xref: /linux/drivers/net/ovpn/main.c (revision 6bab77ced3ffbce3d6c5b5bcce17da7c8a3f8266) 
1 // SPDX-License-Identifier: GPL-2.0
2 /*  OpenVPN data channel offload
3  *
4  *  Copyright (C) 2020-2025 OpenVPN, Inc.
5  *
6  *  Author:	Antonio Quartulli <antonio@openvpn.net>
7  *		James Yonan <james@openvpn.net>
8  */
9 
10 #include <linux/ethtool.h>
11 #include <linux/genetlink.h>
12 #include <linux/module.h>
13 #include <linux/netdevice.h>
14 #include <linux/inetdevice.h>
15 #include <net/gro_cells.h>
16 #include <net/ip.h>
17 #include <net/rtnetlink.h>
18 #include <uapi/linux/if_arp.h>
19 
20 #include "ovpnpriv.h"
21 #include "main.h"
22 #include "netlink.h"
23 #include "io.h"
24 #include "peer.h"
25 #include "proto.h"
26 #include "tcp.h"
27 #include "udp.h"
28 
29 static void ovpn_priv_free(struct net_device *net)
30 {
31 	struct ovpn_priv *ovpn = netdev_priv(net);
32 
33 	kfree(ovpn->peers);
34 }
35 
36 static int ovpn_mp_alloc(struct ovpn_priv *ovpn)
37 {
38 	struct in_device *dev_v4;
39 	int i;
40 
41 	if (ovpn->mode != OVPN_MODE_MP)
42 		return 0;
43 
44 	dev_v4 = __in_dev_get_rtnl(ovpn->dev);
45 	if (dev_v4) {
46 		/* disable redirects as Linux gets confused by ovpn
47 		 * handling same-LAN routing.
48 		 * This happens because a multipeer interface is used as
49 		 * relay point between hosts in the same subnet, while
50 		 * in a classic LAN this would not be needed because the
51 		 * two hosts would be able to talk directly.
52 		 */
53 		IN_DEV_CONF_SET(dev_v4, SEND_REDIRECTS, false);
54 		IPV4_DEVCONF_ALL(dev_net(ovpn->dev), SEND_REDIRECTS) = false;
55 	}
56 
57 	/* the peer container is fairly large, therefore we allocate it only in
58 	 * MP mode
59 	 */
60 	ovpn->peers = kzalloc(sizeof(*ovpn->peers), GFP_KERNEL);
61 	if (!ovpn->peers)
62 		return -ENOMEM;
63 
64 	for (i = 0; i < ARRAY_SIZE(ovpn->peers->by_id); i++) {
65 		INIT_HLIST_HEAD(&ovpn->peers->by_id[i]);
66 		INIT_HLIST_NULLS_HEAD(&ovpn->peers->by_vpn_addr4[i], i);
67 		INIT_HLIST_NULLS_HEAD(&ovpn->peers->by_vpn_addr6[i], i);
68 		INIT_HLIST_NULLS_HEAD(&ovpn->peers->by_transp_addr[i], i);
69 	}
70 
71 	return 0;
72 }
73 
74 static int ovpn_net_init(struct net_device *dev)
75 {
76 	struct ovpn_priv *ovpn = netdev_priv(dev);
77 	int err = gro_cells_init(&ovpn->gro_cells, dev);
78 
79 	if (err < 0)
80 		return err;
81 
82 	err = ovpn_mp_alloc(ovpn);
83 	if (err < 0) {
84 		gro_cells_destroy(&ovpn->gro_cells);
85 		return err;
86 	}
87 
88 	return 0;
89 }
90 
91 static void ovpn_net_uninit(struct net_device *dev)
92 {
93 	struct ovpn_priv *ovpn = netdev_priv(dev);
94 
95 	gro_cells_destroy(&ovpn->gro_cells);
96 }
97 
98 static const struct net_device_ops ovpn_netdev_ops = {
99 	.ndo_init		= ovpn_net_init,
100 	.ndo_uninit		= ovpn_net_uninit,
101 	.ndo_start_xmit		= ovpn_net_xmit,
102 };
103 
104 static const struct device_type ovpn_type = {
105 	.name = OVPN_FAMILY_NAME,
106 };
107 
108 static const struct nla_policy ovpn_policy[IFLA_OVPN_MAX + 1] = {
109 	[IFLA_OVPN_MODE] = NLA_POLICY_RANGE(NLA_U8, OVPN_MODE_P2P,
110 					    OVPN_MODE_MP),
111 };
112 
113 /**
114  * ovpn_dev_is_valid - check if the netdevice is of type 'ovpn'
115  * @dev: the interface to check
116  *
117  * Return: whether the netdevice is of type 'ovpn'
118  */
119 bool ovpn_dev_is_valid(const struct net_device *dev)
120 {
121 	return dev->netdev_ops == &ovpn_netdev_ops;
122 }
123 
124 static void ovpn_get_drvinfo(struct net_device *dev,
125 			     struct ethtool_drvinfo *info)
126 {
127 	strscpy(info->driver, "ovpn", sizeof(info->driver));
128 	strscpy(info->bus_info, "ovpn", sizeof(info->bus_info));
129 }
130 
131 static const struct ethtool_ops ovpn_ethtool_ops = {
132 	.get_drvinfo		= ovpn_get_drvinfo,
133 	.get_link		= ethtool_op_get_link,
134 	.get_ts_info		= ethtool_op_get_ts_info,
135 };
136 
