1 // SPDX-License-Identifier: GPL-2.0
2 /* OpenVPN data channel offload
3 *
4 * Copyright (C) 2020-2025 OpenVPN, Inc.
5 *
6 * Author: Antonio Quartulli <antonio@openvpn.net>
7 * James Yonan <james@openvpn.net>
8 */
9
10 #include <linux/ethtool.h>
11 #include <linux/genetlink.h>
12 #include <linux/module.h>
13 #include <linux/netdevice.h>
14 #include <linux/inetdevice.h>
15 #include <net/gro_cells.h>
16 #include <net/ip.h>
17 #include <net/rtnetlink.h>
18 #include <uapi/linux/if_arp.h>
19
20 #include "ovpnpriv.h"
21 #include "main.h"
22 #include "netlink.h"
23 #include "io.h"
24 #include "peer.h"
25 #include "proto.h"
26 #include "tcp.h"
27 #include "udp.h"
28
ovpn_priv_free(struct net_device * net)29 static void ovpn_priv_free(struct net_device *net)
30 {
31 struct ovpn_priv *ovpn = netdev_priv(net);
32
33 kfree(ovpn->peers);
34 }
35
ovpn_mp_alloc(struct ovpn_priv * ovpn)36 static int ovpn_mp_alloc(struct ovpn_priv *ovpn)
37 {
38 struct in_device *dev_v4;
39 int i;
40
41 if (ovpn->mode != OVPN_MODE_MP)
42 return 0;
43
44 dev_v4 = __in_dev_get_rtnl(ovpn->dev);
45 if (dev_v4) {
46 /* disable redirects as Linux gets confused by ovpn
47 * handling same-LAN routing.
48 * This happens because a multipeer interface is used as
49 * relay point between hosts in the same subnet, while
50 * in a classic LAN this would not be needed because the
51 * two hosts would be able to talk directly.
52 */
53 IN_DEV_CONF_SET(dev_v4, SEND_REDIRECTS, false);
54 IPV4_DEVCONF_ALL(dev_net(ovpn->dev), SEND_REDIRECTS) = false;
55 }
56
57 /* the peer container is fairly large, therefore we allocate it only in
58 * MP mode
59 */
60 ovpn->peers = kzalloc_obj(*ovpn->peers);
61 if (!ovpn->peers)
62 return -ENOMEM;
63
64 for (i = 0; i < ARRAY_SIZE(ovpn->peers->by_id); i++) {
65 INIT_HLIST_HEAD(&ovpn->peers->by_id[i]);
66 INIT_HLIST_NULLS_HEAD(&ovpn->peers->by_vpn_addr4[i], i);
67 INIT_HLIST_NULLS_HEAD(&ovpn->peers->by_vpn_addr6[i], i);
68 INIT_HLIST_NULLS_HEAD(&ovpn->peers->by_transp_addr[i], i);
69 }
70
71 return 0;
72 }
73
ovpn_net_init(struct net_device * dev)74 static int ovpn_net_init(struct net_device *dev)
75 {
76 struct ovpn_priv *ovpn = netdev_priv(dev);
77 int err = gro_cells_init(&ovpn->gro_cells, dev);
78
79 if (err < 0)
80 return err;
81
82 err = ovpn_mp_alloc(ovpn);
83 if (err < 0) {
84 gro_cells_destroy(&ovpn->gro_cells);
85 return err;
86 }
87
88 return 0;
89 }
90
ovpn_net_uninit(struct net_device * dev)91 static void ovpn_net_uninit(struct net_device *dev)
92 {
93 struct ovpn_priv *ovpn = netdev_priv(dev);
94
95 disable_delayed_work_sync(&ovpn->keepalive_work);
96 ovpn_peers_free(ovpn, NULL, OVPN_DEL_PEER_REASON_TEARDOWN);
97 gro_cells_destroy(&ovpn->gro_cells);
98 }
99
100 static const struct net_device_ops ovpn_netdev_ops = {
101 .ndo_init = ovpn_net_init,
102 .ndo_uninit = ovpn_net_uninit,
103 .ndo_start_xmit = ovpn_net_xmit,
104 };
105
106 static const struct device_type ovpn_type = {
107 .name = OVPN_FAMILY_NAME,
108 };
109
110 static const struct nla_policy ovpn_policy[IFLA_OVPN_MAX + 1] = {
111 [IFLA_OVPN_MODE] = NLA_POLICY_RANGE(NLA_U8, OVPN_MODE_P2P,
112 OVPN_MODE_MP),
113 };
114
115 /**
116 * ovpn_dev_is_valid - check if the netdevice is of type 'ovpn'
117 * @dev: the interface to check
118 *
119 * Return: whether the netdevice is of type 'ovpn'
120 */
ovpn_dev_is_valid(const struct net_device * dev)121 bool ovpn_dev_is_valid(const struct net_device *dev)
122 {
123 return dev->netdev_ops == &ovpn_netdev_ops;
124 }
125
ovpn_get_drvinfo(struct net_device * dev,struct ethtool_drvinfo * info)126 static void ovpn_get_drvinfo(struct net_device *dev,
127 struct ethtool_drvinfo *info)
128 {
129 strscpy(info->driver, "ovpn", sizeof(info->driver));
130 strscpy(info->bus_info, "ovpn", sizeof(info->bus_info));
131 }
132
133 static const struct ethtool_ops ovpn_ethtool_ops = {
134 .get_drvinfo = ovpn_get_drvinfo,
