From: Antonio Quartulli <antonio@openvpn.net>
To: netdev@vger.kernel.org
Cc: Jakub Kicinski <kuba@kernel.org>,
Sergey Ryazanov <ryazanov.s.a@gmail.com>,
Paolo Abeni <pabeni@redhat.com>,
Eric Dumazet <edumazet@google.com>, Andrew Lunn <andrew@lunn.ch>,
Esben Haabendal <esben@geanix.com>,
Antonio Quartulli <antonio@openvpn.net>
Subject: [PATCH net-next v3 00/24] Introducing OpenVPN Data Channel Offload
Date: Mon, 6 May 2024 03:16:13 +0200 [thread overview]
Message-ID: <20240506011637.27272-1-antonio@openvpn.net> (raw)
Hi all!
I am finally back with version 3 of the ovpn patchset.
It took a while to address all comments I have received on v2, but I
am happy to say that I addressed 99% of the feedback I collected.
The 1% I did not make yet is using BQL for handling the packets queue.
Although such change looks pretty simple in terms of code, I need to
spend some more time understanding the concept behind and therefore
I decided to postpone this change to the (near) future in order to not
slow down the whole review/merge process.
Major changes from v2 are:
* added YAML documentation for the netlink uAPI
** uapi/linnu/ovpn.h, driners/net/ovpn/netlink-gen.{c,h} are now self
generated by the tools/net/ynl/ynl-regen.sh script
* the first patch now also modifies the ynl script to account for the
new MAX_LEN() policy macro
* added more doxygen documentation
* added kselftest unit for ovpn in tools/testing/selftest/ovpn with
some basic tests
* fixed various typ0s in documentation
* moved includes of local headers last
* wrapped code at 80 chars
* rearranged includes a bit to reduce double inclusions
* set default ifname to ovpn%d and allowed users to not specify any
* now sending reply to NEW_IFACE NL command containing actual new ifname
* used GENL_REQ_ATTR_CHECK() when possible
* turned carrier off in iface create function
* turned carrier on in open function and clearly explain why we keep it
always on (new patch)
* left ethtool info ->version empty
* removed internal driver version
* checked return value of alloc_netdev
* renamed _lookup() functions to _get()
* removed memset-zero from init function as netdev is already zero'd
* added missing TCP component initialization in ovpn_init
* .. included various small fixes as requested by reviewers
The latest code can also be found at:
https://github.com/OpenVPN/linux-kernel-ovpn
Thanks to the new kunitest component, it is now pssible to run
basic ovpn tests. Peers are emulated by using multiple network
namespaces which are interconnected by means of veth pairs.
Please note that patches have been split for easier review, but if
required, I can send a long 1/1 with all courses and dishes in one go :)
Thanks so far!
Below is the original description posted with the first patchest:
===================================================================
`ovpn` is essentialy a device driver that allows creating a virtual
network interface to handle the OpenVPN data channel. Any traffic
entering the interface is encrypted, encapsulated and sent to the
appropriate destination.
`ovpn` requires OpenVPN in userspace
to run along its side in order to be properly configured and maintained
during its life cycle.
The `ovpn` interface can be created/destroyed and then
configured via Netlink API.
Specifically OpenVPN in userspace will:
* create the `ovpn` interface
* establish the connection with one or more peers
* perform TLS handshake and negotiate any protocol parameter
* configure the `ovpn` interface with peer data (ip/port, keys, etc.)
* handle any subsequent control channel communication
I'd like to point out the control channel is fully handles in userspace.
The idea is to keep the `ovpn` kernel module as simple as possible and
let userspace handle all the non-data (non-fast-path) features.
NOTE: some of you may already know `ovpn-dco` the out-of-tree predecessor
of `ovpn`. However, be aware that the two are not API compatible and
therefore OpenVPN 2.6 will not work with this new `ovpn` module.
More adjustments are required.
For more technical details please refer to the actual patches.
