Logo

The Linux Kernel

6.19.13

Quick search

Contents

  • Development process
  • Submitting patches
  • Code of conduct
  • Maintainer handbook
  • All development-process docs
  • Core API
  • Driver APIs
  • Subsystems
    • Core subsystems
    • Human interfaces
    • Networking interfaces
      • Networking
      • NetLabel
      • InfiniBand
      • ISDN
      • MHI
    • Storage interfaces
    • Other subsystems
  • Locking
  • Licensing rules
  • Writing documentation
  • Development tools
  • Testing guide
  • Hacking guide
  • Tracing
  • Fault injection
  • Livepatching
  • Rust
  • Administration
  • Build system
  • Reporting issues
  • Userspace tools
  • Userspace API
  • Firmware
  • Firmware and Devicetree
  • CPU architectures
  • Unsorted documentation
  • Translations

This Page

  • Show Source

Family ovpn netlink specification¶

Contents

  • Family ovpn netlink specification

    • Summary

    • Operations

      • peer-new

      • peer-set

      • peer-get

      • peer-del

      • peer-del-ntf

      • key-new

      • key-get

      • key-swap

      • key-swap-ntf

      • key-del

    • Multicast groups

    • Definitions

      • nonce-tail-size

      • cipher-alg

      • del-peer-reason

      • key-slot

    • Attribute sets

      • peer

      • peer-new-input

      • peer-set-input

      • peer-del-input

      • keyconf

      • keydir

      • keyconf-get

      • keyconf-swap-input

      • keyconf-del-input

      • ovpn

      • ovpn-peer-new-input

      • ovpn-peer-set-input

      • ovpn-peer-del-input

      • ovpn-keyconf-get

      • ovpn-keyconf-swap-input

      • ovpn-keyconf-del-input

Summary¶

Netlink protocol to control OpenVPN network devices

Operations¶

peer-new¶

Add a remote peer

attribute-set

ovpn-peer-new-input

flags

[admin-perm]

do
pre

ovpn-nl-pre-doit

post

ovpn-nl-post-doit

request
attributes

[ifindex, peer]

peer-set¶

modify a remote peer

attribute-set

ovpn-peer-set-input

flags

[admin-perm]

do
pre

ovpn-nl-pre-doit

post

ovpn-nl-post-doit

request
attributes

[ifindex, peer]

peer-get¶

Retrieve data about existing remote peers (or a specific one)

attribute-set

ovpn

flags

[admin-perm]

do
pre

ovpn-nl-pre-doit

post

ovpn-nl-post-doit

request
attributes

[ifindex, peer]

reply
attributes

[peer]

dump
request
attributes

[ifindex]

reply
attributes

[peer]

peer-del¶

Delete existing remote peer

attribute-set

ovpn-peer-del-input

flags

[admin-perm]

do
pre

ovpn-nl-pre-doit

post

ovpn-nl-post-doit

request
attributes

[ifindex, peer]

peer-del-ntf¶

Notification about a peer being deleted

notify

peer-get

mcgrp

peers

key-new¶

Add a cipher key for a specific peer

attribute-set

ovpn

flags

[admin-perm]

do
pre

ovpn-nl-pre-doit

post

ovpn-nl-post-doit

request
attributes

[ifindex, keyconf]

key-get¶

Retrieve non-sensitive data about peer key and cipher

attribute-set

ovpn-keyconf-get

flags

[admin-perm]

do
pre

ovpn-nl-pre-doit

post

ovpn-nl-post-doit

request
attributes

[ifindex, keyconf]

reply
attributes

[keyconf]

key-swap¶

Swap primary and secondary session keys for a specific peer

attribute-set

ovpn-keyconf-swap-input

flags

[admin-perm]

do
pre

ovpn-nl-pre-doit

post

ovpn-nl-post-doit

request
attributes

[ifindex, keyconf]

key-swap-ntf¶

Notification about key having exhausted its IV space and requiring renegotiation

notify

key-get

mcgrp

peers

key-del¶

Delete cipher key for a specific peer

attribute-set

ovpn-keyconf-del-input

flags

[admin-perm]

do
pre

ovpn-nl-pre-doit

post

ovpn-nl-post-doit

request
attributes

[ifindex, keyconf]

