2024-10-29, 11:47:30 +0100, Antonio Quartulli wrote:
> +static int ovpn_peer_reset_sockaddr(struct ovpn_peer *peer,
> + const struct sockaddr_storage *ss,
> + const u8 *local_ip)
> + __must_hold(&peer->lock)
> +{
> + struct ovpn_bind *bind;
> + size_t ip_len;
> +
> + /* create new ovpn_bind object */
> + bind = ovpn_bind_from_sockaddr(ss);
> + if (IS_ERR(bind))
> + return PTR_ERR(bind);
> +
> + if (local_ip) {
> + if (ss->ss_family == AF_INET) {
> + ip_len = sizeof(struct in_addr);
> + } else if (ss->ss_family == AF_INET6) {
> + ip_len = sizeof(struct in6_addr);
> + } else {
> + netdev_dbg(peer->ovpn->dev, "%s: invalid family for remote endpoint\n",
> + __func__);
ratelimited since that can be triggered from packet processing?
[...]
> +void ovpn_peer_float(struct ovpn_peer *peer, struct sk_buff *skb)
> +{
[...]
> +
> + switch (family) {
> + case AF_INET:
> + sa = (struct sockaddr_in *)&ss;
> + sa->sin_family = AF_INET;
> + sa->sin_addr.s_addr = ip_hdr(skb)->saddr;
> + sa->sin_port = udp_hdr(skb)->source;
> + salen = sizeof(*sa);
> + break;
> + case AF_INET6:
> + sa6 = (struct sockaddr_in6 *)&ss;
> + sa6->sin6_family = AF_INET6;
> + sa6->sin6_addr = ipv6_hdr(skb)->saddr;
> + sa6->sin6_port = udp_hdr(skb)->source;
> + sa6->sin6_scope_id = ipv6_iface_scope_id(&ipv6_hdr(skb)->saddr,
> + skb->skb_iif);
> + salen = sizeof(*sa6);
> + break;
> + default:
> + goto unlock;
> + }
> +
> + netdev_dbg(peer->ovpn->dev, "%s: peer %d floated to %pIScp", __func__,
%u for peer->id?
and ratelimited too, probably.
(also in ovpn_peer_update_local_endpoint in the previous patch)
> + peer->id, &ss);
> + ovpn_peer_reset_sockaddr(peer, (struct sockaddr_storage *)&ss,
> + local_ip);
skip the rehash if this fails? peer->bind will still be the old one so
moving it to the new hash chain won't help (the lookup will fail).
--
Sabrina
