Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4721050imu; Mon, 12 Nov 2018 16:11:30 -0800 (PST) X-Google-Smtp-Source: AJdET5dR/aFfs62aQQjLYEycg8U2/lh5qlKfeWhV76/XWjbHSaf22iu99loxcblxO2PMBpqFogQj X-Received: by 2002:a62:3707:: with SMTP id e7-v6mr2909250pfa.70.1542067890869; Mon, 12 Nov 2018 16:11:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542067890; cv=none; d=google.com; s=arc-20160816; b=wxakywh244xAvoejP6wnhdlrkkD5C0kF4PRsSF9J2jivOp6XL+i7/wxlEmprE28qxb zaI4FNicZMsRszjlU9islyW8mftHfUi8YZl+BPoYu4Hgcs7UYF571Gv470fS1LdD/r2t ytqBFlW9+aeGMfrGk7RiPXjEScBKlxWcYoy7HeCf9hVy8UpgqeJ01e0qdOf3Aymblk0o blR8OCvXngm7XL6YSTPX4gG7p8+00RcZlQ9aM63TLO5nXfwx5zxsTUmMDvXTfVGo/m8i tWDlChxmv6HvobJZlUKYeKAbXLH63pk039Ttnp+4JojYelPhLG6maVE8QKJ9m2qRihWd pQiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=Q5Vh8BpfQhaRZB3IW7v6+hYQj9+PR8xSV25V/M1Laqc=; b=zY5ixYd3EhxZTU7ayI3+rH90Aa92BZgnb0FW73RpZn7M+JzvFVUeK2BISDWz3WKc2B n0Ytmt3bps5E5xyuGUtHcJ4Akcu3vDPcDRiKpF7PlhUmzeXKhJ+OBbz9+kT6iAS+k9aX hKz+rIrDZY3OevmYZt867923vrPepJkliXUIQinpYZg7MZFOdXaot0t0sCp1nGT39tGA iGc5qxZGmhk/aojaevxKrG2RaG1Ks0osfJdTE+lnIpyfrE8sMQhugoPFGONn7ikj9pxw IQY3Yk4XfPPNK9oZNgp/WPfcrEtiFXbYmyJxOq6vxyKPOKyhzG5n24mzMWSThJgdya2E 1tjA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ajrVC0bh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q17si3766195pfc.198.2018.11.12.16.11.14; Mon, 12 Nov 2018 16:11:30 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ajrVC0bh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730408AbeKMKGS (ORCPT + 99 others); Tue, 13 Nov 2018 05:06:18 -0500 Received: from mail-qk1-f182.google.com ([209.85.222.182]:38943 "EHLO mail-qk1-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725991AbeKMKGR (ORCPT ); Tue, 13 Nov 2018 05:06:17 -0500 Received: by mail-qk1-f182.google.com with SMTP id e4so16580213qkh.6; Mon, 12 Nov 2018 16:10:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Q5Vh8BpfQhaRZB3IW7v6+hYQj9+PR8xSV25V/M1Laqc=; b=ajrVC0bh2t5+i6Y5O3G0caD81BnNCrIi5lEbC0lXwWFikzYyPWdRZiZg456XwCQj8s WQl2nFxo9Oh+34UKuDk22jZiuI56ZUlyzwMM2HZ0OfdU9DPr8Y+E3cjPwrWofeayvIob laXWtWZ9MbzbB0lYKzDJZsrz5NO80OHeisEl31+J4rMr9HXi9Isc1Ja3nZhpRvZ4nJK+ lCxeQySb1Mdaw175+9k7kpQo8aglrttv6FNnkgg7BgPLU5tnzQoySLwut8iWy2jgt9ZL rTxPZZnYOEUuKrxewjQWaxoXSbY/ZmSGJsTvVZKGl366fZqsi0732Ilye5s+g2Ae2DYf Vl4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Q5Vh8BpfQhaRZB3IW7v6+hYQj9+PR8xSV25V/M1Laqc=; b=oHo/04VWCZxVRH6Rn6nNIHy5CMqcHKYICmIT15cCYRBPEDHxJolty/FKV4f0CUYN+k 7P8Oe0X6KtpXTPYhzzKZZcDq59OCAH4TtRcZF7Y53E5uHWZ1PDi5K0+eBxkVPOmP7WEy 2iwLjgeokEQowzBf3PSM5Fc4fFIoCJkG/bdoK/Mm7Jp9+rcPwEHC3RNGKXB30eSzKaVi LPprut46aYwV7lAwh4uJ3qW1P5oJT//nddat93Jsj5sZIq6uCYgHpTPzny9iWs/+OBuf OX8f4Mk0CHkuvrSSG+OEbWt+wGbunrWfD+W9hQb5SqmyMyr9lR/HO3KBj8mQt7/1cZbX OzJg== X-Gm-Message-State: AGRZ1gItKwmsBVdj6mdi5AGjk1zCRaY9IpGmCQGAiOTU6B5xV5H6HNyv NmIrppz0lv0penDk1tHfeaNpFK5CZhop3ORDt1o= X-Received: by 2002:ac8:326a:: with SMTP id y39mr2987105qta.175.1542067849106; Mon, 12 Nov 2018 16:10:49 -0800 (PST) MIME-Version: 1.0 References: <20180925145622.29959-1-Jason@zx2c4.com> <20180925145622.29959-24-Jason@zx2c4.com> <7830522a-968e-0880-beb7-44904466cf14@labo.rs> In-Reply-To: From: Dave Taht Date: Mon, 12 Nov 2018 16:10:36 -0800 Message-ID: Subject: Re: [PATCH net-next v6 23/23] net: WireGuard secure network tunnel To: "Jason A. Donenfeld" Cc: labokml@labo.rs, linux-kernel@vger.kernel.org, Linux Kernel Network Developers , linux-crypto@vger.kernel.org, "David S. Miller" , Greg Kroah-Hartman Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 12, 2018 at 3:54 PM Jason A. Donenfeld wrote: > > Hey Ivan, > > Sorry for not getting back to you sooner. > > On Mon, Nov 5, 2018 at 8:06 AM Ivan Lab=C3=A1th wrote: > > Any news on this? > > > > To be clear, question is not about an insignificant documentation > > oversight. It is about copying bits from inner packets to outer packets > > The short answer is RFC6040 with DSCP fixed to 0 so as not to leak > anything. I've added a description of this to > . you have a speling error (ECM). :) side note: I have to say that wireguard works really well with ecn and non-ecn marked = flows against codel and fq_codel on the bottleneck router. I'd still rather like it if wireguard focused a bit more on interleaving multiple flows better rather than on single stream benchmarks, one day. In this case, codel is managing things not fq and we could possibly shave a few ms of induced latency off of it in this particular test series: http://tun.taht.net/~d/wireguard/rrul_-_comcast_v6.png vs wireguard (doing it ivp6 over that ipv6) http://tun.taht.net/~d/wireguard/rrul_-_wireguard.png That said, I've been deploying wireguard widely in replacement of my old tinc network particularly on machines that were formerly cpu bottlenecked and am insanely pleased with it. what's a few extra ms of latency between friends? > > Regards, > Jason --=20 Dave T=C3=A4ht CTO, TekLibre, LLC http://www.teklibre.com Tel: 1-831-205-9740