Merge tag 'ovpn-net-20260212' of https://github.com/OpenVPN/ovpn-net-next

+35 -22

drivers/net/ovpn/io.c

··· 355 355 struct ovpn_priv *ovpn = netdev_priv(dev); 356 356 struct sk_buff *segments, *curr, *next; 357 357 struct sk_buff_head skb_list; 358 + unsigned int tx_bytes = 0; 358 359 struct ovpn_peer *peer; 359 360 __be16 proto; 360 361 int ret; ··· 366 365 /* verify IP header size in network packet */ 367 366 proto = ovpn_ip_check_protocol(skb); 368 367 if (unlikely(!proto || skb->protocol != proto)) 369 - goto drop; 368 + goto drop_no_peer; 369 + 370 + /* retrieve peer serving the destination IP of this packet */ 371 + peer = ovpn_peer_get_by_dst(ovpn, skb); 372 + if (unlikely(!peer)) { 373 + switch (skb->protocol) { 374 + case htons(ETH_P_IP): 375 + net_dbg_ratelimited("%s: no peer to send data to dst=%pI4\n", 376 + netdev_name(ovpn->dev), 377 + &ip_hdr(skb)->daddr); 378 + break; 379 + case htons(ETH_P_IPV6): 380 + net_dbg_ratelimited("%s: no peer to send data to dst=%pI6c\n", 381 + netdev_name(ovpn->dev), 382 + &ipv6_hdr(skb)->daddr); 383 + break; 384 + } 385 + goto drop_no_peer; 386 + } 387 + /* dst was needed for peer selection - it can now be dropped */ 388 + skb_dst_drop(skb); 370 389 371 390 if (skb_is_gso(skb)) { 372 391 segments = skb_gso_segment(skb, 0); ··· 415 394 continue; 416 395 } 417 396 397 + /* only count what we actually send */ 398 + tx_bytes += curr->len; 418 399 __skb_queue_tail(&skb_list, curr); 400 + } 401 + 402 + /* no segments survived: don't jump to 'drop' because we already 403 + * incremented the counter for each failure in the loop 404 + */ 405 + if (unlikely(skb_queue_empty(&skb_list))) { 406 + ovpn_peer_put(peer); 407 + return NETDEV_TX_OK; 419 408 } 420 409 skb_list.prev->next = NULL; 421 410 422 - /* retrieve peer serving the destination IP of this packet */ 423 - peer = ovpn_peer_get_by_dst(ovpn, skb); 424 - if (unlikely(!peer)) { 425 - switch (skb->protocol) { 426 - case htons(ETH_P_IP): 427 - net_dbg_ratelimited("%s: no peer to send data to dst=%pI4\n", 428 - netdev_name(ovpn->dev), 429 - &ip_hdr(skb)->daddr); 430 - break; 431 - case htons(ETH_P_IPV6): 432 - net_dbg_ratelimited("%s: no peer to send data to dst=%pI6c\n", 433 - netdev_name(ovpn->dev), 434 - &ipv6_hdr(skb)->daddr); 435 - break; 436 - } 437 - goto drop; 438 - } 439 - /* dst was needed for peer selection - it can now be dropped */ 440 - skb_dst_drop(skb); 441 - 442 - ovpn_peer_stats_increment_tx(&peer->vpn_stats, skb->len); 411 + ovpn_peer_stats_increment_tx(&peer->vpn_stats, tx_bytes); 443 412 ovpn_send(ovpn, skb_list.next, peer); 444 413 445 414 return NETDEV_TX_OK; 446 415 447 416 drop: 417 + ovpn_peer_put(peer); 418 + drop_no_peer: 448 419 dev_dstats_tx_dropped(ovpn->dev); 449 420 skb_tx_error(skb); 450 421 kfree_skb_list(skb);

