On 25.09.2018 16:56, Jason A. Donenfeld wrote: > Extensive documentation and description of the protocol and > considerations, along with formal proofs of the cryptography, are> available at: > > * https://www.wireguard.com/ > * https://www.wireguard.com/papers/wireguard.pdf [] > +enum { HANDSHAKE_DSCP = 0x88 /* AF41, plus 00 ECN */ }; [] > + if (skb->protocol == htons(ETH_P_IP)) { > + len = ntohs(ip_hdr(skb)->tot_len); > + if (unlikely(len < sizeof(struct iphdr))) > + goto dishonest_packet_size; > + if (INET_ECN_is_ce(PACKET_CB(skb)->ds)) > + IP_ECN_set_ce(ip_hdr(skb)); > + } else if (skb->protocol == htons(ETH_P_IPV6)) { > + len = ntohs(ipv6_hdr(skb)->payload_len) + > + sizeof(struct ipv6hdr); > + if (INET_ECN_is_ce(PACKET_CB(skb)->ds)) > + IP6_ECN_set_ce(skb, ipv6_hdr(skb)); > + } else [] > + skb_queue_walk (&packets, skb) { > + /* 0 for no outer TOS: no leak. TODO: should we use flowi->tos > + * as outer? */ > + PACKET_CB(skb)->ds = ip_tunnel_ecn_encap(0, ip_hdr(skb), skb); > + PACKET_CB(skb)->nonce = > + atomic64_inc_return(&key->counter.counter) - 1; > + if (unlikely(PACKET_CB(skb)->nonce >= REJECT_AFTER_MESSAGES)) > + goto out_invalid; > + } Hi, is there documentation and/or rationale for ecn handling? Quick search for ecn and dscp didn't reveal any. Regards, Ivan
