if_ovpn.c (97c802923e20e96302dbe63fb9ca07c059d781aa) | if_ovpn.c (da69782bf06645f38852a8b23afc965fc30d0e08) |
---|---|
1/*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2021-2022 Rubicon Communications, LLC (Netgate) 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: --- 102 unchanged lines hidden (view full) --- 111struct ovpn_wire_header { 112 uint32_t opcode; /* opcode, key id, peer id */ 113 uint32_t seq; 114 uint8_t auth_tag[16]; 115}; 116 117struct ovpn_notification { 118 enum ovpn_notif_type type; | 1/*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2021-2022 Rubicon Communications, LLC (Netgate) 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: --- 102 unchanged lines hidden (view full) --- 111struct ovpn_wire_header { 112 uint32_t opcode; /* opcode, key id, peer id */ 113 uint32_t seq; 114 uint8_t auth_tag[16]; 115}; 116 117struct ovpn_notification { 118 enum ovpn_notif_type type; |
119 enum ovpn_del_reason del_reason; |
|
119 uint32_t peerid; 120}; 121 122struct ovpn_softc; 123 124struct ovpn_kpeer { 125 RB_ENTRY(ovpn_kpeer) tree; 126 int refcount; --- 4 unchanged lines hidden (view full) --- 131 struct sockaddr_storage remote; 132 133 struct in_addr vpn4; 134 struct in6_addr vpn6; 135 136 struct ovpn_kkey keys[2]; 137 uint32_t tx_seq; 138 | 120 uint32_t peerid; 121}; 122 123struct ovpn_softc; 124 125struct ovpn_kpeer { 126 RB_ENTRY(ovpn_kpeer) tree; 127 int refcount; --- 4 unchanged lines hidden (view full) --- 132 struct sockaddr_storage remote; 133 134 struct in_addr vpn4; 135 struct in6_addr vpn6; 136 137 struct ovpn_kkey keys[2]; 138 uint32_t tx_seq; 139 |
140 enum ovpn_del_reason del_reason; |
|
139 struct ovpn_keepalive keepalive; 140 uint32_t *last_active; 141 struct callout ping_send; 142 struct callout ping_rcv; 143}; 144 145struct ovpn_counters { 146 uint64_t lost_ctrl_pkts_in; --- 236 unchanged lines hidden (view full) --- 383 OVPN_WASSERT(sc); 384 385 n = malloc(sizeof(*n), M_OVPN, M_NOWAIT); 386 if (n == NULL) 387 return; 388 389 n->peerid = peer->peerid; 390 n->type = OVPN_NOTIF_DEL_PEER; | 141 struct ovpn_keepalive keepalive; 142 uint32_t *last_active; 143 struct callout ping_send; 144 struct callout ping_rcv; 145}; 146 147struct ovpn_counters { 148 uint64_t lost_ctrl_pkts_in; --- 236 unchanged lines hidden (view full) --- 385 OVPN_WASSERT(sc); 386 387 n = malloc(sizeof(*n), M_OVPN, M_NOWAIT); 388 if (n == NULL) 389 return; 390 391 n->peerid = peer->peerid; 392 n->type = OVPN_NOTIF_DEL_PEER; |
393 n->del_reason = peer->del_reason; |
|
391 if (buf_ring_enqueue(sc->notifring, n) != 0) { 392 free(n, M_OVPN); 393 } else if (sc->so != NULL) { 394 /* Wake up userspace */ 395 sc->so->so_error = EAGAIN; 396 sorwakeup(sc->so); 397 sowwakeup(sc->so); 398 } --- 209 unchanged lines hidden (view full) --- 608done: 609 if (fp != NULL) 610 fdrop(fp, td); 611 612 return (ret); 613} 614 615static int | 394 if (buf_ring_enqueue(sc->notifring, n) != 0) { 395 free(n, M_OVPN); 396 } else if (sc->so != NULL) { 397 /* Wake up userspace */ 398 sc->so->so_error = EAGAIN; 399 sorwakeup(sc->so); 400 sowwakeup(sc->so); 401 } --- 209 unchanged lines hidden (view full) --- 611done: 612 if (fp != NULL) 613 fdrop(fp, td); 614 615 return (ret); 616} 617 618static int |
