From patchwork Fri Nov 14 10:39:40 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralf Lici X-Patchwork-Id: 4595 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6d04:b0:7b1:439f:bdf with SMTP id e4csp1430198may; Fri, 14 Nov 2025 02:40:35 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWDjZ5M0cMvB1WGkfhPQkqP0u9nKYhEe5x6/d3bzLntoNmdtXiCTOIRG9hDBd7aQGZPmxJo+FLE7qw=@openvpn.net X-Google-Smtp-Source: AGHT+IFUnQ0QDZ0B+OINno6k9utFOGu0i5fQzJtxP/VuIc3j7F2tZg8/zXwiEgXUgjLYuV4OhPxW X-Received: by 2002:a05:6870:a0a6:b0:3d2:7800:cc15 with SMTP id 586e51a60fabf-3e8690bae77mr1113280fac.26.1763116834973; Fri, 14 Nov 2025 02:40:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1763116834; cv=none; d=google.com; s=arc-20240605; b=W8AnSvaTAQ3kIcIw2IoEe83zmR1lx39zJmE0UpA3PitMFWwNAtQbtRjGhN86ois7eL vop/aPh0Dc6vd5LFds5b9am8wUlm3OakcMrZGRTRoWbf8Y42jdc45H/mD6UOvDp3EQBh DB/6JtKG4KwqJ5e9Uo3VvbOZZ5U6Kq+mehIOWjiHWt3bz3zsPeSpS7v0L9WGaucf651P KaAdHfpLZhxRJBlL8nFNmhnJ7u95thNd6TqKl7NISqGKkT0M8mIHZdGpO8RbwNa4TyUu Lz4PsQu00NwBc0hFPkiPrVbbxyT7JsaKRdYEL/W3ebYIG/AJ9Nkq4yMGnFpJT2iIpfGS FIkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature:dkim-signature; bh=uhccBgabhz4wkE5jz2hTpZGUsYJ6j1d9hiP4ZE6F3pE=; fh=BRD5nlWz8Dao7r6wQQa6hXD4f3uQGq0bfdeuHf+OsGo=; b=gz7+dtXDlFlPyE/WR8eNfq8tsQBKpRbPoNzN+aqgv6eAPE2QdN9EELdyqke/7PwNGa GZUe9CiLpyu/zdd5TmnW1nJkD+8XSiS0QR3O32dHkCwTf4phjwqwhWX8C4/ULBv6TaRJ ZH1HeTBfL95awuNzDzM90sUYLxbGh9gSCFJdLmeD0Liw2t9V8AqvjJF4IWNpyvZltxaw m5uTnlEur8BnjMwo9lVqY30ecNu/DZQFtQSvgMcDVd3SOGe1yQtds7E50oNvu75dwNCI Xs2fTNDvyZPmgLPt0ks1Et1wQIYKAkIiI9G5Z0+oP/S34f5mKPuj8for7m08v8ljV8nk 9Kjw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=YTtM5G6F; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=SdSMayhj; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=cMcBOqWC; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=UTnaiQjy; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-3e85233d7fesi1862663fac.317.2025.11.14.02.40.34 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Nov 2025 02:40:34 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=YTtM5G6F; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=SdSMayhj; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=cMcBOqWC; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=UTnaiQjy; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:Message-ID:Date:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Owner; bh=uhccBgabhz4wkE5jz2hTpZGUsYJ6j1d9hiP4ZE6F3pE=; b=YTtM5G6F8U10GnHaZF0lYXt7eZ 6q9bArGWiRtXrV/j7O/MyfgG30s/EU1UhpbUakLkh/oOf9Zi5skPbep21oY7iXh5lsWAvGxCxGo3S IW8ZsIAEJMSKyZctn2MMwRxk3IlfbxFpOxJK3jB9Im3rfT5Fqdrn62aKSBTQ/zWlbofc=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vJrEC-0003zT-Np; Fri, 14 Nov 2025 10:40:29 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vJrEB-0003zI-Ai for openvpn-devel@lists.sourceforge.net; Fri, 14 Nov 2025 10:40:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=QBrUQoTsdf3Bn48/pzidHYZKFxObGFfWu3Mx2wgUgnI=; b=SdSMayhjJuzyu+p9WJeZok/dJZ QKCSYocST8Wjs1z1fJvpZKFThvRBGa+lhlR6QfLPSuiVl8VpoexrztS4vuugRa/bJVgqzU+UgJSs+ 4vGjiaI9EhVDdzmrvicWnAe2Fd5vHWmPwAVOm43O5t4MEL3urACwtT3cinNhZNX8awi8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=QBrUQoTsdf3Bn48/pzidHYZKFxObGFfWu3Mx2wgUgnI=; b=c McBOqWCNzQ4ZhhGlURUzAed9EHa9ZlBOkgqmmTqVrKv+QB/90Hb/vtAEVQOX+eaPrHP8Dijw981fz F74+E0oxGOucCfjdB4Gc5pH6Q9bxif97bG1vNzNcyiY70KaG+Mo/HBqIZMKhLe9bJOYQ4NwBSHbgW Z4cXnWqbo76G5ufA=; Received: from mail-wr1-f50.google.com ([209.85.221.50]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1vJrEB-0002Xt-Hm for openvpn-devel@lists.sourceforge.net; Fri, 14 Nov 2025 10:40:28 +0000 Received: by mail-wr1-f50.google.com with SMTP id ffacd0b85a97d-42b312a089fso1045087f8f.2 for ; Fri, 14 Nov 2025 02:40:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandelbit.com; s=google; t=1763116816; x=1763721616; darn=lists.sourceforge.net; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=QBrUQoTsdf3Bn48/pzidHYZKFxObGFfWu3Mx2wgUgnI=; b=UTnaiQjyr59SPySIOcxdl1ufP182DaQfQvajIaS8OShE5DlEXiPMHi7zke2XMWTJEp oAnbdxG02BSaR5WU7RbjllSXHFWix9hyV2EKYVrce1jkIhNnEBvdJD1abNFBhqXOQ4dE 4CU3sbfPZv4sv6ERilTNZeD0+7fUKsLlO2/Ot0QgtVup18KFdCTRvsQtT24FzCZE36IE WzYuK9lPog949klsE/YS3RrFLiDmcBJJfw4Tn9AgqOGul3hHSn1WdWTbkySduS7TQJcc FYplye7NwGwQC/w7aqs8FYrdb6T6X3N7FQDcJ7B2Hg9h6dh7vycZuelV6yv/16Kq1/Xi JHoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763116816; x=1763721616; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=QBrUQoTsdf3Bn48/pzidHYZKFxObGFfWu3Mx2wgUgnI=; b=GoNTovHJPXqFKm8x4OLzd4GxBH68CMnOkp/Cf9RoxNdzrpctbJOHjlkqSvD7/9R2nB r1jlDUz8mnSBkxjJQBpiCE3NoxgiBxQwQTHTQx+Ew4vmce6xNyAuBJk+t5dp1knJ+Llb tNrTybyQx+wLwiZvmHyxMRrHtQ5QPwV8x8SPnMTjhXLF7pJmho/yxNpbgXUKKpJf96Ky +wwar1mnoNCWv7LsL3GGdQ5SOhDlZWtBAKnIdwLCmw6mxbcYyBE4biooe8D4XqA1tCOZ XQn4RWblQDBbo+BrskTY/wEA9dfE4eEM4UsRya/Cg7214eb1TFk+TBUU4ENqmYGyzXpn kQyQ== X-Gm-Message-State: AOJu0YxRJn7DQC7sOVH8cJN97R8AWhAa+74BCM1ZVoZCiXwSle/QwESy 4ky0RxwVeYUhtlHGIrMdRuYMTnkw+jjQV6u/OGqVlkqsf5FzJ/DDFfaYPOxsPhaZ9Ggq/NCvArS 1SFxHfqc= X-Gm-Gg: ASbGnct0tvsQroggxM06w50XFMrdokFb83XKFndIRyZTC8eQ40V666X2LApxJE0oLAq 7gfEh28U5OhNAnAbd/5c94Lmli4iCZ6eC6qqL/E6OZSo+yLeKNAIt71rNp5ksKzybSORf0G5+D4 qyZ9PugdtmJ94bKW2lVYRmaypZpLuw1JX6Rz1cktsk41U0+wCbRiYTya19gPsyDcSKJ8mG+SXnB BAWAW+gq8s3h2BmyWMXzxoOR6gKE1KdrhVGcPioODXOl31eqpNmg4Ut6ARPHZcuTRvFvDGydSSt qua7llVqnNvsyDD8jeIvLrdpdcisj7xkO2aZTdHxEhVzJ0k5RKoRcj5/eGYTQB3xRn81x9gYpPS 3nUzOaHaID8jbaL3wClnNJXcWSR1j4Tjaeb+/IfQ6IdAGO01trcf3AW1F4Z3ORTXAKLpZ6UFZ/q 5gTrSGFg== X-Received: by 2002:a05:6000:1449:b0:42b:3b45:7197 with SMTP id ffacd0b85a97d-42b59373353mr2537402f8f.42.1763116815639; Fri, 14 Nov 2025 02:40:15 -0800 (PST) Received: from fedora ([2a01:e11:600c:d1a0:3dc8:57d2:efb7:51a8]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-42b53e84a4fsm8863279f8f.11.2025.11.14.02.40.