Merge tag 'ovpn-net-20250603' of https://github.com/OpenVPN/ovpn-net-next

	rcu_read_lock();

	sock = rcu_dereference(peer->sock);

	if (sock && sock->sock->sk->sk_protocol == IPPROTO_UDP)

	if (sock && sock->sk->sk_protocol == IPPROTO_UDP)

		/* check if this peer changed local or remote endpoint */

		ovpn_peer_endpoints_update(peer, skb);

	rcu_read_unlock();

	if (unlikely(!sock))

		goto err_unlock;

	switch (sock->sock->sk->sk_protocol) {

	switch (sock->sk->sk_protocol) {

	case IPPROTO_UDP:

		ovpn_udp_send_skb(peer, sock->sock, skb);

		ovpn_udp_send_skb(peer, sock->sk, skb);

		break;

	case IPPROTO_TCP:

		ovpn_tcp_send_skb(peer, sock->sock, skb);

		ovpn_tcp_send_skb(peer, sock->sk, skb);

		break;

	default:

		/* no transport configured yet */

	/* when using a TCP socket the remote IP is not expected */

	rcu_read_lock();

	sock = rcu_dereference(peer->sock);

	if (sock && sock->sock->sk->sk_protocol == IPPROTO_TCP &&

	if (sock && sock->sk->sk_protocol == IPPROTO_TCP &&

	    (attrs[OVPN_A_PEER_REMOTE_IPV4] ||

	     attrs[OVPN_A_PEER_REMOTE_IPV6])) {

		rcu_read_unlock();

		goto err_unlock;

	}

	if (!net_eq(genl_info_net(info), sock_net(sock->sock->sk))) {

	if (!net_eq(genl_info_net(info), sock_net(sock->sk))) {

		id = peernet2id_alloc(genl_info_net(info),

				      sock_net(sock->sock->sk),

				      sock_net(sock->sk),

				      GFP_ATOMIC);

		if (nla_put_s32(skb, OVPN_A_PEER_SOCKET_NETNSID, id))

			goto err_unlock;

	}

	local_port = inet_sk(sock->sock->sk)->inet_sport;

	local_port = inet_sk(sock->sk)->inet_sport;

	rcu_read_unlock();

	if (nla_put_u32(skb, OVPN_A_PEER_ID, peer->id))

		ret = -EINVAL;

		goto err_unlock;

	}

	genlmsg_multicast_netns(&ovpn_nl_family, sock_net(sock->sock->sk),

				msg, 0, OVPN_NLGRP_PEERS, GFP_ATOMIC);

	genlmsg_multicast_netns(&ovpn_nl_family, sock_net(sock->sk), msg, 0,

				OVPN_NLGRP_PEERS, GFP_ATOMIC);

	rcu_read_unlock();

	return 0;

		ret = -EINVAL;

		goto err_unlock;

	}

	genlmsg_multicast_netns(&ovpn_nl_family, sock_net(sock->sock->sk),

				msg, 0, OVPN_NLGRP_PEERS, GFP_ATOMIC);

	genlmsg_multicast_netns(&ovpn_nl_family, sock_net(sock->sk), msg, 0,

				OVPN_NLGRP_PEERS, GFP_ATOMIC);

	rcu_read_unlock();

	return 0;

	if (sk) {

		ovpn_sock = rcu_access_pointer(peer->sock);

		if (!ovpn_sock || ovpn_sock->sock->sk != sk) {

		if (!ovpn_sock || ovpn_sock->sk != sk) {

			spin_unlock_bh(&ovpn->lock);

			ovpn_peer_put(peer);

			return;

		if (sk) {

			rcu_read_lock();

			ovpn_sock = rcu_dereference(peer->sock);

			remove = ovpn_sock && ovpn_sock->sock->sk == sk;

			remove = ovpn_sock && ovpn_sock->sk == sk;

			rcu_read_unlock();

		}

	struct ovpn_socket *sock = container_of(kref, struct ovpn_socket,

						refcount);

	if (sock->sock->sk->sk_protocol == IPPROTO_UDP)

	if (sock->sk->sk_protocol == IPPROTO_UDP)

		ovpn_udp_socket_detach(sock);

	else if (sock->sock->sk->sk_protocol == IPPROTO_TCP)

	else if (sock->sk->sk_protocol == IPPROTO_TCP)

		ovpn_tcp_socket_detach(sock);

}

	if (!sock)

		return;

	/* sanity check: we should not end up here if the socket

	 * was already closed

	 */

	if (!sock->sock->sk) {

		DEBUG_NET_WARN_ON_ONCE(1);

		return;

	}

	/* Drop the reference while holding the sock lock to avoid

	 * concurrent ovpn_socket_new call to mess up with a partially

	 * detached socket.

	 * Holding the lock ensures that a socket with refcnt 0 is fully

	 * detached before it can be picked by a concurrent reader.

