From patchwork Tue May 26 23:18:49 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 4976 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:4ec9:b0:861:c897:cb9d with SMTP id i9csp36336mas; Tue, 26 May 2026 16:19:36 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ/SSkxbvEbY1IDWHgifBDMhmWGdZwkgR3Zrw+Xf1TnIPeOtLuE6/Y0uBJTZyGp6SL0Alt1E3Nv6JvM=@openvpn.net X-Received: by 2002:a05:6820:806:b0:69d:9e7c:cb52 with SMTP id 006d021491bc7-69d9e7cd005mr8430225eaf.59.1779837576160; Tue, 26 May 2026 16:19:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1779837576; cv=none; d=google.com; s=arc-20240605; b=iRo4fyE+QtSnD9nQw7Xk2OL/3MM8y1qq5hhudlv9o9gHR6cKYcCR0y0wO+Qx5XPpbZ uvL6fhDP+A2NywyPFxdR8EyjwRWJV7cugF9u9pZ4LCGgfaWMt0qnuPngsv8teqDm1HkL fYXH0uZ1ECl7jR+TFmTQ38U0F24ivmUi5ldgjwjBq9IsgjF06Lx+CDodtJndCY7TywFt haPR+tQ1jnV9Tf8ek+rUv5vI/M5ArrSEqew7/P9wK+4NXYspRwZL1fDovG8h6th/D+VM yY++tDvE4F/K3RHqOiB3Gzm8FslAR6N1Ro9DcRFFxg5Ue3uXh2JX5T3qsU+724zZH4i/ X8eQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=t1ZTKnxNlJ21b8DnJVy3g2SCl09PIytM7iPDmSMLlyA=; fh=BsMg/B0Yb/hS/rzP5Npz4luh0IleZm8REk1XWiWRt2A=; b=Btf1fFRrgZoN9wQqqaWdFv0kEWD5bjsA9PCRs7+GwZKeRe0N6AKEZgiwn4BQo647Hd kzN3OtEf4qx39V2EtxEo/jCKgxhti3zhx+XEVQrEJGMB60LVHVx1VAESwTAIi/1j0QL/ ZCrsexxOzkNlKbdgjMLzYvZhtUNWNlyfIQ3Ko/LF6Ntdee4kge2T1xDMmACy3ZyTF5w/ dceZjngGbcxO85hE2DEtKxIGZR1oUEJJCiDO2sYgc0g5WGsaRC/6RzU6g5a7WVKK1iO8 fARAPoQ4ZBdqCyLpViE3/mZQyD4ouq1iiBhlCq+6r4YReaS19M3wM+vsgKOZ8cPyrqRb 8DWg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b="UV/uhjAY"; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=FTA5zVUE; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=UweqFdhS; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=G4XGiEjT; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-43b63bd9f2fsi11861950fac.227.2026.05.26.16.19.35 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 May 2026 16:19:36 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b="UV/uhjAY"; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=FTA5zVUE; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=UweqFdhS; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=G4XGiEjT; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=t1ZTKnxNlJ21b8DnJVy3g2SCl09PIytM7iPDmSMLlyA=; b=UV/uhjAYF2WaI1QrGltFFkW5Sf gdKXR4XX+5r4BZW72uETNEN7EbuYDGzirs+RMyfntm8Vj31MvmKBsnUh0+/gf5Y5OE9456mzrdLof DwrsDXsGVCdK+NkNuJeLnHDVQDVs7wZCV4DVYR27gN+zlOwbkDKpqQ7pAqVi3Z1p2kYY=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wS13Z-0002rj-VB; Tue, 26 May 2026 23:19:30 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wS13W-0002pt-RY for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 23:19:27 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=JHZVWxjay4RYYLB6BWpD0tHu23AweFOcnfRMIKrXRfY=; b=FTA5zVUEuqfHWJDc5dE/PjE6uK fdNCIWX05jAGjPqsg6F8r7t2OP8iNvplWSkWSz0bJapFgZqfMzIq5/WU06VdUVjKrX5S/8OXwsZS7 jOF3D55iaThc2iFwkE97lnHVQTdXDam+3mvYt3OmfsvMHWlMuBHoEJHWbweDkslXcxoU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=JHZVWxjay4RYYLB6BWpD0tHu23AweFOcnfRMIKrXRfY=; b=UweqFdhS1r/ZdoBuI3q1yPPuD6 g+emnjgDopW6Ga9b9eLLNqi+CxsVWk/ZpV8nTFloJqJfSjRLznno85KLA/ayoFoeHK9Sn78GA3Yr4 2RF9y6/llD6XK/SF/Qb81QVg6h0o42q4X2UzBfIjXtthpNlCSKLb0xhBCWWTnrUHIWmA=; Received: from mout-p-202.mailbox.org ([80.241.56.172]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wS13I-0000UG-MG for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 23:19:13 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [IPv6:2001:67c:2050:b231:465::102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4gQ7x03JKwz9tdV; Wed, 27 May 2026 01:19:00 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unstable.cc; s=MBO0001; t=1779837540; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JHZVWxjay4RYYLB6BWpD0tHu23AweFOcnfRMIKrXRfY=; b=G4XGiEjTU+kpv5H4JFvnY9p7HVZ2m7aK92ue9PPZlgCB5SGT4LGOnIvFyaHQxQkUId5OJu E0LQWzFxla4Duk8K4pGf0nfvcGZE3WVUf/yry7gEza3BurhKGAbbOTw+bW40PMNRsDZWJg kFjVobOPRSAqUIOctldudWIBLfIzjHssz8X429xS08fJlVxc69NR1gbPfvvlPauQCyxIA+ pzSdVvucsRmEJlN2tN0gzFUp/+bUPuXEZsJkWnZEYL0VOaDjvUGoLQZEq15RX/iS8LWVI8 +IoHVXZGUyzAK5ERg9X1HSdHhsvIGm+yfztREF2c5HqNEW/OvMpXE9Fo0/E4TQ== Authentication-Results: outgoing_mbo_mout; dkim=none; spf=pass (outgoing_mbo_mout: domain of a@unstable.cc designates 2001:67c:2050:b231:465::102 as permitted sender) smtp.mailfrom=a@unstable.cc From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 27 May 2026 