135 .get_link = ethtool_op_get_link,
136 .get_ts_info = ethtool_op_get_ts_info,
137 };
138
ovpn_setup(struct net_device * dev)139 static void ovpn_setup(struct net_device *dev)
140 {
141 netdev_features_t feat = NETIF_F_SG | NETIF_F_GSO |
142 NETIF_F_GSO_SOFTWARE | NETIF_F_HIGHDMA;
143
144 dev->needs_free_netdev = true;
145
146 dev->pcpu_stat_type = NETDEV_PCPU_STAT_DSTATS;
147
148 dev->ethtool_ops = &ovpn_ethtool_ops;
149 dev->netdev_ops = &ovpn_netdev_ops;
150
151 dev->priv_destructor = ovpn_priv_free;
152
153 dev->hard_header_len = 0;
154 dev->addr_len = 0;
155 dev->mtu = ETH_DATA_LEN - OVPN_HEAD_ROOM;
156 dev->min_mtu = IPV4_MIN_MTU;
157 dev->max_mtu = IP_MAX_MTU - OVPN_HEAD_ROOM;
158
159 dev->type = ARPHRD_NONE;
160 dev->flags = IFF_POINTOPOINT | IFF_NOARP;
161 dev->priv_flags |= IFF_NO_QUEUE;
162 /* when routing packets to a LAN behind a client, we rely on the
163 * route entry that originally brought the packet into ovpn, so
164 * don't release it
165 */
166 netif_keep_dst(dev);
167
168 dev->lltx = true;
169 dev->features |= feat;
170 dev->hw_features |= feat;
171 dev->hw_enc_features |= feat;
172
173 dev->needed_headroom = ALIGN(OVPN_HEAD_ROOM, 4);
174 dev->needed_tailroom = OVPN_MAX_PADDING;
175
176 SET_NETDEV_DEVTYPE(dev, &ovpn_type);
177 }
178
ovpn_newlink(struct net_device * dev,struct rtnl_newlink_params * params,struct netlink_ext_ack * extack)179 static int ovpn_newlink(struct net_device *dev,
180 struct rtnl_newlink_params *params,
181 struct netlink_ext_ack *extack)
182 {
183 struct ovpn_priv *ovpn = netdev_priv(dev);
184 struct nlattr **data = params->data;
185 enum ovpn_mode mode = OVPN_MODE_P2P;
186
187 if (data && data[IFLA_OVPN_MODE]) {
188 mode = nla_get_u8(data[IFLA_OVPN_MODE]);
189 netdev_dbg(dev, "setting device mode: %u\n", mode);
190 }
191
192 ovpn->dev = dev;
193 ovpn->mode = mode;
194 spin_lock_init(&ovpn->lock);
195 INIT_DELAYED_WORK(&ovpn->keepalive_work, ovpn_peer_keepalive_work);
196
197 /* Set carrier explicitly after registration, this way state is
198 * clearly defined.
199 *
200 * In case of MP interfaces we keep the carrier always on.
201 *
202 * Carrier for P2P interfaces is initially off and it is then
203 * switched on and off when the remote peer is added or deleted.
204 */
205 if (ovpn->mode == OVPN_MODE_MP)
206 netif_carrier_on(dev);
207 else
208 netif_carrier_off(dev);
209
210 return register_netdevice(dev);
211 }
212
ovpn_fill_info(struct sk_buff * skb,const struct net_device * dev)213 static int ovpn_fill_info(struct sk_buff *skb, const struct net_device *dev)
214 {
215 struct ovpn_priv *ovpn = netdev_priv(dev);
216
217 if (nla_put_u8(skb, IFLA_OVPN_MODE, ovpn->mode))
218 return -EMSGSIZE;
219
220 return 0;
221 }
222
223 static struct rtnl_link_ops ovpn_link_ops = {
224 .kind = "ovpn",
225 .netns_refund = false,
226 .priv_size = sizeof(struct ovpn_priv),
227 .setup = ovpn_setup,
228 .policy = ovpn_policy,
229 .maxtype = IFLA_OVPN_MAX,
230 .newlink = ovpn_newlink,
231 .fill_info = ovpn_fill_info,
232 };
233
ovpn_init(void)234 static int __init ovpn_init(void)
235 {
236 int err = rtnl_link_register(&ovpn_link_ops);
237
238 if (err) {
239 pr_err("ovpn: can't register rtnl link ops: %d\n", err);
240 return err;
241 }
242
243 err = ovpn_nl_register();
244 if (err) {
245 pr_err("ovpn: can't register netlink family: %d\n", err);
246 goto unreg_rtnl;
247 }
248
249 ovpn_tcp_init();
250
251 return 0;
252
253 unreg_rtnl:
254 rtnl_link_unregister(&ovpn_link_ops);
255 return err;
256 }
257
ovpn_cleanup(void)258 static __exit void ovpn_cleanup(void)
259 {
260 ovpn_nl_unregister();
261 rtnl_link_unregister(&ovpn_link_ops);
262
263 rcu_barrier();
264 }
265
266 module_init(ovpn_init);
267 module_exit(ovpn_cleanup);
268
269 MODULE_DESCRIPTION("OpenVPN data channel offload (ovpn)");
270 MODULE_AUTHOR("Antonio Quartulli <antonio@openvpn.net>");
271 MODULE_LICENSE("GPL");
272