On 19/11/2024 04:08, Sergey Ryazanov wrote:

On 15.11.2024 16:03, Antonio Quartulli wrote:

quoted

On 10/11/2024 21:42, Sergey Ryazanov wrote:

quoted

Missed the most essential note regarding this patch :)

On 29.10.2024 12:47, Antonio Quartulli wrote:

quoted

+static int ovpn_net_open(struct net_device *dev)
+{
+    netif_tx_start_all_queues(dev);
+    return 0;
+}
+
+static int ovpn_net_stop(struct net_device *dev)
+{
+    netif_tx_stop_all_queues(dev);

Here we stop a user generated traffic in downlink. Shall we take care 
about other kinds of traffic: keepalive, uplink?

Keepalive is "metadata" and should continue to flow, regardless of 
whether the user interface is brought down.

Uplink traffic directed to *this* device should just be dropped at 
delivery time.

Incoming traffic directed to other peers will continue to work.

How it's possible? AFAIU, the module uses the kernel IP routing 
subsystem. Putting the interface down will effectively block a client- 
to-client packet to reenter the interface.

True.
At least part of the traffic is stopped (traffic directed to the VPN IP 
of a peer will still flow as it does not require a routing table lookup).

I circled this discussion through the other devs to see what perspective 
they would bring and we also agree that if something is stopping, better 
stop the entire infra.

Also, if a user is fumbling with the link state, they are probably 
trying to bring the VPN down.

I will go that way and basically perform the same cleanup as if the 
interface is being deleted.

"the party is over"[cit.] :)

Regards,

-- 
Antonio Quartulli
OpenVPN Inc.