xref: /linux/drivers/net/ovpn/main.c (revision 985d4a55e64e43bd86eeb896b81ceba453301989) 
1 // SPDX-License-Identifier: GPL-2.0
2 /*  OpenVPN data channel offload
3  *
4  *  Copyright (C) 2020-2025 OpenVPN, Inc.
5  *
6  *  Author:	Antonio Quartulli <antonio@openvpn.net>
7  *		James Yonan <james@openvpn.net>
8  */
9 
10 #include <linux/ethtool.h>
11 #include <linux/genetlink.h>
12 #include <linux/module.h>
13 #include <linux/netdevice.h>
14 #include <linux/inetdevice.h>
15 #include <net/gro_cells.h>
16 #include <net/ip.h>
17 #include <net/rtnetlink.h>
18 #include <uapi/linux/if_arp.h>
19 
20 #include "ovpnpriv.h"
21 #include "main.h"
22 #include "netlink.h"
23 #include "io.h"
24 #include "peer.h"
25 #include "proto.h"
26 #include "tcp.h"
27 #include "udp.h"
28 
29 static void ovpn_priv_free(struct net_device *net)
30 {
31 	struct ovpn_priv *ovpn = netdev_priv(net);
32 
33 	kfree(ovpn->peers);
34 }
35 
36 static int ovpn_mp_alloc(struct ovpn_priv *ovpn)
37 {
38 	struct in_device *dev_v4;
39 	int i;
40 
41 	if (ovpn->mode != OVPN_MODE_MP)
42 		return 0;
43 
44 	dev_v4 = __in_dev_get_rtnl(ovpn->dev);
45 	if (dev_v4) {
46 		/* disable redirects as Linux gets confused by ovpn
47 		 * handling same-LAN routing.
48 		 * This happens because a multipeer interface is used as
49 		 * relay point between hosts in the same subnet, while
50 		 * in a classic LAN this would not be needed because the
51 		 * two hosts would be able to talk directly.
52 		 */
53 		IN_DEV_CONF_SET(dev_v4, SEND_REDIRECTS, false);
54 		IPV4_DEVCONF_ALL(dev_net(ovpn->dev), SEND_REDIRECTS) = false;
55 	}
56 
57 	/* the peer container is fairly large, therefore we allocate it only in
58 	 * MP mode
59 	 */
60 	ovpn->peers = kzalloc_obj(*ovpn->peers);
61 	if (!ovpn->peers)
62 		return -ENOMEM;
63 
64 	for (i = 0; i < ARRAY_SIZE(ovpn->peers->by_id); i++) {
65 		INIT_HLIST_HEAD(&ovpn->peers->by_id[i]);
66 		INIT_HLIST_NULLS_HEAD(&ovpn->peers->by_vpn_addr4[i], i);
67 		INIT_HLIST_NULLS_HEAD(&ovpn->peers->by_vpn_addr6[i], i);
68 		INIT_HLIST_NULLS_HEAD(&ovpn->peers->by_transp_addr[i], i);
69 	}
70 
71 	return 0;
72 }
73 
74 static int ovpn_net_init(struct net_device *dev)
75 {
76 	struct ovpn_priv *ovpn = netdev_priv(dev);
77 	int err = gro_cells_init(&ovpn->gro_cells, dev);
78 
79 	if (err < 0)
80 		return err;
81 
82 	err = ovpn_mp_alloc(ovpn);
83 	if (err < 0) {
84 		gro_cells_destroy(&ovpn->gro_cells);
85 		return err;
86 	}
87 
88 	return 0;
89 }
90 
91 static void ovpn_net_uninit(struct net_device *dev)
92 {
93 	struct ovpn_priv *ovpn = netdev_priv(dev);
94 
95 	disable_delayed_work_sync(&ovpn->keepalive_work);
96 	ovpn_peers_free(ovpn, NULL, OVPN_DEL_PEER_REASON_TEARDOWN);
97 	gro_cells_destroy(&ovpn->gro_cells);
98 }
99 
100 static const struct net_device_ops ovpn_netdev_ops = {
101 	.ndo_init		= ovpn_net_init,
102 	.ndo_uninit		= ovpn_net_uninit,
103 	.ndo_start_xmit		= ovpn_net_xmit,
104 };
105 
106 static const struct device_type ovpn_type = {
107 	.name = OVPN_FAMILY_NAME,
108 };
109 
110 static const struct nla_policy ovpn_policy[IFLA_OVPN_MAX + 1] = {
111 	[IFLA_OVPN_MODE] = NLA_POLICY_RANGE(NLA_U8, OVPN_MODE_P2P,
112 					    OVPN_MODE_MP),
113 };
114 
115 /**
116  * ovpn_dev_is_valid - check if the netdevice is of type 'ovpn'
117  * @dev: the interface to check
118  *
119  * Return: whether the netdevice is of type 'ovpn'
120  */
121 bool ovpn_dev_is_valid(const struct net_device *dev)
122 {
123 	return dev->netdev_ops == &ovpn_netdev_ops;
124 }
125 
126 static void ovpn_get_drvinfo(struct net_device *dev,
127 			     struct ethtool_drvinfo *info)
128 {
129 	strscpy(info->driver, "ovpn", sizeof(info->driver));
130 	strscpy(info->bus_info, "ovpn", sizeof(info->bus_info));
131 }
132 
133 static const struct ethtool_ops ovpn_ethtool_ops = {
