On Wed, 2 Oct 2024 at 10:03, Antonio Quartulli <anto...@openvpn.net> wrote: > > +definitions: > + - > + type: const > + name: nonce-tail-size > + value: 8 > + - > + type: enum > + name: cipher-alg > + value-start: 0
value-start defaults to 0 for enum so this is unnecessary. Same for the following enum definitions. > + entries: [ none, aes-gcm, chacha20-poly1305 ] > + - > + type: enum > + name: del-peer-reason > + value-start: 0 > + entries: [ teardown, userspace, expired, transport-error, > transport-disconnect ] > + - > + type: enum > + name: key-slot > + value-start: 0 > + entries: [ primary, secondary ] > + - > + type: enum > + name: mode > + value-start: 0 > + entries: [ p2p, mp ] > + [...] > +operations: > + list: > + - > + name: dev-new > + attribute-set: ovpn > + flags: [ admin-perm ] > + doc: Create a new interface of type ovpn > + do: > + request: > + attributes: > + - ifname > + - mode > + reply: > + attributes: > + - ifname > + - ifindex > + - > + name: dev-del > + attribute-set: ovpn > + flags: [ admin-perm ] > + doc: Delete existing interface of type ovpn > + do: > + pre: ovpn-nl-pre-doit > + post: ovpn-nl-post-doit > + request: > + attributes: > + - ifindex There's no dev-get do/dump op. I think there should be one for diagnostics and metrics. > + - > + name: key-new > + attribute-set: ovpn > + flags: [ admin-perm ] > + doc: Add a cipher key for a specific peer > + do: > + pre: ovpn-nl-pre-doit > + post: ovpn-nl-post-doit > + request: > + attributes: > + - ifindex > + - keyconf > + - > + name: key-swap > + attribute-set: ovpn > + flags: [ admin-perm ] > + doc: Swap primary and secondary session keys for a specific peer > + do: > + pre: ovpn-nl-pre-doit > + post: ovpn-nl-post-doit > + request: > + attributes: > + - ifindex > + - keyconf > + - > + name: key-swap-ntf > + notify: key-new This doesn't work because key-new doesn't have a reply. You should define it with an event: block instead. You can see the build errors here: make -C tools/net/ynl CC ovpn-user.o In file included from ovpn-user.c:8: ovpn-user.h:1194:33: error: field ‘obj’ has incomplete type 1194 | struct ovpn_key_new_rsp obj __attribute__((aligned(8))); | ^~~ ovpn-user.c:835:35: error: ‘ovpn_key_new_rsp_parse’ undeclared here (not in a function); did you mean ‘ovpn_dev_new_rsp_parse’? 835 | .cb = ovpn_key_new_rsp_parse, | ^~~~~~~~~~~~~~~~~~~~~~ | ovpn_dev_new_rsp_parse make[1]: *** [Makefile:41: ovpn-user.o] Error 1 > + doc: | > + Notification about key having exhausted its IV space and requiring > + renegotiation > + mcgrp: peers > + - > + name: key-del > + attribute-set: ovpn > + flags: [ admin-perm ] > + doc: Delete cipher key for a specific peer > + do: > + pre: ovpn-nl-pre-doit > + post: ovpn-nl-post-doit > + request: > + attributes: > + - ifindex > + - keyconf > + > +mcast-groups: > + list: > + - > + name: peers