lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20121128.113747.1565942713593912016.davem@davemloft.net>
Date:	Wed, 28 Nov 2012 11:37:47 -0500 (EST)
From:	David Miller <davem@...emloft.net>
To:	nicolas.dichtel@...nd.com
Cc:	netdev@...r.kernel.org, shemminger@...tta.com
Subject: Re: [PATCH net-next 1/1] ip6tnl/sit: drop packet if ECN present
 with not-ECT

From: Nicolas Dichtel <nicolas.dichtel@...nd.com>
Date: Tue, 27 Nov 2012 14:07:11 +0100

> This patch reports the change made by Stephen Hemminger in ipip and gre[6] in
> commit eccc1bb8d4b4 (tunnel: drop packet if ECN present with not-ECT).
> 
> Goal is to handle RFC6040, Section 4.2:
> 
> Default Tunnel Egress Behaviour.
>  o If the inner ECN field is Not-ECT, the decapsulator MUST NOT
>       propagate any other ECN codepoint onwards.  This is because the
>       inner Not-ECT marking is set by transports that rely on dropped
>       packets as an indication of congestion and would not understand or
>       respond to any other ECN codepoint [RFC4774].  Specifically:
> 
>       *  If the inner ECN field is Not-ECT and the outer ECN field is
>          CE, the decapsulator MUST drop the packet.
> 
>       *  If the inner ECN field is Not-ECT and the outer ECN field is
>          Not-ECT, ECT(0), or ECT(1), the decapsulator MUST forward the
>          outgoing packet with the ECN field cleared to Not-ECT.
> 
> The patch takes benefits from common function added in net/inet_ecn.h.
> 
> Like it was done for Xin4 tunnels, it adds logging to allow detecting broken
> systems that set ECN bits incorrectly when tunneling (or an intermediate
> router might be changing the header). Errors are also tracked via
> rx_frame_error.
> 
> CC: Stephen Hemminger <shemminger@...tta.com>
> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@...nd.com>

Applied.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