01:18:49 +0200 Message-ID: <20260526231850.2511369-8-a@unstable.cc> In-Reply-To: <20260526231850.2511369-1-a@unstable.cc> References: <20260526231850.2511369-1-a@unstable.cc> MIME-Version: 1.0 X-Rspamd-Queue-Id: 4gQ7x03JKwz9tdV X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli ovpn_mp_alloc() tried to disable SEND_REDIRECTS on a multipeer interface, but it runs from ovpn_net_init() (->ndo_init), which register_netdevice() invokes before the NETDEV_REGISTER notifier chain. T [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1wS13I-0000UG-MG Subject: [Openvpn-devel] [PATCH ovpn net 8/9] ovpn: disable IPv4 redirects on MP interface after registration X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1866294966113976790 X-GMAIL-MSGID: 1866294966113976790 From: Antonio Quartulli ovpn_mp_alloc() tried to disable SEND_REDIRECTS on a multipeer interface, but it runs from ovpn_net_init() (->ndo_init), which register_netdevice() invokes before the NETDEV_REGISTER notifier chain. The IPv4 in_device is only created when that notifier reaches inetdev_event() -> inetdev_init(), so __in_dev_get_rtnl() always returned NULL at ndo_init time and the whole redirect-disabling block (both the per-device and the per-netns IPV4_DEVCONF_ALL write) was dead. MP interfaces therefore kept emitting ICMP redirects. Move the redirect-disabling to ovpn_newlink(), right after a successful register_netdevice(): at that point the NETDEV_REGISTER notifier has run and the in_device exists, and RTNL is held by the newlink path so __in_dev_get_rtnl() is safe. A successful register_netdevice() guarantees the in_device was created (otherwise the notifier would have failed and registration rolled back), so the in_device check is now a real guard rather than dead code. The peer-table allocation stays in ovpn_mp_alloc()/->ndo_init, where it belongs (it does not depend on the in_device and is freed in ->ndo_uninit). Fixes: 05003b408c20 ("ovpn: implement multi-peer support") Signed-off-by: Antonio Quartulli --- drivers/net/ovpn/main.c | 41 ++++++++++++++++++++++++++--------------- 1 file changed, 26 insertions(+), 15 deletions(-) diff --git a/drivers/net/ovpn/main.c b/drivers/net/ovpn/main.c index 9993c1dfe471..a881510aaac0 100644 --- a/drivers/net/ovpn/main.c +++ b/drivers/net/ovpn/main.c @@ -35,25 +35,11 @@ static void ovpn_priv_free(struct net_device *net) static int ovpn_mp_alloc(struct ovpn_priv *ovpn) { - struct in_device *dev_v4; int i; if (ovpn->mode != OVPN_MODE_MP) return 0; - dev_v4 = __in_dev_get_rtnl(ovpn->dev); - if (dev_v4) { - /* disable redirects as Linux gets confused by ovpn - * handling same-LAN routing. - * This happens because a multipeer interface is used as - * relay point between hosts in the same subnet, while - * in a classic LAN this would not be needed because the - * two hosts would be able to talk directly. - */ - IN_DEV_CONF_SET(dev_v4, SEND_REDIRECTS, false); - IPV4_DEVCONF_ALL(dev_net(ovpn->dev), SEND_REDIRECTS) = false; - } - /* the peer container is fairly large, therefore we allocate it only in * MP mode */ @@ -183,6 +169,8 @@ static int ovpn_newlink(struct net_device *dev, struct ovpn_priv *ovpn = netdev_priv(dev); struct nlattr **data = params->data; enum ovpn_mode mode = OVPN_MODE_P2P; + struct in_device *dev_v4; + int ret; if (data && data[IFLA_OVPN_MODE]) { mode = nla_get_u8(data[IFLA_OVPN_MODE]); @@ -207,7 +195,30 @@ static int ovpn_newlink(struct net_device *dev, else netif_carrier_off(dev); - return register_netdevice(dev); + ret = register_netdevice(dev); + if (ret < 0) + return ret; + + /* The IPv4 in_device is created by the NETDEV_REGISTER notifier, which + * fires inside register_netdevice() above, so this cannot be done + * earlier (e.g. in ndo_init). RTNL is held by the newlink path. + */ + if (ovpn->mode == OVPN_MODE_MP) { + dev_v4 = __in_dev_get_rtnl(dev); + if (dev_v4) { + /* disable redirects as Linux gets confused by ovpn + * handling same-LAN routing. + * This happens because a multipeer interface is used as + * relay point between hosts in the same subnet, while + * in a classic LAN this would not be needed because the + * two hosts would be able to talk directly. + */ + IN_DEV_CONF_SET(dev_v4, SEND_REDIRECTS, false); + IPV4_DEVCONF_ALL(dev_net(dev), SEND_REDIRECTS) = false; + } + } + + return 0; } static int ovpn_fill_info(struct sk_buff *skb, const struct net_device *dev)