lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CANn89iKAUB4JOoHDPrxsRDeBTXPEF8Fu4ab2O_w2QTnRNXJvzg@mail.gmail.com>
Date: Thu, 21 Aug 2025 05:22:10 -0700
From: Eric Dumazet <edumazet@...gle.com>
To: chia-yu.chang@...ia-bell-labs.com
Cc: pabeni@...hat.com, linux-doc@...r.kernel.org, corbet@....net, 
	horms@...nel.org, dsahern@...nel.org, kuniyu@...zon.com, bpf@...r.kernel.org, 
	netdev@...r.kernel.org, dave.taht@...il.com, jhs@...atatu.com, 
	kuba@...nel.org, stephen@...workplumber.org, xiyou.wangcong@...il.com, 
	jiri@...nulli.us, davem@...emloft.net, andrew+netdev@...n.ch, 
	donald.hunter@...il.com, ast@...erby.net, liuhangbin@...il.com, 
	shuah@...nel.org, linux-kselftest@...r.kernel.org, ij@...nel.org, 
	ncardwell@...gle.com, koen.de_schepper@...ia-bell-labs.com, 
	g.white@...lelabs.com, ingemar.s.johansson@...csson.com, 
	mirja.kuehlewind@...csson.com, cheshire@...le.com, rs.ietf@....at, 
	Jason_Livingood@...cast.com, vidhi_goel@...le.com, 
	Olivier Tilmans <olivier.tilmans@...ia.com>
Subject: Re: [PATCH v15 net-next 06/14] tcp: accecn: AccECN negotiation

On Fri, Aug 15, 2025 at 1:39 AM <chia-yu.chang@...ia-bell-labs.com> wrote:
>
> From: Ilpo Järvinen <ij@...nel.org>
>
> Accurate ECN negotiation parts based on the specification:
>   https://tools.ietf.org/id/draft-ietf-tcpm-accurate-ecn-28.txt
>
> Accurate ECN is negotiated using ECE, CWR and AE flags in the
> TCP header. TCP falls back into using RFC3168 ECN if one of the
> ends supports only RFC3168-style ECN.
>
> The AccECN negotiation includes reflecting IP ECN field value
> seen in SYN and SYNACK back using the same bits as negotiation
> to allow responding to SYN CE marks and to detect ECN field
> mangling. CE marks should not occur currently because SYN=1
> segments are sent with Non-ECT in IP ECN field (but proposal
> exists to remove this restriction).
>
> Reflecting SYN IP ECN field in SYNACK is relatively simple.
> Reflecting SYNACK IP ECN field in the final/third ACK of
> the handshake is more challenging. Linux TCP code is not well
> prepared for using the final/third ACK a signalling channel
> which makes things somewhat complicated here.
>
> tcp_ecn sysctl can be used to select the highest ECN variant
> (Accurate ECN, ECN, No ECN) that is attemped to be negotiated and
> requested for incoming connection and outgoing connection:
> TCP_ECN_IN_NOECN_OUT_NOECN, TCP_ECN_IN_ECN_OUT_ECN,
> TCP_ECN_IN_ECN_OUT_NOECN, TCP_ECN_IN_ACCECN_OUT_ACCECN,
> TCP_ECN_IN_ACCECN_OUT_ECN, and TCP_ECN_IN_ACCECN_OUT_NOECN.
>
> After this patch, the size of tcp_request_sock remains unchanged
> and no new holes are added. Below are the pahole outcomes before
> and after this patch:
>
>

> Signed-off-by: Ilpo Järvinen <ij@...nel.org>
> Co-developed-by: Olivier Tilmans <olivier.tilmans@...ia.com>
> Signed-off-by: Olivier Tilmans <olivier.tilmans@...ia.com>
> Co-developed-by: Chia-Yu Chang <chia-yu.chang@...ia-bell-labs.com>
> Signed-off-by: Chia-Yu Chang <chia-yu.chang@...ia-bell-labs.com>
> Acked-by: Paolo Abeni <pabeni@...hat.com>
>


> +       if (tp->ecn_flags & TCP_ECN_MODE_ACCECN) {
> +               TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_ACE;
> +               TCP_SKB_CB(skb)->tcp_flags |=
> +                       tcp_accecn_reflector_flags(tp->syn_ect_rcv);
> +               tp->syn_ect_snt = inet_sk(sk)->tos & INET_ECN_MASK;
> +       }
>  }
>
>  /* Packet ECN state for a SYN.  */
> @@ -125,8 +377,20 @@ static inline void tcp_ecn_send_syn(struct sock *sk, struct sk_buff *skb)
>  {
>         struct tcp_sock *tp = tcp_sk(sk);
>         bool bpf_needs_ecn = tcp_bpf_ca_needs_ecn(sk);
> -       bool use_ecn = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_ecn) == 1 ||
> -               tcp_ca_needs_ecn(sk) || bpf_needs_ecn;
> +       bool use_ecn, use_accecn;
> +       u8 tcp_ecn = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_ecn);
> +
> +       /* +================+===========================+
> +        * | tcp_ecn values |    Outgoing connections   |
> +        * +================+===========================+
> +        * |     0,2,5      |     Do not request ECN    |
> +        * |      1,4       |   Request ECN connection  |
> +        * |       3        | Request AccECN connection |
> +        * +================+===========================+
> +        */

You have nice macros, maybe use them ?

      TCP_ECN_IN_NOECN_OUT_NOECN = 0,
       TCP_ECN_IN_ECN_OUT_ECN = 1,
       TCP_ECN_IN_ECN_OUT_NOECN = 2,
       TCP_ECN_IN_ACCECN_OUT_ACCECN = 3,
       TCP_ECN_IN_ACCECN_OUT_ECN = 4,
       TCP_ECN_IN_ACCECN_OUT_NOECN = 5,

This can be done later, no need to respin.

Reviewed-by: Eric Dumazet <edumazet@...gle.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