Thread (146 messages) 146 messages, 16 authors, 2018-11-13

Re: [PATCH net-next v6 23/23] net: WireGuard secure network tunnel

From: Ivan Labáth <hidden>
Date: 2018-11-05 13:06:51
Also in: linux-crypto, lkml 

On 26. 9. 2018 18:04, Jason A. Donenfeld wrote:
Hi Ivan,

On Wed, Sep 26, 2018 at 6:00 PM Ivan Labáth [off-list ref] wrote:
quoted
On 25.09.2018 16:56, Jason A. Donenfeld wrote:
quoted
Extensive documentation and description of the protocol and
considerations, along with formal proofs of the cryptography, are> available at:

  * https://www.wireguard.com/
  * https://www.wireguard.com/papers/wireguard.pdf
[]
quoted
+enum { HANDSHAKE_DSCP = 0x88 /* AF41, plus 00 ECN */ };
[]
quoted
+     if (skb->protocol == htons(ETH_P_IP)) {
+             len = ntohs(ip_hdr(skb)->tot_len);
+             if (unlikely(len < sizeof(struct iphdr)))
+                     goto dishonest_packet_size;
+             if (INET_ECN_is_ce(PACKET_CB(skb)->ds))
+                     IP_ECN_set_ce(ip_hdr(skb));
+     } else if (skb->protocol == htons(ETH_P_IPV6)) {
+             len = ntohs(ipv6_hdr(skb)->payload_len) +
+                   sizeof(struct ipv6hdr);
+             if (INET_ECN_is_ce(PACKET_CB(skb)->ds))
+                     IP6_ECN_set_ce(skb, ipv6_hdr(skb));
+     } else
[]
quoted
+     skb_queue_walk (&packets, skb) {
+             /* 0 for no outer TOS: no leak. TODO: should we use flowi->tos
+              * as outer? */
+             PACKET_CB(skb)->ds = ip_tunnel_ecn_encap(0, ip_hdr(skb), skb);
+             PACKET_CB(skb)->nonce =
+                             atomic64_inc_return(&key->counter.counter) - 1;
+             if (unlikely(PACKET_CB(skb)->nonce >= REJECT_AFTER_MESSAGES))
+                     goto out_invalid;
+     }
Hi,

is there documentation and/or rationale for ecn handling?
Quick search for ecn and dscp didn't reveal any.
ECN support was developed with Dave Taht so that it does the right
thing with CAKE and such. He's CC'd, so that he can fill in details,
and sure, we can write these up. As well, I can add the rationale for
the handshake-packet-specific DSCP value to the paper in the next few
days; thanks for pointing out these documentation oversights.

Jason
Any news on this?

To be clear, question is not about an insignificant documentation
oversight. It is about copying bits from inner packets to outer packets
of a secure* tunnel and documenting it AFAICT nowhere, while claiming
extensive documentation.

* it really should be specified what secure tunnel means, as it has many
plausible interpretations and wireguard surely does not fulfill all of them.

Ivan
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help