Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp932922imm;
        Wed, 26 Sep 2018 09:01:02 -0700 (PDT)
X-Google-Smtp-Source: ACcGV62cTn1lq3wsY44MJmySOWKwyLlNdCK7xGczGoskNVuFfq37imXT5KibdKlnDMDE4ndLCHTf
X-Received: by 2002:a63:f744:: with SMTP id f4-v6mr6357356pgk.410.1537977662266;
        Wed, 26 Sep 2018 09:01:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1537977662; cv=none;
        d=google.com; s=arc-20160816;
        b=waAm1foE6YIcLWYYqb34VcJwOW7YSqh5D5a1UB5ihOD2/bxgy90rdE17oxs/JutYtH
         ciWI0/aDsZZ9pzaM7NMqq6rVmAJA9fvk6QIw1t8EhrwprcqzFtYUU+U24yJBK2+o1zhC
         havQvxCp5c6Wc6RGzTMVzH2scXViiZjV6BtLaqf0h33B3DO6FVUHmifw5vjMjSLSTPVq
         aizHWA/C2x7HP1IFNGsskPjdC8ssI5E5d799PEMf7OXEA5X7F/7Fk/guWvWD0i0mJ70V
         sbffT16XRuyXCtg8qqPzsN70dY4HvEtm37OSOWamgYEY5+sUx7UE1yysMqUc96jzx03H
         acMA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:to:subject:dkim-signature:dkim-signature;
        bh=uLc7wKq5Yp3OVG0DPz0gyBleHJHCErSatM5smeAN00Q=;
        b=cfKuqTAW7kwi03h3HLpOmEwdm7/DXssMLdybmPIepr+Y/hz6fGilaR+sVykKHkCgzc
         0PdUUwxcJfiy1xsDl5W/o6yvAM0bBJR9SBiHphTLTdg8BpfjnwmzlriY1kmqWvTFR07S
         SkYgFh14mYhLv8a35ocHMtp8AoInFekhXlQmwTbhSKSkgVzLqCGA4gRkGLVZyXueShfn
         SqC90fdEczcIz4TOLB50NuWwuhDO7dZKgjyuICierZjGBM1ugxUqdg3t07f5cx6/DESH
         mYVIe8ZXFSCaA13Fm/isqHzgLcBJAT4yCSXDG5hVWKVvd+SZwqtrlcwv2Sdw42149IgU
         FWHg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@labo.rs header.s=fm3 header.b=VbhQcJKA;
       dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=Xw1UVnSc;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d41-v6si5558530pla.172.2018.09.26.09.00.46;
        Wed, 26 Sep 2018 09:01:02 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@labo.rs header.s=fm3 header.b=VbhQcJKA;
       dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=Xw1UVnSc;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728469AbeIZWOM (ORCPT <rfc822;xqjcool@gmail.com> + 99 others);
        Wed, 26 Sep 2018 18:14:12 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:43305 "EHLO
        out1-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1727280AbeIZWOL (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 26 Sep 2018 18:14:11 -0400
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42])
        by mailout.nyi.internal (Postfix) with ESMTP id 4234821CDD;
        Wed, 26 Sep 2018 12:00:35 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
  by compute2.internal (MEProxy); Wed, 26 Sep 2018 12:00:35 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=labo.rs; h=
        content-transfer-encoding:content-type:date:from:in-reply-to
        :message-id:mime-version:references:subject:to:x-me-sender
        :x-me-sender:x-sasl-enc; s=fm3; bh=uLc7wKq5Yp3OVG0DPz0gyBleHJHCE
        rSatM5smeAN00Q=; b=VbhQcJKAHC2tl25Y9rWqipyEJ33vO1g9O4Pfv2HevxFoj
        rvGGCeeLx4efe2eRTfkygaIQIjkk2cB+QnjIv7UkzwVX9EM5tyjt5XGFKFoOmhrH
        yRe/Rr684XsfNcwh0lHs423IUBp8fs4g8BAIz9qeNP/Crp9vSukz+PFDMJ+ooF9J
        O8Xtmhy7IF41mhDBpvwlqKPGvji0SSXAW2iD829M1+CeA0dbKm/fznCN/zdFBuul
        qbWcAqrbaevvcnPqLkiTZocp7Qg6TXgqwckaTQt93YoJdINzspZfKOTw3kndnxrg
        Ln3z7Xfu7hkPlXja0oUzSeXe5Z6IKg99LcNz99LZQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