616_ovpn_del_peer(struct ovpn_softc *sc, uint32_t peerid) | 619_ovpn_del_peer(struct ovpn_softc *sc, struct ovpn_kpeer *peer) |
617{ | 620{ |
618 struct ovpn_kpeer *peer; | 621 struct ovpn_kpeer *tmp __diagused; |
619 620 OVPN_WASSERT(sc); 621 CURVNET_ASSERT_SET(); 622 | 622 623 OVPN_WASSERT(sc); 624 CURVNET_ASSERT_SET(); 625 |
623 peer = ovpn_find_peer(sc, peerid); 624 if (peer == NULL) 625 return (ENOENT); 626 peer = RB_REMOVE(ovpn_kpeers, &sc->peers, peer); 627 MPASS(peer != NULL); | 626 MPASS(RB_FIND(ovpn_kpeers, &sc->peers, peer) == peer); |
628 | 627 |
628 tmp = RB_REMOVE(ovpn_kpeers, &sc->peers, peer); 629 MPASS(tmp != NULL); 630 |
|
629 sc->peercount--; 630 631 ovpn_peer_release_ref(peer, true); 632 633 return (0); 634} 635 636static int 637ovpn_del_peer(struct ifnet *ifp, nvlist_t *nvl) 638{ 639 struct ovpn_softc *sc = ifp->if_softc; | 631 sc->peercount--; 632 633 ovpn_peer_release_ref(peer, true); 634 635 return (0); 636} 637 638static int 639ovpn_del_peer(struct ifnet *ifp, nvlist_t *nvl) 640{ 641 struct ovpn_softc *sc = ifp->if_softc; |
642 struct ovpn_kpeer *peer; |
|
640 uint32_t peerid; 641 int ret; 642 643 OVPN_WASSERT(sc); 644 645 if (nvl == NULL) 646 return (EINVAL); 647 648 if (! nvlist_exists_number(nvl, "peerid")) 649 return (EINVAL); 650 651 peerid = nvlist_get_number(nvl, "peerid"); 652 | 643 uint32_t peerid; 644 int ret; 645 646 OVPN_WASSERT(sc); 647 648 if (nvl == NULL) 649 return (EINVAL); 650 651 if (! nvlist_exists_number(nvl, "peerid")) 652 return (EINVAL); 653 654 peerid = nvlist_get_number(nvl, "peerid"); 655 |
653 ret = _ovpn_del_peer(sc, peerid); | 656 peer = ovpn_find_peer(sc, peerid); 657 if (peer == NULL) 658 return (ENOENT); |
654 | 659 |
660 peer->del_reason = OVPN_DEL_REASON_REQUESTED; 661 ret = _ovpn_del_peer(sc, peer); 662 |
|
655 return (ret); 656} 657 658static int 659ovpn_create_kkey_dir(struct ovpn_kkey_dir **kdirp, 660 const nvlist_t *nvl) 661{ 662 struct crypto_session_params csp; --- 364 unchanged lines hidden (view full) --- 1027 if (last + peer->keepalive.timeout > time_uptime) { 1028 callout_reset(&peer->ping_rcv, 1029 (peer->keepalive.timeout - (time_uptime - last)) * hz, 1030 ovpn_timeout, peer); 1031 return; 1032 } 1033 1034 CURVNET_SET(sc->ifp->if_vnet); | 663 return (ret); 664} 665 666static int 667ovpn_create_kkey_dir(struct ovpn_kkey_dir **kdirp, 668 const nvlist_t *nvl) 669{ 670 struct crypto_session_params csp; --- 364 unchanged lines hidden (view full) --- 1035 if (last + peer->keepalive.timeout > time_uptime) { 1036 callout_reset(&peer->ping_rcv, 1037 (peer->keepalive.timeout - (time_uptime - last)) * hz, 1038 ovpn_timeout, peer); 1039 return; 1040 } 1041 1042 CURVNET_SET(sc->ifp->if_vnet); |
1035 ret = _ovpn_del_peer(sc, peer->peerid); | 1043 peer->del_reason = OVPN_DEL_REASON_TIMEOUT; 1044 ret = _ovpn_del_peer(sc, peer); |
