| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Sep 2018 18:00:31 +0200
From: Ivan Labáth <labokml@...o.rs>
To: "Jason A. Donenfeld" <Jason@...c4.com>,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
linux-crypto@...r.kernel.org, davem@...emloft.net,
gregkh@...uxfoundation.org
Subject: Re: [PATCH net-next v6 23/23] net: WireGuard secure network tunnel
On 25.09.2018 16:56, Jason A. Donenfeld wrote:
> Extensive documentation and description of the protocol and
> considerations, along with formal proofs of the cryptography, are> available at:
>
> * https://www.wireguard.com/
> * https://www.wireguard.com/papers/wireguard.pdf
[]
> +enum { HANDSHAKE_DSCP = 0x88 /* AF41, plus 00 ECN */ };
[]
> + if (skb->protocol == htons(ETH_P_IP)) {
> + len = ntohs(ip_hdr(skb)->tot_len);
> + if (unlikely(len < sizeof(struct iphdr)))
> + goto dishonest_packet_size;
> + if (INET_ECN_is_ce(PACKET_CB(skb)->ds))
> + IP_ECN_set_ce(ip_hdr(skb));
> + } else if (skb->protocol == htons(ETH_P_IPV6)) {
> + len = ntohs(ipv6_hdr(skb)->payload_len) +
> + sizeof(struct ipv6hdr);
> + if (INET_ECN_is_ce(PACKET_CB(skb)->ds))
> + IP6_ECN_set_ce(skb, ipv6_hdr(skb));
> + } else
[]
> + skb_queue_walk (&packets, skb) {
> + /* 0 for no outer TOS: no leak. TODO: should we use flowi->tos
> + * as outer? */
> + PACKET_CB(skb)->ds = ip_tunnel_ecn_encap(0, ip_hdr(skb), skb);
> + PACKET_CB(skb)->nonce =
> + atomic64_inc_return(&key->counter.counter) - 1;
> + if (unlikely(PACKET_CB(skb)->nonce >= REJECT_AFTER_MESSAGES))
> + goto out_invalid;
> + }
Hi,
is there documentation and/or rationale for ecn handling?
Quick search for ecn and dscp didn't reveal any.
Regards,
Ivan
Powered by blists - more mailing lists