| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <419e701d-dc74-4072-a056-0845e77305aa@openvpn.net> Date: Thu, 17 Apr 2025 12:01:02 +0200 From: Antonio Quartulli <antonio@...nvpn.net> To: Oleksandr Natalenko <oleksandr@...alenko.name>, netdev@...r.kernel.org, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Donald Hunter <donald.hunter@...il.com>, Shuah Khan <shuah@...nel.org>, sd@...asysnail.net, ryazanov.s.a@...il.com, Andrew Lunn <andrew+netdev@...n.ch>, Simon Horman <horms@...nel.org> Cc: linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org, Xiao Liang <shaw.leon@...il.com>, steffen.klassert@...unet.com, antony.antony@...unet.com, willemdebruijn.kernel@...il.com, David Ahern <dsahern@...nel.org>, Andrew Lunn <andrew@...n.ch>, Shuah Khan <skhan@...uxfoundation.org> Subject: Re: [PATCH net-next v26 00/23] Introducing OpenVPN Data Channel Offload Hi Oleksandr, Thanks a lot for testing! On 17/04/2025 11:51, Oleksandr Natalenko wrote: > Hello. > > On úterý 15. dubna 2025 13:17:17, středoevropský letní čas Antonio Quartulli wrote: >> Notable changes since v25: >> * removed netdev notifier (was only used for our own devices) >> * added .dellink implementation to address what was previously >> done in notifier >> * removed .ndo_open and moved netif_carrier_off() call to .ndo_init >> * fixed author in MODULE_AUTHOR() >> * properly indented checks in ovpn.yaml >> * switched from TSTATS to DSTATS >> * removed obsolete comment in ovpn_socket_new() >> * removed unrelated hunk in ovpn_socket_new() >> >> The latest code can also be found at: >> >> https://github.com/OpenVPN/ovpn-net-next > > Thank you for this. I've backported the submission for my local v6.14-based build (had to adjust for 69c7be1b903fca) and I'm using it now with [1] as you've suggested previously. So far so good. Feel free to add my: > > Tested-by: Oleksandr Natalenko <oleksandr@...alenko.name> > > A couple of notes if I may: > > 1. is it expected for then tun iface to stay after the connection is brought down? If that matters, I'm using NetworkManager for managing my OpenVPN connections If the interface is created by openvpn in userspace, the latter should also destroy it during cleanup. > 2. a userspace nit probably not relevant to this submission: the daemon still reports "DCO version:" but with "N/A" value because that version file under /sys is not presented any more like it was with an out-of-tree v2 implementation Thanks a lot, I have reported this point to gerrit (where the patch is being reviewed): https://gerrit.openvpn.net/c/openvpn/+/941 Regards, > > [1]: https://github.com/mandelbitdev/openvpn/tree/gianmarco/179-ovpn-support > >> >> Thanks a lot! >> Best Regards, >> >> Antonio Quartulli >> OpenVPN Inc. >> >> --- >> Antonio Quartulli (23): >> net: introduce OpenVPN Data Channel Offload (ovpn) >> ovpn: add basic netlink support >> ovpn: add basic interface creation/destruction/management routines >> ovpn: keep carrier always on for MP interfaces >> ovpn: introduce the ovpn_peer object >> ovpn: introduce the ovpn_socket object >> ovpn: implement basic TX path (UDP) >> ovpn: implement basic RX path (UDP) >> ovpn: implement packet processing >> ovpn: store tunnel and transport statistics >> ovpn: implement TCP transport >> skb: implement skb_send_sock_locked_with_flags() >> ovpn: add support for MSG_NOSIGNAL in tcp_sendmsg >> ovpn: implement multi-peer support >> ovpn: implement peer lookup logic >> ovpn: implement keepalive mechanism >> ovpn: add support for updating local or remote UDP endpoint >> ovpn: implement peer add/get/dump/delete via netlink >> ovpn: implement key add/get/del/swap via netlink >> ovpn: kill key and notify userspace in case of IV exhaustion >> ovpn: notify userspace when a peer is deleted >> ovpn: add basic ethtool support >> testing/selftests: add test tool and scripts for ovpn module >> >> Documentation/netlink/specs/ovpn.yaml | 367 +++ >> Documentation/netlink/specs/rt-link.yaml | 16 + >> MAINTAINERS | 11 + >> drivers/net/Kconfig | 15 + >> drivers/net/Makefile | 1 + >> drivers/net/ovpn/Makefile | 22 + >> drivers/net/ovpn/bind.c | 55 + >> drivers/net/ovpn/bind.h | 101 + >> drivers/net/ovpn/crypto.c | 210 ++ >> drivers/net/ovpn/crypto.h | 145 ++ >> drivers/net/ovpn/crypto_aead.c | 383 ++++ >> drivers/net/ovpn/crypto_aead.h | 29 + >> drivers/net/ovpn/io.c | 446 ++++ >> drivers/net/ovpn/io.h | 34 + >> drivers/net/ovpn/main.c | 274 +++ >> drivers/net/ovpn/main.h | 14 + >> drivers/net/ovpn/netlink-gen.c | 213 ++ >> drivers/net/ovpn/netlink-gen.h | 41 + >> drivers/net/ovpn/netlink.c | 1258 +++++++++++ >> drivers/net/ovpn/netlink.h | 18 + >> drivers/net/ovpn/ovpnpriv.h | 55 + >> drivers/net/ovpn/peer.c | 1365 +++++++++++ >> drivers/net/ovpn/peer.h | 163 ++ >> drivers/net/ovpn/pktid.c | 129 ++ >> drivers/net/ovpn/pktid.h | 86 + >> drivers/net/ovpn/proto.h | 118 + >> drivers/net/ovpn/skb.h | 61 + >> drivers/net/ovpn/socket.c | 233 ++ >> drivers/net/ovpn/socket.h | 49 + >> drivers/net/ovpn/stats.c | 21 + >> drivers/net/ovpn/stats.h | 47 + >> drivers/net/ovpn/tcp.c | 598 +++++ >> drivers/net/ovpn/tcp.h | 36 + >> drivers/net/ovpn/udp.c | 439 ++++ >> drivers/net/ovpn/udp.h | 25 + >> include/linux/skbuff.h | 2 + >> include/uapi/linux/if_link.h | 15 + >> include/uapi/linux/ovpn.h | 109 + >> include/uapi/linux/udp.h | 1 + >> net/core/skbuff.c | 18 +- >> net/ipv6/af_inet6.c | 1 + >> tools/testing/selftests/Makefile | 1 + >> tools/testing/selftests/net/ovpn/.gitignore | 2 + >> tools/testing/selftests/net/ovpn/Makefile | 31 + >> tools/testing/selftests/net/ovpn/common.sh | 92 + >> tools/testing/selftests/net/ovpn/config | 10 + >> tools/testing/selftests/net/ovpn/data64.key | 5 + >> tools/testing/selftests/net/ovpn/ovpn-cli.c | 2376 ++++++++++++++++++++ >> tools/testing/selftests/net/ovpn/tcp_peers.txt | 5 + >> .../testing/selftests/net/ovpn/test-chachapoly.sh | 9 + >> .../selftests/net/ovpn/test-close-socket-tcp.sh | 9 + >> .../selftests/net/ovpn/test-close-socket.sh | 45 + >> tools/testing/selftests/net/ovpn/test-float.sh | 9 + >> tools/testing/selftests/net/ovpn/test-tcp.sh | 9 + >> tools/testing/selftests/net/ovpn/test.sh | 113 + >> tools/testing/selftests/net/ovpn/udp_peers.txt | 5 + >> 56 files changed, 9940 insertions(+), 5 deletions(-) >> --- >> base-commit: 23f09f01b495cc510a19b30b6093fb4cb0284aaf >> change-id: 20241002-b4-ovpn-eeee35c694a2 >> >> Best regards, >> > > -- Antonio Quartulli OpenVPN Inc.
Powered by blists - more mailing lists