1036 MPASS(ret == 0); 1037 CURVNET_RESTORE(); 1038} 1039 1040static int 1041ovpn_set_peer(struct ifnet *ifp, const nvlist_t *nvl) 1042{ 1043 struct ovpn_softc *sc = ifp->if_softc; --- 225 unchanged lines hidden (view full) --- 1269 1270 nvl = nvlist_create(0); 1271 if (nvl == NULL) { 1272 free(n, M_OVPN); 1273 return (ENOMEM); 1274 } 1275 nvlist_add_number(nvl, "peerid", n->peerid); 1276 nvlist_add_number(nvl, "notification", n->type); | 1045 MPASS(ret == 0); 1046 CURVNET_RESTORE(); 1047} 1048 1049static int 1050ovpn_set_peer(struct ifnet *ifp, const nvlist_t *nvl) 1051{ 1052 struct ovpn_softc *sc = ifp->if_softc; --- 225 unchanged lines hidden (view full) --- 1278 1279 nvl = nvlist_create(0); 1280 if (nvl == NULL) { 1281 free(n, M_OVPN); 1282 return (ENOMEM); 1283 } 1284 nvlist_add_number(nvl, "peerid", n->peerid); 1285 nvlist_add_number(nvl, "notification", n->type); |
1286 if (n->type == OVPN_NOTIF_DEL_PEER) 1287 nvlist_add_number(nvl, "del_reason", n->del_reason); |
|
1277 free(n, M_OVPN); 1278 1279 *onvl = nvl; 1280 1281 return (0); 1282} 1283 1284static int --- 969 unchanged lines hidden (view full) --- 2254 struct ovpn_softc *sc = ifp->if_softc; 2255 struct ovpn_kpeer *peer, *tmppeer; 2256 int ret __diagused; 2257 2258 OVPN_WLOCK(sc); 2259 2260 /* Flush keys & configuration. */ 2261 RB_FOREACH_SAFE(peer, ovpn_kpeers, &sc->peers, tmppeer) { | 1288 free(n, M_OVPN); 1289 1290 *onvl = nvl; 1291 1292 return (0); 1293} 1294 1295static int --- 969 unchanged lines hidden (view full) --- 2265 struct ovpn_softc *sc = ifp->if_softc; 2266 struct ovpn_kpeer *peer, *tmppeer; 2267 int ret __diagused; 2268 2269 OVPN_WLOCK(sc); 2270 2271 /* Flush keys & configuration. */ 2272 RB_FOREACH_SAFE(peer, ovpn_kpeers, &sc->peers, tmppeer) { |
2262 ret = _ovpn_del_peer(sc, peer->peerid); | 2273 peer->del_reason = OVPN_DEL_REASON_REQUESTED; 2274 ret = _ovpn_del_peer(sc, peer); |
2263 MPASS(ret == 0); 2264 } 2265 2266 ovpn_flush_rxring(sc); 2267 2268 OVPN_WUNLOCK(sc); 2269} 2270#endif --- 110 unchanged lines hidden (view full) --- 2381 OVPN_WLOCK(sc); 2382 2383 if (atomic_load_int(&sc->refcount) > 0) { 2384 OVPN_WUNLOCK(sc); 2385 return (EBUSY); 2386 } 2387 2388 RB_FOREACH_SAFE(peer, ovpn_kpeers, &sc->peers, tmppeer) { | 2275 MPASS(ret == 0); 2276 } 2277 2278 ovpn_flush_rxring(sc); 2279 2280 OVPN_WUNLOCK(sc); 2281} 2282#endif --- 110 unchanged lines hidden (view full) --- 2393 OVPN_WLOCK(sc); 2394 2395 if (atomic_load_int(&sc->refcount) > 0) { 2396 OVPN_WUNLOCK(sc); 2397 return (EBUSY); 2398 } 2399 2400 RB_FOREACH_SAFE(peer, ovpn_kpeers, &sc->peers, tmppeer) { |
2389 ret = _ovpn_del_peer(sc, peer->peerid); | 2401 peer->del_reason = OVPN_DEL_REASON_REQUESTED; 2402 ret = _ovpn_del_peer(sc, peer); |
2390 MPASS(ret == 0); 2391 } 2392 2393 ovpn_flush_rxring(sc); 2394 buf_ring_free(sc->notifring, M_OVPN); 2395 2396 OVPN_WUNLOCK(sc); 2397 --- 60 unchanged lines hidden --- | 2403 MPASS(ret == 0); 2404 } 2405 2406 ovpn_flush_rxring(sc); 2407 buf_ring_free(sc->notifring, M_OVPN); 2408 2409 OVPN_WUNLOCK(sc); 2410 --- 60 unchanged lines hidden --- |