On Wed, 2 Oct 2024 at 10:03, Antonio Quartulli <anto...@openvpn.net> wrote:
>
> +definitions:
> +  -
> +    type: const
> +    name: nonce-tail-size
> +    value: 8
> +  -
> +    type: enum
> +    name: cipher-alg
> +    value-start: 0

value-start defaults to 0 for enum so this is unnecessary. Same for
the following enum definitions.

> +    entries: [ none, aes-gcm, chacha20-poly1305 ]
> +  -
> +    type: enum
> +    name: del-peer-reason
> +    value-start: 0
> +    entries: [ teardown, userspace, expired, transport-error, 
> transport-disconnect ]
> +  -
> +    type: enum
> +    name: key-slot
> +    value-start: 0
> +    entries: [ primary, secondary ]
> +  -
> +    type: enum
> +    name: mode
> +    value-start: 0
> +    entries: [ p2p, mp ]
> +

[...]

> +operations:
> +  list:
> +    -
> +      name: dev-new
> +      attribute-set: ovpn
> +      flags: [ admin-perm ]
> +      doc: Create a new interface of type ovpn
> +      do:
> +        request:
> +          attributes:
> +            - ifname
> +            - mode
> +        reply:
> +          attributes:
> +            - ifname
> +            - ifindex
> +    -
> +      name: dev-del
> +      attribute-set: ovpn
> +      flags: [ admin-perm ]
> +      doc: Delete existing interface of type ovpn
> +      do:
> +        pre: ovpn-nl-pre-doit
> +        post: ovpn-nl-post-doit
> +        request:
> +          attributes:
> +            - ifindex

There's no dev-get do/dump op. I think there should be one for
diagnostics and metrics.

> +    -
> +      name: key-new
> +      attribute-set: ovpn
> +      flags: [ admin-perm ]
> +      doc: Add a cipher key for a specific peer
> +      do:
> +        pre: ovpn-nl-pre-doit
> +        post: ovpn-nl-post-doit
> +        request:
> +          attributes:
> +            - ifindex
> +            - keyconf
> +    -
> +      name: key-swap
> +      attribute-set: ovpn
> +      flags: [ admin-perm ]
> +      doc: Swap primary and secondary session keys for a specific peer
> +      do:
> +        pre: ovpn-nl-pre-doit
> +        post: ovpn-nl-post-doit
> +        request:
> +          attributes:
> +            - ifindex
> +            - keyconf
> +    -
> +      name: key-swap-ntf
> +      notify: key-new

This doesn't work because key-new doesn't have a reply. You should
define it with an event: block instead. You can see the build errors
here:

make -C tools/net/ynl

CC ovpn-user.o
In file included from ovpn-user.c:8:
ovpn-user.h:1194:33: error: field ‘obj’ has incomplete type
 1194 |         struct ovpn_key_new_rsp obj __attribute__((aligned(8)));
      |                                 ^~~
ovpn-user.c:835:35: error: ‘ovpn_key_new_rsp_parse’ undeclared here
(not in a function); did you mean ‘ovpn_dev_new_rsp_parse’?
  835 |                 .cb             = ovpn_key_new_rsp_parse,
      |                                   ^~~~~~~~~~~~~~~~~~~~~~
      |                                   ovpn_dev_new_rsp_parse
make[1]: *** [Makefile:41: ovpn-user.o] Error 1

> +      doc: |
> +        Notification about key having exhausted its IV space and requiring
> +        renegotiation
> +      mcgrp: peers
> +    -
> +      name: key-del
> +      attribute-set: ovpn
> +      flags: [ admin-perm ]
> +      doc: Delete cipher key for a specific peer
> +      do:
> +        pre: ovpn-nl-pre-doit
> +        post: ovpn-nl-post-doit
> +        request:
> +          attributes:
> +            - ifindex
> +            - keyconf
> +
> +mcast-groups:
> +  list:
> +    -
> +      name: peers

Reply via email to