lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 28 Oct 2014 16:57:37 -0400 (EDT)
From:	David Miller <davem@...emloft.net>
To:	fw@...len.de
Cc:	netdev@...r.kernel.org
Subject: Re: [PATCH -next 0/2] net: allow setting ecn via routing table

From: Florian Westphal <fw@...len.de>
Date: Sun, 26 Oct 2014 00:38:47 +0200

> These two patches allow turing on explicit congestion notification
> based on the destination network.
> 
> For example, assuming the default tcp_ecn sysctl '2', the following will
> enable ecn (tcp_ecn=1 behaviour, i.e. request ecn to be enabled for a
> tcp connection) for all connections to hosts inside the 192.168.2/24 network:
> 
> ip route change 192.168.2.0/24 dev eth0 features ecn
> 
> Having a more fine-grained per-route setting can be beneficial for
> various reasons, for example 1) within data centers, or 2) local ISPs
> may deploy ECN support for their own video/streaming services [1], etc.
> 
> Joint work with Daniel Borkmann, feature suggested by Hannes Frederic Sowa.
> 
> The patch to enable this in iproute2 will be posted shortly, it is currently
> also available here:
> http://git.breakpoint.cc/cgit/fw/iproute2.git/commit/?h=iproute_features&id=8843d2d8973fb81c78a7efe6d42e3a17d739003e
> 
> [1] http://www.ietf.org/proceedings/89/slides/slides-89-tsvarea-1.pdf, p.15

I don't like how the route metric gives less control than the sysctl.

If the tcp_ecn cases of '1' and '2' make sense for the sysctl, I do not
see why they wouldn't make sense for the per-route knob to.

Implement the following policy, if per-route metric is non-zero use it
instead of the sysctl setting.

Then you have a helper:

static int tcp_ecn_enabled(struct net *net, struct dst_entry *dst)
{
	u32 val = dst_metric(dst, RTAX_ECN);

	if (val)
		return val;
	return net->ipv4.sysctl_tcp_ecn;
}

Then there is no other change to make other than an absolute
strict substitution of sysctl_tcp_ecn with tcp_ecn_enabled().

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists