xref: /linux/drivers/net/ovpn/main.c (revision df9c299371054cb725eef730fd0f1d0fe2ed6bb0)
1 // SPDX-License-Identifier: GPL-2.0
2 /*  OpenVPN data channel offload
3  *
4  *  Copyright (C) 2020-2025 OpenVPN, Inc.
5  *
6  *  Author:	Antonio Quartulli <antonio@openvpn.net>
7  *		James Yonan <james@openvpn.net>
8  */
9 
10 #include <linux/ethtool.h>
11 #include <linux/genetlink.h>
12 #include <linux/module.h>
13 #include <linux/netdevice.h>
14 #include <linux/inetdevice.h>
15 #include <net/gro_cells.h>
16 #include <net/ip.h>
17 #include <net/rtnetlink.h>
18 #include <uapi/linux/if_arp.h>
19 
20 #include "ovpnpriv.h"
21 #include "main.h"
22 #include "netlink.h"
23 #include "io.h"
24 #include "peer.h"
25 #include "proto.h"
26 #include "tcp.h"
27 #include "udp.h"
28 
29 static void ovpn_priv_free(struct net_device *net)
30 {
31 	struct ovpn_priv *ovpn = netdev_priv(net);
32 
33 	kfree(ovpn->peers);
34 }
35 
36 static int ovpn_mp_alloc(struct ovpn_priv *ovpn)
37 {
38 	struct in_device *dev_v4;
39 	int i;
40 
41 	if (ovpn->mode != OVPN_MODE_MP)
42 		return 0;
43 
44 	dev_v4 = __in_dev_get_rtnl(ovpn->dev);
45 	if (dev_v4) {
46 		/* disable redirects as Linux gets confused by ovpn
47 		 * handling same-LAN routing.
48 		 * This happens because a multipeer interface is used as
49 		 * relay point between hosts in the same subnet, while
50 		 * in a classic LAN this would not be needed because the
51 		 * two hosts would be able to talk directly.
52 		 */
53 		IN_DEV_CONF_SET(dev_v4, SEND_REDIRECTS, false);
54 		IPV4_DEVCONF_ALL(dev_net(ovpn->dev), SEND_REDIRECTS) = false;
55 	}
56 
57 	/* the peer container is fairly large, therefore we allocate it only in
58 	 * MP mode
59 	 */
60 	ovpn->peers = kzalloc(sizeof(*ovpn->peers), GFP_KERNEL);
61 	if (!ovpn->peers)
62 		return -ENOMEM;
63 
64 	for (i = 0; i < ARRAY_SIZE(ovpn->peers->by_id); i++) {
65 		INIT_HLIST_HEAD(&ovpn->peers->by_id[i]);
66 		INIT_HLIST_NULLS_HEAD(&ovpn->peers->by_vpn_addr4[i], i);
67 		INIT_HLIST_NULLS_HEAD(&ovpn->peers->by_vpn_addr6[i], i);
68 		INIT_HLIST_NULLS_HEAD(&ovpn->peers->by_transp_addr[i], i);
69 	}
70 
71 	return 0;
72 }
73 
74 static int ovpn_net_init(struct net_device *dev)
75 {
76 	struct ovpn_priv *ovpn = netdev_priv(dev);
77 	int err = gro_cells_init(&ovpn->gro_cells, dev);
78 
79 	if (err < 0)
80 		return err;
81 
82 	err = ovpn_mp_alloc(ovpn);
83 	if (err < 0) {
84 		gro_cells_destroy(&ovpn->gro_cells);
85 		return err;
86 	}
87 
88 	return 0;
89 }
90 
91 static void ovpn_net_uninit(struct net_device *dev)
92 {
93 	struct ovpn_priv *ovpn = netdev_priv(dev);
94 
95 	gro_cells_destroy(&ovpn->gro_cells);
96 }
97 
98 static const struct net_device_ops ovpn_netdev_ops = {
99 	.ndo_init		= ovpn_net_init,
100 	.ndo_uninit		= ovpn_net_uninit,
101 	.ndo_start_xmit		= ovpn_net_xmit,
102 };
103 
104 static const struct device_type ovpn_type = {
105 	.name = OVPN_FAMILY_NAME,
106 };
107 
108 static const struct nla_policy ovpn_policy[IFLA_OVPN_MAX + 1] = {
109 	[IFLA_OVPN_MODE] = NLA_POLICY_RANGE(NLA_U8, OVPN_MODE_P2P,
110 					    OVPN_MODE_MP),
111 };
112 
113 /**
114  * ovpn_dev_is_valid - check if the netdevice is of type 'ovpn'
115  * @dev: the interface to check
116  *
117  * Return: whether the netdevice is of type 'ovpn'
118  */
119 bool ovpn_dev_is_valid(const struct net_device *dev)
120 {
121 	return dev->netdev_ops == &ovpn_netdev_ops;
122 }
123 
124 static void ovpn_get_drvinfo(struct net_device *dev,
125 			     struct ethtool_drvinfo *info)
126 {
127 	strscpy(info->driver, "ovpn", sizeof(info->driver));
128 	strscpy(info->bus_info, "ovpn", sizeof(info->bus_info));
129 }
130 
131 static const struct ethtool_ops ovpn_ethtool_ops = {
132 	.get_drvinfo		= ovpn_get_drvinfo,
133 	.get_link		= ethtool_op_get_link,
134 	.get_ts_info		= ethtool_op_get_ts_info,
135 };
136 
137 static void ovpn_setup(struct net_device *dev)
138 {
139 	netdev_features_t feat = NETIF_F_SG | NETIF_F_GSO |
