Re: [PATCH net-next v6 23/23] net: WireGuard secure network tunnel
From: Ivan Labáth <hidden>
Date: 2018-09-26 16:00:38
Also in:
lkml, netdev
On 25.09.2018 16:56, Jason A. Donenfeld wrote:
Extensive documentation and description of the protocol and considerations, along with formal proofs of the cryptography, are> available at: * https://www.wireguard.com/ * https://www.wireguard.com/papers/wireguard.pdf
[]
+enum { HANDSHAKE_DSCP = 0x88 /* AF41, plus 00 ECN */ };[]
+ if (skb->protocol == htons(ETH_P_IP)) {
+ len = ntohs(ip_hdr(skb)->tot_len);
+ if (unlikely(len < sizeof(struct iphdr)))
+ goto dishonest_packet_size;
+ if (INET_ECN_is_ce(PACKET_CB(skb)->ds))
+ IP_ECN_set_ce(ip_hdr(skb));
+ } else if (skb->protocol == htons(ETH_P_IPV6)) {
+ len = ntohs(ipv6_hdr(skb)->payload_len) +
+ sizeof(struct ipv6hdr);
+ if (INET_ECN_is_ce(PACKET_CB(skb)->ds))
+ IP6_ECN_set_ce(skb, ipv6_hdr(skb));
+ } else[]
+ skb_queue_walk (&packets, skb) {
+ /* 0 for no outer TOS: no leak. TODO: should we use flowi->tos
+ * as outer? */
+ PACKET_CB(skb)->ds = ip_tunnel_ecn_encap(0, ip_hdr(skb), skb);
+ PACKET_CB(skb)->nonce =
+ atomic64_inc_return(&key->counter.counter) - 1;
+ if (unlikely(PACKET_CB(skb)->nonce >= REJECT_AFTER_MESSAGES))
+ goto out_invalid;
+ }Hi, is there documentation and/or rationale for ecn handling? Quick search for ecn and dscp didn't reveal any. Regards, Ivan