2024-10-29, 11:47:22 +0100, Antonio Quartulli wrote:
> +static int ovpn_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
> +{
[...]
> +     opcode = ovpn_opcode_from_skb(skb, sizeof(struct udphdr));
> +     if (unlikely(opcode != OVPN_DATA_V2)) {
> +             /* DATA_V1 is not supported */
> +             if (opcode == OVPN_DATA_V1)

The TCP encap code passes everything that's not V2 to userspace. Why
not do that with UDP as well?

> +                     goto drop;
> +
> +             /* unknown or control packet: let it bubble up to userspace */
> +             return 1;
> +     }
> +
> +     peer_id = ovpn_peer_id_from_skb(skb, sizeof(struct udphdr));
> +     /* some OpenVPN server implementations send data packets with the
> +      * peer-id set to undef. In this case we skip the peer lookup by peer-id
> +      * and we try with the transport address
> +      */
> +     if (peer_id != OVPN_PEER_ID_UNDEF) {
> +             peer = ovpn_peer_get_by_id(ovpn, peer_id);
> +             if (!peer) {
> +                     net_err_ratelimited("%s: received data from unknown 
> peer (id: %d)\n",
> +                                         __func__, peer_id);
> +                     goto drop;
> +             }
> +     }
> +
> +     if (!peer) {

nit: that could be an "else" combined with the previous case?

> +             /* data packet with undef peer-id */
> +             peer = ovpn_peer_get_by_transp_addr(ovpn, skb);
> +             if (unlikely(!peer)) {
> +                     net_dbg_ratelimited("%s: received data with undef 
> peer-id from unknown source\n",
> +                                         __func__);
> +                     goto drop;
> +             }
> +     }

-- 
Sabrina

Reply via email to