if_ovpn.c (97c802923e20e96302dbe63fb9ca07c059d781aa) if_ovpn.c (da69782bf06645f38852a8b23afc965fc30d0e08)
1/*-
2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3 *
4 * Copyright (c) 2021-2022 Rubicon Communications, LLC (Netgate)
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:

--- 102 unchanged lines hidden (view full) ---

111struct ovpn_wire_header {
112 uint32_t opcode; /* opcode, key id, peer id */
113 uint32_t seq;
114 uint8_t auth_tag[16];
115};
116
117struct ovpn_notification {
118 enum ovpn_notif_type type;
1/*-
2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3 *
4 * Copyright (c) 2021-2022 Rubicon Communications, LLC (Netgate)
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:

--- 102 unchanged lines hidden (view full) ---

111struct ovpn_wire_header {
112 uint32_t opcode; /* opcode, key id, peer id */
113 uint32_t seq;
114 uint8_t auth_tag[16];
115};
116
117struct ovpn_notification {
118 enum ovpn_notif_type type;
119 enum ovpn_del_reason del_reason;
119 uint32_t peerid;
120};
121
122struct ovpn_softc;
123
124struct ovpn_kpeer {
125 RB_ENTRY(ovpn_kpeer) tree;
126 int refcount;

--- 4 unchanged lines hidden (view full) ---

131 struct sockaddr_storage remote;
132
133 struct in_addr vpn4;
134 struct in6_addr vpn6;
135
136 struct ovpn_kkey keys[2];
137 uint32_t tx_seq;
138
120 uint32_t peerid;
121};
122
123struct ovpn_softc;
124
125struct ovpn_kpeer {
126 RB_ENTRY(ovpn_kpeer) tree;
127 int refcount;

--- 4 unchanged lines hidden (view full) ---

132 struct sockaddr_storage remote;
133
134 struct in_addr vpn4;
135 struct in6_addr vpn6;
136
137 struct ovpn_kkey keys[2];
138 uint32_t tx_seq;
139
140 enum ovpn_del_reason del_reason;
139 struct ovpn_keepalive keepalive;
140 uint32_t *last_active;
141 struct callout ping_send;
142 struct callout ping_rcv;
143};
144
145struct ovpn_counters {
146 uint64_t lost_ctrl_pkts_in;

--- 236 unchanged lines hidden (view full) ---

383 OVPN_WASSERT(sc);
384
385 n = malloc(sizeof(*n), M_OVPN, M_NOWAIT);
386 if (n == NULL)
387 return;
388
389 n->peerid = peer->peerid;
390 n->type = OVPN_NOTIF_DEL_PEER;
141 struct ovpn_keepalive keepalive;
142 uint32_t *last_active;
143 struct callout ping_send;
144 struct callout ping_rcv;
145};
146
147struct ovpn_counters {
148 uint64_t lost_ctrl_pkts_in;

--- 236 unchanged lines hidden (view full) ---

385 OVPN_WASSERT(sc);
386
387 n = malloc(sizeof(*n), M_OVPN, M_NOWAIT);
388 if (n == NULL)
389 return;
390
391 n->peerid = peer->peerid;
392 n->type = OVPN_NOTIF_DEL_PEER;
393 n->del_reason = peer->del_reason;
391 if (buf_ring_enqueue(sc->notifring, n) != 0) {
392 free(n, M_OVPN);
393 } else if (sc->so != NULL) {
394 /* Wake up userspace */
395 sc->so->so_error = EAGAIN;
396 sorwakeup(sc->so);
397 sowwakeup(sc->so);
398 }

--- 209 unchanged lines hidden (view full) ---

608done:
609 if (fp != NULL)
610 fdrop(fp, td);
611
612 return (ret);
613}
614
615static int
394 if (buf_ring_enqueue(sc->notifring, n) != 0) {
395 free(n, M_OVPN);
396 } else if (sc->so != NULL) {
397 /* Wake up userspace */
398 sc->so->so_error = EAGAIN;
399 sorwakeup(sc->so);
400 sowwakeup(sc->so);
401 }

