"Jason A. Donenfeld" <ja...@zx2c4.com> writes: > On Mon, Apr 27, 2020 at 3:16 PM Toke Høiland-Jørgensen <t...@redhat.com> > wrote: >> >> WireGuard currently only propagates ECN markings on tunnel decap according >> to the old RFC3168 specification. However, the spec has since been updated >> in RFC6040 to recommend slightly different decapsulation semantics. This >> was implemented in the kernel as a set of common helpers for ECN >> decapsulation, so let's just switch over WireGuard to using those, so it >> can benefit from this enhancement and any future tweaks. >> >> RFC6040 also recommends dropping packets on certain combinations of >> erroneous code points on the inner and outer packet headers which shouldn't >> appear in normal operation. The helper signals this by a return value > 1, >> so also add a handler for this case. > > Thanks for the details in your other email and for this v2. I've > applied this to the wireguard tree and will send things up to net > later this week with a few other things brewing there.
Thanks! > By the way, the original code came out of a discussion I had with Dave > Taht while I was coding this on an airplane many years ago. I read > some old RFCs, made some changes, he tested them with cake, and told > me that the behavior looked correct. And that's about as far as I've > forayed into ECN land with WireGuard. It seems like it might be > helpful (at some point) to add something to the netns.sh test to make > sure that all this machinery is actually working and continues to work > properly as things change in the future. Yeah, good point. I guess I can look into that too at some point :) -Toke