Any comment, concern or statement will be appreciated!
Thanks a lot!!
Best Regards,
Antonio Quartulli
OpenVPN Inc.
======================
Antonio Quartulli (24):
netlink: add NLA_POLICY_MAX_LEN macro
net: introduce OpenVPN Data Channel Offload (ovpn)
ovpn: add basic netlink support
ovpn: add basic interface creation/destruction/management routines
ovpn: implement interface creation/destruction via netlink
ovpn: keep carrier always on
ovpn: introduce the ovpn_peer object
ovpn: introduce the ovpn_socket object
ovpn: implement basic TX path (UDP)
ovpn: implement basic RX path (UDP)
ovpn: implement packet processing
ovpn: store tunnel and transport statistics
ovpn: implement TCP transport
ovpn: implement multi-peer support
ovpn: implement peer lookup logic
ovpn: implement keepalive mechanism
ovpn: add support for updating local UDP endpoint
ovpn: add support for peer floating
ovpn: implement peer add/dump/delete via netlink
ovpn: implement key add/del/swap via netlink
ovpn: kill key and notify userspace in case of IV exhaustion
ovpn: notify userspace when a peer is deleted
ovpn: add basic ethtool support
testing/selftest: add test tool and scripts for ovpn module
Documentation/netlink/specs/ovpn.yaml | 331 ++++
MAINTAINERS | 8 +
drivers/net/Kconfig | 13 +
drivers/net/Makefile | 1 +
drivers/net/ovpn/Makefile | 22 +
drivers/net/ovpn/bind.c | 61 +
drivers/net/ovpn/bind.h | 130 ++
drivers/net/ovpn/crypto.c | 162 ++
drivers/net/ovpn/crypto.h | 138 ++
drivers/net/ovpn/crypto_aead.c | 378 +++++
drivers/net/ovpn/crypto_aead.h | 30 +
drivers/net/ovpn/io.c | 566 +++++++
drivers/net/ovpn/io.h | 35 +
drivers/net/ovpn/main.c | 320 ++++
drivers/net/ovpn/main.h | 56 +
drivers/net/ovpn/netlink-gen.c | 206 +++
drivers/net/ovpn/netlink-gen.h | 41 +
drivers/net/ovpn/netlink.c | 993 ++++++++++++
drivers/net/ovpn/netlink.h | 46 +
drivers/net/ovpn/ovpnstruct.h | 48 +
drivers/net/ovpn/packet.h | 40 +
drivers/net/ovpn/peer.c | 1077 +++++++++++++
drivers/net/ovpn/peer.h | 303 ++++
drivers/net/ovpn/pktid.c | 132 ++
drivers/net/ovpn/pktid.h | 85 +
drivers/net/ovpn/proto.h | 115 ++
drivers/net/ovpn/skb.h | 51 +
drivers/net/ovpn/socket.c | 150 ++
drivers/net/ovpn/socket.h | 81 +
drivers/net/ovpn/stats.c | 21 +
drivers/net/ovpn/stats.h | 52 +
drivers/net/ovpn/tcp.c | 511 ++++++
drivers/net/ovpn/tcp.h | 42 +
drivers/net/ovpn/udp.c | 393 +++++
drivers/net/ovpn/udp.h | 47 +
include/net/netlink.h | 1 +
include/uapi/linux/ovpn.h | 109 ++
include/uapi/linux/udp.h | 1 +
tools/net/ynl/ynl-gen-c.py | 2 +
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/ovpn/Makefile | 15 +
tools/testing/selftests/ovpn/config | 8 +
tools/testing/selftests/ovpn/data64.key | 5 +
tools/testing/selftests/ovpn/float-test.sh | 113 ++
tools/testing/selftests/ovpn/netns-test.sh | 118 ++
