lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHmME9oQJ9y51Pv7U=+=5uDA_tb+U1zWZdsLcyNMhdcFZmjM8Q@mail.gmail.com>
Date:   Wed, 26 Sep 2018 18:04:09 +0200
From:   "Jason A. Donenfeld" <Jason@...c4.com>
To:     labokml@...o.rs, Dave Taht <dave.taht@...il.com>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        Netdev <netdev@...r.kernel.org>,
        Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
        David Miller <davem@...emloft.net>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [PATCH net-next v6 23/23] net: WireGuard secure network tunnel

Hi Ivan,

On Wed, Sep 26, 2018 at 6:00 PM Ivan Labáth <labokml@...o.rs> wrote:
>
> On 25.09.2018 16:56, Jason A. Donenfeld wrote:
> > Extensive documentation and description of the protocol and
> > considerations, along with formal proofs of the cryptography, are> available at:
> >
> >   * https://www.wireguard.com/
> >   * https://www.wireguard.com/papers/wireguard.pdf
> []
> > +enum { HANDSHAKE_DSCP = 0x88 /* AF41, plus 00 ECN */ };
> []
> > +     if (skb->protocol == htons(ETH_P_IP)) {
> > +             len = ntohs(ip_hdr(skb)->tot_len);
> > +             if (unlikely(len < sizeof(struct iphdr)))
> > +                     goto dishonest_packet_size;
> > +             if (INET_ECN_is_ce(PACKET_CB(skb)->ds))
> > +                     IP_ECN_set_ce(ip_hdr(skb));
> > +     } else if (skb->protocol == htons(ETH_P_IPV6)) {
> > +             len = ntohs(ipv6_hdr(skb)->payload_len) +
> > +                   sizeof(struct ipv6hdr);
> > +             if (INET_ECN_is_ce(PACKET_CB(skb)->ds))
> > +                     IP6_ECN_set_ce(skb, ipv6_hdr(skb));
> > +     } else
> []
> > +     skb_queue_walk (&packets, skb) {
> > +             /* 0 for no outer TOS: no leak. TODO: should we use flowi->tos
> > +              * as outer? */
> > +             PACKET_CB(skb)->ds = ip_tunnel_ecn_encap(0, ip_hdr(skb), skb);
> > +             PACKET_CB(skb)->nonce =
> > +                             atomic64_inc_return(&key->counter.counter) - 1;
> > +             if (unlikely(PACKET_CB(skb)->nonce >= REJECT_AFTER_MESSAGES))
> > +                     goto out_invalid;
> > +     }
> Hi,
>
> is there documentation and/or rationale for ecn handling?
> Quick search for ecn and dscp didn't reveal any.

ECN support was developed with Dave Taht so that it does the right
thing with CAKE and such. He's CC'd, so that he can fill in details,
and sure, we can write these up. As well, I can add the rationale for
the handshake-packet-specific DSCP value to the paper in the next few
days; thanks for pointing out these documentation oversights.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