From patchwork Mon Jun 8 14:06:42 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Baffo X-Patchwork-Id: 5013 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:bc1d:b0:861:c897:cb9d with SMTP id jc29csp1909369mab; Mon, 8 Jun 2026 07:07:02 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ/QXb0VCw/jLBstTgZjJNKsdJzyLNfWzCY/sPHWrhmvqy4G8oJyd08psnV0NVV/V6A2f0Rmlb5sWyo=@openvpn.net X-Received: by 2002:a05:6820:760d:b0:69d:95d8:ca02 with SMTP id 006d021491bc7-69e68b5f6d2mr6656265eaf.14.1780927622025; Mon, 08 Jun 2026 07:07:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1780927622; cv=none; d=google.com; s=arc-20240605; b=IPuXa35Vxu0JKd973NnQ/LnNI0ZS8xeKv5GbI8enWdgy6alhgJ16kqyl/nHRVojXit 5TDJ11kLYKjOzgzV2At3u+wJUUw3IOHLRecgqZjHRkN3M5xpHgZURzCa06W90AyuAipu 2Td6LWxr1iQxKcyyVH2saa3FPzTyyI0qbg7xC9z8/F+S7p4LupW2iO8i2kVfixABiAJj ejjowYEMNs/UXAEgc0OZXAYFOC1OAumcHyb7/NntVah4tOLpF/DwHddBPscJGAtm7INV hh+c+SVFRadAbTZpX/s2WnQR8sdDpDlWPATTg9j++PXPzheRGf2IzEdOux5tJWHej2wr 3s5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature:dkim-signature; bh=oV7AGbrkVsgQQF21vBNbKraPSkNcmaN+tAog4eQr2mE=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=F5fP7UOO45G74GkaEhi5E/8Pv2UUv1hVK/R3PIEVSdu3HI2x9J1aevqIj0kLhZy5aH Y/g6L5WlPhPh+oqP4uhouiGMgC1Zacd+V9yCFmeAFnJhPTlHfL3yFLlmSWE+kOhNFp8n yycuKE08vLxoyYUOTFQbBjMT0B2t5tfG/iwjx3x+g24IvVPoPnFHfTnyTITVF3dD8tIG E0GYOGgcLEr/7tB7ac6ojo/HeAala7FkotqBcZCm6vIubBqoBBKEUZccMrounj25jqGf pw+SoKr5mEuRkiZYD4oKFdp6KG/R6S57qyLXNFZSBwqdDUBJIRBrSx9kuf/XSZ068RlO mpgA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=kqxMZIs8; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=hjvSpqCP; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=DKldtXUa; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=MBO0001 header.b=DJXjcVad; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-69e462a5bd7si10527542eaf.32.2026.06.08.07.07.01 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Jun 2026 07:07:02 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=kqxMZIs8; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=hjvSpqCP; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=DKldtXUa; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=MBO0001 header.b=DJXjcVad; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:Message-ID:Date:To:From:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Owner; bh=oV7AGbrkVsgQQF21vBNbKraPSkNcmaN+tAog4eQr2mE=; b=kqxMZIs8XPp5OtuieusDc9mnUA KA6Todw/T1/LGMw0BL/x/m0cfGdiplfCjsZhJqyvnqf0FGxHzu4hxkZ2Mg87cplDbucRA+4IXbDVz 1l9E+mbzzI9W9oqWmMKxtlMzwUgxI9lPUKY0DnjlZxzQJq9oHMHDrjSTVKP7uQQatFEA=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wWad0-0001xH-5D; Mon, 08 Jun 2026 14:06:58 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wWacz-0001x8-8S for openvpn-devel@lists.sourceforge.net; Mon, 08 Jun 2026 14:06:57 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=tfxrEhu7Uhl4w4cpLt7FenRztHhVhApYxy7KxNna/1U=; b=hjvSpqCPmdXyP/EhQT5D73QPoT qf8vSnVjlchCpAVdzn6ZnFti97zxaHsAKmI7CTbJas6PxEl1/yRYJW9hjqAejBlfAH4E1Hu38dT/l 2jFH0NeF3QUWkI8udCQnBcxFf7z9c9gmLzkRVbFSg4Q//oQmYeuVzVQ6Z0Ig9j8Hv27k=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=tfxrEhu7Uhl4w4cpLt7FenRztHhVhApYxy7KxNna/1U=; b=D KldtXUa+lgMWGtAf9ZZOJD5PT6PKWLNMo//caGoT9Psrn3Fov3piC1lQkVOxjq6oFrTtvAvkGFGAA LZ6utPw8VLETOBVsInAfx/F6qpPvNj7RNq6ohDrfJCM7q1WTJWvm42opqarS84grL3hnxLly3q7Q1 +zg1XQbJbwsu4GdU=; Received: from mout-b-202.mailbox.org ([195.10.208.62]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wWacx-0000IN-Pd for openvpn-devel@lists.sourceforge.net; Mon, 08 Jun 2026 14:06:57 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [10.196.197.