2025-03-18, 02:40:51 +0100, Antonio Quartulli wrote:
@@ -124,6 +154,13 @@ void ovpn_decrypt_post(void *data, int ret) goto drop; }
if (ovpn_is_keepalive(skb)) {net_dbg_ratelimited("%s: ping received from peer %u\n",netdev_name(peer->ovpn->dev),peer->id);goto drop_nocount;}- net_info_ratelimited("%s: unsupported protocol received from peer %u\n", netdev_name(peer->ovpn->dev), peer->id); goto drop;
@@ -149,6 +186,7 @@ void ovpn_decrypt_post(void *data, int ret) drop: if (unlikely(skb)) dev_core_stats_rx_dropped_inc(peer->ovpn->dev); +drop_nocount: if (likely(peer)) ovpn_peer_put(peer); if (likely(ks)) kfree_skb(skb); }
Again a small thing: in the case of a keepalive message, it would also be nice to use consume_skb instead of kfree_skb. Quoting from the doc for consume_skb:
* Functions identically to kfree_skb, but kfree_skb assumes that the frame * is being dropped after a failure and notes that
Something like this maybe (not compiled):
/* skb is passed to upper layer - don't free it */ skb = NULL; drop: if (unlikely(skb)) dev_core_stats_rx_dropped_inc(peer->ovpn->dev); kfree_skb(skb); skb = NULL; drop_nocount: if (likely(peer)) ovpn_peer_put(peer); if (likely(ks)) ovpn_crypto_key_slot_put(ks); consume_skb(skb);