134 	.get_drvinfo		= ovpn_get_drvinfo,
135 	.get_link		= ethtool_op_get_link,
136 	.get_ts_info		= ethtool_op_get_ts_info,
137 };
138 
139 static void ovpn_setup(struct net_device *dev)
140 {
141 	netdev_features_t feat = NETIF_F_SG | NETIF_F_GSO |
142 				 NETIF_F_GSO_SOFTWARE | NETIF_F_HIGHDMA;
143 
144 	dev->needs_free_netdev = true;
145 
146 	dev->pcpu_stat_type = NETDEV_PCPU_STAT_DSTATS;
147 
148 	dev->ethtool_ops = &ovpn_ethtool_ops;
149 	dev->netdev_ops = &ovpn_netdev_ops;
150 
151 	dev->priv_destructor = ovpn_priv_free;
152 
153 	dev->hard_header_len = 0;
154 	dev->addr_len = 0;
155 	dev->mtu = ETH_DATA_LEN - OVPN_HEAD_ROOM;
156 	dev->min_mtu = IPV4_MIN_MTU;
157 	dev->max_mtu = IP_MAX_MTU - OVPN_HEAD_ROOM;
158 
159 	dev->type = ARPHRD_NONE;
160 	dev->flags = IFF_POINTOPOINT | IFF_NOARP;
161 	dev->priv_flags |= IFF_NO_QUEUE;
162 	/* when routing packets to a LAN behind a client, we rely on the
163 	 * route entry that originally brought the packet into ovpn, so
164 	 * don't release it
165 	 */
166 	netif_keep_dst(dev);
167 
168 	dev->lltx = true;
169 	dev->features |= feat;
170 	dev->hw_features |= feat;
171 	dev->hw_enc_features |= feat;
172 
173 	dev->needed_headroom = ALIGN(OVPN_HEAD_ROOM, 4);
174 	dev->needed_tailroom = OVPN_MAX_PADDING;
175 
176 	SET_NETDEV_DEVTYPE(dev, &ovpn_type);
177 }
178 
179 static int ovpn_newlink(struct net_device *dev,
180 			struct rtnl_newlink_params *params,
181 			struct netlink_ext_ack *extack)
182 {
183 	struct ovpn_priv *ovpn = netdev_priv(dev);
184 	struct nlattr **data = params->data;
185 	enum ovpn_mode mode = OVPN_MODE_P2P;
186 
187 	if (data && data[IFLA_OVPN_MODE]) {
188 		mode = nla_get_u8(data[IFLA_OVPN_MODE]);
189 		netdev_dbg(dev, "setting device mode: %u\n", mode);
190 	}
191 
192 	ovpn->dev = dev;
193 	ovpn->mode = mode;
194 	spin_lock_init(&ovpn->lock);
195 	INIT_DELAYED_WORK(&ovpn->keepalive_work, ovpn_peer_keepalive_work);
196 
197 	/* Set carrier explicitly after registration, this way state is
198 	 * clearly defined.
199 	 *
200 	 * In case of MP interfaces we keep the carrier always on.
201 	 *
202 	 * Carrier for P2P interfaces is initially off and it is then
203 	 * switched on and off when the remote peer is added or deleted.
204 	 */
205 	if (ovpn->mode == OVPN_MODE_MP)
206 		netif_carrier_on(dev);
207 	else
208 		netif_carrier_off(dev);
209 
210 	return register_netdevice(dev);
211 }
212 
213 static int ovpn_fill_info(struct sk_buff *skb, const struct net_device *dev)
214 {
215 	struct ovpn_priv *ovpn = netdev_priv(dev);
216 
217 	if (nla_put_u8(skb, IFLA_OVPN_MODE, ovpn->mode))
218 		return -EMSGSIZE;
219 
220 	return 0;
221 }
222 
223 static struct rtnl_link_ops ovpn_link_ops = {
224 	.kind = "ovpn",
225 	.netns_refund = false,
226 	.priv_size = sizeof(struct ovpn_priv),
227 	.setup = ovpn_setup,
228 	.policy = ovpn_policy,
229 	.maxtype = IFLA_OVPN_MAX,
230 	.newlink = ovpn_newlink,
231 	.fill_info = ovpn_fill_info,
232 };
233 
234 static int __init ovpn_init(void)
235 {
236 	int err = rtnl_link_register(&ovpn_link_ops);
237 
238 	if (err) {
239 		pr_err("ovpn: can't register rtnl link ops: %d\n", err);
240 		return err;
241 	}
242 
243 	err = ovpn_nl_register();
244 	if (err) {
245 		pr_err("ovpn: can't register netlink family: %d\n", err);
246 		goto unreg_rtnl;
247 	}
248 
249 	ovpn_tcp_init();
250 
251 	return 0;
252 
253 unreg_rtnl:
254 	rtnl_link_unregister(&ovpn_link_ops);
255 	return err;
256 }
257 
258 static __exit void ovpn_cleanup(void)
259 {
260 	ovpn_nl_unregister();
261 	rtnl_link_unregister(&ovpn_link_ops);
262 
263 	rcu_barrier();
264 }
265 
266 module_init(ovpn_init);
267 module_exit(ovpn_cleanup);
268 
269 MODULE_DESCRIPTION("OpenVPN data channel offload (ovpn)");
270 MODULE_AUTHOR("Antonio Quartulli <antonio@openvpn.net>");
271 MODULE_LICENSE("GPL");
272