WireGuard Archive on lore.kernel.org
 help / color / Atom feed
From: Julian Orth <ju.orth@gmail.com>
To: wireguard@lists.zx2c4.com
Subject: [PATCH 4/7] socket: allow modification of transit_net
Date: Sat,  8 Sep 2018 14:18:38 +0200
Message-ID: <20180908121841.8372-5-ju.orth@gmail.com> (raw)
In-Reply-To: <20180908121841.8372-1-ju.orth@gmail.com>

---
 src/device.c  | 18 +++++++++++++++---
 src/device.h  |  1 +
 src/netlink.c |  2 +-
 src/socket.c  | 18 ++++++++++--------
 src/socket.h  |  6 +++---
 5 files changed, 30 insertions(+), 15 deletions(-)

diff --git a/src/device.c b/src/device.c
index cb54ae1..8f2660a 100644
--- a/src/device.c
+++ b/src/device.c
@@ -54,7 +54,7 @@ static int open(struct net_device *dev)
 #endif
 
 	mutex_lock(&wg->device_update_lock);
-	ret = socket_init(wg, wg->incoming_port);
+	ret = socket_init(wg, wg->transit_net, wg->incoming_port);
 	if (ret < 0)
 		goto out;
 	list_for_each_entry (peer, &wg->peer_list, peer_list) {
@@ -112,7 +112,7 @@ static int stop(struct net_device *dev)
 	}
 	mutex_unlock(&wg->device_update_lock);
 	skb_queue_purge(&wg->incoming_handshakes);
-	socket_reinit(wg, NULL, NULL);
+	socket_reinit(wg, NULL, NULL, NULL);
 	return 0;
 }
 
@@ -228,7 +228,7 @@ static void destruct(struct net_device *dev)
 	rtnl_unlock();
 	mutex_lock(&wg->device_update_lock);
 	wg->incoming_port = 0;
-	socket_reinit(wg, NULL, NULL);
+	socket_reinit(wg, NULL, NULL, NULL);
 	allowedips_free(&wg->peer_allowedips, &wg->device_update_lock);
 	/* The final references are cleared in the below calls to destroy_workqueue. */
 	peer_remove_all(wg);
@@ -396,6 +396,7 @@ static int netdevice_notification(struct notifier_block *nb,
 	if (action != NETDEV_REGISTER || dev->netdev_ops != &netdev_ops)
 		return 0;
 
+	mutex_lock(&wg->device_update_lock);
 	wg->dev_net = dev_net(dev);
 	if (wg->dev_net == wg->transit_net && wg->have_transit_net_ref) {
 		put_net(wg->transit_net);
@@ -405,6 +406,7 @@ static int netdevice_notification(struct notifier_block *nb,
 		wg->have_transit_net_ref = true;
 		get_net(wg->transit_net);
 	}
+	mutex_unlock(&wg->device_update_lock);
 	return 0;
 }
 
@@ -450,3 +452,13 @@ void device_uninit(void)
 #endif
 	rcu_barrier_bh();
 }
+
+void device_set_transit_net(struct wireguard_device *wg, struct net *net)
+{
+	if (wg->have_transit_net_ref)
+		put_net(wg->transit_net);
+	wg->transit_net = net;
+	wg->have_transit_net_ref = wg->transit_net != wg->dev_net;
+	if (wg->have_transit_net_ref)
+		get_net(wg->transit_net);
+}
diff --git a/src/device.h b/src/device.h
index 0bd25f2..d31564c 100644
--- a/src/device.h
+++ b/src/device.h
@@ -62,5 +62,6 @@ struct wireguard_device {
 
 int device_init(void);
 void device_uninit(void);
+void device_set_transit_net(struct wireguard_device *wg, struct net *net);
 
 #endif /* _WG_DEVICE_H */
diff --git a/src/netlink.c b/src/netlink.c
index 0bd2b97..73d9a74 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -314,7 +314,7 @@ static int set_port(struct wireguard_device *wg, u16 port)
 		wg->incoming_port = port;
 		return 0;
 	}
-	return socket_init(wg, port);
+	return socket_init(wg, wg->transit_net, port);
 }
 
 static int set_allowedip(struct wireguard_peer *peer, struct nlattr **attrs)
diff --git a/src/socket.c b/src/socket.c
index 72f3e6a..70b751c 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -354,7 +354,7 @@ static inline void set_sock_opts(struct socket *sock)
 	sk_set_memalloc(sock->sk);
 }
 
-int socket_init(struct wireguard_device *wg, u16 port)
+int socket_init(struct wireguard_device *wg, struct net *net, u16 port)
 {
 	int ret;
 	struct udp_tunnel_sock_cfg cfg = {
@@ -384,18 +384,18 @@ int socket_init(struct wireguard_device *wg, u16 port)
 retry:
 #endif
 
