Re: [PATCH net-next v11 04/23] ovpn: add basic interface creation/destruction/management routines

[Antonio Quartulli]

On 19/11/2024 04:08, Sergey Ryazanov wrote:
> On 15.11.2024 16:03, Antonio Quartulli wrote:
> > On 10/11/2024 21:42, Sergey Ryazanov wrote:
> > > Missed the most essential note regarding this patch :)
> > >
> > > On 29.10.2024 12:47, Antonio Quartulli wrote:
> > > > +static int ovpn_net_open(struct net_device *dev)
> > > > +{
> > > > +    netif_tx_start_all_queues(dev);
> > > > +    return 0;
> > > > +}
> > > > +
> > > > +static int ovpn_net_stop(struct net_device *dev)
> > > > +{
> > > > +    netif_tx_stop_all_queues(dev);
> > >
> > > Here we stop a user generated traffic in downlink. Shall we take care 
> > > about other kinds of traffic: keepalive, uplink?
> >
> > Keepalive is "metadata" and should continue to flow, regardless of 
> > whether the user interface is brought down.
> >
> > Uplink traffic directed to *this* device should just be dropped at 
> > delivery time.
> >
> > Incoming traffic directed to other peers will continue to work.
>
> How it's possible? AFAIU, the module uses the kernel IP routing 
> subsystem. Putting the interface down will effectively block a client- 
> to-client packet to reenter the interface.

True.
At least part of the traffic is stopped (traffic directed to the VPN IP 
of a peer will still flow as it does not require a routing table lookup).

I circled this discussion through the other devs to see what perspective 
they would bring and we also agree that if something is stopping, better 
stop the entire infra.

Also, if a user is fumbling with the link state, they are probably 
trying to bring the VPN down.

I will go that way and basically perform the same cleanup as if the 
interface is being deleted.

"the party is over"[cit.] :)

Regards,

--
Antonio Quartulli
OpenVPN Inc.