| From: |
| Antonio Quartulli <antonio-AT-openvpn.net> |
| To: |
| netdev-AT-vger.kernel.org |
| Subject: |
| [PATCH net-next v6 00/25] Introducing OpenVPN Data Channel Offload |
| Date: |
| Tue, 27 Aug 2024 14:07:40 +0200 |
| Message-ID: |
| <20240827120805.13681-1-antonio@openvpn.net> |
| Cc: |
| kuba-AT-kernel.org, pabeni-AT-redhat.com, ryazanov.s.a-AT-gmail.com, edumazet-AT-google.com, andrew-AT-lunn.ch, sd-AT-queasysnail.net, Antonio Quartulli <antonio-AT-openvpn.net> |
| Archive-link: |
| Article |
Hi all,
This is the 6th version of the ovpn patchset.
Notable changes from v5 are:
* moved NETIF_F_LLTX only to features
* added missing call to crypto_key_slot_put() in encrypt_done()
* return also IFINDEX upon nl_new_iface_doit() success
* convert struct ovpn_sockaddr to union
* rename ovpn_bind->sa to ovpn_bind->remote
* added netdevice_tracker to netdev_hold/put when possible
* moved ovpn_peer_index() change to related patch
* removed dev_core_stats_rx_dropped_inc after gro_cells_receive()
* moved call to kill_primary_key to related patch
* passed key_id to userspace when killing key
* passed skb to aead_request_set_callback()
* added missing call to crypto_key_slot_put() in decrypt_post()
* got rid of ptr_ring.h
* removed extra/unneded memset() on cb in TCP code
* made sure to call notify_swap_key
* called notify_del_peer before releasing netdev ref
* converted checks in nl_set_peer_doit to hard requirements
* removed useless keepalive_set boolean variable
* moved kzalloc for ovpn->peers to ndo_init() cb
* added size check in ovpn_is_keepalive()
* drop ovpn_keepalive_xmit() wrapper
* use new helper __skb_put_data()
* hold peer->lock in ovpn_peer_float()
* use ipv6_addr_equal()
* hold peer->lock in update_local_endpoint()
* use hlist_nulls for by_transp_addr due to float rehashing
* switched to CHECKSUM_NONE in RX path
* bailed out when cannot retain peer ref in encrypt_one()
* hold peer ref in ovpn_tcp_sendmsg()
* bail out in case of missing peer ref in ovpn_tcp_rcv()
* moved cancel_work_sync() and strp_done() out of rcu read lock area
* enable extended ack in userspace testing tool
* introduced one lock per hashtable, to avoid conflicting lock
operations
* added some extra doc regarding IV and key life cycle
* some more minor reshuffling, mostly as consequence of the above..
Please note that patches previously reviewed by Andrew Lunn have
retained the Reviewed-by tag as they have been simply rebased without
any modification.
The latest code can also be found at:
https://github.com/OpenVPN/linux-kernel-ovpn
Thanks a lot!
Best Regards,
Antonio Quartulli
OpenVPN Inc.
======================
Antonio Quartulli (25):
netlink: add NLA_POLICY_MAX_LEN macro
rtnetlink: don't crash on unregister if no dellink exists
net: introduce OpenVPN Data Channel Offload (ovpn)
ovpn: add basic netlink support
ovpn: add basic interface creation/destruction/management routines
ovpn: implement interface creation/destruction via netlink
ovpn: keep carrier always on
ovpn: introduce the ovpn_peer object
ovpn: introduce the ovpn_socket object
ovpn: implement basic TX path (UDP)
ovpn: implement basic RX path (UDP)
ovpn: implement packet processing
ovpn: store tunnel and transport statistics
ovpn: implement TCP transport
ovpn: implement multi-peer support
ovpn: implement peer lookup logic
ovpn: implement keepalive mechanism
ovpn: add support for updating local UDP endpoint
ovpn: add support for peer floating
ovpn: implement peer add/dump/delete via netlink
ovpn: implement key add/del/swap via netlink
ovpn: kill key and notify userspace in case of IV exhaustion
ovpn: notify userspace when a peer is deleted
ovpn: add basic ethtool support
testing/selftest: add test tool and scripts for ovpn module
Documentation/netlink/specs/ovpn.yaml | 328 +++
MAINTAINERS | 8 +
drivers/net/Kconfig | 14 +
drivers/net/Makefile | 1 +
drivers/net/ovpn/Makefile | 22 +
drivers/net/ovpn/bind.c | 54 +
