[tsvwg] l4s and sce testing on vpns

Dave Taht <dave.taht@gmail.com> Mon, 22 February 2021 01:53 UTC

Return-Path: <dave.taht@gmail.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 19A1D3A0BDE for <tsvwg@ietfa.amsl.com>; Sun, 21 Feb 2021 17:53:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, TRACKER_ID=0.1, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id mVK2sNyOjk6v for <tsvwg@ietfa.amsl.com>; Sun, 21 Feb 2021 17:53:23 -0800 (PST)
Received: from mail-il1-x135.google.com (mail-il1-x135.google.com [IPv6:2607:f8b0:4864:20::135]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9688B3A0BD7 for <tsvwg@ietf.org>; Sun, 21 Feb 2021 17:53:22 -0800 (PST)
Received: by mail-il1-x135.google.com with SMTP id k2so1513896ili.4 for <tsvwg@ietf.org>; Sun, 21 Feb 2021 17:53:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=gxoFDKPA+MTM8OsB5emNPIwgHgqTx5X1k8EI12vzm1M=; b=dPNZKgBUEMcTyHIe1BMKTdavN5KSyDP/wcy7+ktiVXpazs31y+m/kZMCxdtQmrm+s3 4mvrbGEi3tAMqpsFQ8w6DyVtD2VZg8+6hm52rUmeLwzp8WlQxI+R3s4jWYEWu+ARmb0y L16hBm6BWV4b8OhyJXUPspCpuJyzQq5gqCffhwULOnByomVsjGbNU5fA/DWz+LtL+4NZ fP6Ee2L/Oxhztt2T9VW9qnXldHj9vX3E0738Dfi+qvHA8kLWJXvtCmtaFLKzq5dWd1ud jjqWNJeFl/gYf31JJt1Gu46Zeem4ptnnJ9KMydNSUWj1Ggl8HV7lgyc5mvODNVmMZtQ1 lvgg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=gxoFDKPA+MTM8OsB5emNPIwgHgqTx5X1k8EI12vzm1M=; b=UCGCfA4T0e/cQlRaLKCLX2gTmefeO1TgHQnm4tjNsClSPdRZMnh+JrkQ4PA/+xtpGg JPSgJPARUq3THs1jhPhqtq4ukylSuzbdpAREkCyUE+slmSyCW/2k73IGwiW+YGQT6shA 1WzfiWg+AkCzQxRQI4emOPWOZJWHMia1ZZTwUpaHw5M4ZbZyuLu56A3BQd5qoSwxKtnN RfUreAxIDXr2/sgKDDis93NEE3SxRkChbfuy/4EXuP1eIxP/CUQuNylv3eBvLw6VAg/o EaQrtNdvZsbxUJgRJMRgezh1D3NMpSb0Qcp/vYDKqRHmL43rGzGDsA0RwyN7RHpT1LEN j7fg==
X-Gm-Message-State: AOAM5324BqIktiusxbCmLGnfM9MU9ZJQZ6tUrxYYZVyxiGyXjZKnWKvO 6ZPFpxNBSMcLhsCtbCotboDa1VXf4LEspHgoGbsJ9cjWl67erg==
X-Google-Smtp-Source: ABdhPJyU/jgj3cQ6m7Xf5zLZlhy0nIcjHxHY5KPB6PNKi1HSyOjQkiZKTlZncCreCG7Vw8Bm2BqiEVCEjjTL/q5txdE=
X-Received: by 2002:a05:6e02:1381:: with SMTP id d1mr2437873ilo.45.1613958801174; Sun, 21 Feb 2021 17:53:21 -0800 (PST)
MIME-Version: 1.0
From: Dave Taht <dave.taht@gmail.com>
Date: Sun, 21 Feb 2021 17:53:09 -0800
Message-ID: <CAA93jw7Jo=adYmJBqt5DC=WUB8W3wzjOVWQj2Kd4APtnzg08aA@mail.gmail.com>
To: tsvwg IETF list <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/DB0G_n7SkYjpMjnyRwipZRn2W00>
Subject: [tsvwg] l4s and sce testing on vpns
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Feb 2021 01:53:25 -0000

The last time I paid attention to all this, I'd called for more
testing. While a minority opinion at the time, in particular, I'd
wanted a survey of the scope and extent of this vpn decapsulation bug
in linux, to see how serious it was, and to see if it was in any other
operating systems or hardware, particularly firewalling
products like checkpoint, etc. I felt it would take a very, very long
time to flush it out of the field, regardless

Most recently endianess was fixed in this commit:


Author: Toke Høiland-Jørgensen <toke@redhat.com>
Date:   Mon Nov 30 19:37:05 2020 +0100

    inet_ecn: Fix endianness of checksum update when setting ECT(1)

    When adding support for propagating ECT(1) marking in IP headers it seems I
    suffered from endianness-confusion in the checksum update calculation: In
    fact the ECN field is in the *lower* bits of the first 16-bit word of the
    IP header when calculating in network byte order. This means that the
    addition performed to update the checksum field was wrong; let's fix that.

    Fixes: b723748750ec ("tunnel: Propagate ECT(1) when decapsulating as recomme
nded by RFC6040")
    Reported-by: Jonathan Morton <chromatix99@gmail.com>
    Tested-by: Pete Heist <pete@heistp.net>
    Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
    Link: https://lore.kernel.org/r/20201130183705.17540-1-toke@redhat.com
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Has anyone done a study/survey of the effects of this fix and the
original attempt? Was a detection method for L4S derived for it?

There were more than a few other things I'd wanted tested since last
time. I've read over the SCE and L4S related reports as of, august, or
so of
last year, is there new data?

Have the L4S and SCE codebases been updated to modern kernels so they
can be easily tested again?

"For a successful technology, reality must take precedence over public
relations, for Mother Nature cannot be fooled" - Richard Feynman

dave@taht.net <Dave Täht> CTO, TekLibre, LLC Tel: 1-831-435-0729