[net-next,v6,11/25] ovpn: implement basic RX path (UDP)

Message ID	20240827120805.13681-12-antonio@openvpn.net (mailing list archive)
State	Changes Requested
Delegated to:	Netdev Maintainers
Headers	show Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 201B91A08C6 for <netdev@vger.kernel.org>; Tue, 27 Aug 2024 12:06:52 +0000 (UTC) From: Antonio Quartulli <antonio@openvpn.net> To: netdev@vger.kernel.org Cc: kuba@kernel.org, pabeni@redhat.com, ryazanov.s.a@gmail.com, edumazet@google.com, andrew@lunn.ch, sd@queasysnail.net, Antonio Quartulli <antonio@openvpn.net> Subject: [PATCH net-next v6 11/25] ovpn: implement basic RX path (UDP) Date: Tue, 27 Aug 2024 14:07:51 +0200 Message-ID: <20240827120805.13681-12-antonio@openvpn.net> In-Reply-To: <20240827120805.13681-1-antonio@openvpn.net> References: <20240827120805.13681-1-antonio@openvpn.net> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Introducing OpenVPN Data Channel Offload \| expand [net-next,v6,00/25] Introducing OpenVPN Data Channel Offload [net-next,v6,01/25] netlink: add NLA_POLICY_MAX_LEN macro [net-next,v6,02/25] rtnetlink: don't crash on unregister if no dellink exists [net-next,v6,03/25] net: introduce OpenVPN Data Channel Offload (ovpn) [net-next,v6,04/25] ovpn: add basic netlink support [net-next,v6,05/25] ovpn: add basic interface creation/destruction/management routines [net-next,v6,06/25] ovpn: implement interface creation/destruction via netlink [net-next,v6,07/25] ovpn: keep carrier always on [net-next,v6,08/25] ovpn: introduce the ovpn_peer object [net-next,v6,09/25] ovpn: introduce the ovpn_socket object [net-next,v6,10/25] ovpn: implement basic TX path (UDP) [net-next,v6,11/25] ovpn: implement basic RX path (UDP) [net-next,v6,12/25] ovpn: implement packet processing [net-next,v6,13/25] ovpn: store tunnel and transport statistics [net-next,v6,14/25] ovpn: implement TCP transport [net-next,v6,15/25] ovpn: implement multi-peer support [net-next,v6,16/25] ovpn: implement peer lookup logic [net-next,v6,17/25] ovpn: implement keepalive mechanism [net-next,v6,18/25] ovpn: add support for updating local UDP endpoint [net-next,v6,19/25] ovpn: add support for peer floating [net-next,v6,20/25] ovpn: implement peer add/dump/delete via netlink [net-next,v6,21/25] ovpn: implement key add/del/swap via netlink [net-next,v6,22/25] ovpn: kill key and notify userspace in case of IV exhaustion [net-next,v6,23/25] ovpn: notify userspace when a peer is deleted [net-next,v6,24/25] ovpn: add basic ethtool support [net-next,v6,25/25] testing/selftest: add test tool and scripts for ovpn module

Context	Check	Description
netdev/series_format	fail	Series longer than 15 patches
netdev/tree_selection	success	Clearly marked for net-next, async
netdev/ynl	success	Generated files up to date; no warnings/errors; GEN HAS DIFF 2 files changed, 2619 insertions(+);
netdev/fixes_present	success	Fixes tag not required for -next series
netdev/header_inline	success	No static functions without inline keyword in header files
netdev/build_32bit	success	Errors and warnings before: 16 this patch: 16
netdev/build_tools	success	No tools touched, skip
netdev/cc_maintainers	warning	1 maintainers not CCed: openvpn-devel@lists.sourceforge.net
netdev/build_clang	success	Errors and warnings before: 17 this patch: 17
netdev/verify_signedoff	success	Signed-off-by tag matches author and committer
netdev/deprecated_api	success	None detected
netdev/check_selftest	success	No net selftest shell script
netdev/verify_fixes	success	No Fixes tag
netdev/build_allmodconfig_warn	success	Errors and warnings before: 22 this patch: 22
netdev/checkpatch	warning	WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
netdev/build_clang_rust	success	No Rust files in patch. Skipping build
netdev/kdoc	success	Errors and warnings before: 0 this patch: 0
netdev/source_inline	success	Was 0 now: 0
netdev/contest	success	net-next-2024-08-30--06-00 (tests: 714)

Antonio Quartulli Aug. 27, 2024, 12:07 p.m. UTC

Packets received over the socket are forwarded to the user device.

Implementation is UDP only. TCP will be added by a later patch.

Note: no decryption/decapsulation exists yet, packets are forwarded as
they arrive without much processing.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
---
 drivers/net/ovpn/io.c         |  63 +++++++++++++++++++-
 drivers/net/ovpn/io.h         |   2 +
 drivers/net/ovpn/main.c       |   9 ++-
 drivers/net/ovpn/ovpnstruct.h |   3 +
 drivers/net/ovpn/proto.h      |  75 ++++++++++++++++++++++++
 drivers/net/ovpn/skb.h        |   3 -
 drivers/net/ovpn/socket.c     |  24 ++++++++
 drivers/net/ovpn/udp.c        | 104 +++++++++++++++++++++++++++++++++-
 drivers/net/ovpn/udp.h        |   3 +-
 9 files changed, 279 insertions(+), 7 deletions(-)
 create mode 100644 drivers/net/ovpn/proto.h

Sabrina Dubroca Sept. 2, 2024, 11:22 a.m. UTC | #1

2024-08-27, 14:07:51 +0200, Antonio Quartulli wrote:
> +static void ovpn_netdev_write(struct ovpn_peer *peer, struct sk_buff *skb)
> +{
> +	/* we can't guarantee the packet wasn't corrupted before entering the
> +	 * VPN, therefore we give other layers a chance to check that
> +	 */
> +	skb->ip_summed = CHECKSUM_NONE;
> +
> +	/* skb hash for transport packet no longer valid after decapsulation */
> +	skb_clear_hash(skb);
> +
> +	/* post-decrypt scrub -- prepare to inject encapsulated packet onto the
> +	 * interface, based on __skb_tunnel_rx() in dst.h
> +	 */
> +	skb->dev = peer->ovpn->dev;
> +	skb_set_queue_mapping(skb, 0);
> +	skb_scrub_packet(skb, true);
> +
> +	skb_reset_network_header(skb);
> +	skb_reset_transport_header(skb);
> +	skb_probe_transport_header(skb);
> +	skb_reset_inner_headers(skb);
> +
> +	memset(skb->cb, 0, sizeof(skb->cb));
> +
> +	/* cause packet to be "received" by the interface */
> +	if (likely(gro_cells_receive(&peer->ovpn->gro_cells,
> +				     skb) == NET_RX_SUCCESS))
> +		/* update RX stats with the size of decrypted packet */
> +		dev_sw_netstats_rx_add(peer->ovpn->dev, skb->len);

I don't think accessing skb->len after passing the skb to
gro_cells_receive is safe, see
c7cc9200e9b4 ("macsec: avoid use-after-free in macsec_handle_frame()")


[...]
>  static void ovpn_struct_free(struct net_device *net)
>  {
> +	struct ovpn_struct *ovpn = netdev_priv(net);
> +
> +	gro_cells_destroy(&ovpn->gro_cells);
> +	rcu_barrier();

What's the purpose of this rcu_barrier? I expect it in module_exit,
not when removing one netdevice.


> diff --git a/drivers/net/ovpn/skb.h b/drivers/net/ovpn/skb.h
> index 7966a10d915f..e070fe6f448c 100644
> --- a/drivers/net/ovpn/skb.h
> +++ b/drivers/net/ovpn/skb.h
> @@ -18,10 +18,7 @@
>  #include <linux/types.h>
>  
>  struct ovpn_cb {
> -	struct aead_request *req;
>  	struct ovpn_peer *peer;
> -	struct ovpn_crypto_key_slot *ks;
> -	unsigned int payload_offset;

Squashed into the wrong patch?


[...]
> +struct ovpn_struct *ovpn_from_udp_sock(struct sock *sk)
> +{
> +	struct ovpn_socket *ovpn_sock;
> +
> +	if (unlikely(READ_ONCE(udp_sk(sk)->encap_type) != UDP_ENCAP_OVPNINUDP))
> +		return NULL;
> +
> +	ovpn_sock = rcu_dereference_sk_user_data(sk);

[1]

> +	if (unlikely(!ovpn_sock))
> +		return NULL;
> +
> +	/* make sure that sk matches our stored transport socket */
> +	if (unlikely(!ovpn_sock->sock || sk != ovpn_sock->sock->sk))
> +		return NULL;
> +
> +	return ovpn_sock->ovpn;
> +}


