New subject: [PATCH net-next v12 01/22] net: introduce OpenVPN Data Channel Offload (ovpn)

2 Dec 2024


      This is the 12th version of the patchset.
Hopefully there are no major flaws that will require more resendings.
I am sure we'll have plenty of time to polish up all bells and whistles
:-)
@Sergey, at the end I think I took in all your suggested changes, maybe
with some adaptations.
Notable changes from v11:
* move 'select' entries in Kconfig from patch 1 to where those deps are
  used
* mark mailing list as subscribers-only in MAINTAINERS file
* check iface validity against net_device_ops instead of ndo_start_xmit
* drop DRV_ defines in favour of literals
* use "ovpn" literal instead of OVPN_FAMILY_NAME in code that is not
  netlink related
* delete all peers on ifdown (new del-peer reason added accordingly)
* don't allow adding new peers if iface is down
* clarified uniqueness of IDs in netlink spec
* renamed ovpn_struct to ovpn_priv
* removed packet.h and moved content to proto.h
* fixed overhead/head_room calculation
* dropped unused ovpn_priv.dev_list member
* ensured all defines are prefixed with OVPN_
* kept carrier on only for MP mode
* carrier in P2P mode goes on/off when peer is added/deleted
* dropped skb_protocol_to_family() in favour of checking skb->protocol
  directly
* dropped ovpn_priv.peers.lock in favour of ovpn_priv.lock
* dropped error message in case of packet with unknown ID
* dropped sanity check in udp socket attach function
* made ovpn_peer_skb_to_sockaddr() return sockaddr len to simplify code
* dropped __must_hold() in favour of lockdep_assert_held()
* with TCP patch ovpn_socket now holds reference to ovpn_priv (UDP) or
  ovpn_peer (TCP) to prevent use-after-free of peer in TCP code and to
  force cleanup code to wait for TCP scheduled work
* ovpn_peer release refactored in two steps to allow implementing
  previous point (reference to socket is now dropped in first step,
  instead of kref callback)
* dropped all mentions of __func__ in messages
* moved introduction of UDP_ENCAP_OVPNINUDP from patch 1 to related patch
* properly update vpn and link statistics at right time instead of same
  spot
* properly checked skb head size before accessing ipv6 header in
  ovpn_ip_check_protocol()
* merged ovpn_peer_update_local_endpoint() and ovpn_peer_float()
* properly locked peer collection when rehashing upon peer float
* used netdev_name() when possible for printing iface name
* destroyed dst_cache only upon final peer release
* used bitfield APIs for opcode parsing and creation
* dropped struct ovpn_nonce_tail in favour of using u8[] directly
* added comment about skb_reset_network_header() placement
* added locking around peer->bind modifications
* added TCP out_queue to stash data skbs when socket is owned by user
  (to be sent out upon sock release)
* added call to barrier() in TCP socket release
* fixed hlist nulls lookup by adding loop restart
* used WRITE/READ_ONCE with last_recv/sent
* stopped counting keepalive msgs as dropped packets
* improved ovpn_nl_peer_precheck() to account for mixed v4mapped IPv6
* rehash peer after PEER_SET only in MP mode
  addresses
* added iface teardown check to kselftest script
* Link to v11: https://lore.kernel.org/r/20241029-b4-ovpn-v11-0-de4698c73a25@openvpn.net
Please note that some patches were already reviewed by Andre Lunn,
Donald Hunter and Shuah Khan. They have retained the Reviewed-by tag
since no major code modification has happened since the review.
Patch
The latest code can also be found at:
https://github.com/OpenVPN/linux-kernel-ovpn
Thanks a lot!
Best Regards,
Antonio Quartulli
OpenVPN Inc.
---
Antonio Quartulli (22):
      net: introduce OpenVPN Data Channel Offload (ovpn)
      ovpn: add basic netlink support
      ovpn: add basic interface creation/destruction/management routines
      ovpn: keep carrier always on for MP interfaces
      ovpn: introduce the ovpn_peer object
      ovpn: introduce the ovpn_socket object
      ovpn: implement basic TX path (UDP)