        messagingengine.com; h=content-transfer-encoding:content-type
        :date:from:in-reply-to:message-id:mime-version:references
        :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=uLc7wK
        q5Yp3OVG0DPz0gyBleHJHCErSatM5smeAN00Q=; b=Xw1UVnSctD2X83rDWCos8E
        e7WMp9gaV82ccAggk6gVfQvp352zUOrLCXzoKioNvoPh5pPNhfU4eNaahfT5v/5q
        LfZijb9Ep01e3cYvma00BJonwsvaV1WNB/b1zX0Ys0vGK9eNtu97XCPNM/nYFLwq
        9TFUwe7JWOo3e93RVJzA82p7b/Qg4Yk2bC04VolOdRPjdVyY1pQaGtXNykCNNleW
        ApRswVhKLU4m/DamfotFLbmKJ5Yo3SJTDQgIVOfpXbD9cC/aZP6+aQ+KQDMc3Ug5
        9jjIBhyqebmo3hCNNL/45Kbgov3/w9VIZHb32uj9NNd285kkbwpcIQmnzFvGFABQ
        ==
X-ME-Proxy: <xmx:Iq2rWxbhxY86DjJ-KDC8U_0kOYeCh-pstTI8FIViByVoLEA83l6L_g>
    <xmx:Iq2rW4mQC8ikIsiqZH0zLdeMqIOVY314Z1BJYu09ZLQJhr_Gesr4-w>
    <xmx:Iq2rW1zp7cRNveF85kBm7sti9URWSI-qjAeAVXQIdbHCpoP0KaGC4A>
    <xmx:Iq2rW-OBi2vhIy21aTtMtPuFFLOSgvhqnl2rc64kzu7mmDb-YdOXSw>
    <xmx:Iq2rWxQr9FUVbnmxHgubc2WuFPJcBHDrToyQla3NfwY82a26-fbOdw>
    <xmx:I62rW6ggKbRJWxkElzAwcMELfqOe5gRGOGTz6wiO76L0TJDs6gKWdA>
X-ME-Sender: <xms:Iq2rWyFKtg_pRqPrhPSCeIiV0YPxnNM8OtdKm1-DLanCpUeBK83ezw>
Received: from [0.0.0.0] (lada.labath.rs [185.194.239.81])
        by mail.messagingengine.com (Postfix) with ESMTPA id 44D29E461E;
        Wed, 26 Sep 2018 12:00:33 -0400 (EDT)
Subject: Re: [PATCH net-next v6 23/23] net: WireGuard secure network tunnel
To:     "Jason A. Donenfeld" <Jason@zx2c4.com>,
        linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
        linux-crypto@vger.kernel.org, davem@davemloft.net,
        gregkh@linuxfoundation.org
References: <20180925145622.29959-1-Jason@zx2c4.com>
 <20180925145622.29959-24-Jason@zx2c4.com>
From:   =?UTF-8?Q?Ivan_Lab=c3=a1th?= <labokml@labo.rs>
Message-ID: <7830522a-968e-0880-beb7-44904466cf14@labo.rs>
Date:   Wed, 26 Sep 2018 18:00:31 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <20180925145622.29959-24-Jason@zx2c4.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 25.09.2018 16:56, Jason A. Donenfeld wrote:
> Extensive documentation and description of the protocol and
> considerations, along with formal proofs of the cryptography, are> available at:
> 
>   * https://www.wireguard.com/
>   * https://www.wireguard.com/papers/wireguard.pdf
[]
> +enum { HANDSHAKE_DSCP = 0x88 /* AF41, plus 00 ECN */ };
[]
> +	if (skb->protocol == htons(ETH_P_IP)) {
> +		len = ntohs(ip_hdr(skb)->tot_len);
> +		if (unlikely(len < sizeof(struct iphdr)))
> +			goto dishonest_packet_size;
> +		if (INET_ECN_is_ce(PACKET_CB(skb)->ds))
> +			IP_ECN_set_ce(ip_hdr(skb));
> +	} else if (skb->protocol == htons(ETH_P_IPV6)) {
> +		len = ntohs(ipv6_hdr(skb)->payload_len) +
> +		      sizeof(struct ipv6hdr);
> +		if (INET_ECN_is_ce(PACKET_CB(skb)->ds))
> +			IP6_ECN_set_ce(skb, ipv6_hdr(skb));
> +	} else
[]
> +	skb_queue_walk (&packets, skb) {
> +		/* 0 for no outer TOS: no leak. TODO: should we use flowi->tos
> +		 * as outer? */
> +		PACKET_CB(skb)->ds = ip_tunnel_ecn_encap(0, ip_hdr(skb), skb);
> +		PACKET_CB(skb)->nonce =
> +				atomic64_inc_return(&key->counter.counter) - 1;
> +		if (unlikely(PACKET_CB(skb)->nonce >= REJECT_AFTER_MESSAGES))
> +			goto out_invalid;
> +	}
Hi,

is there documentation and/or rationale for ecn handling?
Quick search for ecn and dscp didn't reveal any.

Regards,
Ivan