From patchwork Fri May 29 13:15:01 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Baffo X-Patchwork-Id: 4990 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:b18b:b0:861:c897:cb9d with SMTP id x11csp432350mau; Fri, 29 May 2026 06:15:37 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ/AugdGGqyqPb+Huq1mHfhkdy471UZemJWhqbTG0gEOyN+vPGaTuULopNQwZ2B5hQD+Lz36fqpcpKE=@openvpn.net X-Received: by 2002:a05:6870:d28b:b0:42c:5ca:e7f7 with SMTP id 586e51a60fabf-43c8c74aca1mr1424303fac.23.1780060537607; Fri, 29 May 2026 06:15:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1780060537; cv=none; d=google.com; s=arc-20240605; b=XFZc1cgFE/BOzkRUR4lBv36Cc4tXhnzhWfXmtg8Nhtp8Aeirm9WCyqsSeS1u7CskpE gW3tEObFS8PR7rqBuoXf7icI5xQjHmTrka8VvFoLp2V6cfUsZFw/yRIpGrzWBsBixoRN /XGv+MRDfb0x5LRp0AyR63rSaW8GlhW9kHlowh2NxiuZQ4JI4KzenWQRfJrBtBywDYK2 s4jsgs63SUSAq5m6+OpNMdef19qqOss3XmBngzZ6a3URpcDeQBnuTDVJQtwHuZj9CcMI LyJl6011k/31D88iu8v1T77il9so7WogKK99rHhxavDa0EQtaSkYBfOnqvZJjDCAzdvF Fwbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature:dkim-signature; bh=oV7AGbrkVsgQQF21vBNbKraPSkNcmaN+tAog4eQr2mE=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=Uhokzl/PVoTZxk/ewBfSjfW/5ojrPN26smwx8OHcKBxODgkqrSwauXv4dO38lVKYCF QEmD5uud+gLmJnJC7Mw1WgOgIMR8siOjKHkdmZsOkwZkSa3d6HFHO7AWATnYLwjF0Bsf 89Je6FeCC0ztpTX0L6DVIjm0KrHbnEnmScAcrbuLMwqh5IA75hzhar5aB4LrjGwidWNn +kfRAu699zwqcUli4HCTklbwJyAcMGuuVuNS/FwFMen68yPjyp6RhSRViCW8oj8LEdzq uh21p/eTeCqhi7+sAiqsAO7eLxdbfyLpcDNcIJK+5HRm2CYLC+OLz+EU8jF2aN8VlSpj HBKw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=fiQ+TeXS; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="VhniQK/u"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="Q/O/7/Ct"; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=MBO0001 header.b=M9Iqb6Tw; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-43c9417debesi807042fac.271.2026.05.29.06.15.37 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 29 May 2026 06:15:37 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=fiQ+TeXS; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="VhniQK/u"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="Q/O/7/Ct"; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=MBO0001 header.b=M9Iqb6Tw; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:Message-ID:Date:To:From:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Owner; bh=oV7AGbrkVsgQQF21vBNbKraPSkNcmaN+tAog4eQr2mE=; b=fiQ+TeXSXRrR+qlu4cvIYog9Ko UJUZOYjhAH7rToYKwxqIZdjvt36Y35tePJwlc/fvGS+SaDFmppGFs7Jp8RrqNwVMhvnFDye29LYHw 7j/9OIvEfxZvDSRmSb95PRB8XlLZmkkNV0x2F20unB7+CsbSZ7YRIZg9vmM4NW3AmoSM=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wSx3h-0002Xe-TN; Fri, 29 May 2026 13:15:27 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wSx3f-0002XV-C2 for openvpn-devel@lists.sourceforge.net; Fri, 29 May 2026 13:15:25 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=tfxrEhu7Uhl4w4cpLt7FenRztHhVhApYxy7KxNna/1U=; b=VhniQK/uFaiE9y44VdUV1luJLJ GMHIo7iZJ0H4ZUPfiTk5YEtK+IIihPbTJjWrZcT3jOszETaj4v+xZngPGENt5qz5dwJodQ43cpiSi q0k0Lwe/hNStbWKCSbE18Vi0CrBXPSS+8Pm8Xuz2pWkgHkEI82x0QcJyBIB4LrdgRceg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=tfxrEhu7Uhl4w4cpLt7FenRztHhVhApYxy7KxNna/1U=; b=Q /O/7/CtElQoW8qNc8CyQNn431z+n/VGSOY48fR2j3ICifewUGmfQO07NrccqBO8P95RKyMggd6UUe 9OWpJH/xdhyUd1nJDe9tGgFJGAJxEQb1lRmnBnZITlvS9X7QeW2R9NzgMBiDw6611n/1pa6re3Qcx ZzCDQ4v1jfOB4bC4=; Received: from mout-b-201.mailbox.org ([195.10.208.61]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wSx3Z-0007ID-Ap for openvpn-devel@lists.sourceforge.net; Fri, 29 May 2026 13:15:24 +0000 Received: from smtp202.mailbox.org (smtp202.mailbox.org [10.196.197.