+22 -19

drivers/net/ovpn/socket.c

··· 200 200 ovpn_sock->sk = sk; 201 201 kref_init(&ovpn_sock->refcount); 202 202 203 - /* the newly created ovpn_socket is holding reference to sk, 204 - * therefore we increase its refcounter. 205 - * 206 - * This ovpn_socket instance is referenced by all peers 207 - * using the same socket. 208 - * 209 - * ovpn_socket_release() will take care of dropping the reference. 210 - */ 211 - sock_hold(sk); 212 - 213 - ret = ovpn_socket_attach(ovpn_sock, sock, peer); 214 - if (ret < 0) { 215 - sock_put(sk); 216 - kfree(ovpn_sock); 217 - ovpn_sock = ERR_PTR(ret); 218 - goto sock_release; 219 - } 220 - 221 203 /* TCP sockets are per-peer, therefore they are linked to their unique 222 204 * peer 223 205 */ ··· 216 234 GFP_KERNEL); 217 235 } 218 236 219 - rcu_assign_sk_user_data(sk, ovpn_sock); 237 + /* the newly created ovpn_socket is holding reference to sk, 238 + * therefore we increase its refcounter. 239 + * 240 + * This ovpn_socket instance is referenced by all peers 241 + * using the same socket. 242 + * 243 + * ovpn_socket_release() will take care of dropping the reference. 244 + */ 245 + sock_hold(sk); 246 + 247 + ret = ovpn_socket_attach(ovpn_sock, sock, peer); 248 + if (ret < 0) { 249 + if (sk->sk_protocol == IPPROTO_TCP) 250 + ovpn_peer_put(peer); 251 + else if (sk->sk_protocol == IPPROTO_UDP) 252 + netdev_put(peer->ovpn->dev, &ovpn_sock->dev_tracker); 253 + 254 + sock_put(sk); 255 + kfree(ovpn_sock); 256 + ovpn_sock = ERR_PTR(ret); 257 + } 258 + 220 259 sock_release: 221 260 release_sock(sk); 222 261 return ovpn_sock;

+7 -2

drivers/net/ovpn/tcp.c

··· 487 487 /* make sure no pre-existing encapsulation handler exists */ 488 488 if (ovpn_sock->sk->sk_user_data) 489 489 return -EBUSY; 490 + rcu_assign_sk_user_data(ovpn_sock->sk, ovpn_sock); 490 491 491 492 /* only a fully connected socket is expected. Connection should be 492 493 * handled in userspace ··· 496 495 net_err_ratelimited("%s: provided TCP socket is not in ESTABLISHED state: %d\n", 497 496 netdev_name(peer->ovpn->dev), 498 497 ovpn_sock->sk->sk_state); 499 - return -EINVAL; 498 + ret = -EINVAL; 499 + goto err; 500 500 } 501 501 502 502 ret = strp_init(&peer->tcp.strp, ovpn_sock->sk, &cb); 503 503 if (ret < 0) { 504 504 DEBUG_NET_WARN_ON_ONCE(1); 505 - return ret; 505 + goto err; 506 506 } 507 507 508 508 INIT_WORK(&peer->tcp.defer_del_work, ovpn_tcp_peer_del_work); ··· 538 536 strp_check_rcv(&peer->tcp.strp); 539 537 540 538 return 0; 539 + err: 540 + rcu_assign_sk_user_data(ovpn_sock->sk, NULL); 541 + return ret; 541 542 } 542 543 543 544 static void ovpn_tcp_close(struct sock *sk, long timeout)

+1

drivers/net/ovpn/udp.c

··· 386 386 struct ovpn_priv *ovpn) 387 387 { 388 388 struct udp_tunnel_sock_cfg cfg = { 389 + .sk_user_data = ovpn_sock, 389 390 .encap_type = UDP_ENCAP_OVPNINUDP, 390 391 .encap_rcv = ovpn_udp_encap_recv, 391 392 .encap_destroy = ovpn_udp_encap_destroy,

Configure Feed

Configure Feed