1 // SPDX-License-Identifier: GPL-2.0
2 /* OpenVPN data channel offload
3 *
4 * Copyright (C) 2020-2025 OpenVPN, Inc.
5 *
6 * Author: Antonio Quartulli <antonio@openvpn.net>
7 * James Yonan <james@openvpn.net>
8 */
9
10 #include <linux/ethtool.h>
11 #include <linux/genetlink.h>
12 #include <linux/module.h>
13 #include <linux/netdevice.h>
14 #include <linux/inetdevice.h>
15 #include <net/gro_cells.h>
16 #include <net/ip.h>
17 #include <net/rtnetlink.h>
18 #include <uapi/linux/if_arp.h>
19
20 #include "ovpnpriv.h"
21 #include "main.h"
22 #include "netlink.h"
23 #include "io.h"
24 #include "peer.h"
25 #include "proto.h"
26 #include "tcp.h"
27 #include "udp.h"
28
ovpn_priv_free(struct net_device * net)29 static void ovpn_priv_free(struct net_device *net)
30 {
31 struct ovpn_priv *ovpn = netdev_priv(net);
32
33 kfree(ovpn->peers);
34 }
35
ovpn_mp_alloc(struct ovpn_priv * ovpn)36 static int ovpn_mp_alloc(struct ovpn_priv *ovpn)
37 {
38 struct in_device *dev_v4;
39 int i;
40
41 if (ovpn->mode != OVPN_MODE_MP)
42 return 0;
43
44 dev_v4 = __in_dev_get_rtnl(ovpn->dev);
45 if (dev_v4) {
46 /* disable redirects as Linux gets confused by ovpn
47 * handling same-LAN routing.
48 * This happens because a multipeer interface is used as
49 * relay point between hosts in the same subnet, while
50 * in a classic LAN this would not be needed because the
51 * two hosts would be able to talk directly.
52 */
53 IN_DEV_CONF_SET(dev_v4, SEND_REDIRECTS, false);
54 IPV4_DEVCONF_ALL(dev_net(ovpn->dev), SEND_REDIRECTS) = false;
55 }
56
57 /* the peer container is fairly large, therefore we allocate it only in
58 * MP mode
59 */
60 ovpn->peers = kzalloc(sizeof(*ovpn->peers), GFP_KERNEL);
61 if (!ovpn->peers)
62 return -ENOMEM;
63
64 for (i = 0; i < ARRAY_SIZE(ovpn->peers->by_id); i++) {
65 INIT_HLIST_HEAD(&ovpn->peers->by_id[i]);
66 INIT_HLIST_NULLS_HEAD(&ovpn->peers->by_vpn_addr4[i], i);
67 INIT_HLIST_NULLS_HEAD(&ovpn->peers->by_vpn_addr6[i], i);
68 INIT_HLIST_NULLS_HEAD(&ovpn->peers->by_transp_addr[i], i);
69 }
70
71 return 0;
72 }
73
ovpn_net_init(struct net_device * dev)74 static int ovpn_net_init(struct net_device *dev)
75 {
76 struct ovpn_priv *ovpn = netdev_priv(dev);
77 int err = gro_cells_init(&ovpn->gro_cells, dev);
78
79 if (err < 0)
80 return err;
81
82 err = ovpn_mp_alloc(ovpn);
83 if (err < 0) {
84 gro_cells_destroy(&ovpn->gro_cells);
85 return err;
86 }
87
88 return 0;
89 }
90
ovpn_net_uninit(struct net_device * dev)91 static void ovpn_net_uninit(struct net_device *dev)
92 {
93 struct ovpn_priv *ovpn = netdev_priv(dev);
94
95 gro_cells_destroy(&ovpn->gro_cells);
96 }
97
98 static const struct net_device_ops ovpn_netdev_ops = {
99 .ndo_init = ovpn_net_init,
100 .ndo_uninit = ovpn_net_uninit,
101 .ndo_start_xmit = ovpn_net_xmit,
102 };
103
104 static const struct device_type ovpn_type = {
105 .name = OVPN_FAMILY_NAME,
106 };
107
108 static const struct nla_policy ovpn_policy[IFLA_OVPN_MAX + 1] = {
109 [IFLA_OVPN_MODE] = NLA_POLICY_RANGE(NLA_U8, OVPN_MODE_P2P,
110 OVPN_MODE_MP),
111 };
112
113 /**
114 * ovpn_dev_is_valid - check if the netdevice is of type 'ovpn'
115 * @dev: the interface to check
116 *
117 * Return: whether the netdevice is of type 'ovpn'
118 */
ovpn_dev_is_valid(const struct net_device * dev)119 bool ovpn_dev_is_valid(const struct net_device *dev)
120 {
121 return dev->netdev_ops == &ovpn_netdev_ops;
122 }
123
ovpn_get_drvinfo(struct net_device * dev,struct ethtool_drvinfo * info)124 static void ovpn_get_drvinfo(struct net_device *dev,
125 struct ethtool_drvinfo *info)
126 {
127 strscpy(info->driver, "ovpn", sizeof(info->driver));
128 strscpy(info->bus_info, "ovpn", sizeof(info->bus_info));
129 }
130
131 static const struct ethtool_ops ovpn_ethtool_ops = {
132 .get_drvinfo = ovpn_get_drvinfo,
133 .get_link = ethtool_op_get_link,
134 .get_ts_info = ethtool_op_get_ts_info,
135 };
136
ovpn_setup(struct net_device * dev)137 static void ovpn_setup(struct net_device *dev)
138 {
139 netdev_features_t feat = NETIF_F_SG | NETIF_F_GSO |
