[WireGuard] fq, ecn, etc with wireguard

Dave Taht dave.taht at gmail.com
Mon Aug 29 21:50:16 CEST 2016


Nice to see you so quickly being productive. I am still constructing a
reply to your previous message.

Rather than try to expand your macros, my mental model on encode is

if(inner_dscp & 3) outer_dscp = (outer_dscp & 3) | (inner_dscp & 3);

decode is different. A bad actor could, for example, flip the outer
ecn bits from ect(1) to ect(0) (which have different meanings in the
l4s effort in the ietf),  or set the outer to CE (one evil ISP did
this until the worldwide test by apple last year for ecn capability
got them to fix it), when the inner is not ECN capable at all.

if(itos = inner_dscp & 3) if (otos = outer_dscp & 3)  if(otos == 3)
itos = itos | 3;

I see you are using the cb to temporarily store these bits. If we end
up sneaking fq_codel into there, you'll also need space for a
timestamp and another field.....

I didn't even know ip_tunnel_get_dsfield() even existed!


More information about the WireGuard mailing list