On 03/12/2024 15:58, Paolo Abeni wrote:
On 12/2/24 16:07, Antonio Quartulli wrote:
@@ -286,6 +292,31 @@ struct ovpn_peer *ovpn_peer_get_by_dst(struct ovpn_priv *ovpn,
return peer;
}
+/**
+ * ovpn_peer_check_by_src - check that skb source is routed via peer
+ * @ovpn: the openvpn instance to search
+ * @skb: the packet to extract source address from
+ * @peer: the peer to check against the source address
+ *
+ * Return: true if the peer is matching or false otherwise
+ */
+bool ovpn_peer_check_by_src(struct ovpn_priv *ovpn, struct sk_buff *skb,
+ struct ovpn_peer *peer)
+{
+ bool match = false;
+
+ if (ovpn->mode == OVPN_MODE_P2P) {
+ /* in P2P mode, no matter the destination, packets are always
+ * sent to the single peer listening on the other side
+ */
+ rcu_read_lock();
+ match = (peer == rcu_dereference(ovpn->peer));
+ rcu_read_unlock();
Here you are not dereferencing ovpn->peer, so you can use
rcu_access_pointer() instead and avoid the rcu_read_lock/unlock() pair.
I see - thanks for pointing this out!
Will switch to rcu_access_pointer().
Regards,
--
Antonio Quartulli
OpenVPN Inc.