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 14 Nov 2025 02:40:15 -0800 (PST) From: Ralf Lici To: openvpn-devel@lists.sourceforge.net Date: Fri, 14 Nov 2025 11:39:40 +0100 Message-ID: <20251114103940.238076-1-ralf@mandelbit.com> X-Mailer: git-send-email 2.51.1 MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Send a netlink notification when a client updates its remote UDP endpoint. The notification includes the new IP address, port, and scope ID (for IPv6). Signed-off-by: Ralf Lici Signed-off-by: Antonio Quartulli --- Changes since v1: - correctly set return value for unsupported AF in ovpn_nl_peer_float_notify Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.50 listed in wl.mailspike.net] X-Headers-End: 1vJrEB-0002Xt-Hm Subject: [Openvpn-devel] [PATCH ovpn v2] ovpn: notify userspace on client float event X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli , Sabrina Dubroca Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1848761998204533648?= X-GMAIL-MSGID: =?utf-8?q?1848761998204533648?= Send a netlink notification when a client updates its remote UDP endpoint. The notification includes the new IP address, port, and scope ID (for IPv6). Signed-off-by: Ralf Lici Signed-off-by: Antonio Quartulli --- Changes since v1: - correctly set return value for unsupported AF in ovpn_nl_peer_float_notify Documentation/netlink/specs/ovpn.yaml | 6 ++ drivers/net/ovpn/netlink.c | 82 +++++++++++++++++++++ drivers/net/ovpn/netlink.h | 2 + drivers/net/ovpn/peer.c | 2 + include/uapi/linux/ovpn.h | 1 + tools/testing/selftests/net/ovpn/ovpn-cli.c | 3 + 6 files changed, 96 insertions(+) diff --git a/Documentation/netlink/specs/ovpn.yaml b/Documentation/netlink/specs/ovpn.yaml index 1b91045cee2e..0d0c028bf96f 100644 --- a/Documentation/netlink/specs/ovpn.yaml +++ b/Documentation/netlink/specs/ovpn.yaml @@ -502,6 +502,12 @@ operations: - ifindex - keyconf + - + name: peer-float-ntf + doc: Notification about a peer floating (changing its remote UDP endpoint) + notify: peer-get + mcgrp: peers + mcast-groups: list: - diff --git a/drivers/net/ovpn/netlink.c b/drivers/net/ovpn/netlink.c index fed0e46b32a3..3db056f4cd0a 100644 --- a/drivers/net/ovpn/netlink.c +++ b/drivers/net/ovpn/netlink.c @@ -1203,6 +1203,88 @@ int ovpn_nl_peer_del_notify(struct ovpn_peer *peer) return ret; } +/** + * ovpn_nl_float_peer_notify - notify userspace about peer floating + * @peer: the floated peer + * @ss: sockaddr representing the new remote endpoint + * + * Return: 0 on success or a negative error code otherwise + */ +int ovpn_nl_peer_float_notify(struct ovpn_peer *peer, + const struct sockaddr_storage *ss) +{ + struct ovpn_socket *sock; + struct sockaddr_in6 *sa6; + struct sockaddr_in *sa; + struct sk_buff *msg; + struct nlattr *attr; + int ret = -EMSGSIZE; + void *hdr; + + msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); + if (!msg) + return -ENOMEM; + + hdr = genlmsg_put(msg, 0, 0, &ovpn_nl_family, 0, + OVPN_CMD_PEER_FLOAT_NTF); + if (!hdr) { + ret = -ENOBUFS; + goto err_free_msg; + } + + if (nla_put_u32(msg, OVPN_A_IFINDEX, peer->ovpn->dev->ifindex)) + goto err_cancel_msg; + + attr = nla_nest_start(msg, OVPN_A_PEER); + if (!attr) + goto err_cancel_msg; + + if (nla_put_u32(msg, OVPN_A_PEER_ID, peer->id)) + goto