644 tools/testing/selftests/net/ovpn/ovpn-cli.c
create mode 100644 tools/testing/selftests/net/ovpn/tcp_peers.txt
create mode 100644 tools/testing/selftests/net/ovpn/udp_peers.txt
--
2.44.2
Powered by blists - more mailing lists