140 NETIF_F_GSO_SOFTWARE | NETIF_F_HIGHDMA;
141
142 dev->needs_free_netdev = true;
143
144 dev->pcpu_stat_type = NETDEV_PCPU_STAT_DSTATS;
145
146 dev->ethtool_ops = &ovpn_ethtool_ops;
147 dev->netdev_ops = &ovpn_netdev_ops;
148
149 dev->priv_destructor = ovpn_priv_free;
150
151 dev->hard_header_len = 0;
152 dev->addr_len = 0;
153 dev->mtu = ETH_DATA_LEN - OVPN_HEAD_ROOM;
154 dev->min_mtu = IPV4_MIN_MTU;
155 dev->max_mtu = IP_MAX_MTU - OVPN_HEAD_ROOM;
156
157 dev->type = ARPHRD_NONE;
158 dev->flags = IFF_POINTOPOINT | IFF_NOARP;
159 dev->priv_flags |= IFF_NO_QUEUE;
160 /* when routing packets to a LAN behind a client, we rely on the
161 * route entry that originally brought the packet into ovpn, so
162 * don't release it
163 */
164 netif_keep_dst(dev);
165
166 dev->lltx = true;
167 dev->features |= feat;
168 dev->hw_features |= feat;
169 dev->hw_enc_features |= feat;
170
171 dev->needed_headroom = ALIGN(OVPN_HEAD_ROOM, 4);
172 dev->needed_tailroom = OVPN_MAX_PADDING;
173
174 SET_NETDEV_DEVTYPE(dev, &ovpn_type);
175 }
176
ovpn_newlink(struct net_device * dev,struct rtnl_newlink_params * params,struct netlink_ext_ack * extack)177 static int ovpn_newlink(struct net_device *dev,
178 struct rtnl_newlink_params *params,
179 struct netlink_ext_ack *extack)
180 {
181 struct ovpn_priv *ovpn = netdev_priv(dev);
182 struct nlattr **data = params->data;
183 enum ovpn_mode mode = OVPN_MODE_P2P;
184
185 if (data && data[IFLA_OVPN_MODE]) {
186 mode = nla_get_u8(data[IFLA_OVPN_MODE]);
187 netdev_dbg(dev, "setting device mode: %u\n", mode);
188 }
189
190 ovpn->dev = dev;
191 ovpn->mode = mode;
192 spin_lock_init(&ovpn->lock);
193 INIT_DELAYED_WORK(&ovpn->keepalive_work, ovpn_peer_keepalive_work);
194
195 /* Set carrier explicitly after registration, this way state is
196 * clearly defined.
197 *
198 * In case of MP interfaces we keep the carrier always on.
199 *
200 * Carrier for P2P interfaces is initially off and it is then
201 * switched on and off when the remote peer is added or deleted.
202 */
203 if (ovpn->mode == OVPN_MODE_MP)
204 netif_carrier_on(dev);
205 else
206 netif_carrier_off(dev);
207
208 return register_netdevice(dev);
209 }
210
ovpn_dellink(struct net_device * dev,struct list_head * head)211 static void ovpn_dellink(struct net_device *dev, struct list_head *head)
212 {
213 struct ovpn_priv *ovpn = netdev_priv(dev);
214
215 cancel_delayed_work_sync(&ovpn->keepalive_work);
216 ovpn_peers_free(ovpn, NULL, OVPN_DEL_PEER_REASON_TEARDOWN);
217 unregister_netdevice_queue(dev, head);
218 }
219
ovpn_fill_info(struct sk_buff * skb,const struct net_device * dev)220 static int ovpn_fill_info(struct sk_buff *skb, const struct net_device *dev)
221 {
222 struct ovpn_priv *ovpn = netdev_priv(dev);
223
224 if (nla_put_u8(skb, IFLA_OVPN_MODE, ovpn->mode))
225 return -EMSGSIZE;
226
227 return 0;
228 }
229
230 static struct rtnl_link_ops ovpn_link_ops = {
231 .kind = "ovpn",
232 .netns_refund = false,
233 .priv_size = sizeof(struct ovpn_priv),
234 .setup = ovpn_setup,
235 .policy = ovpn_policy,
236 .maxtype = IFLA_OVPN_MAX,
237 .newlink = ovpn_newlink,
238 .dellink = ovpn_dellink,
239 .fill_info = ovpn_fill_info,
240 };
241
ovpn_init(void)242 static int __init ovpn_init(void)
243 {
244 int err = rtnl_link_register(&ovpn_link_ops);
245
246 if (err) {
247 pr_err("ovpn: can't register rtnl link ops: %d\n", err);
248 return err;
249 }
250
251 err = ovpn_nl_register();
252 if (err) {
253 pr_err("ovpn: can't register netlink family: %d\n", err);
254 goto unreg_rtnl;
255 }
256
257 ovpn_tcp_init();
258
259 return 0;
260
261 unreg_rtnl:
262 rtnl_link_unregister(&ovpn_link_ops);
263 return err;
264 }
265
ovpn_cleanup(void)266 static __exit void ovpn_cleanup(void)
267 {
268 ovpn_nl_unregister();
269 rtnl_link_unregister(&ovpn_link_ops);
270
271 rcu_barrier();
272 }
273
274 module_init(ovpn_init);
275 module_exit(ovpn_cleanup);
276
277 MODULE_DESCRIPTION("OpenVPN data channel offload (ovpn)");
278 MODULE_AUTHOR("Antonio Quartulli <antonio@openvpn.net>");
279 MODULE_LICENSE("GPL");
280