> +static int ovpn_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
> +{
> +	struct ovpn_peer *peer = NULL;
> +	struct ovpn_struct *ovpn;
> +	u32 peer_id;
> +	u8 opcode;
> +
> +	ovpn = ovpn_from_udp_sock(sk);
> +	if (unlikely(!ovpn)) {
> +		net_err_ratelimited("%s: cannot obtain ovpn object from UDP socket\n",
> +				    __func__);
> +		goto drop;
> +	}
[...]
> +	/* pop off outer UDP header */
> +	__skb_pull(skb, sizeof(struct udphdr));
> +	ovpn_recv(peer, skb);
> +	return 0;
> +
> +drop:
> +	if (peer)
> +		ovpn_peer_put(peer);
> +	dev_core_stats_rx_dropped_inc(ovpn->dev);

If we get here from the first goto, ovpn is NULL. You could add a
drop_noovpn label right here to just do the free+return.

> +	kfree_skb(skb);
> +	return 0;
> +}
> +
>  /**
>   * ovpn_udp4_output - send IPv4 packet over udp socket
>   * @ovpn: the openvpn instance
> @@ -257,8 +342,13 @@ void ovpn_udp_send_skb(struct ovpn_struct *ovpn, struct ovpn_peer *peer,
>   */
>  int ovpn_udp_socket_attach(struct socket *sock, struct ovpn_struct *ovpn)
>  {
> +	struct udp_tunnel_sock_cfg cfg = {
> +		.sk_user_data = ovpn,
> +		.encap_type = UDP_ENCAP_OVPNINUDP,
> +		.encap_rcv = ovpn_udp_encap_recv,
> +	};
>  	struct ovpn_socket *old_data;
> -	int ret = 0;
> +	int ret;
>  
>  	/* sanity check */
>  	if (sock->sk->sk_protocol != IPPROTO_UDP) {
> @@ -272,6 +362,7 @@ int ovpn_udp_socket_attach(struct socket *sock, struct ovpn_struct *ovpn)
>  	if (!old_data) {
>  		/* socket is currently unused - we can take it */
>  		rcu_read_unlock();
> +		setup_udp_tunnel_sock(sock_net(sock->sk), sock, &cfg);

This will set sk_user_data to the ovpn_struct, but ovpn_from_udp_sock
expects the ovpn_socket [1], which is stored into sk_user_data a
little bit later by ovpn_socket_new. If a packet reaches
ovpn_udp_encap_recv -> ovpn_from_udp_sock before ovpn_socket_new
overwrites sk_user_data, bad things probably happen.

Antonio Quartulli Sept. 2, 2024, 12:24 p.m. UTC | #2

On 02/09/2024 13:22, Sabrina Dubroca wrote:
> 2024-08-27, 14:07:51 +0200, Antonio Quartulli wrote:
>> +static void ovpn_netdev_write(struct ovpn_peer *peer, struct sk_buff *skb)
>> +{
>> +	/* we can't guarantee the packet wasn't corrupted before entering the
>> +	 * VPN, therefore we give other layers a chance to check that
>> +	 */
>> +	skb->ip_summed = CHECKSUM_NONE;
>> +
>> +	/* skb hash for transport packet no longer valid after decapsulation */
>> +	skb_clear_hash(skb);
>> +
>> +	/* post-decrypt scrub -- prepare to inject encapsulated packet onto the
>> +	 * interface, based on __skb_tunnel_rx() in dst.h
>> +	 */
>> +	skb->dev = peer->ovpn->dev;
>> +	skb_set_queue_mapping(skb, 0);
>> +	skb_scrub_packet(skb, true);
>> +
>> +	skb_reset_network_header(skb);
>> +	skb_reset_transport_header(skb);
>> +	skb_probe_transport_header(skb);
>> +	skb_reset_inner_headers(skb);
>> +
>> +	memset(skb->cb, 0, sizeof(skb->cb));
>> +
>> +	/* cause packet to be "received" by the interface */
>> +	if (likely(gro_cells_receive(&peer->ovpn->gro_cells,
>> +				     skb) == NET_RX_SUCCESS))
>> +		/* update RX stats with the size of decrypted packet */
>> +		dev_sw_netstats_rx_add(peer->ovpn->dev, skb->len);
> 
> I don't think accessing skb->len after passing the skb to
> gro_cells_receive is safe, see
> c7cc9200e9b4 ("macsec: avoid use-after-free in macsec_handle_frame()")

Thanks for spotting this! It's basically the same issue (but symmetric) 
as patch 10/25.