drivers/net/ovpn/bind.h | 117 ++
drivers/net/ovpn/crypto.c | 168 ++
drivers/net/ovpn/crypto.h | 138 ++
drivers/net/ovpn/crypto_aead.c | 376 ++++
drivers/net/ovpn/crypto_aead.h | 31 +
drivers/net/ovpn/io.c | 439 ++++
drivers/net/ovpn/io.h | 25 +
drivers/net/ovpn/main.c | 371 ++++
drivers/net/ovpn/main.h | 29 +
drivers/net/ovpn/netlink-gen.c | 206 ++
drivers/net/ovpn/netlink-gen.h | 41 +
drivers/net/ovpn/netlink.c | 1052 ++++++++++
drivers/net/ovpn/netlink.h | 18 +
drivers/net/ovpn/ovpnstruct.h | 63 +
drivers/net/ovpn/packet.h | 40 +
drivers/net/ovpn/peer.c | 1187 +++++++++++
drivers/net/ovpn/peer.h | 171 ++
drivers/net/ovpn/pktid.c | 130 ++
drivers/net/ovpn/pktid.h | 87 +
drivers/net/ovpn/proto.h | 104 +
drivers/net/ovpn/skb.h | 61 +
drivers/net/ovpn/socket.c | 165 ++
drivers/net/ovpn/socket.h | 53 +
drivers/net/ovpn/stats.c | 21 +
drivers/net/ovpn/stats.h | 47 +
drivers/net/ovpn/tcp.c | 512 +++++
drivers/net/ovpn/tcp.h | 42 +
drivers/net/ovpn/udp.c | 404 ++++
drivers/net/ovpn/udp.h | 26 +
include/net/netlink.h | 1 +
include/uapi/linux/ovpn.h | 108 +
include/uapi/linux/udp.h | 1 +
net/core/rtnetlink.c | 8 +-
tools/net/ynl/ynl-gen-c.py | 2 +
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/net/ovpn/.gitignore | 2 +
tools/testing/selftests/net/ovpn/Makefile | 17 +
tools/testing/selftests/net/ovpn/config | 8 +
.../selftests/net/ovpn/data-test-tcp.sh | 9 +
tools/testing/selftests/net/ovpn/data-test.sh | 150 ++
tools/testing/selftests/net/ovpn/data64.key | 5 +
.../testing/selftests/net/ovpn/float-test.sh | 115 ++
tools/testing/selftests/net/ovpn/ovpn-cli.c | 1820 +++++++++++++++++
.../testing/selftests/net/ovpn/tcp_peers.txt | 1 +
.../testing/selftests/net/ovpn/udp_peers.txt | 5 +
51 files changed, 8802 insertions(+), 2 deletions(-)
create mode 100644 Documentation/netlink/specs/ovpn.yaml
create mode 100644 drivers/net/ovpn/Makefile
create mode 100644 drivers/net/ovpn/bind.c
create mode 100644 drivers/net/ovpn/bind.h
create mode 100644 drivers/net/ovpn/crypto.c
create mode 100644 drivers/net/ovpn/crypto.h
create mode 100644 drivers/net/ovpn/crypto_aead.c
create mode 100644 drivers/net/ovpn/crypto_aead.h
create mode 100644 drivers/net/ovpn/io.c
create mode 100644 drivers/net/ovpn/io.h
create mode 100644 drivers/net/ovpn/main.c
create mode 100644 drivers/net/ovpn/main.h
create mode 100644 drivers/net/ovpn/netlink-gen.c
create mode 100644 drivers/net/ovpn/netlink-gen.h
create mode 100644 drivers/net/ovpn/netlink.c
create mode 100644 drivers/net/ovpn/netlink.h
create mode 100644 drivers/net/ovpn/ovpnstruct.h
create mode 100644 drivers/net/ovpn/packet.h
create mode 100644 drivers/net/ovpn/peer.c
create mode 100644 drivers/net/ovpn/peer.h
create mode 100644 drivers/net/ovpn/pktid.c
create mode 100644 drivers/net/ovpn/pktid.h
create mode 100644 drivers/net/ovpn/proto.h
create mode 100644 drivers/net/ovpn/skb.h
create mode 100644 drivers/net/ovpn/socket.c
create mode 100644 drivers/net/ovpn/socket.h
create mode 100644 drivers/net/ovpn/stats.c
create mode 100644 drivers/net/ovpn/stats.h
create mode 100644 drivers/net/ovpn/tcp.c
create mode 100644 drivers/net/ovpn/tcp.h
create mode 100644 drivers/net/ovpn/udp.c
create mode 100644 drivers/net/ovpn/udp.h
create mode 100644 include/uapi/linux/ovpn.h
create mode 100644 tools/testing/selftests/net/ovpn/.gitignore
create mode 100644 tools/testing/selftests/net/ovpn/Makefile
create mode 100644 tools/testing/selftests/net/ovpn/config
create mode 100755 tools/testing/selftests/net/ovpn/data-test-tcp.sh
create mode 100755 tools/testing/selftests/net/ovpn/data-test.sh
create mode 100644 tools/testing/selftests/net/ovpn/data64.key
create mode 100755 tools/testing/selftests/net/ovpn/float-test.sh
create mode 100644 tools/testing/selftests/net/ovpn/ovpn-cli.c
create mode 100644 tools/testing/selftests/net/ovpn/tcp_peers.txt
create mode 100644 tools/testing/selftests/net/ovpn/udp_peers.txt
--
2.44.2