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-b-202.mailbox.org (Postfix) with ESMTPS id 4gYv3r2y8NzDs2S; Mon, 8 Jun 2026 16:06:48 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandelbit.com; s=MBO0001; t=1780927608; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=tfxrEhu7Uhl4w4cpLt7FenRztHhVhApYxy7KxNna/1U=; b=DJXjcVadmPeSkWcOgyfrvlS5mRdOLFjMFTYDCcY7M6D42gaG/E6LgSxaAd6xUe9m+XMtOv OYm32D3qKMykpu66XhTpCaw0yDGOpYAQq133GwN9DrNMSFEMIWks22VPSHayIcewsyNyiw iDZ7L4muzzcRE8839spCQt3kmfjPQ53xVMvKfuvZjAckcHeTTKPsEbOvu6J4Lu9LPrMe3b hmkIoU5g9Dp9ezCJXehL8FnSrv0eSGSlun0EKjbj33swl5mpk6D+WSpq1ZHJFUmv//ZKYw AAZn6BLMHHm+0lx8tALPoFITEsSR4Tz8PdHkkfOd3Ge0nXe34LtINs1rq0dKiQ== From: Marco Baffo To: openvpn-devel@lists.sourceforge.net Date: Mon, 8 Jun 2026 16:06:42 +0200 Message-ID: <20260608140642.546546-1-marco@mandelbit.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Replace ktime_get_real_seconds() with the monotonic ktime_get_boottime_seconds() to ensure the keepalive mechanism is robust against system clock modifications. Right now, the driver uses ktime_get_real_seconds() to track peer timeouts, relying on the system wall-clock. Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1wWacx-0000IN-Pd Subject: [Openvpn-devel] [PATCH ovpn net] ovpn: use monotonic clock for peer keepalive timeouts X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1867437962301784288 X-GMAIL-MSGID: 1867437962301784288 Replace ktime_get_real_seconds() with the monotonic ktime_get_boottime_seconds() to ensure the keepalive mechanism is robust against system clock modifications. Right now, the driver uses ktime_get_real_seconds() to track peer timeouts, relying on the system wall-clock. An administrative time adjustment or an NTP sync that steps the clock forward can cause `now' to instantly exceed `last_recv + timeout'. When this occurs, the driver artificially expires healthy peers. Depending on the OpenVPN user-space configuration, this triggers a premature tunnel restart (if --keepalive or --ping-restart is used) or a complete disconnection of the client (if --ping-exit is used). Signed-off-by: Marco Baffo --- drivers/net/ovpn/io.c | 4 ++-- drivers/net/ovpn/peer.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/ovpn/io.c b/drivers/net/ovpn/io.c index 22c555dd962e..802d39ef38e5 100644 --- a/drivers/net/ovpn/io.c +++ b/drivers/net/ovpn/io.c @@ -142,7 +142,7 @@ void ovpn_decrypt_post(void *data, int ret) } /* keep track of last received authenticated packet for keepalive */ - WRITE_ONCE(peer->last_recv, ktime_get_real_seconds()); + WRITE_ONCE(peer->last_recv, ktime_get_boottime_seconds()); rcu_read_lock(); sock = rcu_dereference(peer->sock); @@ -294,7 +294,7 @@ void ovpn_encrypt_post(void *data, int ret) ovpn_peer_stats_increment_tx(&peer->link_stats, orig_len); /* keep track of last sent packet for keepalive */ - WRITE_ONCE(peer->last_sent, ktime_get_real_seconds()); + WRITE_ONCE(peer->last_sent, ktime_get_boottime_seconds()); /* skb passed down the stack - don't free it */ skb = NULL; err_unlock: diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c index c02dfab51a6e..ef1da9e03b5a 100644 --- a/drivers/net/ovpn/peer.c +++ b/drivers/net/ovpn/peer.c @@ -44,7 +44,7 @@ static void unlock_ovpn(struct ovpn_priv *ovpn, */ void ovpn_peer_keepalive_set(struct ovpn_peer *peer, u32 interval, u32 timeout) { - time64_t now = ktime_get_real_seconds(); + time64_t now = ktime_get_boottime_seconds(); netdev_dbg(peer->ovpn->dev, "scheduling keepalive for peer %u: interval=%u timeout=%u\n", @@ -1342,7 +1342,7 @@ void ovpn_peer_keepalive_work(struct work_struct *work) { struct ovpn_priv *ovpn = container_of(work, struct ovpn_priv, keepalive_work.work); - time64_t next_run = 0, now = ktime_get_real_seconds(); + time64_t next_run = 0, now = ktime_get_boottime_seconds(); LLIST_HEAD(release_list); spin_lock_bh(&ovpn->lock);