linux/drivers/net/ovpn/skb.h

/* SPDX-License-Identifier: GPL-2.0-only */
/*  OpenVPN data channel offload
 *
 *  Copyright (C) 2020-2025 OpenVPN, Inc.
 *
 *  Author:	Antonio Quartulli <antonio@openvpn.net>
 *		James Yonan <james@openvpn.net>
 */

#ifndef _NET_OVPN_SKB_H_
#define _NET_OVPN_SKB_H_

#include <linux/in.h>
#include <linux/in6.h>
#include <linux/ip.h>
#include <linux/ipv6.h>
#include <linux/skbuff.h>
#include <linux/socket.h>
#include <linux/types.h>

struct ovpn_cb {
	struct ovpn_peer *peer;
	struct ovpn_crypto_key_slot *ks;
	struct aead_request *req;
	struct scatterlist *sg;
	u8 *iv;
	unsigned int payload_offset;
	bool nosignal;
};

static inline struct ovpn_cb *ovpn_skb_cb(struct sk_buff *skb)
{
	BUILD_BUG_ON(sizeof(struct ovpn_cb) > sizeof(skb->cb));
	return (struct ovpn_cb *)skb->cb;
}

/* Return IP protocol version from skb header.
 * Return 0 if protocol is not IPv4/IPv6 or cannot be read.
 */
static inline __be16 ovpn_ip_check_protocol(struct sk_buff *skb)
{
	__be16 proto = 0;

	/* skb could be non-linear,
	 * make sure IP header is in non-fragmented part
	 */
	if (!pskb_network_may_pull(skb, sizeof(struct iphdr)))
		return 0;

	if (ip_hdr(skb)->version == 4) {
		proto = htons(ETH_P_IP);
	} else if (ip_hdr(skb)->version == 6) {
		if (!pskb_network_may_pull(skb, sizeof(struct ipv6hdr)))
			return 0;
		proto = htons(ETH_P_IPV6);
	}

	return proto;
}

#endif /* _NET_OVPN_SKB_H_ */
ovpn: implement basic TX path (UDP) Packets sent over the ovpn interface are processed and transmitted to the connected peer, if any. Implementation is UDP only. TCP will be added by a later patch. Note: no crypto/encapsulation exists yet. Packets are just captured and sent. Signed-off-by: Antonio Quartulli <antonio@openvpn.net> Link: https://patch.msgid.link/20250415-b4-ovpn-v26-7-577f6097b964@openvpn.net Reviewed-by: Sabrina Dubroca <sd@queasysnail.net> Tested-by: Oleksandr Natalenko <oleksandr@natalenko.name> Signed-off-by: Paolo Abeni <pabeni@redhat.com> 2025-04-15 13:17:24 +02:00			`/* SPDX-License-Identifier: GPL-2.0-only */`
			`/* OpenVPN data channel offload`
			`*`
			`* Copyright (C) 2020-2025 OpenVPN, Inc.`
			`*`
			`* Author: Antonio Quartulli <antonio@openvpn.net>`
			`* James Yonan <james@openvpn.net>`
			`*/`

			`#ifndef _NET_OVPN_SKB_H_`
			`#define _NET_OVPN_SKB_H_`

			`#include <linux/in.h>`
			`#include <linux/in6.h>`
			`#include <linux/ip.h>`
			`#include <linux/ipv6.h>`
			`#include <linux/skbuff.h>`
			`#include <linux/socket.h>`
			`#include <linux/types.h>`

			`struct ovpn_cb {`
			`struct ovpn_peer *peer;`
ovpn: implement packet processing This change implements encryption/decryption and encapsulation/decapsulation of OpenVPN packets. Support for generic crypto state is added along with a wrapper for the AEAD crypto kernel API. Signed-off-by: Antonio Quartulli <antonio@openvpn.net> Link: https://patch.msgid.link/20250415-b4-ovpn-v26-9-577f6097b964@openvpn.net Reviewed-by: Sabrina Dubroca <sd@queasysnail.net> Tested-by: Oleksandr Natalenko <oleksandr@natalenko.name> Signed-off-by: Paolo Abeni <pabeni@redhat.com> 2025-04-15 13:17:26 +02:00			`struct ovpn_crypto_key_slot *ks;`
			`struct aead_request *req;`
			`struct scatterlist *sg;`
			`u8 *iv;`
			`unsigned int payload_offset;`
ovpn: add support for MSG_NOSIGNAL in tcp_sendmsg Userspace may want to pass the MSG_NOSIGNAL flag to tcp_sendmsg() in order to avoid generating a SIGPIPE. To pass this flag down the TCP stack a new skb sending API accepting a flags argument is introduced. Cc: Eric Dumazet <edumazet@google.com> Cc: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Antonio Quartulli <antonio@openvpn.net> Link: https://patch.msgid.link/20250415-b4-ovpn-v26-13-577f6097b964@openvpn.net Reviewed-by: Sabrina Dubroca <sd@queasysnail.net> Tested-by: Oleksandr Natalenko <oleksandr@natalenko.name> Signed-off-by: Paolo Abeni <pabeni@redhat.com> 2025-04-15 13:17:30 +02:00			`bool nosignal;`
ovpn: implement basic TX path (UDP) Packets sent over the ovpn interface are processed and transmitted to the connected peer, if any. Implementation is UDP only. TCP will be added by a later patch. Note: no crypto/encapsulation exists yet. Packets are just captured and sent. Signed-off-by: Antonio Quartulli <antonio@openvpn.net> Link: https://patch.msgid.link/20250415-b4-ovpn-v26-7-577f6097b964@openvpn.net Reviewed-by: Sabrina Dubroca <sd@queasysnail.net> Tested-by: Oleksandr Natalenko <oleksandr@natalenko.name> Signed-off-by: Paolo Abeni <pabeni@redhat.com> 2025-04-15 13:17:24 +02:00			`};`

			`static inline struct ovpn_cb ovpn_skb_cb(struct sk_buff skb)`
			`{`
			`BUILD_BUG_ON(sizeof(struct ovpn_cb) > sizeof(skb->cb));`
			`return (struct ovpn_cb *)skb->cb;`
			`}`

			`/* Return IP protocol version from skb header.`
			`* Return 0 if protocol is not IPv4/IPv6 or cannot be read.`
			`*/`
			`static inline __be16 ovpn_ip_check_protocol(struct sk_buff *skb)`
			`{`
			`__be16 proto = 0;`

			`/* skb could be non-linear,`
			`* make sure IP header is in non-fragmented part`
			`*/`
			`if (!pskb_network_may_pull(skb, sizeof(struct iphdr)))`
			`return 0;`

			`if (ip_hdr(skb)->version == 4) {`
			`proto = htons(ETH_P_IP);`
			`} else if (ip_hdr(skb)->version == 6) {`
			`if (!pskb_network_may_pull(skb, sizeof(struct ipv6hdr)))`
			`return 0;`
			`proto = htons(ETH_P_IPV6);`
			`}`

			`return proto;`
			`}`

			`#endif /* _NET_OVPN_SKB_H_ */`