-	ret = udp_sock_create(wg->transit_net, &port4, &new4);
+	ret = udp_sock_create(net, &port4, &new4);
 	if (ret < 0) {
 		pr_err("%s: Could not create IPv4 socket\n", wg->dev->name);
 		return ret;
 	}
 	set_sock_opts(new4);
-	setup_udp_tunnel_sock(wg->transit_net, new4, &cfg);
+	setup_udp_tunnel_sock(net, new4, &cfg);
 
 #if IS_ENABLED(CONFIG_IPV6)
 	if (ipv6_mod_enabled()) {
 		port6.local_udp_port = inet_sk(new4->sk)->inet_sport;
-		ret = udp_sock_create(wg->transit_net, &port6, &new6);
+		ret = udp_sock_create(net, &port6, &new6);
 		if (ret < 0) {
 			udp_tunnel_sock_release(new4);
 			if (ret == -EADDRINUSE && !port && retries++ < 100)
@@ -405,16 +405,16 @@ retry:
 			return ret;
 		}
 		set_sock_opts(new6);
-		setup_udp_tunnel_sock(wg->transit_net, new6, &cfg);
+		setup_udp_tunnel_sock(net, new6, &cfg);
 	}
 #endif
 
-	socket_reinit(wg, new4 ? new4->sk : NULL, new6 ? new6->sk : NULL);
+	socket_reinit(wg, net, new4 ? new4->sk : NULL, new6 ? new6->sk : NULL);
 	return 0;
 }
 
-void socket_reinit(struct wireguard_device *wg, struct sock *new4,
-		   struct sock *new6)
+void socket_reinit(struct wireguard_device *wg, struct net *net,
+		   struct sock *new4, struct sock *new6)
 {
 	struct sock *old4, *old6;
 
@@ -427,6 +427,8 @@ void socket_reinit(struct wireguard_device *wg, struct sock *new4,
 	rcu_assign_pointer(wg->sock6, new6);
 	if (new4)
 		wg->incoming_port = ntohs(inet_sk(new4)->inet_sport);
+	if (net && wg->transit_net != net)
+		device_set_transit_net(wg, net);
 	mutex_unlock(&wg->socket_update_lock);
 	synchronize_rcu_bh();
 	synchronize_net();
diff --git a/src/socket.h b/src/socket.h
index d873ffa..8419ee9 100644
--- a/src/socket.h
+++ b/src/socket.h
@@ -11,9 +11,9 @@
 #include <linux/if_vlan.h>
 #include <linux/if_ether.h>
 
-int socket_init(struct wireguard_device *wg, u16 port);
-void socket_reinit(struct wireguard_device *wg, struct sock *new4,
-		   struct sock *new6);
+int socket_init(struct wireguard_device *wg, struct net *net, u16 port);
+void socket_reinit(struct wireguard_device *wg, struct net *net,
+		   struct sock *new4, struct sock *new6);
 int socket_send_buffer_to_peer(struct wireguard_peer *peer, void *data,
 			       size_t len, u8 ds);
 int socket_send_skb_to_peer(struct wireguard_peer *peer, struct sk_buff *skb,
-- 
2.18.0

  parent reply index

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-08 12:18 [PATCH 0/7] Allow changing the transit namespace Julian Orth
2018-09-08 12:18 ` [PATCH 1/7] device: protect socket_init with device_update_lock Julian Orth
2018-09-08 12:18 ` [PATCH 2/7] device: rename creating_net to transit_net Julian Orth
2018-09-08 12:18 ` [PATCH 3/7] device: store a copy of the device net Julian Orth
2018-09-08 12:18 ` Julian Orth [this message]
2018-09-08 12:18 ` [PATCH 5/7] netlink: allow setting of transit net Julian Orth
2018-09-08 14:03   ` Aaron Jones
2018-09-08 14:20     ` Julian Orth
2018-09-08 14:28       ` Aaron Jones
2018-09-08 12:18 ` [PATCH 6/7] tools: " Julian Orth
2018-09-08 14:04   ` Aaron Jones
2018-09-08 14:09   ` Aaron Jones
2018-09-08 14:18     ` Julian Orth
2018-09-08 14:25       ` Aaron Jones
2018-09-08 12:18 ` [PATCH 7/7] tests: add test for transit-net Julian Orth
2018-09-08 13:39 ` [PATCH 0/7] Allow changing the transit namespace Bruno Wolff III
2018-09-08 13:49   ` Julian Orth

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180908121841.8372-5-ju.orth@gmail.com \
    --to=ju.orth@gmail.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com zx2c4-wireguard@archiver.kernel.org
	public-inbox-index wireguard


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/ public-inbox