diff mbox series

[Openvpn-devel,net,v2] ovpn: use monotonic clock for peer keepalive timers

Message ID 20260610182439.63305-1-marco@mandelbit.com
State New
Headers
Series [Openvpn-devel,net,v2] ovpn: use monotonic clock for peer keepalive timers |

Commit Message

Marco Baffo June 10, 2026, 6:24 p.m. UTC 
  Replace ktime_get_real_seconds() with ktime_get_seconds() so that
peer keepalive timeouts are calculated against a monotonic clock
instead of wall-clock time.

Because the driver currently uses CLOCK_REALTIME, an administrative
settimeofday() or an NTP step adjustment that moves the clock forward
can cause now to exceed last_recv + timeout instantly. This artificially
expires healthy peers and, depending on userspace configuration, can
trigger a premature tunnel restart (--keepalive / --ping-restart) or
client disconnection (--ping-exit). At the same time a backward step
can delay the detection of dead peers.

Switching to ktime_get_seconds() avoid both issues.

Fixes: 411f445fe91d ("ovpn: implement keepalive mechanism")
Signed-off-by: Marco Baffo <marco@mandelbit.com>
---
Changes in v2:
Use ktime_get_seconds() instead of ktime_get_boottime_seconds()

 drivers/net/ovpn/io.c   | 4 ++--
 drivers/net/ovpn/peer.c | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)
diff mbox series

Patch

diff --git a/drivers/net/ovpn/io.c b/drivers/net/ovpn/io.c
index a6b777a9c2d9..d0b8f7b95995 100644
--- a/drivers/net/ovpn/io.c
+++ b/drivers/net/ovpn/io.c
@@ -142,7 +142,7 @@  void ovpn_decrypt_post(void *data, int ret)
 	}
 
 	/* keep track of last received authenticated packet for keepalive */
-	WRITE_ONCE(peer->last_recv, ktime_get_real_seconds());
+	WRITE_ONCE(peer->last_recv, ktime_get_seconds());
 
 	rcu_read_lock();
 	sock = rcu_dereference(peer->sock);
@@ -294,7 +294,7 @@  void ovpn_encrypt_post(void *data, int ret)
 
 	ovpn_peer_stats_increment_tx(&peer->link_stats, orig_len);
 	/* keep track of last sent packet for keepalive */
-	WRITE_ONCE(peer->last_sent, ktime_get_real_seconds());
+	WRITE_ONCE(peer->last_sent, ktime_get_seconds());
 	/* skb passed down the stack - don't free it */
 	skb = NULL;
 err_unlock:
diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c
index a09d61296425..caee56cd399a 100644
--- a/drivers/net/ovpn/peer.c
+++ b/drivers/net/ovpn/peer.c
@@ -44,7 +44,7 @@  static void unlock_ovpn(struct ovpn_priv *ovpn,
  */
 void ovpn_peer_keepalive_set(struct ovpn_peer *peer, u32 interval, u32 timeout)
 {
-	time64_t now = ktime_get_real_seconds();
+	time64_t now = ktime_get_seconds();
 
 	netdev_dbg(peer->ovpn->dev,
 		   "scheduling keepalive for peer %u: interval=%u timeout=%u\n",
@@ -1357,7 +1357,7 @@  void ovpn_peer_keepalive_work(struct work_struct *work)
 {
 	struct ovpn_priv *ovpn = container_of(work, struct ovpn_priv,
 					      keepalive_work.work);
-	time64_t next_run = 0, now = ktime_get_real_seconds();
+	time64_t next_run = 0, now = ktime_get_seconds();
 	LLIST_HEAD(release_list);
 
 	spin_lock_bh(&ovpn->lock);