err_cancel_msg; + + if (ss->ss_family == AF_INET) { + sa = (struct sockaddr_in *)ss; + if (nla_put_in_addr(msg, OVPN_A_PEER_REMOTE_IPV4, + sa->sin_addr.s_addr) || + nla_put_net16(msg, OVPN_A_PEER_REMOTE_PORT, sa->sin_port)) + goto err_cancel_msg; + } else if (ss->ss_family == AF_INET6) { + sa6 = (struct sockaddr_in6 *)ss; + if (nla_put_in6_addr(msg, OVPN_A_PEER_REMOTE_IPV6, + &sa6->sin6_addr) || + nla_put_u32(msg, OVPN_A_PEER_REMOTE_IPV6_SCOPE_ID, + sa6->sin6_scope_id) || + nla_put_net16(msg, OVPN_A_PEER_REMOTE_PORT, sa6->sin6_port)) + goto err_cancel_msg; + } else { + ret = -EAFNOSUPPORT; + goto err_cancel_msg; + } + + nla_nest_end(msg, attr); + genlmsg_end(msg, hdr); + + rcu_read_lock(); + sock = rcu_dereference(peer->sock); + if (!sock) { + ret = -EINVAL; + goto err_unlock; + } + genlmsg_multicast_netns(&ovpn_nl_family, sock_net(sock->sk), msg, + 0, OVPN_NLGRP_PEERS, GFP_ATOMIC); + rcu_read_unlock(); + + return 0; + +err_unlock: + rcu_read_unlock(); +err_cancel_msg: + genlmsg_cancel(msg, hdr); +err_free_msg: + nlmsg_free(msg); + return ret; +} + /** * ovpn_nl_key_swap_notify - notify userspace peer's key must be renewed * @peer: the peer whose key needs to be renewed diff --git a/drivers/net/ovpn/netlink.h b/drivers/net/ovpn/netlink.h index 8615dfc3c472..11ee7c681885 100644 --- a/drivers/net/ovpn/netlink.h +++ b/drivers/net/ovpn/netlink.h @@ -13,6 +13,8 @@ int ovpn_nl_register(void); void ovpn_nl_unregister(void); int ovpn_nl_peer_del_notify(struct ovpn_peer *peer); +int ovpn_nl_peer_float_notify(struct ovpn_peer *peer, + const struct sockaddr_storage *ss); int ovpn_nl_key_swap_notify(struct ovpn_peer *peer, u8 key_id); #endif /* _NET_OVPN_NETLINK_H_ */ diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c index 4bfcab0c8652..9ad50f1ac2c3 100644 --- a/drivers/net/ovpn/peer.c +++ b/drivers/net/ovpn/peer.c @@ -287,6 +287,8 @@ void ovpn_peer_endpoints_update(struct ovpn_peer *peer, struct sk_buff *skb) spin_unlock_bh(&peer->lock); + ovpn_nl_peer_float_notify(peer, &ss); + /* rehashing is required only in MP mode as P2P has one peer * only and thus there is no hashtable */ diff --git a/include/uapi/linux/ovpn.h b/include/uapi/linux/ovpn.h index 680d1522dc87..b3c9ff0a6849 100644 --- a/include/uapi/linux/ovpn.h +++ b/include/uapi/linux/ovpn.h @@ -99,6 +99,7 @@ enum { OVPN_CMD_KEY_SWAP, OVPN_CMD_KEY_SWAP_NTF, OVPN_CMD_KEY_DEL, + OVPN_CMD_PEER_FLOAT_NTF, __OVPN_CMD_MAX, OVPN_CMD_MAX = (__OVPN_CMD_MAX - 1) diff --git a/tools/testing/selftests/net/ovpn/ovpn-cli.c b/tools/testing/selftests/net/ovpn/ovpn-cli.c index 0a5226196a2e..064453d16fdd 100644 --- a/tools/testing/selftests/net/ovpn/ovpn-cli.c +++ b/tools/testing/selftests/net/ovpn/ovpn-cli.c @@ -1516,6 +1516,9 @@ static int ovpn_handle_msg(struct nl_msg *msg, void *arg) case OVPN_CMD_PEER_DEL_NTF: fprintf(stdout, "received CMD_PEER_DEL_NTF\n"); break; + case OVPN_CMD_PEER_FLOAT_NTF: + fprintf(stdout, "received CMD_PEER_FLOAT_NTF\n"); + break; case OVPN_CMD_KEY_SWAP_NTF: fprintf(stdout, "received CMD_KEY_SWAP_NTF\n"); break;