tools/testing/selftests/ovpn/ovpn-cli.c | 1640 ++++++++++++++++++++
tools/testing/selftests/ovpn/run.sh | 12 +
tools/testing/selftests/ovpn/tcp_peers.txt | 1 +
tools/testing/selftests/ovpn/udp_peers.txt | 5 +
49 files changed, 8716 insertions(+)
create mode 100644 Documentation/netlink/specs/ovpn.yaml
create mode 100644 drivers/net/ovpn/Makefile
create mode 100644 drivers/net/ovpn/bind.c
create mode 100644 drivers/net/ovpn/bind.h
create mode 100644 drivers/net/ovpn/crypto.c
create mode 100644 drivers/net/ovpn/crypto.h
create mode 100644 drivers/net/ovpn/crypto_aead.c
create mode 100644 drivers/net/ovpn/crypto_aead.h
create mode 100644 drivers/net/ovpn/io.c
create mode 100644 drivers/net/ovpn/io.h
create mode 100644 drivers/net/ovpn/main.c
create mode 100644 drivers/net/ovpn/main.h
create mode 100644 drivers/net/ovpn/netlink-gen.c
create mode 100644 drivers/net/ovpn/netlink-gen.h
create mode 100644 drivers/net/ovpn/netlink.c
create mode 100644 drivers/net/ovpn/netlink.h
create mode 100644 drivers/net/ovpn/ovpnstruct.h
create mode 100644 drivers/net/ovpn/packet.h
create mode 100644 drivers/net/ovpn/peer.c
create mode 100644 drivers/net/ovpn/peer.h
create mode 100644 drivers/net/ovpn/pktid.c
create mode 100644 drivers/net/ovpn/pktid.h
create mode 100644 drivers/net/ovpn/proto.h
create mode 100644 drivers/net/ovpn/skb.h
create mode 100644 drivers/net/ovpn/socket.c
create mode 100644 drivers/net/ovpn/socket.h
create mode 100644 drivers/net/ovpn/stats.c
create mode 100644 drivers/net/ovpn/stats.h
create mode 100644 drivers/net/ovpn/tcp.c
create mode 100644 drivers/net/ovpn/tcp.h
create mode 100644 drivers/net/ovpn/udp.c
create mode 100644 drivers/net/ovpn/udp.h
create mode 100644 include/uapi/linux/ovpn.h
create mode 100644 tools/testing/selftests/ovpn/Makefile
create mode 100644 tools/testing/selftests/ovpn/config
create mode 100644 tools/testing/selftests/ovpn/data64.key
create mode 100644 tools/testing/selftests/ovpn/float-test.sh
create mode 100644 tools/testing/selftests/ovpn/netns-test.sh
create mode 100644 tools/testing/selftests/ovpn/ovpn-cli.c
create mode 100644 tools/testing/selftests/ovpn/run.sh
create mode 100644 tools/testing/selftests/ovpn/tcp_peers.txt
create mode 100644 tools/testing/selftests/ovpn/udp_peers.txt
--
2.43.2
next reply other threads:[~2024-05-06 1:15 UTC|newest]
Thread overview: 111+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-06 1:16 Antonio Quartulli [this message]
2024-05-06 1:16 ` [PATCH net-next v3 01/24] netlink: add NLA_POLICY_MAX_LEN macro Antonio Quartulli
2024-05-06 1:16 ` [PATCH net-next v3 02/24] net: introduce OpenVPN Data Channel Offload (ovpn) Antonio Quartulli
2024-05-06 1:16 ` [PATCH net-next v3 03/24] ovpn: add basic netlink support Antonio Quartulli
2024-05-08 0:10 ` Jakub Kicinski