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-b-201.mailbox.org (Postfix) with ESMTPS id 4gRkNr4cYxzDs15; Fri, 29 May 2026 15:15:08 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandelbit.com; s=MBO0001; t=1780060508; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=tfxrEhu7Uhl4w4cpLt7FenRztHhVhApYxy7KxNna/1U=; b=M9Iqb6TwdFe0cFAp2ALl+5EKTFY+wNMoH36T+8CutIoMTDlcHT77EPhRwpvO1z0K7Ir3Y4 ns0Xb1ccFSSboedSvtfYZ52pRzHs+OhEF3OoJknRCTscSIhJkJxVRac4aNNt/DZPTs29C0 6XVBfb/f/uyDoEPcPN3r+xEz7ZgePKy4JoBoqC847bcPDLzwCy5oYDP6BBpHxXcmpRqMpG mGbmbHizlDlbVvEbmxogZnE2+nOCy4Ajwdc+OQn1Ktg142kV8dK+d0bOymt7Y92r98CS6r VC/6rxMtJ3FgYLLCrBagcKWn3sqBwc0R2N5E+ovolcRTqf4eutPlzLln+m1MWA== From: Marco Baffo To: openvpn-devel@lists.sourceforge.net Date: Fri, 29 May 2026 15:15:01 +0200 Message-ID: <20260529131501.3923068-1-marco@mandelbit.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Replace ktime_get_real_seconds() with the monotonic ktime_get_boottime_seconds() to ensure the keepalive mechanism is robust against system clock modifications. Right now, the driver uses ktime_get_real_seconds() to track peer timeouts, relying on the system wall-clock. Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1wSx3Z-0007ID-Ap Subject: [Openvpn-devel] [RFC ovpn net] ovpn: use monotonic clock for peer keepalive timeouts X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1866528758446788332 X-GMAIL-MSGID: 1866528758446788332 Replace ktime_get_real_seconds() with the monotonic ktime_get_boottime_seconds() to ensure the keepalive mechanism is robust against system clock modifications. Right now, the driver uses ktime_get_real_seconds() to track peer timeouts, relying on the system wall-clock. An administrative time adjustment or an NTP sync that steps the clock forward can cause `now' to instantly exceed `last_recv + timeout'. When this occurs, the driver artificially expires healthy peers. Depending on the OpenVPN user-space configuration, this triggers a premature tunnel restart (if --keepalive or --ping-restart is used) or a complete disconnection of the client (if --ping-exit is used). Signed-off-by: Marco Baffo --- drivers/net/ovpn/io.c | 4 ++-- drivers/net/ovpn/peer.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/ovpn/io.c b/drivers/net/ovpn/io.c index 22c555dd962e..802d39ef38e5 100644 --- a/drivers/net/ovpn/io.c +++ b/drivers/net/ovpn/io.c @@ -142,7 +142,7 @@ void ovpn_decrypt_post(void *data, int ret) } /* keep track of last received authenticated packet for keepalive */ - WRITE_ONCE(peer->last_recv, ktime_get_real_seconds()); + WRITE_ONCE(peer->last_recv, ktime_get_boottime_seconds()); rcu_read_lock(); sock = rcu_dereference(peer->sock); @@ -294,7 +294,7 @@ void ovpn_encrypt_post(void *data, int ret) ovpn_peer_stats_increment_tx(&peer->link_stats, orig_len); /* keep track of last sent packet for keepalive */ - WRITE_ONCE(peer->last_sent, ktime_get_real_seconds()); + WRITE_ONCE(peer->last_sent, ktime_get_boottime_seconds()); /* skb passed down the stack - don't free it */ skb = NULL; err_unlock: diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c index c02dfab51a6e..ef1da9e03b5a 100644 --- a/drivers/net/ovpn/peer.c +++ b/drivers/net/ovpn/peer.c @@ -44,7 +44,7 @@ static void unlock_ovpn(struct ovpn_priv *ovpn, */ void ovpn_peer_keepalive_set(struct ovpn_peer *peer, u32 interval, u32 timeout) { - time64_t now = ktime_get_real_seconds(); + time64_t now = ktime_get_boottime_seconds(); netdev_dbg(peer->ovpn->dev, "scheduling keepalive for peer %u: interval=%u timeout=%u\n", @@ -1342,7 +1342,7 @@ void ovpn_peer_keepalive_work(struct work_struct *work) { struct ovpn_priv *ovpn = container_of(work, struct ovpn_priv, keepalive_work.work); - time64_t next_run = 0, now = ktime_get_real_seconds(); + time64_t next_run = 0, now = ktime_get_boottime_seconds(); LLIST_HEAD(release_list); spin_lock_bh(&ovpn->lock);