> 
> 
> [...]
>>   static void ovpn_struct_free(struct net_device *net)
>>   {
>> +	struct ovpn_struct *ovpn = netdev_priv(net);
>> +
>> +	gro_cells_destroy(&ovpn->gro_cells);
>> +	rcu_barrier();
> 
> What's the purpose of this rcu_barrier? I expect it in module_exit,
> not when removing one netdevice.

Good question.
I presume it's a leftover from previous tests.
I think it's harmless, but it should not be needed at all.

I will remove it.

> 
> 
>> diff --git a/drivers/net/ovpn/skb.h b/drivers/net/ovpn/skb.h
>> index 7966a10d915f..e070fe6f448c 100644
>> --- a/drivers/net/ovpn/skb.h
>> +++ b/drivers/net/ovpn/skb.h
>> @@ -18,10 +18,7 @@
>>   #include <linux/types.h>
>>   
>>   struct ovpn_cb {
>> -	struct aead_request *req;
>>   	struct ovpn_peer *peer;
>> -	struct ovpn_crypto_key_slot *ks;
>> -	unsigned int payload_offset;
> 
> Squashed into the wrong patch?

Darn yes. Sorry for this.

> 
> 
> [...]
>> +struct ovpn_struct *ovpn_from_udp_sock(struct sock *sk)
>> +{
>> +	struct ovpn_socket *ovpn_sock;
>> +
>> +	if (unlikely(READ_ONCE(udp_sk(sk)->encap_type) != UDP_ENCAP_OVPNINUDP))
>> +		return NULL;
>> +
>> +	ovpn_sock = rcu_dereference_sk_user_data(sk);
> 
> [1]
> 
>> +	if (unlikely(!ovpn_sock))
>> +		return NULL;
>> +
>> +	/* make sure that sk matches our stored transport socket */
>> +	if (unlikely(!ovpn_sock->sock || sk != ovpn_sock->sock->sk))
>> +		return NULL;
>> +
>> +	return ovpn_sock->ovpn;
>> +}
> 
> 
>> +static int ovpn_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
>> +{
>> +	struct ovpn_peer *peer = NULL;
>> +	struct ovpn_struct *ovpn;
>> +	u32 peer_id;
>> +	u8 opcode;
>> +
>> +	ovpn = ovpn_from_udp_sock(sk);
>> +	if (unlikely(!ovpn)) {
>> +		net_err_ratelimited("%s: cannot obtain ovpn object from UDP socket\n",
>> +				    __func__);
>> +		goto drop;
>> +	}
> [...]
>> +	/* pop off outer UDP header */
>> +	__skb_pull(skb, sizeof(struct udphdr));
>> +	ovpn_recv(peer, skb);
>> +	return 0;
>> +
>> +drop:
>> +	if (peer)
>> +		ovpn_peer_put(peer);
>> +	dev_core_stats_rx_dropped_inc(ovpn->dev);
> 
> If we get here from the first goto, ovpn is NULL. You could add a
> drop_noovpn label right here to just do the free+return.

Right.
Weird though that no static analysis tool complained about ovpn possibly 
being NULL.

Will add the extra label.

> 
>> +	kfree_skb(skb);
>> +	return 0;
>> +}
>> +
>>   /**
>>    * ovpn_udp4_output - send IPv4 packet over udp socket
>>    * @ovpn: the openvpn instance
>> @@ -257,8 +342,13 @@ void ovpn_udp_send_skb(struct ovpn_struct *ovpn, struct ovpn_peer *peer,
>>    */
>>   int ovpn_udp_socket_attach(struct socket *sock, struct ovpn_struct *ovpn)
>>   {
>> +	struct udp_tunnel_sock_cfg cfg = {
>> +		.sk_user_data = ovpn,
>> +		.encap_type = UDP_ENCAP_OVPNINUDP,
>> +		.encap_rcv = ovpn_udp_encap_recv,
>> +	};
>>   	struct ovpn_socket *old_data;
>> -	int ret = 0;
>> +	int ret;
>>   
>>   	/* sanity check */
>>   	if (sock->sk->sk_protocol != IPPROTO_UDP) {
>> @@ -272,6 +362,7 @@ int ovpn_udp_socket_attach(struct socket *sock, struct ovpn_struct *ovpn)
>>   	if (!old_data) {
>>   		/* socket is currently unused - we can take it */
>>   		rcu_read_unlock();
>> +		setup_udp_tunnel_sock(sock_net(sock->sk), sock, &cfg);
> 
> This will set sk_user_data to the ovpn_struct, but ovpn_from_udp_sock
> expects the ovpn_socket [1], which is stored into sk_user_data a
> little bit later by ovpn_socket_new. If a packet reaches
> ovpn_udp_encap_recv -> ovpn_from_udp_sock before ovpn_socket_new
> overwrites sk_user_data, bad things probably happen.