2024-05-08 7:42 ` Antonio Quartulli
2024-05-08 14:42 ` Sabrina Dubroca
2024-05-08 14:51 ` Antonio Quartulli
2024-05-06 1:16 ` [PATCH net-next v3 04/24] ovpn: add basic interface creation/destruction/management routines Antonio Quartulli
2024-05-08 0:18 ` Jakub Kicinski
2024-05-08 7:53 ` Antonio Quartulli
2024-05-08 14:52 ` Sabrina Dubroca
2024-05-09 1:06 ` Jakub Kicinski
2024-05-09 8:25 ` Antonio Quartulli
2024-05-09 10:09 ` Sabrina Dubroca
2024-05-09 10:35 ` Antonio Quartulli
2024-05-09 12:16 ` Sabrina Dubroca
2024-05-09 13:25 ` Antonio Quartulli
2024-05-09 13:52 ` Sabrina Dubroca
2024-05-06 1:16 ` [PATCH net-next v3 05/24] ovpn: implement interface creation/destruction via netlink Antonio Quartulli
2024-05-08 0:21 ` Jakub Kicinski
2024-05-08 9:49 ` Antonio Quartulli
2024-05-09 1:09 ` Jakub Kicinski
2024-05-09 8:30 ` Antonio Quartulli
2024-05-06 1:16 ` [PATCH net-next v3 06/24] ovpn: keep carrier always on Antonio Quartulli
2024-05-06 1:16 ` [PATCH net-next v3 07/24] ovpn: introduce the ovpn_peer object Antonio Quartulli
2024-05-08 16:06 ` Sabrina Dubroca
2024-05-08 20:31 ` Antonio Quartulli
2024-05-09 13:04 ` Sabrina Dubroca
2024-05-09 13:24 ` Andrew Lunn
2024-05-10 18:57 ` Antonio Quartulli
2024-05-11 0:28 ` Jakub Kicinski
2024-05-09 13:44 ` Antonio Quartulli
2024-05-09 13:55 ` Andrew Lunn
2024-05-09 14:17 ` Sabrina Dubroca
2024-05-09 14:36 ` Antonio Quartulli
2024-05-09 14:53 ` Antonio Quartulli
2024-05-10 10:30 ` Sabrina Dubroca
2024-05-10 12:34 ` Antonio Quartulli
2024-05-10 14:11 ` Sabrina Dubroca
2024-05-13 10:09 ` Simon Horman
2024-05-13 10:53 ` Antonio Quartulli
2024-05-13 15:04 ` Simon Horman
2024-05-06 1:16 ` [PATCH net-next v3 08/24] ovpn: introduce the ovpn_socket object Antonio Quartulli
2024-05-08 17:10 ` Sabrina Dubroca
2024-05-08 20:38 ` Antonio Quartulli
2024-05-09 13:32 ` Sabrina Dubroca
2024-05-09 13:46 ` Antonio Quartulli
2024-05-06 1:16 ` [PATCH net-next v3 09/24] ovpn: implement basic TX path (UDP) Antonio Quartulli
2024-05-10 13:01 ` Sabrina Dubroca
2024-05-10 13:39 ` Antonio Quartulli
2024-05-12 21:35 ` Sabrina Dubroca
2024-05-13 7:37 ` Antonio Quartulli
2024-05-13 9:36 ` Sabrina Dubroca
2024-05-13 9:47 ` Antonio Quartulli
2024-05-06 1:16 ` [PATCH net-next v3 10/24] ovpn: implement basic RX " Antonio Quartulli
2024-05-10 13:45 ` Sabrina Dubroca
2024-05-10 14:41 ` Antonio Quartulli
2024-05-06 1:16 ` [PATCH net-next v3 11/24] ovpn: implement packet processing Antonio Quartulli
2024-05-12 8:46 ` Sabrina Dubroca
2024-05-13 7:14 ` Antonio Quartulli
2024-05-13 9:24 ` Sabrina Dubroca
2024-05-13 9:31 ` Antonio Quartulli
2024-05-22 14:08 ` Antonio Quartulli
2024-05-22 14:28 ` Andrew Lunn
2024-05-06 1:16 ` [PATCH net-next v3 12/24] ovpn: store tunnel and transport statistics Antonio Quartulli
2024-05-12 8:47 ` Sabrina Dubroca
