Hi, v1 added setup-time validation for userspace-provided sockets and TX-time checks for socket state that can still change after the socket is attached to ovpn.
In v1, ovpn_udp_send_skb consumed the error internally, so ovpn_encrypt_post could still update link TX stats and last_sent for a packet that was dropped before transmit. v2 propagates those errors back to the common TX completion path, so TX-side checks are handled as local transmit failures, not as successful handoff to the UDP stack. v2 also makes socket/remote address-family mismatches fatal for the peer. Those mismatches mean the peer can no longer transmit with the socket it was configured with, so keeping it around would just keep dropping packets. The peer deletion is deferred through a common transport-error work item, which is also reused by the TCP transport-error paths. The source-port-zero case is kept as drop+warning for now. It is still a broken socket state for ovpn TX, but it is not treated as a peer-fatal address-family mismatch in this series. Thanks, Ralf --- Changes since v1 https://lore.kernel.org/openvpn-devel/[email protected]/T/ - Add ratelimited warnings for TX-side socket state failures. - Propagate local UDP TX errors to ovpn_encrypt_post, so local drops do not update link TX stats or last_sent. - Delete peers with TRANSPORT_ERROR on UDP socket/remote address-family mismatches. - Add a common deferred transport-error deletion helper shared by TCP and UDP. - Clarify that netlink socket/remote validation is setup-time diagnostics; the TX path remains the runtime gate for mutable socket state. - Use a single READ_ONCE() snapshot of sk->sk_family in the netlink helper. - Fix the IPV6_V6ONLY typo. Ralf Lici (4): ovpn: avoid sending UDP packets with source port 0 ovpn: validate sockets before attaching peer transports ovpn: reject UDP remotes incompatible with socket family ovpn: recheck UDP socket family before transmit drivers/net/ovpn/io.c | 4 +- drivers/net/ovpn/netlink.c | 133 ++++++++++++++++++++++++++++--------- drivers/net/ovpn/peer.c | 19 ++++++ drivers/net/ovpn/peer.h | 5 +- drivers/net/ovpn/socket.c | 16 +++-- drivers/net/ovpn/tcp.c | 21 +----- drivers/net/ovpn/udp.c | 57 ++++++++++++---- drivers/net/ovpn/udp.h | 4 +- 8 files changed, 183 insertions(+), 76 deletions(-) -- 2.54.0 _______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