137 static void ovpn_setup(struct net_device *dev)
138 {
139 	netdev_features_t feat = NETIF_F_SG | NETIF_F_GSO |
140 				 NETIF_F_GSO_SOFTWARE | NETIF_F_HIGHDMA;
141 
142 	dev->needs_free_netdev = true;
143 
144 	dev->pcpu_stat_type = NETDEV_PCPU_STAT_DSTATS;
145 
146 	dev->ethtool_ops = &ovpn_ethtool_ops;
147 	dev->netdev_ops = &ovpn_netdev_ops;
148 
149 	dev->priv_destructor = ovpn_priv_free;
150 
151 	dev->hard_header_len = 0;
152 	dev->addr_len = 0;
153 	dev->mtu = ETH_DATA_LEN - OVPN_HEAD_ROOM;
154 	dev->min_mtu = IPV4_MIN_MTU;
155 	dev->max_mtu = IP_MAX_MTU - OVPN_HEAD_ROOM;
156 
157 	dev->type = ARPHRD_NONE;
158 	dev->flags = IFF_POINTOPOINT | IFF_NOARP;
159 	dev->priv_flags |= IFF_NO_QUEUE;
160 
161 	dev->lltx = true;
162 	dev->features |= feat;
163 	dev->hw_features |= feat;
164 	dev->hw_enc_features |= feat;
165 
166 	dev->needed_headroom = ALIGN(OVPN_HEAD_ROOM, 4);
167 	dev->needed_tailroom = OVPN_MAX_PADDING;
168 
169 	SET_NETDEV_DEVTYPE(dev, &ovpn_type);
170 }
171 
172 static int ovpn_newlink(struct net_device *dev,
173 			struct rtnl_newlink_params *params,
174 			struct netlink_ext_ack *extack)
175 {
176 	struct ovpn_priv *ovpn = netdev_priv(dev);
177 	struct nlattr **data = params->data;
178 	enum ovpn_mode mode = OVPN_MODE_P2P;
179 
180 	if (data && data[IFLA_OVPN_MODE]) {
181 		mode = nla_get_u8(data[IFLA_OVPN_MODE]);
182 		netdev_dbg(dev, "setting device mode: %u\n", mode);
183 	}
184 
185 	ovpn->dev = dev;
186 	ovpn->mode = mode;
187 	spin_lock_init(&ovpn->lock);
188 	INIT_DELAYED_WORK(&ovpn->keepalive_work, ovpn_peer_keepalive_work);
189 
190 	/* Set carrier explicitly after registration, this way state is
191 	 * clearly defined.
192 	 *
193 	 * In case of MP interfaces we keep the carrier always on.
194 	 *
195 	 * Carrier for P2P interfaces is initially off and it is then
196 	 * switched on and off when the remote peer is added or deleted.
197 	 */
198 	if (ovpn->mode == OVPN_MODE_MP)
199 		netif_carrier_on(dev);
200 	else
201 		netif_carrier_off(dev);
202 
203 	return register_netdevice(dev);
204 }
205 
206 static void ovpn_dellink(struct net_device *dev, struct list_head *head)
207 {
208 	struct ovpn_priv *ovpn = netdev_priv(dev);
209 
210 	cancel_delayed_work_sync(&ovpn->keepalive_work);
211 	ovpn_peers_free(ovpn, NULL, OVPN_DEL_PEER_REASON_TEARDOWN);
212 	unregister_netdevice_queue(dev, head);
213 }
214 
215 static int ovpn_fill_info(struct sk_buff *skb, const struct net_device *dev)
216 {
217 	struct ovpn_priv *ovpn = netdev_priv(dev);
218 
219 	if (nla_put_u8(skb, IFLA_OVPN_MODE, ovpn->mode))
220 		return -EMSGSIZE;
221 
222 	return 0;
223 }
224 
225 static struct rtnl_link_ops ovpn_link_ops = {
226 	.kind = "ovpn",
227 	.netns_refund = false,
228 	.priv_size = sizeof(struct ovpn_priv),
229 	.setup = ovpn_setup,
230 	.policy = ovpn_policy,
231 	.maxtype = IFLA_OVPN_MAX,
232 	.newlink = ovpn_newlink,
233 	.dellink = ovpn_dellink,
234 	.fill_info = ovpn_fill_info,
235 };
236 
237 static int __init ovpn_init(void)
238 {
239 	int err = rtnl_link_register(&ovpn_link_ops);
240 
241 	if (err) {
242 		pr_err("ovpn: can't register rtnl link ops: %d\n", err);
243 		return err;
244 	}
245 
246 	err = ovpn_nl_register();
247 	if (err) {
248 		pr_err("ovpn: can't register netlink family: %d\n", err);
249 		goto unreg_rtnl;
250 	}
251 
252 	ovpn_tcp_init();
253 
254 	return 0;
255 
256 unreg_rtnl:
257 	rtnl_link_unregister(&ovpn_link_ops);
258 	return err;
259 }
260 
261 static __exit void ovpn_cleanup(void)
262 {
263 	ovpn_nl_unregister();
264 	rtnl_link_unregister(&ovpn_link_ops);
265 
266 	rcu_barrier();
267 }
268 
269 module_init(ovpn_init);
270 module_exit(ovpn_cleanup);
271 
272 MODULE_DESCRIPTION("OpenVPN data channel offload (ovpn)");
273 MODULE_AUTHOR("Antonio Quartulli <antonio@openvpn.net>");
274 MODULE_LICENSE("GPL");
275