Wow - this is a very nice catch.

I think this wrong cfg.sk_user_data initialization was there this since 
the first prototype, but it just passed unnoticed.

I will drop the field initialization, so that the sk_user_data stays 
NULL until it gets assigned the ovpn_sock.


Thanks a lot!

Cheers,

Simon Horman Sept. 6, 2024, 7:18 p.m. UTC | #3

On Tue, Aug 27, 2024 at 02:07:51PM +0200, Antonio Quartulli wrote:
> Packets received over the socket are forwarded to the user device.
> 
> Implementation is UDP only. TCP will be added by a later patch.
> 
> Note: no decryption/decapsulation exists yet, packets are forwarded as
> they arrive without much processing.
> 
> Signed-off-by: Antonio Quartulli <antonio@openvpn.net>

...

> +/**
> + * ovpn_udp_encap_recv - Start processing a received UDP packet.
> + * @sk: socket over which the packet was received
> + * @skb: the received packet
> + *
> + * If the first byte of the payload is DATA_V2, the packet is further processed,
> + * otherwise it is forwarded to the UDP stack for delivery to user space.
> + *
> + * Return:
> + *  0 if skb was consumed or dropped
> + * >0 if skb should be passed up to userspace as UDP (packet not consumed)
> + * <0 if skb should be resubmitted as proto -N (packet not consumed)
> + */
> +static int ovpn_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
> +{
> +	struct ovpn_peer *peer = NULL;
> +	struct ovpn_struct *ovpn;
> +	u32 peer_id;
> +	u8 opcode;
> +
> +	ovpn = ovpn_from_udp_sock(sk);
> +	if (unlikely(!ovpn)) {
> +		net_err_ratelimited("%s: cannot obtain ovpn object from UDP socket\n",
> +				    __func__);
> +		goto drop;

Hi Antonio,

Here ovpn is NULL. But jumping to drop will result in ovpn being dereferenced.

Flagged by Smatch.


> +	}
> +
> +	/* Make sure the first 4 bytes of the skb data buffer after the UDP
> +	 * header are accessible.
> +	 * They are required to fetch the OP code, the key ID and the peer ID.
> +	 */
> +	if (unlikely(!pskb_may_pull(skb, sizeof(struct udphdr) +
> +				    OVPN_OP_SIZE_V2))) {
> +		net_dbg_ratelimited("%s: packet too small\n", __func__);
> +		goto drop;
> +	}
> +
> +	opcode = ovpn_opcode_from_skb(skb, sizeof(struct udphdr));
> +	if (unlikely(opcode != OVPN_DATA_V2)) {
> +		/* DATA_V1 is not supported */
> +		if (opcode == OVPN_DATA_V1)
> +			goto drop;
> +
> +		/* unknown or control packet: let it bubble up to userspace */
> +		return 1;
> +	}
> +
> +	peer_id = ovpn_peer_id_from_skb(skb, sizeof(struct udphdr));
> +	/* some OpenVPN server implementations send data packets with the
> +	 * peer-id set to undef. In this case we skip the peer lookup by peer-id
> +	 * and we try with the transport address
> +	 */
> +	if (peer_id != OVPN_PEER_ID_UNDEF) {
> +		peer = ovpn_peer_get_by_id(ovpn, peer_id);
> +		if (!peer) {
> +			net_err_ratelimited("%s: received data from unknown peer (id: %d)\n",
> +					    __func__, peer_id);
> +			goto drop;
> +		}
> +	}
> +
> +	if (!peer) {
> +		/* data packet with undef peer-id */
> +		peer = ovpn_peer_get_by_transp_addr(ovpn, skb);
> +		if (unlikely(!peer)) {
> +			net_dbg_ratelimited("%s: received data with undef peer-id from unknown source\n",
> +					    __func__);
> +			goto drop;
> +		}
> +	}
> +
> +	/* pop off outer UDP header */
> +	__skb_pull(skb, sizeof(struct udphdr));
> +	ovpn_recv(peer, skb);
> +	return 0;
> +
> +drop:
> +	if (peer)
> +		ovpn_peer_put(peer);
> +	dev_core_stats_rx_dropped_inc(ovpn->dev);
> +	kfree_skb(skb);
> +	return 0;
> +}
> +

...

