Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp932922imm; Wed, 26 Sep 2018 09:01:02 -0700 (PDT) X-Google-Smtp-Source: ACcGV62cTn1lq3wsY44MJmySOWKwyLlNdCK7xGczGoskNVuFfq37imXT5KibdKlnDMDE4ndLCHTf X-Received: by 2002:a63:f744:: with SMTP id f4-v6mr6357356pgk.410.1537977662266; Wed, 26 Sep 2018 09:01:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537977662; cv=none; d=google.com; s=arc-20160816; b=waAm1foE6YIcLWYYqb34VcJwOW7YSqh5D5a1UB5ihOD2/bxgy90rdE17oxs/JutYtH ciWI0/aDsZZ9pzaM7NMqq6rVmAJA9fvk6QIw1t8EhrwprcqzFtYUU+U24yJBK2+o1zhC havQvxCp5c6Wc6RGzTMVzH2scXViiZjV6BtLaqf0h33B3DO6FVUHmifw5vjMjSLSTPVq aizHWA/C2x7HP1IFNGsskPjdC8ssI5E5d799PEMf7OXEA5X7F/7Fk/guWvWD0i0mJ70V sbffT16XRuyXCtg8qqPzsN70dY4HvEtm37OSOWamgYEY5+sUx7UE1yysMqUc96jzx03H acMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:to:subject:dkim-signature:dkim-signature; bh=uLc7wKq5Yp3OVG0DPz0gyBleHJHCErSatM5smeAN00Q=; b=cfKuqTAW7kwi03h3HLpOmEwdm7/DXssMLdybmPIepr+Y/hz6fGilaR+sVykKHkCgzc 0PdUUwxcJfiy1xsDl5W/o6yvAM0bBJR9SBiHphTLTdg8BpfjnwmzlriY1kmqWvTFR07S SkYgFh14mYhLv8a35ocHMtp8AoInFekhXlQmwTbhSKSkgVzLqCGA4gRkGLVZyXueShfn SqC90fdEczcIz4TOLB50NuWwuhDO7dZKgjyuICierZjGBM1ugxUqdg3t07f5cx6/DESH mYVIe8ZXFSCaA13Fm/isqHzgLcBJAT4yCSXDG5hVWKVvd+SZwqtrlcwv2Sdw42149IgU FWHg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@labo.rs header.s=fm3 header.b=VbhQcJKA; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=Xw1UVnSc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d41-v6si5558530pla.172.2018.09.26.09.00.46; Wed, 26 Sep 2018 09:01:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@labo.rs header.s=fm3 header.b=VbhQcJKA; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=Xw1UVnSc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728469AbeIZWOM (ORCPT + 99 others); Wed, 26 Sep 2018 18:14:12 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:43305 "EHLO out1-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727280AbeIZWOL (ORCPT ); Wed, 26 Sep 2018 18:14:11 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 4234821CDD; Wed, 26 Sep 2018 12:00:35 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Wed, 26 Sep 2018 12:00:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=labo.rs; h= content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=uLc7wKq5Yp3OVG0DPz0gyBleHJHCE rSatM5smeAN00Q=; b=VbhQcJKAHC2tl25Y9rWqipyEJ33vO1g9O4Pfv2HevxFoj rvGGCeeLx4efe2eRTfkygaIQIjkk2cB+QnjIv7UkzwVX9EM5tyjt5XGFKFoOmhrH yRe/Rr684XsfNcwh0lHs423IUBp8fs4g8BAIz9qeNP/Crp9vSukz+PFDMJ+ooF9J O8Xtmhy7IF41mhDBpvwlqKPGvji0SSXAW2iD829M1+CeA0dbKm/fznCN/zdFBuul qbWcAqrbaevvcnPqLkiTZocp7Qg6TXgqwckaTQt93YoJdINzspZfKOTw3kndnxrg Ln3z7Xfu7hkPlXja0oUzSeXe5Z6IKg99LcNz99LZQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=uLc7wK q5Yp3OVG0DPz0gyBleHJHCErSatM5smeAN00Q=; b=Xw1UVnSctD2X83rDWCos8E e7WMp9gaV82ccAggk6gVfQvp352zUOrLCXzoKioNvoPh5pPNhfU4eNaahfT5v/5q LfZijb9Ep01e3cYvma00BJonwsvaV1WNB/b1zX0Ys0vGK9eNtu97XCPNM/nYFLwq 9TFUwe7JWOo3e93RVJzA82p7b/Qg4Yk2bC04VolOdRPjdVyY1pQaGtXNykCNNleW ApRswVhKLU4m/DamfotFLbmKJ5Yo3SJTDQgIVOfpXbD9cC/aZP6+aQ+KQDMc3Ug5 9jjIBhyqebmo3hCNNL/45Kbgov3/w9VIZHb32uj9NNd285kkbwpcIQmnzFvGFABQ == X-ME-Proxy: X-ME-Sender: Received: from [0.0.0.0] (lada.labath.rs [185.194.239.81]) by mail.messagingengine.com (Postfix) with ESMTPA id 44D29E461E; Wed, 26 Sep 2018 12:00:33 -0400 (EDT) Subject: Re: [PATCH net-next v6 23/23] net: WireGuard secure network tunnel To: "Jason A. Donenfeld" , linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-crypto@vger.kernel.org, davem@davemloft.net, gregkh@linuxfoundation.org References: <20180925145622.29959-1-Jason@zx2c4.com> <20180925145622.29959-24-Jason@zx2c4.com> From: =?UTF-8?Q?Ivan_Lab=c3=a1th?= Message-ID: <7830522a-968e-0880-beb7-44904466cf14@labo.rs> Date: Wed, 26 Sep 2018 18:00:31 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20180925145622.29959-24-Jason@zx2c4.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 25.09.2018 16:56, Jason A. Donenfeld wrote: > Extensive documentation and description of the protocol and > considerations, along with formal proofs of the cryptography, are> available at: > > * https://www.wireguard.com/ > * https://www.wireguard.com/papers/wireguard.pdf [] > +enum { HANDSHAKE_DSCP = 0x88 /* AF41, plus 00 ECN */ }; [] > + if (skb->protocol == htons(ETH_P_IP)) { > + len = ntohs(ip_hdr(skb)->tot_len); > + if (unlikely(len < sizeof(struct iphdr))) > + goto dishonest_packet_size; > + if (INET_ECN_is_ce(PACKET_CB(skb)->ds)) > + IP_ECN_set_ce(ip_hdr(skb)); > + } else if (skb->protocol == htons(ETH_P_IPV6)) { > + len = ntohs(ipv6_hdr(skb)->payload_len) + > + sizeof(struct ipv6hdr); > + if (INET_ECN_is_ce(PACKET_CB(skb)->ds)) > + IP6_ECN_set_ce(skb, ipv6_hdr(skb)); > + } else [] > + skb_queue_walk (&packets, skb) { > + /* 0 for no outer TOS: no leak. TODO: should we use flowi->tos > + * as outer? */ > + PACKET_CB(skb)->ds = ip_tunnel_ecn_encap(0, ip_hdr(skb), skb); > + PACKET_CB(skb)->nonce = > + atomic64_inc_return(&key->counter.counter) - 1; > + if (unlikely(PACKET_CB(skb)->nonce >= REJECT_AFTER_MESSAGES)) > + goto out_invalid; > + } Hi, is there documentation and/or rationale for ecn handling? Quick search for ecn and dscp didn't reveal any. Regards, Ivan