On 25.09.2018 16:56, Jason A. Donenfeld wrote:
> Extensive documentation and description of the protocol and
> considerations, along with formal proofs of the cryptography, are> available 
> at:
> 
>   * https://www.wireguard.com/
>   * https://www.wireguard.com/papers/wireguard.pdf
[]
> +enum { HANDSHAKE_DSCP = 0x88 /* AF41, plus 00 ECN */ };
[]
> +     if (skb->protocol == htons(ETH_P_IP)) {
> +             len = ntohs(ip_hdr(skb)->tot_len);
> +             if (unlikely(len < sizeof(struct iphdr)))
> +                     goto dishonest_packet_size;
> +             if (INET_ECN_is_ce(PACKET_CB(skb)->ds))
> +                     IP_ECN_set_ce(ip_hdr(skb));
> +     } else if (skb->protocol == htons(ETH_P_IPV6)) {
> +             len = ntohs(ipv6_hdr(skb)->payload_len) +
> +                   sizeof(struct ipv6hdr);
> +             if (INET_ECN_is_ce(PACKET_CB(skb)->ds))
> +                     IP6_ECN_set_ce(skb, ipv6_hdr(skb));
> +     } else
[]
> +     skb_queue_walk (&packets, skb) {
> +             /* 0 for no outer TOS: no leak. TODO: should we use flowi->tos
> +              * as outer? */
> +             PACKET_CB(skb)->ds = ip_tunnel_ecn_encap(0, ip_hdr(skb), skb);
> +             PACKET_CB(skb)->nonce =
> +                             atomic64_inc_return(&key->counter.counter) - 1;
> +             if (unlikely(PACKET_CB(skb)->nonce >= REJECT_AFTER_MESSAGES))
> +                     goto out_invalid;
> +     }
Hi,

is there documentation and/or rationale for ecn handling?
Quick search for ecn and dscp didn't reveal any.

Regards,
Ivan

Reply via email to