lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 28 Oct 2014 16:57:37 -0400 (EDT)
From:	David Miller <>
Subject: Re: [PATCH -next 0/2] net: allow setting ecn via routing table

From: Florian Westphal <>
Date: Sun, 26 Oct 2014 00:38:47 +0200

> These two patches allow turing on explicit congestion notification
> based on the destination network.
> For example, assuming the default tcp_ecn sysctl '2', the following will
> enable ecn (tcp_ecn=1 behaviour, i.e. request ecn to be enabled for a
> tcp connection) for all connections to hosts inside the 192.168.2/24 network:
> ip route change dev eth0 features ecn
> Having a more fine-grained per-route setting can be beneficial for
> various reasons, for example 1) within data centers, or 2) local ISPs
> may deploy ECN support for their own video/streaming services [1], etc.
> Joint work with Daniel Borkmann, feature suggested by Hannes Frederic Sowa.
> The patch to enable this in iproute2 will be posted shortly, it is currently
> also available here:
> [1], p.15

I don't like how the route metric gives less control than the sysctl.

If the tcp_ecn cases of '1' and '2' make sense for the sysctl, I do not
see why they wouldn't make sense for the per-route knob to.

Implement the following policy, if per-route metric is non-zero use it
instead of the sysctl setting.

Then you have a helper:

static int tcp_ecn_enabled(struct net *net, struct dst_entry *dst)
	u32 val = dst_metric(dst, RTAX_ECN);

	if (val)
		return val;
	return net->ipv4.sysctl_tcp_ecn;

Then there is no other change to make other than an absolute
strict substitution of sysctl_tcp_ecn with tcp_ecn_enabled().

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists