31 Oct
2024
31 Oct
'24
11:29 a.m.
2024-10-29, 11:47:22 +0100, Antonio Quartulli wrote:
+static int ovpn_udp_encap_recv(struct sock *sk, struct sk_buff *skb) +{
[...]
- opcode = ovpn_opcode_from_skb(skb, sizeof(struct udphdr));
- if (unlikely(opcode != OVPN_DATA_V2)) {
/* DATA_V1 is not supported */if (opcode == OVPN_DATA_V1)
The TCP encap code passes everything that's not V2 to userspace. Why not do that with UDP as well?
goto drop;/* unknown or control packet: let it bubble up to userspace */return 1;- }
- peer_id = ovpn_peer_id_from_skb(skb, sizeof(struct udphdr));
- /* some OpenVPN server implementations send data packets with the
* peer-id set to undef. In this case we skip the peer lookup by peer-id* and we try with the transport address*/- if (peer_id != OVPN_PEER_ID_UNDEF) {
peer = ovpn_peer_get_by_id(ovpn, peer_id);if (!peer) {net_err_ratelimited("%s: received data from unknown peer (id: %d)\n",__func__, peer_id);goto drop;}- }
- if (!peer) {
nit: that could be an "else" combined with the previous case?
/* data packet with undef peer-id */peer = ovpn_peer_get_by_transp_addr(ovpn, skb);if (unlikely(!peer)) {net_dbg_ratelimited("%s: received data with undef peer-id from unknown source\n",__func__);goto drop;}- }
--
Sabrina