lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1249847327-6792-3-git-send-email-gerrit@erg.abdn.ac.uk>
Date:	Sun,  9 Aug 2009 21:48:39 +0200
From:	Gerrit Renker <gerrit@....abdn.ac.uk>
To:	dccp@...r.kernel.org
Cc:	netdev@...r.kernel.org, Gerrit Renker <gerrit@....abdn.ac.uk>
Subject: dccp-test-tree [PATCH 2/10] Add sysctl to toggle the local support for ECN

This sysctl disables local ECN support for interpreting ECN bits.

When set to 0, the host behaves as if it were ECN-incapable: ECN bits are
ignored and the mandatory "Change L(ECN Incapable, 1)" (RFC 4340, 12.1) is
sent during feature negotiation to signal to the other endpoint to signal
that ECN bits will not be interpreted.

The behaviour is slightly different from the tcp_ecn sysctl, since DCCP
connections are ECN-enabled per default.

Setting ECT codepoints in outgoing packets can not be controlled by this sysctl,
but is possible by setting the sysctl to 0 at the remote (receiving) end. This
signals that the remote end can not read ECN bits. Due to RFC 4340, 12.2, all
outgoing packets are then sent as ECN-incapable.

Inter-operability issues: the host does not set a preference for the remote ECN
Incapable feature. Within the existing feature-negotiation infrastructure, this
ensures that all valid values (ECN Incapable = 0 or 1) are acceptable.

Signed-off-by: Gerrit Renker <gerrit@....abdn.ac.uk>
---
 Documentation/networking/dccp.txt |   12 ++++++++++++
 net/dccp/feat.c                   |   23 ++++++++++++++++-------
 net/dccp/feat.h                   |    1 +
 net/dccp/sysctl.c                 |    8 ++++++++
 4 files changed, 37 insertions(+), 7 deletions(-)

--- a/Documentation/networking/dccp.txt
+++ b/Documentation/networking/dccp.txt
@@ -29,6 +29,12 @@ It has a base protocol and pluggable congestion control IDs (CCIDs).
 DCCP is a Proposed Standard (RFC 2026), and the homepage for DCCP as a protocol
 is at http://www.ietf.org/html.charters/dccp-charter.html
 
+ECN Support
+===========
+By default, all outgoing packets are sent with ECT(0) as per RFC 3168, sec. 5.
+This can be disabled by setting the `ecn_local' sysctl to 0 (see below). The
+ECN Nonce (RFC 3540) is not supported.
+
 Missing features
 ================
 
@@ -163,6 +169,12 @@ seq_window = 100
 	The initial sequence window (sec. 7.5.2) of the sender. This influences
 	the local ackno validity and the remote seqno validity windows (7.5.1).
 
+ecn_local = 1
+	This toggles local ECN support: when set to 0, ECN Incapable (sec. 12.1)
+	is sent and ECN bits of incoming packets are ignored. Note that this is
+	different from tcp_ecn: to disable sending of ECT codepoints, the remote
+	peer needs to set this sysctl to zero.
+
 tx_qlen = 5
 	The size of the transmit buffer in packets. A value of 0 corresponds
 	to an unbounded transmit buffer.
--- a/net/dccp/feat.c
+++ b/net/dccp/feat.c
@@ -29,7 +29,8 @@
 /* feature-specific sysctls - initialised to the defaults from RFC 4340, 6.4 */
 unsigned long	sysctl_dccp_sequence_window __read_mostly = 100;
 int		sysctl_dccp_rx_ccid	    __read_mostly = 2,
-		sysctl_dccp_tx_ccid	    __read_mostly = 2;
+		sysctl_dccp_tx_ccid	    __read_mostly = 2,
+		sysctl_dccp_ecn_local	    __read_mostly = true;
 
 /*
  * Feature activation handlers.
@@ -1111,7 +1112,8 @@ static u8 dccp_feat_change_recv(struct list_head *fn, u8 is_mandatory, u8 opt,
 		 * No particular preferences have been registered. We deal with
 		 * this situation by assuming that all valid values are equally
 		 * acceptable, and apply the following checks:
-		 * - if the peer's list is a singleton, we accept a valid value;
+		 * - if the peer's list is a singleton, we accept a valid value
+		 *   (allows to cope gracefully with e.g. remote ECN Incapable);
 		 * - if we are the server, we first try to see if the peer (the
 		 *   client) advertises the default value. If yes, we use it,
 		 *   otherwise we accept the preferred value;
@@ -1430,11 +1432,18 @@ int dccp_feat_init(struct sock *sk)
 	rc = __feat_register_sp(fn, DCCPF_SHORT_SEQNOS, true, true, &off, 1);
 	if (rc)
 		return rc;
-
-	/* RFC 4340 12.1: "If a DCCP is not ECN capable, ..." */
-	rc = __feat_register_sp(fn, DCCPF_ECN_INCAPABLE, true, true, &on, 1);
-	if (rc)
-		return rc;
+	/*
+	 * ECN Incapable Feature (RFC 4340, 12.1)
+	 *
+	 * We do not register preferences for the feature-remote value, so that
+	 * the preference list is empty and either value is locally acceptable.
+	 */
+	if (!sysctl_dccp_ecn_local) {
+		rc = __feat_register_sp(fn, DCCPF_ECN_INCAPABLE,
+					    true, true, &on, 1);
+		if (rc)
+			return rc;
+	}
 
 	/*
 	 * We advertise the available list of CCIDs and reorder according to
--- a/net/dccp/feat.h
+++ b/net/dccp/feat.h
@@ -106,6 +106,7 @@ struct ccid_dependency {
 extern unsigned long sysctl_dccp_sequence_window;
 extern int	     sysctl_dccp_rx_ccid;
 extern int	     sysctl_dccp_tx_ccid;
+extern int	     sysctl_dccp_ecn_local;
 
 extern int  dccp_feat_init(struct sock *sk);
 extern void dccp_feat_initialise_sysctls(void);
--- a/net/dccp/sysctl.c
+++ b/net/dccp/sysctl.c
@@ -78,6 +78,14 @@ static struct ctl_table dccp_default_table[] = {
 		.extra2		= &u8_max,
 	},
 	{
+		.procname	= "ecn_local",
+		.data		= &sysctl_dccp_ecn_local,
+		.maxlen		= sizeof(sysctl_dccp_ecn_local),
+		.mode		= 0644,
+		.proc_handler	= proc_dointvec_minmax,
+		.extra1		= &zero,
+	},
+	{
 		.procname	= "tx_qlen",
 		.data		= &sysctl_dccp_tx_qlen,
 		.maxlen		= sizeof(sysctl_dccp_tx_qlen),
-- 
1.6.0.rc2

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