lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 29 Jun 2009 15:48:51 +0200
From:	Patrick McHardy <kaber@...sh.net>
To:	Andreas Jaggi <aj@...n.ch>
CC:	netdev@...r.kernel.org, kuznet@....inr.ac.ru, davem@...emloft.net,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] gre: copy ToS/DiffServ bits to outer IP header

Andreas Jaggi wrote:
> When tunneling IP traffic with GRE this patch makes it possible to 
> export the ToS/DiffServ information to the outer IP header.
> This is particularly useful in a scenario with ESP/AH where the inner IP 
> header is encrypted but the packet priority/DiffServ information
> should still be respected by the transporting routers (for example in an 
> MPLS backbone network).
> 
> The feature is disabled by default and can be enabled on a per-interface 
> basis (/proc/sys/net/ipv4/conf/ethX/gre_copy_tos).
> 
> Also does this bring Linux back in the game, as JunOS/IOS provide this 
> for quite some time:
> http://www.cisco.com/en/US/docs/ios/11_3/feature/guide/greqos.html
> http://www.juniper.net/techpubs/software/junos/junos94/swconfig-services/configuring-a-gre-tunnel-to-copy-tos-bits-to-the-outer-ip-header.html 
> 
> 
> Signed-off-by: Andreas Jaggi <aj@...n.ch>
> 
> diff -urN vanilla-linux-2.6.29.4/include/linux/sysctl.h 
> gre-copy-tos/include/linux/sysctl.h
> --- vanilla-linux-2.6.29.4/include/linux/sysctl.h    2009-05-19 
> 01:52:34.000000000 +0200
> +++ gre-copy-tos/include/linux/sysctl.h    2009-06-29 14:23:07.000000000 
> +0200
> @@ -490,6 +490,7 @@
>     NET_IPV4_CONF_ARP_IGNORE=19,
>     NET_IPV4_CONF_PROMOTE_SECONDARIES=20,
>     NET_IPV4_CONF_ARP_ACCEPT=21,
> +    NET_IPV4_CONF_GRE_COPY_TOS=22,

Please add this to the rtnl_link interface instead of using
sysctls.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