1 // SPDX-License-Identifier: GPL-2.0 2 /* OpenVPN data channel offload 3 * 4 * Copyright (C) 2020-2025 OpenVPN, Inc. 5 * 6 * Author: Antonio Quartulli <antonio@openvpn.net> 7 * James Yonan <james@openvpn.net> 8 */ 9 10 #include <linux/ethtool.h> 11 #include <linux/genetlink.h> 12 #include <linux/module.h> 13 #include <linux/netdevice.h> 14 #include <linux/inetdevice.h> 15 #include <net/gro_cells.h> 16 #include <net/ip.h> 17 #include <net/rtnetlink.h> 18 #include <uapi/linux/if_arp.h> 19 20 #include "ovpnpriv.h" 21 #include "main.h" 22 #include "netlink.h" 23 #include "io.h" 24 #include "peer.h" 25 #include "proto.h" 26 #include "tcp.h" 27 #include "udp.h" 28 29 static void ovpn_priv_free(struct net_device *net) 30 { 31 struct ovpn_priv *ovpn = netdev_priv(net); 32 33 kfree(ovpn->peers); 34 } 35 36 static int ovpn_mp_alloc(struct ovpn_priv *ovpn) 37 { 38 struct in_device *dev_v4; 39 int i; 40 41 if (ovpn->mode != OVPN_MODE_MP) 42 return 0; 43 44 dev_v4 = __in_dev_get_rtnl(ovpn->dev); 45 if (dev_v4) { 46 /* disable redirects as Linux gets confused by ovpn 47 * handling same-LAN routing. 48 * This happens because a multipeer interface is used as 49 * relay point between hosts in the same subnet, while 50 * in a classic LAN this would not be needed because the 51 * two hosts would be able to talk directly. 52 */ 53 IN_DEV_CONF_SET(dev_v4, SEND_REDIRECTS, false); 54 IPV4_DEVCONF_ALL(dev_net(ovpn->dev), SEND_REDIRECTS) = false; 55 } 56 57 /* the peer container is fairly large, therefore we allocate it only in 58 * MP mode 59 */ 60 ovpn->peers = kzalloc(sizeof(*ovpn->peers), GFP_KERNEL); 61 if (!ovpn->peers) 62 return -ENOMEM; 63 64 for (i = 0; i < ARRAY_SIZE(ovpn->peers->by_id); i++) { 65 INIT_HLIST_HEAD(&ovpn->peers->by_id[i]); 66 INIT_HLIST_NULLS_HEAD(&ovpn->peers->by_vpn_addr4[i], i); 67 INIT_HLIST_NULLS_HEAD(&ovpn->peers->by_vpn_addr6[i], i); 68 INIT_HLIST_NULLS_HEAD(&ovpn->peers->by_transp_addr[i], i); 69 } 70 71 return 0; 72 } 73 74 static int ovpn_net_init(struct net_device *dev) 75 { 76 struct ovpn_priv *ovpn = netdev_priv(dev); 77 int err = gro_cells_init(&ovpn->gro_cells, dev); 78 79 if (err < 0) 80 return err; 81 82 err = ovpn_mp_alloc(ovpn); 83 if (err < 0) { 84 gro_cells_destroy(&ovpn->gro_cells); 85 return err; 86 } 87 88 return 0; 89 } 90 91 static void ovpn_net_uninit(struct net_device *dev) 92 { 93 struct ovpn_priv *ovpn = netdev_priv(dev); 94 95 gro_cells_destroy(&ovpn->gro_cells); 96 } 97 98 static const struct net_device_ops ovpn_netdev_ops = { 99 .ndo_init = ovpn_net_init, 100 .ndo_uninit = ovpn_net_uninit, 101 .ndo_start_xmit = ovpn_net_xmit, 102 }; 103 104 static const struct device_type ovpn_type = { 105 .name = OVPN_FAMILY_NAME, 106 }; 107 108 static const struct nla_policy ovpn_policy[IFLA_OVPN_MAX + 1] = { 109 [IFLA_OVPN_MODE] = NLA_POLICY_RANGE(NLA_U8, OVPN_MODE_P2P, 110 OVPN_MODE_MP), 111 }; 112 113 /** 114 * ovpn_dev_is_valid - check if the netdevice is of type 'ovpn' 115 * @dev: the interface to check 116 * 117 * Return: whether the netdevice is of type 'ovpn' 118 */ 119 bool ovpn_dev_is_valid(const struct net_device *dev) 120 { 121 return dev->netdev_ops == &ovpn_netdev_ops; 122 } 123 124 static void ovpn_get_drvinfo(struct net_device *dev, 125 struct ethtool_drvinfo *info) 126 { 127 strscpy(info->driver, "ovpn", sizeof(info->driver)); 128 strscpy(info->bus_info, "ovpn", sizeof(info->bus_info)); 129 } 130 131 static const struct ethtool_ops ovpn_ethtool_ops = { 132 .get_drvinfo = ovpn_get_drvinfo, 133 .get_link = ethtool_op_get_link, 134 .get_ts_info = ethtool_op_get_ts_info, 135 }; 136 137 static void ovpn_setup(struct net_device *dev) 138 { 139 netdev_features_t feat = NETIF_F_SG | NETIF_F_GSO | 140 NETIF_F_GSO_SOFTWARE | NETIF_F_HIGHDMA; 