Re: [PATCH net-next v12 09/22] ovpn: implement packet processing

[Paolo Abeni]

On 12/2/24 16:07, Antonio Quartulli wrote:
> @@ -286,6 +292,31 @@ struct ovpn_peer *ovpn_peer_get_by_dst(struct ovpn_priv *ovpn,
>  	return peer;
>  }
>  
> +/**
> + * ovpn_peer_check_by_src - check that skb source is routed via peer
> + * @ovpn: the openvpn instance to search
> + * @skb: the packet to extract source address from
> + * @peer: the peer to check against the source address
> + *
> + * Return: true if the peer is matching or false otherwise
> + */
> +bool ovpn_peer_check_by_src(struct ovpn_priv *ovpn, struct sk_buff *skb,
> +			    struct ovpn_peer *peer)
> +{
> +	bool match = false;
> +
> +	if (ovpn->mode == OVPN_MODE_P2P) {
> +		/* in P2P mode, no matter the destination, packets are always
> +		 * sent to the single peer listening on the other side
> +		 */
> +		rcu_read_lock();
> +		match = (peer == rcu_dereference(ovpn->peer));
> +		rcu_read_unlock();

Here you are not dereferencing ovpn->peer, so you can use
rcu_access_pointer() instead and avoid the rcu_read_lock/unlock() pair.

/P