lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 18 Feb 2020 16:00:24 +0800
From:   Hangbin Liu <liuhangbin@...il.com>
To:     David Miller <davem@...emloft.net>
Cc:     petrm@...lanox.com, pmachata@...il.com, netdev@...r.kernel.org,
        idosch@...lanox.com, petedaws@...il.com, daniel@...earbox.net
Subject: Re: [PATCH net] selftests: forwarding: vxlan_bridge_1d: fix tos value


Hi David,

Thanks for the comments. Please see the reply below.
On Mon, Feb 17, 2020 at 07:01:18PM -0800, David Miller wrote:
> > On Mon, Feb 17, 2020 at 11:40:13AM +0100, Petr Machata wrote:
> >> RFC2474 states that "DS field [...] is intended to supersede the
> >> existing definitions of the IPv4 TOS octet [RFC791] and the IPv6 Traffic
> >> Class octet [IPv6]". So the field should be assumed to contain DSCP from
> >> that point on. In my opinion, that makes commit 71130f29979c incorrect.
> >> 
> >> (And other similar uses of RT_TOS in other tunneling devices likewise.)
> > 
> > Yes, that's also what I mean, should we update RT_TOS to match
> > RFC2474?
> 
> The RT_TOS() value elides the two lowest bits so that we can store other
> pieces of binary state into those two lower bits.


In my understanding, RT_TOS() only omit the lowest bits and first 3 bit, as
it defined like:
#define RT_TOS(tos)     ((tos)&IPTOS_TOS_MASK)
#define IPTOS_TOS_MASK          0x1E

> IPv4/6 Header:0 |0 1 2 3 |0 1 2 3 |0 1 2 3 |0 1 2 3 |
> RFC2474(IPv4)   |Version |  IHL   |    DSCP     |ECN|
> RFC1349(IPv4)   |Version |  IHL   | PREC |  TOS   |X|

This looks that it's based on rfc1349. At the same time, we have function
INET_ECN_encapsulate() to respect of rfc2474, which elides the two lowest
bits to stor ECN.

But this two has some conflicts. RT_TOS() omit config tos with 3 PREC bits
and 1 ECN bit. INET_ECN_encapsulate() then omit 1 more ECN bits and set
new ECN based on inner header.

Petr mentioned(and I agree) that this would make us lost 3 DSCP bit info.
So what I though is we should update IPTOS_TOS_MASK to 0xFC, so we can
catch all DSCP field from config tos and leave the two lowest ECN bit
to INET_ECN_encapsulate().

> 
> So you can't just blindly change the RT_TOS() definition without breaking
> a bunch of things.

Yes, RT_TOS() was used in many places. I'm also afraid it may break
some old configs. But then I found that the current IPTOS_TOS_MASK
is more strict. It only take 4 bits(and 1 bit will be overwrite by ECN bit
later) from tos config. If we update it to 0xFC, it would take more
bits.

So what do you think?

Thanks
Hangbin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