2024-05-13 7:25 ` Antonio Quartulli
2024-05-13 9:19 ` Sabrina Dubroca
2024-05-13 9:33 ` Antonio Quartulli
2024-05-06 1:16 ` [PATCH net-next v3 13/24] ovpn: implement TCP transport Antonio Quartulli
2024-05-13 13:37 ` Antonio Quartulli
2024-05-13 15:34 ` Jakub Kicinski
2024-05-13 14:50 ` Sabrina Dubroca
2024-05-13 22:20 ` Antonio Quartulli
2024-05-14 8:58 ` Sabrina Dubroca
2024-05-14 22:11 ` Antonio Quartulli
2024-05-15 10:19 ` Sabrina Dubroca
2024-05-15 12:54 ` Antonio Quartulli
2024-05-15 14:55 ` Sabrina Dubroca
2024-05-15 19:44 ` Antonio Quartulli
2024-05-15 20:35 ` Sabrina Dubroca
2024-05-15 20:39 ` Antonio Quartulli
2024-05-06 1:16 ` [PATCH net-next v3 14/24] ovpn: implement multi-peer support Antonio Quartulli
2024-05-28 14:44 ` Sabrina Dubroca
2024-05-28 19:41 ` Antonio Quartulli
2024-05-29 15:16 ` Sabrina Dubroca
2024-05-29 20:15 ` Antonio Quartulli
2024-05-29 20:45 ` Sabrina Dubroca
2024-05-06 1:16 ` [PATCH net-next v3 15/24] ovpn: implement peer lookup logic Antonio Quartulli
2024-05-28 16:42 ` Sabrina Dubroca
2024-05-28 20:09 ` Antonio Quartulli
2024-05-29 16:42 ` Sabrina Dubroca
2024-05-29 20:19 ` Antonio Quartulli
2024-05-06 1:16 ` [PATCH net-next v3 16/24] ovpn: implement keepalive mechanism Antonio Quartulli
2024-05-06 1:16 ` [PATCH net-next v3 17/24] ovpn: add support for updating local UDP endpoint Antonio Quartulli
2024-05-06 1:16 ` [PATCH net-next v3 18/24] ovpn: add support for peer floating Antonio Quartulli
2024-05-06 1:16 ` [PATCH net-next v3 19/24] ovpn: implement peer add/dump/delete via netlink Antonio Quartulli
2024-05-06 1:16 ` [PATCH net-next v3 20/24] ovpn: implement key add/del/swap " Antonio Quartulli
2024-05-06 1:16 ` [PATCH net-next v3 21/24] ovpn: kill key and notify userspace in case of IV exhaustion Antonio Quartulli
2024-05-06 1:16 ` [PATCH net-next v3 22/24] ovpn: notify userspace when a peer is deleted Antonio Quartulli
2024-05-06 1:16 ` [PATCH net-next v3 23/24] ovpn: add basic ethtool support Antonio Quartulli
2024-05-06 1:16 ` [PATCH net-next v3 24/24] testing/selftest: add test tool and scripts for ovpn module Antonio Quartulli
2024-05-07 23:55 ` Jakub Kicinski
2024-05-08 9:51 ` Antonio Quartulli
2024-05-09 0:50 ` Jakub Kicinski
2024-05-09 8:40 ` Antonio Quartulli
2024-05-07 23:48 ` [PATCH net-next v3 00/24] Introducing OpenVPN Data Channel Offload Jakub Kicinski
2024-05-08 9:56 ` Antonio Quartulli
2024-05-09 0:53 ` Jakub Kicinski
2024-05-09 8:41 ` Antonio Quartulli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240506011637.27272-1-antonio@openvpn.net \
--to=antonio@openvpn.net \
--cc=andrew@lunn.ch \
--cc=edumazet@google.com \
--cc=esben@geanix.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=ryazanov.s.a@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).