--- 209 unchanged lines hidden (view full) ---

611done:
612 if (fp != NULL)
613 fdrop(fp, td);
614
615 return (ret);
616}
617
618static int
616_ovpn_del_peer(struct ovpn_softc *sc, uint32_t peerid)
619_ovpn_del_peer(struct ovpn_softc *sc, struct ovpn_kpeer *peer)
617{
620{
618 struct ovpn_kpeer *peer;
621 struct ovpn_kpeer *tmp __diagused;
619
620 OVPN_WASSERT(sc);
621 CURVNET_ASSERT_SET();
622
622
623 OVPN_WASSERT(sc);
624 CURVNET_ASSERT_SET();
625
623 peer = ovpn_find_peer(sc, peerid);
624 if (peer == NULL)
625 return (ENOENT);
626 peer = RB_REMOVE(ovpn_kpeers, &sc->peers, peer);
627 MPASS(peer != NULL);
626 MPASS(RB_FIND(ovpn_kpeers, &sc->peers, peer) == peer);
628
627
628 tmp = RB_REMOVE(ovpn_kpeers, &sc->peers, peer);
629 MPASS(tmp != NULL);
630
629 sc->peercount--;
630
631 ovpn_peer_release_ref(peer, true);
632
633 return (0);
634}
635
636static int
637ovpn_del_peer(struct ifnet *ifp, nvlist_t *nvl)
638{
639 struct ovpn_softc *sc = ifp->if_softc;
631 sc->peercount--;
632
633 ovpn_peer_release_ref(peer, true);
634
635 return (0);
636}
637
638static int
639ovpn_del_peer(struct ifnet *ifp, nvlist_t *nvl)
640{
641 struct ovpn_softc *sc = ifp->if_softc;
642 struct ovpn_kpeer *peer;
640 uint32_t peerid;
641 int ret;
642
643 OVPN_WASSERT(sc);
644
645 if (nvl == NULL)
646 return (EINVAL);
647
648 if (! nvlist_exists_number(nvl, "peerid"))
649 return (EINVAL);
650
651 peerid = nvlist_get_number(nvl, "peerid");
652
643 uint32_t peerid;
644 int ret;
645
646 OVPN_WASSERT(sc);
647
648 if (nvl == NULL)
649 return (EINVAL);
650
651 if (! nvlist_exists_number(nvl, "peerid"))
652 return (EINVAL);
653
654 peerid = nvlist_get_number(nvl, "peerid");
655
653 ret = _ovpn_del_peer(sc, peerid);
656 peer = ovpn_find_peer(sc, peerid);
657 if (peer == NULL)
658 return (ENOENT);
654
659
660 peer->del_reason = OVPN_DEL_REASON_REQUESTED;
661 ret = _ovpn_del_peer(sc, peer);
662
655 return (ret);
656}
657
658static int
659ovpn_create_kkey_dir(struct ovpn_kkey_dir **kdirp,
660 const nvlist_t *nvl)
661{
662 struct crypto_session_params csp;

--- 364 unchanged lines hidden (view full) ---

1027 if (last + peer->keepalive.timeout > time_uptime) {
1028 callout_reset(&peer->ping_rcv,
1029 (peer->keepalive.timeout - (time_uptime - last)) * hz,
1030 ovpn_timeout, peer);
1031 return;
1032 }
1033
1034 CURVNET_SET(sc->ifp->if_vnet);
663 return (ret);
664}
665
666static int
667ovpn_create_kkey_dir(struct ovpn_kkey_dir **kdirp,
668 const nvlist_t *nvl)
669{
670 struct crypto_session_params csp;

--- 364 unchanged lines hidden (view full) ---

1035 if (last + peer->keepalive.timeout > time_uptime) {
1036 callout_reset(&peer->ping_rcv,
1037 (peer->keepalive.timeout - (time_uptime - last)) * hz,
1038 ovpn_timeout, peer);
1039 return;
1040 }
1041
1042 CURVNET_SET(sc->ifp->if_vnet);
1035 ret = _ovpn_del_peer(sc, peer->peerid);
1043 peer->del_reason = OVPN_DEL_REASON_TIMEOUT;
1044 ret = _ovpn_del_peer(sc, peer);
1036 MPASS(ret == 0);
1037 CURVNET_RESTORE();
1038}
1039
1040static int
1041ovpn_set_peer(struct ifnet *ifp, const nvlist_t *nvl)
1042{
1043 struct ovpn_softc *sc = ifp->if_softc;

