[net-next,v25,00/23] Introducing OpenVPN Data Channel Offload

Message ID	20250407-b4-ovpn-v25-0-a04eae86e016@openvpn.net
Headers	show Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9055421ABB7 for <linux-kselftest@vger.kernel.org>; Mon, 7 Apr 2025 19:47:05 +0000 (UTC) From: Antonio Quartulli <antonio@openvpn.net> Subject: [PATCH net-next v25 00/23] Introducing OpenVPN Data Channel Offload Date: Mon, 07 Apr 2025 21:46:08 +0200 Message-Id: <20250407-b4-ovpn-v25-0-a04eae86e016@openvpn.net> Precedence: bulk MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: netdev@vger.kernel.org, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>, Donald Hunter <donald.hunter@gmail.com>, Antonio Quartulli <antonio@openvpn.net>, Shuah Khan <shuah@kernel.org>, sd@queasysnail.net, ryazanov.s.a@gmail.com, Andrew Lunn <andrew+netdev@lunn.ch> Cc: Simon Horman <horms@kernel.org>, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Xiao Liang <shaw.leon@gmail.com>, steffen.klassert@secunet.com, antony.antony@secunet.com, willemdebruijn.kernel@gmail.com, David Ahern <dsahern@kernel.org>, Andrew Lunn <andrew@lunn.ch>, Shuah Khan <skhan@linuxfoundation.org>
Series	Introducing OpenVPN Data Channel Offload \| expand [net-next,v25,00/23] Introducing OpenVPN Data Channel Offload [net-next,v25,01/23] net: introduce OpenVPN Data Channel Offload (ovpn) [net-next,v25,02/23] ovpn: add basic netlink support [net-next,v25,03/23] ovpn: add basic interface creation/destruction/management routines [net-next,v25,04/23] ovpn: keep carrier always on for MP interfaces [net-next,v25,05/23] ovpn: introduce the ovpn_peer object [net-next,v25,06/23] ovpn: introduce the ovpn_socket object [net-next,v25,07/23] ovpn: implement basic TX path (UDP) [net-next,v25,08/23] ovpn: implement basic RX path (UDP) [net-next,v25,09/23] ovpn: implement packet processing [net-next,v25,10/23] ovpn: store tunnel and transport statistics [net-next,v25,11/23] ovpn: implement TCP transport [net-next,v25,12/23] skb: implement skb_send_sock_locked_with_flags() [net-next,v25,13/23] ovpn: add support for MSG_NOSIGNAL in tcp_sendmsg [net-next,v25,14/23] ovpn: implement multi-peer support [net-next,v25,15/23] ovpn: implement peer lookup logic [net-next,v25,16/23] ovpn: implement keepalive mechanism [net-next,v25,17/23] ovpn: add support for updating local or remote UDP endpoint [net-next,v25,18/23] ovpn: implement peer add/get/dump/delete via netlink [net-next,v25,19/23] ovpn: implement key add/get/del/swap via netlink [net-next,v25,20/23] ovpn: kill key and notify userspace in case of IV exhaustion [net-next,v25,21/23] ovpn: notify userspace when a peer is deleted [net-next,v25,22/23] ovpn: add basic ethtool support [net-next,v25,23/23] testing/selftests: add test tool and scripts for ovpn module

Message ID

20250407-b4-ovpn-v25-0-a04eae86e016@openvpn.net

Headers

From: Antonio Quartulli <antonio@openvpn.net>
Subject: [PATCH net-next v25 00/23] Introducing OpenVPN Data Channel
 Offload
Date: Mon, 07 Apr 2025 21:46:08 +0200
Message-Id: <20250407-b4-ovpn-v25-0-a04eae86e016@openvpn.net>
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: netdev@vger.kernel.org, Eric Dumazet <edumazet@google.com>,
 Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
 Donald Hunter <donald.hunter@gmail.com>,
 Antonio Quartulli <antonio@openvpn.net>, Shuah Khan <shuah@kernel.org>,
 sd@queasysnail.net, ryazanov.s.a@gmail.com,
 Andrew Lunn <andrew+netdev@lunn.ch>
Cc: Simon Horman <horms@kernel.org>, linux-kernel@vger.kernel.org,
 linux-kselftest@vger.kernel.org, Xiao Liang <shaw.leon@gmail.com>,
 steffen.klassert@secunet.com, antony.antony@secunet.com,
 willemdebruijn.kernel@gmail.com, David Ahern <dsahern@kernel.org>,
 Andrew Lunn <andrew@lunn.ch>, Shuah Khan <skhan@linuxfoundation.org>

Series

Introducing OpenVPN Data Channel Offload | expand

Message

Antonio Quartulli April 7, 2025, 7:46 p.m. UTC

Notable changes since v24:
* disable TCP disconnections of attached sockets (tcp_disconnect()
  returns -EBUSY) - similarly to kTLS.
* used rcu_replace_pointer instead of rcu_dereference_protected+rcu_assign_pointer
* dropped useless skb->ignore_df = 1
* dropped unneded EXPORT_SYMBOL_GPL(udpv6_prot)
* dropped obsolete comment for ovpn_crypto_key_slots_swap()
* dropped calls to kfree() in ovpn_aead_encrypt/decrypt() (release is
  performed in ovpn_encrypt/decrypt_post())
* dropped NULL check before calling kfree() in
  ovpn_encrypt/decrypt_done()
* converted seq_num from atomic64_t to atomic_t (IV exhaustion is now
  detected in case of wrap around)
* call consume_skb() on skb when dropping keepalive message (it is not a
  failure)
* made REMOTE_PORT mandatory when REMOTE_IPV4/6 is specified in
  peer_new/set call
* ensured ovpn_nl_key_swap_notify() is called only once, even when
  parsing a batch of received packets concurrently

Please note that some patches were already reviewed/tested by a few
people. These patches have retained the tags as they have hardly been
touched.

The latest code can also be found at:

https://github.com/OpenVPN/ovpn-net-next

Thanks a lot!
Best Regards,

Antonio Quartulli
OpenVPN Inc.

---
Antonio Quartulli (23):
      net: introduce OpenVPN Data Channel Offload (ovpn)
      ovpn: add basic netlink support
      ovpn: add basic interface creation/destruction/management routines
      ovpn: keep carrier always on for MP interfaces
      ovpn: introduce the ovpn_peer object
      ovpn: introduce the ovpn_socket object
      ovpn: implement basic TX path (UDP)
      ovpn: implement basic RX path (UDP)
      ovpn: implement packet processing
      ovpn: store tunnel and transport statistics
      ovpn: implement TCP transport
      skb: implement skb_send_sock_locked_with_flags()
      ovpn: add support for MSG_NOSIGNAL in tcp_sendmsg
      ovpn: implement multi-peer support
      ovpn: implement peer lookup logic
      ovpn: implement keepalive mechanism
      ovpn: add support for updating local or remote UDP endpoint
      ovpn: implement peer add/get/dump/delete via netlink
      ovpn: implement key add/get/del/swap via netlink
      ovpn: kill key and notify userspace in case of IV exhaustion
      ovpn: notify userspace when a peer is deleted
      ovpn: add basic ethtool support
      testing/selftests: add test tool and scripts for ovpn module

 Documentation/netlink/specs/ovpn.yaml              |  367 +++
 Documentation/netlink/specs/rt_link.yaml           |   16 +
 MAINTAINERS                                        |   11 +
 drivers/net/Kconfig                                |   15 +
 drivers/net/Makefile                               |    1 +
 drivers/net/ovpn/Makefile                          |   22 +
 drivers/net/ovpn/bind.c                            |   55 +
 drivers/net/ovpn/bind.h                            |  101 +
 drivers/net/ovpn/crypto.c                          |  210 ++
 drivers/net/ovpn/crypto.h                          |  145 ++
 drivers/net/ovpn/crypto_aead.c                     |  383 ++++
 drivers/net/ovpn/crypto_aead.h                     |   29 +
 drivers/net/ovpn/io.c                              |  446 ++++
 drivers/net/ovpn/io.h                              |   34 +
 drivers/net/ovpn/main.c                            |  330 +++
 drivers/net/ovpn/main.h                            |   14 +
 drivers/net/ovpn/netlink-gen.c                     |  213 ++
 drivers/net/ovpn/netlink-gen.h                     |   41 +
 drivers/net/ovpn/netlink.c                         | 1258 ++++++++++
 drivers/net/ovpn/netlink.h                         |   18 +
 drivers/net/ovpn/ovpnpriv.h                        |   57 +
 drivers/net/ovpn/peer.c                            | 1364 +++++++++++
 drivers/net/ovpn/peer.h                            |  163 ++
 drivers/net/ovpn/pktid.c                           |  129 ++
 drivers/net/ovpn/pktid.h                           |   86 +
 drivers/net/ovpn/proto.h                           |  118 +
 drivers/net/ovpn/skb.h                             |   61 +
 drivers/net/ovpn/socket.c                          |  239 ++
 drivers/net/ovpn/socket.h                          |   49 +
 drivers/net/ovpn/stats.c                           |   21 +
 drivers/net/ovpn/stats.h                           |   47 +
 drivers/net/ovpn/tcp.c                             |  598 +++++
 drivers/net/ovpn/tcp.h                             |   36 +
 drivers/net/ovpn/udp.c                             |  439 ++++
 drivers/net/ovpn/udp.h                             |   25 +
 include/linux/skbuff.h                             |    2 +
 include/uapi/linux/if_link.h                       |   15 +
 include/uapi/linux/ovpn.h                          |  109 +
 include/uapi/linux/udp.h                           |    1 +
 net/core/skbuff.c                                  |   18 +-
 net/ipv6/af_inet6.c                                |    1 +
 tools/testing/selftests/Makefile                   |    1 +
 tools/testing/selftests/net/ovpn/.gitignore        |    2 +
 tools/testing/selftests/net/ovpn/Makefile          |   31 +
 tools/testing/selftests/net/ovpn/common.sh         |   92 +
 tools/testing/selftests/net/ovpn/config            |   10 +
 tools/testing/selftests/net/ovpn/data64.key        |    5 +
 tools/testing/selftests/net/ovpn/ovpn-cli.c        | 2395 ++++++++++++++++++++
 tools/testing/selftests/net/ovpn/tcp_peers.txt     |    5 +
 .../testing/selftests/net/ovpn/test-chachapoly.sh  |    9 +
 .../selftests/net/ovpn/test-close-socket-tcp.sh    |    9 +
 .../selftests/net/ovpn/test-close-socket.sh        |   45 +
 tools/testing/selftests/net/ovpn/test-float.sh     |    9 +
 tools/testing/selftests/net/ovpn/test-tcp.sh       |    9 +
 tools/testing/selftests/net/ovpn/test.sh           |  113 +
 tools/testing/selftests/net/ovpn/udp_peers.txt     |    5 +
 56 files changed, 10022 insertions(+), 5 deletions(-)
---
base-commit: 61f96e684edd28ca40555ec49ea1555df31ba619
change-id: 20241002-b4-ovpn-eeee35c694a2

Best regards,

Comments

Sabrina Dubroca April 10, 2025, 2:03 p.m. UTC | #1

2025-04-07, 21:46:08 +0200, Antonio Quartulli wrote:
> Notable changes since v24:
> * disable TCP disconnections of attached sockets (tcp_disconnect()
>   returns -EBUSY) - similarly to kTLS.
> * used rcu_replace_pointer instead of rcu_dereference_protected+rcu_assign_pointer
> * dropped useless skb->ignore_df = 1
> * dropped unneded EXPORT_SYMBOL_GPL(udpv6_prot)
> * dropped obsolete comment for ovpn_crypto_key_slots_swap()
> * dropped calls to kfree() in ovpn_aead_encrypt/decrypt() (release is
>   performed in ovpn_encrypt/decrypt_post())
> * dropped NULL check before calling kfree() in
>   ovpn_encrypt/decrypt_done()
> * converted seq_num from atomic64_t to atomic_t (IV exhaustion is now
>   detected in case of wrap around)
> * call consume_skb() on skb when dropping keepalive message (it is not a
>   failure)
> * made REMOTE_PORT mandatory when REMOTE_IPV4/6 is specified in
>   peer_new/set call
> * ensured ovpn_nl_key_swap_notify() is called only once, even when
>   parsing a batch of received packets concurrently
> 
> Please note that some patches were already reviewed/tested by a few
> people. These patches have retained the tags as they have hardly been
> touched.
> 
> The latest code can also be found at:
> 
> https://github.com/OpenVPN/ovpn-net-next
> 
> Thanks a lot!
> Best Regards,
> 
> Antonio Quartulli
> OpenVPN Inc.
> 
> ---
> Antonio Quartulli (23):
>       net: introduce OpenVPN Data Channel Offload (ovpn)
>       ovpn: add basic netlink support
>       ovpn: add basic interface creation/destruction/management routines
>       ovpn: keep carrier always on for MP interfaces
>       ovpn: introduce the ovpn_peer object
>       ovpn: introduce the ovpn_socket object
>       ovpn: implement basic TX path (UDP)
>       ovpn: implement basic RX path (UDP)
>       ovpn: implement packet processing
>       ovpn: store tunnel and transport statistics
>       ovpn: implement TCP transport
>       skb: implement skb_send_sock_locked_with_flags()
>       ovpn: add support for MSG_NOSIGNAL in tcp_sendmsg
>       ovpn: implement multi-peer support
>       ovpn: implement peer lookup logic
>       ovpn: implement keepalive mechanism
>       ovpn: add support for updating local or remote UDP endpoint
>       ovpn: implement peer add/get/dump/delete via netlink
>       ovpn: implement key add/get/del/swap via netlink
>       ovpn: kill key and notify userspace in case of IV exhaustion
>       ovpn: notify userspace when a peer is deleted
>       ovpn: add basic ethtool support
>       testing/selftests: add test tool and scripts for ovpn module

For the series:
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>

Thanks again for your patience, Antonio.

Antonio Quartulli April 10, 2025, 2:16 p.m. UTC | #2

On 10/04/2025 16:03, Sabrina Dubroca wrote:
[...]
> For the series:
> Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
> 
> Thanks again for your patience, Antonio.

Thank you (!) Sabrina for all the effort you've put during this long 
journey.
You've been of incredible help to the ovpn prototype and to me.

"And we're just getting started!"

Regards,