      ovpn: implement basic RX path (UDP)
      ovpn: implement packet processing
      ovpn: store tunnel and transport statistics
      ovpn: implement TCP transport
      ovpn: implement multi-peer support
      ovpn: implement peer lookup logic
      ovpn: implement keepalive mechanism
      ovpn: add support for updating local UDP endpoint
      ovpn: add support for peer floating
      ovpn: implement peer add/get/dump/delete via netlink
      ovpn: implement key add/get/del/swap via netlink
      ovpn: kill key and notify userspace in case of IV exhaustion
      ovpn: notify userspace when a peer is deleted
      ovpn: add basic ethtool support
      testing/selftests: add test tool and scripts for ovpn module
Documentation/netlink/specs/ovpn.yaml              |  368 +++
 MAINTAINERS                                        |   11 +
 drivers/net/Kconfig                                |   14 +
 drivers/net/Makefile                               |    1 +
 drivers/net/ovpn/Makefile                          |   22 +
 drivers/net/ovpn/bind.c                            |   55 +
 drivers/net/ovpn/bind.h                            |  101 +
 drivers/net/ovpn/crypto.c                          |  211 ++
 drivers/net/ovpn/crypto.h                          |  145 ++
 drivers/net/ovpn/crypto_aead.c                     |  383 ++++
 drivers/net/ovpn/crypto_aead.h                     |   33 +
 drivers/net/ovpn/io.c                              |  446 ++++
 drivers/net/ovpn/io.h                              |   34 +
 drivers/net/ovpn/main.c                            |  339 +++
 drivers/net/ovpn/main.h                            |   14 +
 drivers/net/ovpn/netlink-gen.c                     |  212 ++
 drivers/net/ovpn/netlink-gen.h                     |   41 +
 drivers/net/ovpn/netlink.c                         | 1178 ++++++++++
 drivers/net/ovpn/netlink.h                         |   18 +
 drivers/net/ovpn/ovpnstruct.h                      |   57 +
 drivers/net/ovpn/peer.c                            | 1278 +++++++++++
 drivers/net/ovpn/peer.h                            |  163 ++
 drivers/net/ovpn/pktid.c                           |  129 ++
 drivers/net/ovpn/pktid.h                           |   87 +
 drivers/net/ovpn/proto.h                           |  118 +
 drivers/net/ovpn/skb.h                             |   58 +
 drivers/net/ovpn/socket.c                          |  180 ++
 drivers/net/ovpn/socket.h                          |   55 +
 drivers/net/ovpn/stats.c                           |   21 +
 drivers/net/ovpn/stats.h                           |   47 +
 drivers/net/ovpn/tcp.c                             |  579 +++++
 drivers/net/ovpn/tcp.h                             |   33 +
 drivers/net/ovpn/udp.c                             |  397 ++++
 drivers/net/ovpn/udp.h                             |   23 +
 include/uapi/linux/if_link.h                       |   15 +
 include/uapi/linux/ovpn.h                          |  110 +
 include/uapi/linux/udp.h                           |    1 +
 tools/testing/selftests/Makefile                   |    1 +
 tools/testing/selftests/net/ovpn/.gitignore        |    2 +
 tools/testing/selftests/net/ovpn/Makefile          |   17 +
 tools/testing/selftests/net/ovpn/config            |   10 +
 tools/testing/selftests/net/ovpn/data64.key        |    5 +
 tools/testing/selftests/net/ovpn/ovpn-cli.c        | 2370 ++++++++++++++++++++
 tools/testing/selftests/net/ovpn/tcp_peers.txt     |    5 +
 .../testing/selftests/net/ovpn/test-chachapoly.sh  |    9 +
 tools/testing/selftests/net/ovpn/test-float.sh     |    9 +
 tools/testing/selftests/net/ovpn/test-tcp.sh       |    9 +
 tools/testing/selftests/net/ovpn/test.sh           |  182 ++
 tools/testing/selftests/net/ovpn/udp_peers.txt     |    5 +
 49 files changed, 9601 insertions(+)
---
base-commit: 65ae975e97d5aab3ee9dc5ec701b12090572ed43
change-id: 20241002-b4-ovpn-eeee35c694a2
Best regards,
-- 
Antonio Quartulli antonio@openvpn.net

[PATCH net-next v12 00/22] Introducing OpenVPN Data Channel Offload