140 				 NETIF_F_GSO_SOFTWARE | NETIF_F_HIGHDMA;
141 
142 	dev->needs_free_netdev = true;
143 
144 	dev->pcpu_stat_type = NETDEV_PCPU_STAT_DSTATS;
145 
146 	dev->ethtool_ops = &ovpn_ethtool_ops;
147 	dev->netdev_ops = &ovpn_netdev_ops;
148 
149 	dev->priv_destructor = ovpn_priv_free;
150 
151 	dev->hard_header_len = 0;
152 	dev->addr_len = 0;
153 	dev->mtu = ETH_DATA_LEN - OVPN_HEAD_ROOM;
154 	dev->min_mtu = IPV4_MIN_MTU;
155 	dev->max_mtu = IP_MAX_MTU - OVPN_HEAD_ROOM;
156 
157 	dev->type = ARPHRD_NONE;
158 	dev->flags = IFF_POINTOPOINT | IFF_NOARP;
159 	dev->priv_flags |= IFF_NO_QUEUE;
160 	/* when routing packets to a LAN behind a client, we rely on the
161 	 * route entry that originally brought the packet into ovpn, so
162 	 * don't release it
163 	 */
164 	netif_keep_dst(dev);
165 
166 	dev->lltx = true;
167 	dev->features |= feat;
168 	dev->hw_features |= feat;
169 	dev->hw_enc_features |= feat;
170 
171 	dev->needed_headroom = ALIGN(OVPN_HEAD_ROOM, 4);
172 	dev->needed_tailroom = OVPN_MAX_PADDING;
173 
174 	SET_NETDEV_DEVTYPE(dev, &ovpn_type);
175 }
176 
177 static int ovpn_newlink(struct net_device *dev,
178 			struct rtnl_newlink_params *params,
179 			struct netlink_ext_ack *extack)
180 {
181 	struct ovpn_priv *ovpn = netdev_priv(dev);
182 	struct nlattr **data = params->data;
183 	enum ovpn_mode mode = OVPN_MODE_P2P;
184 
185 	if (data && data[IFLA_OVPN_MODE]) {
186 		mode = nla_get_u8(data[IFLA_OVPN_MODE]);
187 		netdev_dbg(dev, "setting device mode: %u\n", mode);
188 	}
189 
190 	ovpn->dev = dev;
191 	ovpn->mode = mode;
192 	spin_lock_init(&ovpn->lock);
193 	INIT_DELAYED_WORK(&ovpn->keepalive_work, ovpn_peer_keepalive_work);
194 
195 	/* Set carrier explicitly after registration, this way state is
196 	 * clearly defined.
197 	 *
198 	 * In case of MP interfaces we keep the carrier always on.
199 	 *
200 	 * Carrier for P2P interfaces is initially off and it is then
201 	 * switched on and off when the remote peer is added or deleted.
202 	 */
203 	if (ovpn->mode == OVPN_MODE_MP)
204 		netif_carrier_on(dev);
205 	else
206 		netif_carrier_off(dev);
207 
208 	return register_netdevice(dev);
209 }
210 
211 static void ovpn_dellink(struct net_device *dev, struct list_head *head)
212 {
213 	struct ovpn_priv *ovpn = netdev_priv(dev);
214 
215 	cancel_delayed_work_sync(&ovpn->keepalive_work);
216 	ovpn_peers_free(ovpn, NULL, OVPN_DEL_PEER_REASON_TEARDOWN);
217 	unregister_netdevice_queue(dev, head);
218 }
219 
220 static int ovpn_fill_info(struct sk_buff *skb, const struct net_device *dev)
221 {
222 	struct ovpn_priv *ovpn = netdev_priv(dev);
223 
224 	if (nla_put_u8(skb, IFLA_OVPN_MODE, ovpn->mode))
225 		return -EMSGSIZE;
226 
227 	return 0;
228 }
229 
230 static struct rtnl_link_ops ovpn_link_ops = {
231 	.kind = "ovpn",
232 	.netns_refund = false,
233 	.priv_size = sizeof(struct ovpn_priv),
234 	.setup = ovpn_setup,
235 	.policy = ovpn_policy,
236 	.maxtype = IFLA_OVPN_MAX,
237 	.newlink = ovpn_newlink,
238 	.dellink = ovpn_dellink,
239 	.fill_info = ovpn_fill_info,
240 };
241 
242 static int __init ovpn_init(void)
243 {
244 	int err = rtnl_link_register(&ovpn_link_ops);
245 
246 	if (err) {
247 		pr_err("ovpn: can't register rtnl link ops: %d\n", err);
248 		return err;
249 	}
250 
251 	err = ovpn_nl_register();
252 	if (err) {
253 		pr_err("ovpn: can't register netlink family: %d\n", err);
254 		goto unreg_rtnl;
255 	}
256 
257 	ovpn_tcp_init();
258 
259 	return 0;
260 
261 unreg_rtnl:
262 	rtnl_link_unregister(&ovpn_link_ops);
263 	return err;
264 }
265 
266 static __exit void ovpn_cleanup(void)
267 {
268 	ovpn_nl_unregister();
269 	rtnl_link_unregister(&ovpn_link_ops);
270 
271 	rcu_barrier();
272 }
273 
274 module_init(ovpn_init);
275 module_exit(ovpn_cleanup);
276 
277 MODULE_DESCRIPTION("OpenVPN data channel offload (ovpn)");
278 MODULE_AUTHOR("Antonio Quartulli <antonio@openvpn.net>");
279 MODULE_LICENSE("GPL");
280