From nobody Tue Nov 15 09:38:46 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NBLj32lt2z4hSdT; Tue, 15 Nov 2022 09:38:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NBLj31p88z414c; Tue, 15 Nov 2022 09:38:47 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1668505127; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9GbdG16Chp8JifbubF9HjAqTKyk1JK+sdTt812WyfIg=; b=heNAzI1dtsOVxSLA+01JEkBwr/f39uus9Jz+TW4070WycYrXZHFOaxHpyh3vmicgk5LSQq 3+aVHEazAZPFwTTflcFD8x4Gk9zh0hUOUBsc5ZNmde5zSHqMTQp5KqQ+V7zSE2dq9v51R7 QJUp+LyQu2EC4UqvVfOg7bAJVAAdw9MLNpboNRajqhUYwN7UuOVyjvdaj2Fp43F7gNRiWA wys34bUt8l5xYXQ0KZhrz98Ezc6pQyz2n0LAabHXlNRKJI2M0McYWNjrWbTYoLR/St5c+6 rq6zoXjVWRSPXJ3k9SO2a9LYA+LNpPMq7JQGCzsZdjIvUR9uYiGERfPPT8P/CQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1668505127; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9GbdG16Chp8JifbubF9HjAqTKyk1JK+sdTt812WyfIg=; b=Ig+U/Fxl58McogvtC316N3Ze3RaFRG753jVY6IteL+gWAQWv6J1NhJqawVpjZs5/hHq5Pv S9Pq477ugIAEXBgMiJ+jN+bo9rIhYMw5I97O3vWkVQ4hHDNgV1C9ajIqhRrj91bGOAH/nv 9MxcvhLLgv5Em6jitb9CKULa9rgSRpzFTE2llyAidKDLmdgPG9+3pKYwcU25Gj8nnb5g2P Yzonc7XjAU8DVcY8fUT806oITGQNNWP1C3UwYzDNxW15YKyR42OzOwJK8LgrNPgm2b5EzA /Zyhrx6a2BFKMVYy40EnEdsYqi7LJ/0rCkEDSOagZpmgdAusyIXa4LGXTnDVaQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1668505127; a=rsa-sha256; cv=none; b=UpvdLLUFLL4wi8yK5Zr5HcxStVFd2x+ap5Ns1VEhKnEpBvG6U/EgmgEUQmTBhAgkHecieR btKYfyE3VulFJvEBLZMwaQiC6ma3uvuqOp5ndiPss1NHIUqvSKz+480CZCwgd9mXS3kQXM DhiXi/gNKUbZtDHanwKzjA6Hdq9WtpRGXM4ft19gEgfj/tbAj3989dOlRUVkEMZpV38aXr EbZO4ohynDbTk7SGMm7ymQvxZYinQ552nzFB5s/HR7wkEEEtTToK9FxZ7TyYzYOcifXZuj AUJ8ZkOBcFW/foYXK48Eq42r+JDKia+6qTRXr/+dVIVO2aVScX0Rgb9t/RPXzw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NBLj30ZNrzHgd; Tue, 15 Nov 2022 09:38:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2AF9ckGi031528; Tue, 15 Nov 2022 09:38:46 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2AF9ck0B031527; Tue, 15 Nov 2022 09:38:46 GMT (envelope-from git) Date: Tue, 15 Nov 2022 09:38:46 GMT Message-Id: <202211150938.2AF9ck0B031527@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 5246f8fade5b - main - if_ovpn: pass control packets through the socket List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 5246f8fade5bdb72d6e61f333d8b815b456a4ef5 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=5246f8fade5bdb72d6e61f333d8b815b456a4ef5 commit 5246f8fade5bdb72d6e61f333d8b815b456a4ef5 Author: Kristof Provost AuthorDate: 2022-11-09 13:48:05 +0000 Commit: Kristof Provost CommitDate: 2022-11-15 09:01:18 +0000 if_ovpn: pass control packets through the socket Rather than passing control packets through the ioctl interface allow them to pass through the normal UDP socket flow. This simplifies both kernel and userspace, and matches the approach taken (or the one that will be taken) on the Linux side of things. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D37317 --- sys/net/if_ovpn.c | 102 ++++++++++++------------------------------------------ 1 file changed, 23 insertions(+), 79 deletions(-) diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c index 6ce5d07dc230..276927275a2b 100644 --- a/sys/net/if_ovpn.c +++ b/sys/net/if_ovpn.c @@ -170,8 +170,7 @@ struct ovpn_softc { int peercount; struct ovpn_kpeer *peers[OVPN_MAX_PEERS]; /* XXX Hard limit for now? */ - /* Pending packets */ - struct buf_ring *rxring; + /* Pending notification */ struct buf_ring *notifring; counter_u64_t counters[OVPN_COUNTER_SIZE]; @@ -1275,8 +1274,7 @@ ovpn_poll_pkt(struct ovpn_softc *sc, nvlist_t **onvl) if (nvl == NULL) return (ENOMEM); - nvlist_add_number(nvl, "pending", - buf_ring_count(sc->rxring) + buf_ring_count(sc->notifring)); + nvlist_add_number(nvl, "pending", buf_ring_count(sc->notifring)); *onvl = nvl; @@ -1287,57 +1285,24 @@ static int opvn_get_pkt(struct ovpn_softc *sc, nvlist_t **onvl) { struct ovpn_notification *n; - struct ovpn_wire_header *ohdr; - struct mbuf *m; - uint8_t *buf; nvlist_t *nvl; - uint32_t peerid; - u_int mlength; /* Check if we have notifications pending. */ n = buf_ring_dequeue_mc(sc->notifring); - if (n != NULL) { - nvl = nvlist_create(0); - if (nvl == NULL) { - free(n, M_OVPN); - return (ENOMEM); - } - nvlist_add_number(nvl, "peerid", n->peerid); - nvlist_add_number(nvl, "notification", n->type); - free(n, M_OVPN); - - *onvl = nvl; - - return (0); - } - - /* Queued packet. */ - m = buf_ring_dequeue_mc(sc->rxring); - if (m == NULL) + if (n == NULL) return (ENOENT); - mlength = m_length(m, NULL); - buf = malloc(mlength, M_NVLIST, M_WAITOK); - m_copydata(m, 0, mlength, buf); - ohdr = (struct ovpn_wire_header *)buf; - peerid = ntohl(ohdr->opcode) & 0x00ffffff; - nvl = nvlist_create(0); if (nvl == NULL) { - OVPN_COUNTER_ADD(sc, lost_ctrl_pkts_in, 1); - m_freem(m); - free(buf, M_NVLIST); + free(n, M_OVPN); return (ENOMEM); } - - nvlist_move_binary(nvl, "packet", buf, mlength); - buf = NULL; - nvlist_add_number(nvl, "peerid", peerid); + nvlist_add_number(nvl, "peerid", n->peerid); + nvlist_add_number(nvl, "notification", n->type); + free(n, M_OVPN); *onvl = nvl; - m_freem(m); - return (0); } @@ -2086,22 +2051,6 @@ ovpn_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, return (ovpn_transmit_to_peer(ifp, m, peer, _ovpn_lock_trackerp)); } -static void -ovpn_rcv_ctrl(struct ovpn_softc *sc, struct mbuf *m, int off) -{ - /* Lop off the IP and UDP headers */ - m_adj_decap(m, off); - - /* Keep in the local ring until userspace fetches it. */ - if (buf_ring_enqueue(sc->rxring, m) != 0) { - OVPN_COUNTER_ADD(sc, lost_ctrl_pkts_in, 1); - m_freem(m); - return; - } - - OVPN_COUNTER_ADD(sc, received_ctrl_pkts, 1); -} - static bool ovpn_check_replay(struct ovpn_kkey_dir *key, uint32_t seq) { @@ -2174,6 +2123,7 @@ ovpn_udp_input(struct mbuf *m, int off, struct inpcb *inp, const struct sockaddr *sa, void *ctx) { struct ovpn_softc *sc = ctx; + struct ovpn_wire_header tmphdr; struct ovpn_wire_header *ohdr; struct udphdr *uhdr; struct ovpn_kkey *key; @@ -2199,16 +2149,27 @@ ovpn_udp_input(struct mbuf *m, int off, struct inpcb *inp, return (false); } + if (m_length(m, NULL) < (off + sizeof(*uhdr) + ohdrlen)) { + /* Short packet. */ + OVPN_RUNLOCK(sc); + return (false); + } + + m_copydata(m, off + sizeof(*uhdr), ohdrlen, (caddr_t)&tmphdr); + + op = ntohl(tmphdr.opcode) >> 24 >> OVPN_OP_SHIFT; + if (op != OVPN_OP_DATA_V2) { + /* Control packet? */ + OVPN_RUNLOCK(sc); + return (false); + } + m = m_pullup(m, off + sizeof(*uhdr) + ohdrlen); if (m == NULL) { OVPN_RUNLOCK(sc); OVPN_COUNTER_ADD(sc, nomem_data_pkts_in, 1); return (true); } - uhdr = mtodo(m, off); - ohdr = mtodo(m, off + sizeof(*uhdr)); - - op = ntohl(ohdr->opcode) >> 24 >> OVPN_OP_SHIFT; /* * Simplify things by getting rid of the preceding headers, we don't @@ -2219,15 +2180,6 @@ ovpn_udp_input(struct mbuf *m, int off, struct inpcb *inp, uhdr = mtodo(m, 0); ohdr = mtodo(m, sizeof(*uhdr)); - if (op != OVPN_OP_DATA_V2) { - OVPN_RUNLOCK(sc); - ovpn_rcv_ctrl(sc, m, sizeof(struct udphdr)); - INP_WLOCK(inp); - udp_notify(inp, EAGAIN); - INP_WUNLOCK(inp); - return (true); - } - key = ovpn_find_key(sc, peer, ohdr); if (key == NULL || key->decrypt == NULL) { OVPN_RUNLOCK(sc); @@ -2313,16 +2265,10 @@ ovpn_qflush(struct ifnet *ifp __unused) static void ovpn_flush_rxring(struct ovpn_softc *sc) { - struct mbuf *m; struct ovpn_notification *n; OVPN_WASSERT(sc); - while (! buf_ring_empty(sc->rxring)) { - m = buf_ring_dequeue_sc(sc->rxring); - m_freem(m); - } - while (! buf_ring_empty(sc->notifring)) { n = buf_ring_dequeue_sc(sc->notifring); free(n, M_OVPN); @@ -2409,7 +2355,6 @@ ovpn_clone_create(struct if_clone *ifc, char *name, size_t len, rm_init_flags(&sc->lock, "if_ovpn_lock", RM_RECURSE); sc->refcount = 0; - sc->rxring = buf_ring_alloc(32, M_OVPN, M_WAITOK, NULL); sc->notifring = buf_ring_alloc(32, M_OVPN, M_WAITOK, NULL); COUNTER_ARRAY_ALLOC(sc->counters, OVPN_COUNTER_SIZE, M_WAITOK); @@ -2486,7 +2431,6 @@ ovpn_clone_destroy(struct if_clone *ifc, struct ifnet *ifp, uint32_t flags) } while (i < OVPN_MAX_PEERS); ovpn_flush_rxring(sc); - buf_ring_free(sc->rxring, M_OVPN); buf_ring_free(sc->notifring, M_OVPN); OVPN_WUNLOCK(sc);