lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 17 Dec 2009 11:45:32 -0800
From:	"Philip A. Prindeville" <philipp_subx@...fish-solutions.com>
To:	Torsten Schmidt <torsten.schmidt@...06.tu-chemnitz.de>
CC:	netdev@...r.kernel.org
Subject: Re: Still using IPTOS_TOS() in kernel? Really???

On 12/17/2009 08:24 AM, Torsten Schmidt wrote:
> Hi Philip,
> 
> interesting .. i am on the way to implement a DSCP/CS statistic to the kernel. 
> We need this for network traffic accounting. The concept is the following: 
> 
> We create a virtual file /pro/net/ipdscp , this includes several DSCP/CS 
> counters. See http://www.iana.org/assignments/dscp-registry/. Every time 
> ip_rcv_finish() is called, we take a look at the DSCP/CS (iph->tos) value and 
> increment the related counter. If you're interested in, i will send you a 
> patch ? ..  

That would be great.

> Maybe this is a good starting point for an DSCP/CS implementation. I was also 
> shocked that the kernel do not really handle DiffServ thinks. 

I think it would also be useful to rework the existing definition of rt_tos2priority() to have a DSCP/CS version that people could then select and build in their kernel via a simple CONFIG_DIFFSERV_COMPLIANT flag.

It could be selectable and default to off until a set cut-over point in the future, then it could become the default.

RFC-2474 is now 11 years old...  Odd that we're still not compliant.

-Philip


>> Assuming my crusade to get various common apps and services (wget, TB, FF,
>>  Sendmail, Cyrus, ProFTPd, etc) to use DSCP/CS marking (very few apps
>>  currently use DSCP or precedence marking), then kernels with the proper
>>  default behavior will need to start shipping, right?  I.e. out-of-the-box
>>  kernels should handle such apps without further configuration, such as
>>  needing to have the DSCP iptables module installed.  They should "just
>>  work".
> Right. 
> 
> Best regards,
> Torsten

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