| Message ID | 20240304150914.11444-15-antonio@openvpn.net (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | Introducing OpenVPN Data Channel Offload | expand |
On Mon, Mar 04, 2024 at 04:09:05PM +0100, Antonio Quartulli wrote: > In a multi-peer scenario there are a number of situations when a > specific peer needs to be looked up. > > We may want to lookup a peer by: > 1. its ID > 2. its VPN destination IP > 3. its tranport IP/port couple nit: transport checkpatch.pl --codespell is your friend here. > For each of the above, there is a specific routing table referencing all > peers for fast look up. > > Case 2. is a bit special in the sense that an outgoing packet may not be > sent to the peer VPN IP directly, but rather to a network behind it. For > this reason we first perform a nexthop lookup in the system routing > table and then we use the retrieved nexthop as peer search key. > > Signed-off-by: Antonio Quartulli <antonio@openvpn.net> ... > +/** > + * ovpn_nexthop_lookup4() - looks up the IP of the nexthop for the given destination > + * > + * Looks up in the IPv4 system routing table the IP of the nexthop to be used > + * to reach the destination passed as argument. If no nexthop can be found, the > + * destination itself is returned as it probably has to be used as nexthop. > + * > + * @ovpn: the private data representing the current VPN session > + * @dst: the destination to be looked up I think you need to document @src instead of @dst here. > + * > + * Return the IP of the next hop if found or the dst itself otherwise > + */ > +static __be32 ovpn_nexthop_lookup4(struct ovpn_struct *ovpn, __be32 src) > +{ > + struct rtable *rt; > + struct flowi4 fl = { > + .daddr = src > + }; > + > + rt = ip_route_output_flow(dev_net(ovpn->dev), &fl, NULL); > + if (IS_ERR(rt)) { > + net_dbg_ratelimited("%s: no nexthop found for %pI4\n", ovpn->dev->name, &src); > + /* if we end up here this packet is probably going to be > + * thrown away later > + */ > + return src; > + } > + > + if (!rt->rt_uses_gateway) > + goto out; > + > + src = rt->rt_gw4; > +out: > + return src; > +} > + > +/** > + * ovpn_nexthop_lookup6() - looks up the IPv6 of the nexthop for the given destination > + * > + * Looks up in the IPv6 system routing table the IP of the nexthop to be used > + * to reach the destination passed as argument. If no nexthop can be found, the > + * destination itself is returned as it probably has to be used as nexthop. > + * > + * @ovpn: the private data representing the current VPN session > + * @dst: the destination to be looked up And here. > + * > + * Return the IP of the next hop if found or the dst itself otherwise > + */ > +static struct in6_addr ovpn_nexthop_lookup6(struct ovpn_struct *ovpn, struct in6_addr addr) > +{ > +#if IS_ENABLED(CONFIG_IPV6) > + struct rt6_info *rt; > + struct flowi6 fl = { > + .daddr = addr, > + }; > + > + rt = (struct rt6_info *)ipv6_stub->ipv6_dst_lookup_flow(dev_net(ovpn->dev), NULL, &fl, > + NULL); > + if (IS_ERR(rt)) { > + net_dbg_ratelimited("%s: no nexthop found for %pI6\n", ovpn->dev->name, &addr); > + /* if we end up here this packet is probably going to be thrown away later */ > + return addr; > + } > + > + if (rt->rt6i_flags & RTF_GATEWAY) > + addr = rt->rt6i_gateway; > + > + dst_release((struct dst_entry *)rt); > +#endif > + return addr; > +} ...
Hi Antonio, kernel test robot noticed the following build warnings: [auto build test WARNING on net-next/main] url: https://github.com/intel-lab-lkp/linux/commits/Antonio-Quartulli/netlink-add-NLA_POLICY_MAX_LEN-macro/20240304-232835 base: net-next/main patch link: https://lore.kernel.org/r/20240304150914.11444-15-antonio%40openvpn.net patch subject: [PATCH net-next v2 14/22] ovpn: implement peer lookup logic config: sh-allmodconfig (https://download.01.org/0day-ci/archive/20240306/202403060715.DDWfl06q-lkp@intel.com/config) compiler: sh4-linux-gcc (GCC) 13.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240306/202403060715.DDWfl06q-lkp@intel.com/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202403060715.DDWfl06q-lkp@intel.com/ All warnings (new ones prefixed by >>): >> drivers/net/ovpn/peer.c:289: warning: Function parameter or struct member 'src' not described in 'ovpn_nexthop_lookup4' >> drivers/net/ovpn/peer.c:289: warning: Excess function parameter 'dst' description in 'ovpn_nexthop_lookup4' >> drivers/net/ovpn/peer.c:325: warning: Function parameter or struct member 'addr' not described in 'ovpn_nexthop_lookup6' >> drivers/net/ovpn/peer.c:325: warning: Excess function parameter 'dst' description in 'ovpn_nexthop_lookup6' vim +289 drivers/net/ovpn/peer.c 275 276 /** 277 * ovpn_nexthop_lookup4() - looks up the IP of the nexthop for the given destination 278 * 279 * Looks up in the IPv4 system routing table the IP of the nexthop to be used 280 * to reach the destination passed as argument. If no nexthop can be found, the 281 * destination itself is returned as it probably has to be used as nexthop. 282 * 283 * @ovpn: the private data representing the current VPN session 284 * @dst: the destination to be looked up 285 * 286 * Return the IP of the next hop if found or the dst itself otherwise 287 */ 288 static __be32 ovpn_nexthop_lookup4(struct ovpn_struct *ovpn, __be32 src) > 289 { 290 struct rtable *rt; 291 struct flowi4 fl = { 292 .daddr = src 293 }; 294 295 rt = ip_route_output_flow(dev_net(ovpn->dev), &fl, NULL); 296 if (IS_ERR(rt)) { 297 net_dbg_ratelimited("%s: no nexthop found for %pI4\n", ovpn->dev->name, &src); 298 /* if we end up here this packet is probably going to be 299 * thrown away later 300 */ 301 return src; 302 } 303 304 if (!rt->rt_uses_gateway) 305 goto out; 306 307 src = rt->rt_gw4; 308 out: 309 return src; 310 } 311 312 /** 313 * ovpn_nexthop_lookup6() - looks up the IPv6 of the nexthop for the given destination 314 * 315 * Looks up in the IPv6 system routing table the IP of the nexthop to be used 316 * to reach the destination passed as argument. If no nexthop can be found, the 317 * destination itself is returned as it probably has to be used as nexthop. 318 * 319 * @ovpn: the private data representing the current VPN session 320 * @dst: the destination to be looked up 321 * 322 * Return the IP of the next hop if found or the dst itself otherwise 323 */ 324 static struct in6_addr ovpn_nexthop_lookup6(struct ovpn_struct *ovpn, struct in6_addr addr) > 325 { 326 #if IS_ENABLED(CONFIG_IPV6) 327 struct rt6_info *rt; 328 struct flowi6 fl = { 329 .daddr = addr, 330 }; 331 332 rt = (struct rt6_info *)ipv6_stub->ipv6_dst_lookup_flow(dev_net(ovpn->dev), NULL, &fl, 333 NULL); 334 if (IS_ERR(rt)) { 335 net_dbg_ratelimited("%s: no nexthop found for %pI6\n", ovpn->dev->name, &addr); 336 /* if we end up here this packet is probably going to be thrown away later */ 337 return addr; 338 } 339 340 if (rt->rt6i_flags & RTF_GATEWAY) 341 addr = rt->rt6i_gateway; 342 343 dst_release((struct dst_entry *)rt); 344 #endif 345 return addr; 346 } 347
On 05/03/2024 16:16, Simon Horman wrote: > On Mon, Mar 04, 2024 at 04:09:05PM +0100, Antonio Quartulli wrote: >> In a multi-peer scenario there are a number of situations when a >> specific peer needs to be looked up. >> >> We may want to lookup a peer by: >> 1. its ID >> 2. its VPN destination IP >> 3. its tranport IP/port couple > > nit: transport > > checkpatch.pl --codespell is your friend here. Thanks for this hint too! > >> For each of the above, there is a specific routing table referencing all >> peers for fast look up. >> >> Case 2. is a bit special in the sense that an outgoing packet may not be >> sent to the peer VPN IP directly, but rather to a network behind it. For >> this reason we first perform a nexthop lookup in the system routing >> table and then we use the retrieved nexthop as peer search key. >> >> Signed-off-by: Antonio Quartulli <antonio@openvpn.net> > > ... > >> +/** >> + * ovpn_nexthop_lookup4() - looks up the IP of the nexthop for the given destination >> + * >> + * Looks up in the IPv4 system routing table the IP of the nexthop to be used >> + * to reach the destination passed as argument. If no nexthop can be found, the >> + * destination itself is returned as it probably has to be used as nexthop. >> + * >> + * @ovpn: the private data representing the current VPN session >> + * @dst: the destination to be looked up > > I think you need to document @src instead of @dst here. Right > >> + * >> + * Return the IP of the next hop if found or the dst itself otherwise >> + */ >> +static __be32 ovpn_nexthop_lookup4(struct ovpn_struct *ovpn, __be32 src) >> +{ >> + struct rtable *rt; >> + struct flowi4 fl = { >> + .daddr = src >> + }; >> + >> + rt = ip_route_output_flow(dev_net(ovpn->dev), &fl, NULL); >> + if (IS_ERR(rt)) { >> + net_dbg_ratelimited("%s: no nexthop found for %pI4\n", ovpn->dev->name, &src); >> + /* if we end up here this packet is probably going to be >> + * thrown away later >> + */ >> + return src; >> + } >> + >> + if (!rt->rt_uses_gateway) >> + goto out; >> + >> + src = rt->rt_gw4; >> +out: >> + return src; >> +} >> + >> +/** >> + * ovpn_nexthop_lookup6() - looks up the IPv6 of the nexthop for the given destination >> + * >> + * Looks up in the IPv6 system routing table the IP of the nexthop to be used >> + * to reach the destination passed as argument. If no nexthop can be found, the >> + * destination itself is returned as it probably has to be used as nexthop. >> + * >> + * @ovpn: the private data representing the current VPN session >> + * @dst: the destination to be looked up > > And here. Right. > >> + * >> + * Return the IP of the next hop if found or the dst itself otherwise >> + */ >> +static struct in6_addr ovpn_nexthop_lookup6(struct ovpn_struct *ovpn, struct in6_addr addr) >> +{ >> +#if IS_ENABLED(CONFIG_IPV6) >> + struct rt6_info *rt; >> + struct flowi6 fl = { >> + .daddr = addr, >> + }; >> + >> + rt = (struct rt6_info *)ipv6_stub->ipv6_dst_lookup_flow(dev_net(ovpn->dev), NULL, &fl, >> + NULL); >> + if (IS_ERR(rt)) { >> + net_dbg_ratelimited("%s: no nexthop found for %pI6\n", ovpn->dev->name, &addr); >> + /* if we end up here this packet is probably going to be thrown away later */ >> + return addr; >> + } >> + >> + if (rt->rt6i_flags & RTF_GATEWAY) >> + addr = rt->rt6i_gateway; >> + >> + dst_release((struct dst_entry *)rt); >> +#endif >> + return addr; >> +} > > ... Thanks a lot. Regards,
Hi Antonio,
kernel test robot noticed the following build warnings:
[auto build test WARNING on net-next/main]
url: https://github.com/intel-lab-lkp/linux/commits/Antonio-Quartulli/netlink-add-NLA_POLICY_MAX_LEN-macro/20240304-232835
base: net-next/main
patch link: https://lore.kernel.org/r/20240304150914.11444-15-antonio%40openvpn.net
patch subject: [PATCH net-next v2 14/22] ovpn: implement peer lookup logic
config: sparc-randconfig-r051-20240309 (https://download.01.org/0day-ci/archive/20240309/202403091859.HD1Dnk2H-lkp@intel.com/config)
compiler: sparc-linux-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240309/202403091859.HD1Dnk2H-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202403091859.HD1Dnk2H-lkp@intel.com/
All warnings (new ones prefixed by >>):
drivers/net/ovpn/peer.c: In function 'ovpn_nexthop_from_rt6':
drivers/net/ovpn/peer.c:170:24: error: invalid use of undefined type 'struct rt6_info'
170 | if (!rt || !(rt->rt6i_flags & RTF_GATEWAY))
| ^~
drivers/net/ovpn/peer.c:173:18: error: invalid use of undefined type 'struct rt6_info'
173 | return rt->rt6i_gateway;
| ^~
>> drivers/net/ovpn/peer.c:174:1: warning: control reaches end of non-void function [-Wreturn-type]
174 | }
| ^
vim +174 drivers/net/ovpn/peer.c
165
166 static struct in6_addr ovpn_nexthop_from_rt6(struct sk_buff *skb)
167 {
168 struct rt6_info *rt = (struct rt6_info *)skb_rtable(skb);
169
> 170 if (!rt || !(rt->rt6i_flags & RTF_GATEWAY))
171 return ipv6_hdr(skb)->daddr;
172
173 return rt->rt6i_gateway;
> 174 }
175
diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c index 6c2c6877d539..acef27b1ca5d 100644 --- a/drivers/net/ovpn/peer.c +++ b/drivers/net/ovpn/peer.c @@ -153,6 +153,69 @@ void ovpn_peer_release_kref(struct kref *kref) queue_work(peer->ovpn->events_wq, &peer->delete_work); } +static __be32 ovpn_nexthop_from_rt4(struct sk_buff *skb) +{ + struct rtable *rt = skb_rtable(skb); + + if (rt && rt->rt_uses_gateway) + return rt->rt_gw4; + + return ip_hdr(skb)->daddr; +} + +static struct in6_addr ovpn_nexthop_from_rt6(struct sk_buff *skb) +{ + struct rt6_info *rt = (struct rt6_info *)skb_rtable(skb); + + if (!rt || !(rt->rt6i_flags & RTF_GATEWAY)) + return ipv6_hdr(skb)->daddr; + + return rt->rt6i_gateway; +} + +static struct ovpn_peer *ovpn_peer_lookup_vpn_addr4(struct hlist_head *head, __be32 *addr) +{ + struct ovpn_peer *tmp, *peer = NULL; + + rcu_read_lock(); + hlist_for_each_entry_rcu(tmp, head, hash_entry_addr4) { + if (*addr != tmp->vpn_addrs.ipv4.s_addr) + continue; + + if (!ovpn_peer_hold(tmp)) + continue; + + peer = tmp; + break; + } + rcu_read_unlock(); + + return peer; +} + +static struct ovpn_peer *ovpn_peer_lookup_vpn_addr6(struct hlist_head *head, struct in6_addr *addr) +{ + struct ovpn_peer *tmp, *peer = NULL; + int i; + + rcu_read_lock(); + hlist_for_each_entry_rcu(tmp, head, hash_entry_addr6) { + for (i = 0; i < 4; i++) { + if (addr->s6_addr32[i] != tmp->vpn_addrs.ipv6.s6_addr32[i]) + continue; + } + + if (!ovpn_peer_hold(tmp)) + continue; + + peer = tmp; + break; + } + rcu_read_unlock(); + + return peer; +} + /** * ovpn_peer_lookup_by_dst() - Lookup peer to send skb to * @@ -170,6 +233,11 @@ void ovpn_peer_release_kref(struct kref *kref) struct ovpn_peer *ovpn_peer_lookup_by_dst(struct ovpn_struct *ovpn, struct sk_buff *skb) { struct ovpn_peer *tmp, *peer = NULL; + struct hlist_head *head; + sa_family_t sa_fam; + struct in6_addr addr6; + __be32 addr4; + u32 index; /* in P2P mode, no matter the destination, packets are always sent to the single peer * listening on the other side @@ -180,14 +248,111 @@ struct ovpn_peer *ovpn_peer_lookup_by_dst(struct ovpn_struct *ovpn, struct sk_bu if (likely(tmp && ovpn_peer_hold(tmp))) peer = tmp; rcu_read_unlock(); + return peer; + } + + sa_fam = skb_protocol_to_family(skb); + + switch (sa_fam) { + case AF_INET: + addr4 = ovpn_nexthop_from_rt4(skb); + index = ovpn_peer_index(ovpn->peers.by_vpn_addr, &addr4, sizeof(addr4)); + head = &ovpn->peers.by_vpn_addr[index]; + + peer = ovpn_peer_lookup_vpn_addr4(head, &addr4); + break; + case AF_INET6: + addr6 = ovpn_nexthop_from_rt6(skb); + index = ovpn_peer_index(ovpn->peers.by_vpn_addr, &addr6, sizeof(addr6)); + head = &ovpn->peers.by_vpn_addr[index]; + + peer = ovpn_peer_lookup_vpn_addr6(head, &addr6); + break; } return peer; } +/** + * ovpn_nexthop_lookup4() - looks up the IP of the nexthop for the given destination + * + * Looks up in the IPv4 system routing table the IP of the nexthop to be used + * to reach the destination passed as argument. If no nexthop can be found, the + * destination itself is returned as it probably has to be used as nexthop. + * + * @ovpn: the private data representing the current VPN session + * @dst: the destination to be looked up + * + * Return the IP of the next hop if found or the dst itself otherwise + */ +static __be32 ovpn_nexthop_lookup4(struct ovpn_struct *ovpn, __be32 src) +{ + struct rtable *rt; + struct flowi4 fl = { + .daddr = src + }; + + rt = ip_route_output_flow(dev_net(ovpn->dev), &fl, NULL); + if (IS_ERR(rt)) { + net_dbg_ratelimited("%s: no nexthop found for %pI4\n", ovpn->dev->name, &src); + /* if we end up here this packet is probably going to be + * thrown away later + */ + return src; + } + + if (!rt->rt_uses_gateway) + goto out; + + src = rt->rt_gw4; +out: + return src; +} + +/** + * ovpn_nexthop_lookup6() - looks up the IPv6 of the nexthop for the given destination + * + * Looks up in the IPv6 system routing table the IP of the nexthop to be used + * to reach the destination passed as argument. If no nexthop can be found, the + * destination itself is returned as it probably has to be used as nexthop. + * + * @ovpn: the private data representing the current VPN session + * @dst: the destination to be looked up + * + * Return the IP of the next hop if found or the dst itself otherwise + */ +static struct in6_addr ovpn_nexthop_lookup6(struct ovpn_struct *ovpn, struct in6_addr addr) +{ +#if IS_ENABLED(CONFIG_IPV6) + struct rt6_info *rt; + struct flowi6 fl = { + .daddr = addr, + }; + + rt = (struct rt6_info *)ipv6_stub->ipv6_dst_lookup_flow(dev_net(ovpn->dev), NULL, &fl, + NULL); + if (IS_ERR(rt)) { + net_dbg_ratelimited("%s: no nexthop found for %pI6\n", ovpn->dev->name, &addr); + /* if we end up here this packet is probably going to be thrown away later */ + return addr; + } + + if (rt->rt6i_flags & RTF_GATEWAY) + addr = rt->rt6i_gateway; + + dst_release((struct dst_entry *)rt); +#endif + return addr; +} + struct ovpn_peer *ovpn_peer_lookup_by_src(struct ovpn_struct *ovpn, struct sk_buff *skb) { struct ovpn_peer *tmp, *peer = NULL; + struct hlist_head *head; + sa_family_t sa_fam; + struct in6_addr addr6; + __be32 addr4; + u32 index; /* in P2P mode, no matter the destination, packets are always sent to the single peer * listening on the other side @@ -198,35 +363,29 @@ struct ovpn_peer *ovpn_peer_lookup_by_src(struct ovpn_struct *ovpn, struct sk_bu if (likely(tmp && ovpn_peer_hold(tmp))) peer = tmp; rcu_read_unlock(); + return peer; } - return peer; -} + sa_fam = skb_protocol_to_family(skb); -static bool ovpn_peer_skb_to_sockaddr(struct sk_buff *skb, struct sockaddr_storage *ss) -{ - struct sockaddr_in6 *sa6; - struct sockaddr_in *sa4; - - ss->ss_family = skb_protocol_to_family(skb); - switch (ss->ss_family) { + switch (sa_fam) { case AF_INET: - sa4 = (struct sockaddr_in *)ss; - sa4->sin_family = AF_INET; - sa4->sin_addr.s_addr = ip_hdr(skb)->saddr; - sa4->sin_port = udp_hdr(skb)->source; + addr4 = ovpn_nexthop_lookup4(ovpn, ip_hdr(skb)->saddr); + index = ovpn_peer_index(ovpn->peers.by_vpn_addr, &addr4, sizeof(addr4)); + head = &ovpn->peers.by_vpn_addr[index]; + + peer = ovpn_peer_lookup_vpn_addr4(head, &addr4); break; case AF_INET6: - sa6 = (struct sockaddr_in6 *)ss; - sa6->sin6_family = AF_INET6; - sa6->sin6_addr = ipv6_hdr(skb)->saddr; - sa6->sin6_port = udp_hdr(skb)->source; + addr6 = ovpn_nexthop_lookup6(ovpn, ipv6_hdr(skb)->saddr); + index = ovpn_peer_index(ovpn->peers.by_vpn_addr, &addr6, sizeof(addr6)); + head = &ovpn->peers.by_vpn_addr[index]; + + peer = ovpn_peer_lookup_vpn_addr6(head, &addr6); break; - default: - return false; } - return true; + return peer; } static bool ovpn_peer_transp_match(struct ovpn_peer *peer, struct sockaddr_storage *ss) @@ -277,16 +436,74 @@ static struct ovpn_peer *ovpn_peer_lookup_transp_addr_p2p(struct ovpn_struct *ov return peer; } +static bool ovpn_peer_skb_to_sockaddr(struct sk_buff *skb, struct sockaddr_storage *ss) +{ + struct sockaddr_in6 *sa6; + struct sockaddr_in *sa4; + + ss->ss_family = skb_protocol_to_family(skb); + switch (ss->ss_family) { + case AF_INET: + sa4 = (struct sockaddr_in *)ss; + sa4->sin_family = AF_INET; + sa4->sin_addr.s_addr = ip_hdr(skb)->saddr; + sa4->sin_port = udp_hdr(skb)->source; + break; + case AF_INET6: + sa6 = (struct sockaddr_in6 *)ss; + sa6->sin6_family = AF_INET6; + sa6->sin6_addr = ipv6_hdr(skb)->saddr; + sa6->sin6_port = udp_hdr(skb)->source; + break; + default: + return false; + } + + return true; +} + struct ovpn_peer *ovpn_peer_lookup_transp_addr(struct ovpn_struct *ovpn, struct sk_buff *skb) { - struct ovpn_peer *peer = NULL; + struct ovpn_peer *tmp, *peer = NULL; struct sockaddr_storage ss = { 0 }; + struct hlist_head *head; + size_t sa_len; + bool found; + u32 index; if (unlikely(!ovpn_peer_skb_to_sockaddr(skb, &ss))) return NULL; if (ovpn->mode == OVPN_MODE_P2P) - peer = ovpn_peer_lookup_transp_addr_p2p(ovpn, &ss); + return ovpn_peer_lookup_transp_addr_p2p(ovpn, &ss); + + switch (ss.ss_family) { + case AF_INET: + sa_len = sizeof(struct sockaddr_in); + break; + case AF_INET6: + sa_len = sizeof(struct sockaddr_in6); + break; + default: + return NULL; + } + + index = ovpn_peer_index(ovpn->peers.by_transp_addr, &ss, sa_len); + head = &ovpn->peers.by_transp_addr[index]; + + rcu_read_lock(); + hlist_for_each_entry_rcu(tmp, head, hash_entry_transp_addr) { + found = ovpn_peer_transp_match(tmp, &ss); + if (!found) + continue; + + if (!ovpn_peer_hold(tmp)) + continue; + + peer = tmp; + break; + } + rcu_read_unlock(); return peer; } @@ -306,10 +523,28 @@ static struct ovpn_peer *ovpn_peer_lookup_id_p2p(struct ovpn_struct *ovpn, u32 p struct ovpn_peer *ovpn_peer_lookup_id(struct ovpn_struct *ovpn, u32 peer_id) { - struct ovpn_peer *peer = NULL; + struct ovpn_peer *tmp, *peer = NULL; + struct hlist_head *head; + u32 index; if (ovpn->mode == OVPN_MODE_P2P) - peer = ovpn_peer_lookup_id_p2p(ovpn, peer_id); + return ovpn_peer_lookup_id_p2p(ovpn, peer_id); + + index = ovpn_peer_index(ovpn->peers.by_id, &peer_id, sizeof(peer_id)); + head = &ovpn->peers.by_id[index]; + + rcu_read_lock(); + hlist_for_each_entry_rcu(tmp, head, hash_entry_id) { + if (tmp->id != peer_id) + continue; + + if (!ovpn_peer_hold(tmp)) + continue; + + peer = tmp; + break; + } + rcu_read_unlock(); return peer; }
In a multi-peer scenario there are a number of situations when a specific peer needs to be looked up. We may want to lookup a peer by: 1. its ID 2. its VPN destination IP 3. its tranport IP/port couple For each of the above, there is a specific routing table referencing all peers for fast look up. Case 2. is a bit special in the sense that an outgoing packet may not be sent to the peer VPN IP directly, but rather to a network behind it. For this reason we first perform a nexthop lookup in the system routing table and then we use the retrieved nexthop as peer search key. Signed-off-by: Antonio Quartulli <antonio@openvpn.net> --- drivers/net/ovpn/peer.c | 283 ++++++++++++++++++++++++++++++++++++---- 1 file changed, 259 insertions(+), 24 deletions(-)