Antonio Quartulli Sept. 9, 2024, 8:37 a.m. UTC | #4

On 06/09/2024 21:18, Simon Horman wrote:
> On Tue, Aug 27, 2024 at 02:07:51PM +0200, Antonio Quartulli wrote:
>> Packets received over the socket are forwarded to the user device.
>>
>> Implementation is UDP only. TCP will be added by a later patch.
>>
>> Note: no decryption/decapsulation exists yet, packets are forwarded as
>> they arrive without much processing.
>>
>> Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
> 
> ...
> 
>> +/**
>> + * ovpn_udp_encap_recv - Start processing a received UDP packet.
>> + * @sk: socket over which the packet was received
>> + * @skb: the received packet
>> + *
>> + * If the first byte of the payload is DATA_V2, the packet is further processed,
>> + * otherwise it is forwarded to the UDP stack for delivery to user space.
>> + *
>> + * Return:
>> + *  0 if skb was consumed or dropped
>> + * >0 if skb should be passed up to userspace as UDP (packet not consumed)
>> + * <0 if skb should be resubmitted as proto -N (packet not consumed)
>> + */
>> +static int ovpn_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
>> +{
>> +	struct ovpn_peer *peer = NULL;
>> +	struct ovpn_struct *ovpn;
>> +	u32 peer_id;
>> +	u8 opcode;
>> +
>> +	ovpn = ovpn_from_udp_sock(sk);
>> +	if (unlikely(!ovpn)) {
>> +		net_err_ratelimited("%s: cannot obtain ovpn object from UDP socket\n",
>> +				    __func__);
>> +		goto drop;
> 
> Hi Antonio,
> 
> Here ovpn is NULL. But jumping to drop will result in ovpn being dereferenced.
> 
> Flagged by Smatch.

You are correct, thanks for the report.
Will fix it in the next version.

Cheers,

> 
> 
>> +	}
>> +
>> +	/* Make sure the first 4 bytes of the skb data buffer after the UDP
>> +	 * header are accessible.
>> +	 * They are required to fetch the OP code, the key ID and the peer ID.
>> +	 */
>> +	if (unlikely(!pskb_may_pull(skb, sizeof(struct udphdr) +
>> +				    OVPN_OP_SIZE_V2))) {
>> +		net_dbg_ratelimited("%s: packet too small\n", __func__);
>> +		goto drop;
>> +	}
>> +
>> +	opcode = ovpn_opcode_from_skb(skb, sizeof(struct udphdr));
>> +	if (unlikely(opcode != OVPN_DATA_V2)) {
>> +		/* DATA_V1 is not supported */
>> +		if (opcode == OVPN_DATA_V1)
>> +			goto drop;
>> +
>> +		/* unknown or control packet: let it bubble up to userspace */
>> +		return 1;
>> +	}
>> +
>> +	peer_id = ovpn_peer_id_from_skb(skb, sizeof(struct udphdr));
>> +	/* some OpenVPN server implementations send data packets with the
>> +	 * peer-id set to undef. In this case we skip the peer lookup by peer-id
>> +	 * and we try with the transport address
>> +	 */
>> +	if (peer_id != OVPN_PEER_ID_UNDEF) {
>> +		peer = ovpn_peer_get_by_id(ovpn, peer_id);
>> +		if (!peer) {
>> +			net_err_ratelimited("%s: received data from unknown peer (id: %d)\n",
>> +					    __func__, peer_id);
>> +			goto drop;
>> +		}
>> +	}
>> +
>> +	if (!peer) {
>> +		/* data packet with undef peer-id */
>> +		peer = ovpn_peer_get_by_transp_addr(ovpn, skb);
>> +		if (unlikely(!peer)) {
>> +			net_dbg_ratelimited("%s: received data with undef peer-id from unknown source\n",
>> +					    __func__);
>> +			goto drop;
>> +		}
>> +	}
>> +
>> +	/* pop off outer UDP header */
>> +	__skb_pull(skb, sizeof(struct udphdr));
>> +	ovpn_recv(peer, skb);
>> +	return 0;
>> +
>> +drop:
>> +	if (peer)
>> +		ovpn_peer_put(peer);
>> +	dev_core_stats_rx_dropped_inc(ovpn->dev);
>> +	kfree_skb(skb);
>> +	return 0;
>> +}
>> +
> 
> ...

[net-next,v6,11/25] ovpn: implement basic RX path (UDP)

Checks

Commit Message

Comments

Patch