--- 225 unchanged lines hidden (view full) ---

1269
1270 nvl = nvlist_create(0);
1271 if (nvl == NULL) {
1272 free(n, M_OVPN);
1273 return (ENOMEM);
1274 }
1275 nvlist_add_number(nvl, "peerid", n->peerid);
1276 nvlist_add_number(nvl, "notification", n->type);
1045 MPASS(ret == 0);
1046 CURVNET_RESTORE();
1047}
1048
1049static int
1050ovpn_set_peer(struct ifnet *ifp, const nvlist_t *nvl)
1051{
1052 struct ovpn_softc *sc = ifp->if_softc;

--- 225 unchanged lines hidden (view full) ---

1278
1279 nvl = nvlist_create(0);
1280 if (nvl == NULL) {
1281 free(n, M_OVPN);
1282 return (ENOMEM);
1283 }
1284 nvlist_add_number(nvl, "peerid", n->peerid);
1285 nvlist_add_number(nvl, "notification", n->type);
1286 if (n->type == OVPN_NOTIF_DEL_PEER)
1287 nvlist_add_number(nvl, "del_reason", n->del_reason);
1277 free(n, M_OVPN);
1278
1279 *onvl = nvl;
1280
1281 return (0);
1282}
1283
1284static int

--- 969 unchanged lines hidden (view full) ---

2254 struct ovpn_softc *sc = ifp->if_softc;
2255 struct ovpn_kpeer *peer, *tmppeer;
2256 int ret __diagused;
2257
2258 OVPN_WLOCK(sc);
2259
2260 /* Flush keys & configuration. */
2261 RB_FOREACH_SAFE(peer, ovpn_kpeers, &sc->peers, tmppeer) {
1288 free(n, M_OVPN);
1289
1290 *onvl = nvl;
1291
1292 return (0);
1293}
1294
1295static int

--- 969 unchanged lines hidden (view full) ---

2265 struct ovpn_softc *sc = ifp->if_softc;
2266 struct ovpn_kpeer *peer, *tmppeer;
2267 int ret __diagused;
2268
2269 OVPN_WLOCK(sc);
2270
2271 /* Flush keys & configuration. */
2272 RB_FOREACH_SAFE(peer, ovpn_kpeers, &sc->peers, tmppeer) {
2262 ret = _ovpn_del_peer(sc, peer->peerid);
2273 peer->del_reason = OVPN_DEL_REASON_REQUESTED;
2274 ret = _ovpn_del_peer(sc, peer);
2263 MPASS(ret == 0);
2264 }
2265
2266 ovpn_flush_rxring(sc);
2267
2268 OVPN_WUNLOCK(sc);
2269}
2270#endif

--- 110 unchanged lines hidden (view full) ---

2381 OVPN_WLOCK(sc);
2382
2383 if (atomic_load_int(&sc->refcount) > 0) {
2384 OVPN_WUNLOCK(sc);
2385 return (EBUSY);
2386 }
2387
2388 RB_FOREACH_SAFE(peer, ovpn_kpeers, &sc->peers, tmppeer) {
2275 MPASS(ret == 0);
2276 }
2277
2278 ovpn_flush_rxring(sc);
2279
2280 OVPN_WUNLOCK(sc);
2281}
2282#endif

--- 110 unchanged lines hidden (view full) ---

2393 OVPN_WLOCK(sc);
2394
2395 if (atomic_load_int(&sc->refcount) > 0) {
2396 OVPN_WUNLOCK(sc);
2397 return (EBUSY);
2398 }
2399
2400 RB_FOREACH_SAFE(peer, ovpn_kpeers, &sc->peers, tmppeer) {
2389 ret = _ovpn_del_peer(sc, peer->peerid);
2401 peer->del_reason = OVPN_DEL_REASON_REQUESTED;
2402 ret = _ovpn_del_peer(sc, peer);
2390 MPASS(ret == 0);
2391 }
2392
2393 ovpn_flush_rxring(sc);
2394 buf_ring_free(sc->notifring, M_OVPN);
2395
2396 OVPN_WUNLOCK(sc);
2397

--- 60 unchanged lines hidden ---
2403 MPASS(ret == 0);
2404 }
2405
2406 ovpn_flush_rxring(sc);
2407 buf_ring_free(sc->notifring, M_OVPN);
2408
2409 OVPN_WUNLOCK(sc);
2410

--- 60 unchanged lines hidden ---