	 */

	lock_sock(sock->sock->sk);

	lock_sock(sock->sk);

	released = ovpn_socket_put(peer, sock);

	release_sock(sock->sock->sk);

	release_sock(sock->sk);

	/* align all readers with sk_user_data being NULL */

	synchronize_rcu();

	/* following cleanup should happen with lock released */

	if (released) {

		if (sock->sock->sk->sk_protocol == IPPROTO_UDP) {

		if (sock->sk->sk_protocol == IPPROTO_UDP) {

			netdev_put(sock->ovpn->dev, &sock->dev_tracker);

		} else if (sock->sock->sk->sk_protocol == IPPROTO_TCP) {

		} else if (sock->sk->sk_protocol == IPPROTO_TCP) {

			/* wait for TCP jobs to terminate */

			ovpn_tcp_socket_wait_finish(sock);

			ovpn_peer_put(sock->peer);

		}

		/* drop reference acquired in ovpn_socket_new() */

		sock_put(sock->sk);

		/* we can call plain kfree() because we already waited one RCU

		 * period due to synchronize_rcu()

		 */

	return kref_get_unless_zero(&sock->refcount);

}

static int ovpn_socket_attach(struct ovpn_socket *sock, struct ovpn_peer *peer)

static int ovpn_socket_attach(struct ovpn_socket *ovpn_sock,

			      struct socket *sock,

			      struct ovpn_peer *peer)

{

	if (sock->sock->sk->sk_protocol == IPPROTO_UDP)

		return ovpn_udp_socket_attach(sock, peer->ovpn);

	else if (sock->sock->sk->sk_protocol == IPPROTO_TCP)

		return ovpn_tcp_socket_attach(sock, peer);

	if (sock->sk->sk_protocol == IPPROTO_UDP)

		return ovpn_udp_socket_attach(ovpn_sock, sock, peer->ovpn);

	else if (sock->sk->sk_protocol == IPPROTO_TCP)

		return ovpn_tcp_socket_attach(ovpn_sock, peer);

	return -EOPNOTSUPP;

}

struct ovpn_socket *ovpn_socket_new(struct socket *sock, struct ovpn_peer *peer)

{

	struct ovpn_socket *ovpn_sock;

	struct sock *sk = sock->sk;

	int ret;

	lock_sock(sock->sk);

	lock_sock(sk);

	/* a TCP socket can only be owned by a single peer, therefore there

	 * can't be any other user

	 */

	if (sock->sk->sk_protocol == IPPROTO_TCP && sock->sk->sk_user_data) {

	if (sk->sk_protocol == IPPROTO_TCP && sk->sk_user_data) {

		ovpn_sock = ERR_PTR(-EBUSY);

		goto sock_release;

	}

	/* a UDP socket can be shared across multiple peers, but we must make

	 * sure it is not owned by something else

	 */

	if (sock->sk->sk_protocol == IPPROTO_UDP) {

		u8 type = READ_ONCE(udp_sk(sock->sk)->encap_type);

	if (sk->sk_protocol == IPPROTO_UDP) {

		u8 type = READ_ONCE(udp_sk(sk)->encap_type);

		/* socket owned by other encapsulation module */

		if (type && type != UDP_ENCAP_OVPNINUDP) {

		}

		rcu_read_lock();

		ovpn_sock = rcu_dereference_sk_user_data(sock->sk);

		ovpn_sock = rcu_dereference_sk_user_data(sk);

		if (ovpn_sock) {

			/* socket owned by another ovpn instance, we can't use it */

			if (ovpn_sock->ovpn != peer->ovpn) {

		goto sock_release;

	}

	ovpn_sock->sock = sock;

	ovpn_sock->sk = sk;

	kref_init(&ovpn_sock->refcount);

	ret = ovpn_socket_attach(ovpn_sock, peer);

	/* the newly created ovpn_socket is holding reference to sk,

	 * therefore we increase its refcounter.

	 *

	 * This ovpn_socket instance is referenced by all peers

	 * using the same socket.

	 *

	 * ovpn_socket_release() will take care of dropping the reference.

	 */

	sock_hold(sk);

	ret = ovpn_socket_attach(ovpn_sock, sock, peer);

	if (ret < 0) {

		sock_put(sk);

		kfree(ovpn_sock);

		ovpn_sock = ERR_PTR(ret);

		goto sock_release;

	/* TCP sockets are per-peer, therefore they are linked to their unique

	 * peer

	 */

	if (sock->sk->sk_protocol == IPPROTO_TCP) {

	if (sk->sk_protocol == IPPROTO_TCP) {

		INIT_WORK(&ovpn_sock->tcp_tx_work, ovpn_tcp_tx_work);

		ovpn_sock->peer = peer;

		ovpn_peer_hold(peer);

	} else if (sock->sk->sk_protocol == IPPROTO_UDP) {

	} else if (sk->sk_protocol == IPPROTO_UDP) {

		/* in UDP we only link the ovpn instance since the socket is

		 * shared among multiple peers

		 */

			    GFP_KERNEL);

	}

	rcu_assign_sk_user_data(sock->sk, ovpn_sock);

	rcu_assign_sk_user_data(sk, ovpn_sock);

sock_release:

	release_sock(sock->sk);

	release_sock(sk);

	return ovpn_sock;

}

 * @ovpn: ovpn instance owning this socket (UDP only)

 * @dev_tracker: reference tracker for associated dev (UDP only)

 * @peer: unique peer transmitting over this socket (TCP only)

 * @sock: the low level sock object

 * @sk: the low level sock object

 * @refcount: amount of contexts currently referencing this object

 * @work: member used to schedule release routine (it may block)

 * @tcp_tx_work: work for deferring outgoing packet processing (TCP only)

		struct ovpn_peer *peer;

	};

	struct socket *sock;

	struct sock *sk;

	struct kref refcount;

	struct work_struct work;

	struct work_struct tcp_tx_work;