Multicast groups¶

  • peers

Definitions¶

nonce-tail-size¶

type

const

value

8

cipher-alg¶

type

enum

entries

  • none

  • aes-gcm

  • chacha20-poly1305

del-peer-reason¶

type

enum

entries

  • teardown

  • userspace

  • expired

  • transport-error

  • transport-disconnect

key-slot¶

type

enum

entries

  • primary

  • secondary

Attribute sets¶

peer¶

id (u32)¶

doc

The unique ID of the peer in the device context. To be used to identify peers during operations for a specific device

remote-ipv4 (u32)¶

doc

The remote IPv4 address of the peer

byte-order

big-endian

display-hint

ipv4

remote-ipv6 (binary)¶

doc

The remote IPv6 address of the peer

display-hint

ipv6

remote-ipv6-scope-id (u32)¶

doc

The scope id of the remote IPv6 address of the peer (RFC2553)

remote-port (u16)¶

doc

The remote port of the peer

byte-order

big-endian

socket (u32)¶

doc

The socket to be used to communicate with the peer

socket-netnsid (s32)¶

doc

The ID of the netns the socket assigned to this peer lives in

vpn-ipv4 (u32)¶

doc

The IPv4 address assigned to the peer by the server

byte-order

big-endian

display-hint

ipv4

vpn-ipv6 (binary)¶

doc

The IPv6 address assigned to the peer by the server

display-hint

ipv6

local-ipv4 (u32)¶

doc

The local IPv4 to be used to send packets to the peer (UDP only)

byte-order

big-endian

display-hint

ipv4

local-ipv6 (binary)¶

doc

The local IPv6 to be used to send packets to the peer (UDP only)

display-hint

ipv6

local-port (u16)¶

doc

The local port to be used to send packets to the peer (UDP only)

byte-order

big-endian

keepalive-interval (u32)¶

doc

The number of seconds after which a keep alive message is sent to the peer

keepalive-timeout (u32)¶

doc

The number of seconds from the last activity after which the peer is assumed dead

del-reason (u32)¶

doc

The reason why a peer was deleted

enum

del-peer-reason

vpn-rx-bytes (uint)¶

doc

Number of bytes received over the tunnel

vpn-tx-bytes (uint)¶

doc

Number of bytes transmitted over the tunnel

vpn-rx-packets (uint)¶

doc

Number of packets received over the tunnel

vpn-tx-packets (uint)¶

doc

Number of packets transmitted over the tunnel

link-rx-bytes (uint)¶

doc

Number of bytes received at the transport level

link-tx-bytes (uint)¶

doc

Number of bytes transmitted at the transport level

link-rx-packets (uint)¶

doc

Number of packets received at the transport level

link-tx-packets (uint)¶

doc

Number of packets transmitted at the transport level

peer-new-input¶

id¶

remote-ipv4¶

remote-ipv6¶

remote-ipv6-scope-id¶

remote-port¶

socket¶

vpn-ipv4¶

vpn-ipv6¶

local-ipv4¶

local-ipv6¶

keepalive-interval¶

keepalive-timeout¶

peer-set-input¶

id¶

remote-ipv4¶

remote-ipv6¶

remote-ipv6-scope-id¶

remote-port¶

vpn-ipv4¶

vpn-ipv6¶

local-ipv4¶

local-ipv6¶

keepalive-interval¶

keepalive-timeout¶

peer-del-input¶

id¶

keyconf¶

peer-id (u32)¶

doc

The unique ID of the peer in the device context. To be used to identify peers during key operations

slot (u32)¶

doc

The slot where the key should be stored

enum

key-slot

key-id (u32)¶

doc

The unique ID of the key in the peer context. Used to fetch the correct key upon decryption

cipher-alg (u32)¶

doc

The cipher to be used when communicating with the peer

enum

cipher-alg

encrypt-dir (nest)¶

doc

Key material for encrypt direction

nested-attributes

keydir

decrypt-dir (nest)¶

doc

Key material for decrypt direction

nested-attributes

keydir

keydir¶

cipher-key (binary)¶

doc

The actual key to be used by the cipher

nonce-tail (binary)¶

doc

Random nonce to be concatenated to the packet ID, in order to obtain the actual cipher IV

keyconf-get¶

peer-id¶

slot¶

key-id¶

cipher-alg¶

keyconf-swap-input¶

peer-id¶

keyconf-del-input¶

peer-id¶

slot¶

ovpn¶

ifindex (u32)¶

doc

Index of the ovpn interface to operate on

peer (nest)¶

doc

The peer object containing the attributed of interest for the specific operation

nested-attributes

peer

keyconf (nest)¶

doc

Peer specific cipher configuration

nested-attributes

keyconf

ovpn-peer-new-input¶

ifindex¶

peer¶

nested-attributes

peer-new-input

ovpn-peer-set-input¶

ifindex¶

peer¶

nested-attributes

peer-set-input

ovpn-peer-del-input¶

ifindex¶

peer¶

nested-attributes

peer-del-input

ovpn-keyconf-get¶

ifindex¶

keyconf¶

nested-attributes

keyconf-get

ovpn-keyconf-swap-input¶

ifindex¶

keyconf¶

nested-attributes

keyconf-swap-input

ovpn-keyconf-del-input¶

ifindex¶

keyconf¶

nested-attributes

keyconf-del-input

©The kernel development community. | Powered by Sphinx 3.4.3 & Alabaster 0.7.12 | Page source