141 142 dev->needs_free_netdev = true; 143 144 dev->pcpu_stat_type = NETDEV_PCPU_STAT_DSTATS; 145 146 dev->ethtool_ops = &ovpn_ethtool_ops; 147 dev->netdev_ops = &ovpn_netdev_ops; 148 149 dev->priv_destructor = ovpn_priv_free; 150 151 dev->hard_header_len = 0; 152 dev->addr_len = 0; 153 dev->mtu = ETH_DATA_LEN - OVPN_HEAD_ROOM; 154 dev->min_mtu = IPV4_MIN_MTU; 155 dev->max_mtu = IP_MAX_MTU - OVPN_HEAD_ROOM; 156 157 dev->type = ARPHRD_NONE; 158 dev->flags = IFF_POINTOPOINT | IFF_NOARP; 159 dev->priv_flags |= IFF_NO_QUEUE; 160 /* when routing packets to a LAN behind a client, we rely on the 161 * route entry that originally brought the packet into ovpn, so 162 * don't release it 163 */ 164 netif_keep_dst(dev); 165 166 dev->lltx = true; 167 dev->features |= feat; 168 dev->hw_features |= feat; 169 dev->hw_enc_features |= feat; 170 171 dev->needed_headroom = ALIGN(OVPN_HEAD_ROOM, 4); 172 dev->needed_tailroom = OVPN_MAX_PADDING; 173 174 SET_NETDEV_DEVTYPE(dev, &ovpn_type); 175 } 176 177 static int ovpn_newlink(struct net_device *dev, 178 struct rtnl_newlink_params *params, 179 struct netlink_ext_ack *extack) 180 { 181 struct ovpn_priv *ovpn = netdev_priv(dev); 182 struct nlattr **data = params->data; 183 enum ovpn_mode mode = OVPN_MODE_P2P; 184 185 if (data && data[IFLA_OVPN_MODE]) { 186 mode = nla_get_u8(data[IFLA_OVPN_MODE]); 187 netdev_dbg(dev, "setting device mode: %u\n", mode); 188 } 189 190 ovpn->dev = dev; 191 ovpn->mode = mode; 192 spin_lock_init(&ovpn->lock); 193 INIT_DELAYED_WORK(&ovpn->keepalive_work, ovpn_peer_keepalive_work); 194 195 /* Set carrier explicitly after registration, this way state is 196 * clearly defined. 197 * 198 * In case of MP interfaces we keep the carrier always on. 199 * 200 * Carrier for P2P interfaces is initially off and it is then 201 * switched on and off when the remote peer is added or deleted. 202 */ 203 if (ovpn->mode == OVPN_MODE_MP) 204 netif_carrier_on(dev); 205 else 206 netif_carrier_off(dev); 207 208 return register_netdevice(dev); 209 } 210 211 static void ovpn_dellink(struct net_device *dev, struct list_head *head) 212 { 213 struct ovpn_priv *ovpn = netdev_priv(dev); 214 215 cancel_delayed_work_sync(&ovpn->keepalive_work); 216 ovpn_peers_free(ovpn, NULL, OVPN_DEL_PEER_REASON_TEARDOWN); 217 unregister_netdevice_queue(dev, head); 218 } 219 220 static int ovpn_fill_info(struct sk_buff *skb, const struct net_device *dev) 221 { 222 struct ovpn_priv *ovpn = netdev_priv(dev); 223 224 if (nla_put_u8(skb, IFLA_OVPN_MODE, ovpn->mode)) 225 return -EMSGSIZE; 226 227 return 0; 228 } 229 230 static struct rtnl_link_ops ovpn_link_ops = { 231 .kind = "ovpn", 232 .netns_refund = false, 233 .priv_size = sizeof(struct ovpn_priv), 234 .setup = ovpn_setup, 235 .policy = ovpn_policy, 236 .maxtype = IFLA_OVPN_MAX, 237 .newlink = ovpn_newlink, 238 .dellink = ovpn_dellink, 239 .fill_info = ovpn_fill_info, 240 }; 241 242 static int __init ovpn_init(void) 243 { 244 int err = rtnl_link_register(&ovpn_link_ops); 245 246 if (err) { 247 pr_err("ovpn: can't register rtnl link ops: %d\n", err); 248 return err; 249 } 250 251 err = ovpn_nl_register(); 252 if (err) { 253 pr_err("ovpn: can't register netlink family: %d\n", err); 254 goto unreg_rtnl; 255 } 256 257 ovpn_tcp_init(); 258 259 return 0; 260 261 unreg_rtnl: 262 rtnl_link_unregister(&ovpn_link_ops); 263 return err; 264 } 265 266 static __exit void ovpn_cleanup(void) 267 { 268 ovpn_nl_unregister(); 269 rtnl_link_unregister(&ovpn_link_ops); 270 271 rcu_barrier(); 272 } 273 274 module_init(ovpn_init); 275 module_exit(ovpn_cleanup); 276 277 MODULE_DESCRIPTION("OpenVPN data channel offload (ovpn)"); 278 MODULE_AUTHOR("Antonio Quartulli <antonio@openvpn.net>"); 279 MODULE_LICENSE("GPL"); 280