[tsvwg] l4s and sce testing on vpns
Dave Taht <dave.taht@gmail.com> Mon, 22 February 2021 01:53 UTC
Return-Path: <dave.taht@gmail.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19A1D3A0BDE for <tsvwg@ietfa.amsl.com>; Sun, 21 Feb 2021 17:53:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, TRACKER_ID=0.1, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mVK2sNyOjk6v for <tsvwg@ietfa.amsl.com>; Sun, 21 Feb 2021 17:53:23 -0800 (PST)
Received: from mail-il1-x135.google.com (mail-il1-x135.google.com [IPv6:2607:f8b0:4864:20::135]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9688B3A0BD7 for <tsvwg@ietf.org>; Sun, 21 Feb 2021 17:53:22 -0800 (PST)
Received: by mail-il1-x135.google.com with SMTP id k2so1513896ili.4 for <tsvwg@ietf.org>; Sun, 21 Feb 2021 17:53:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=gxoFDKPA+MTM8OsB5emNPIwgHgqTx5X1k8EI12vzm1M=; b=dPNZKgBUEMcTyHIe1BMKTdavN5KSyDP/wcy7+ktiVXpazs31y+m/kZMCxdtQmrm+s3 4mvrbGEi3tAMqpsFQ8w6DyVtD2VZg8+6hm52rUmeLwzp8WlQxI+R3s4jWYEWu+ARmb0y L16hBm6BWV4b8OhyJXUPspCpuJyzQq5gqCffhwULOnByomVsjGbNU5fA/DWz+LtL+4NZ fP6Ee2L/Oxhztt2T9VW9qnXldHj9vX3E0738Dfi+qvHA8kLWJXvtCmtaFLKzq5dWd1ud jjqWNJeFl/gYf31JJt1Gu46Zeem4ptnnJ9KMydNSUWj1Ggl8HV7lgyc5mvODNVmMZtQ1 lvgg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=gxoFDKPA+MTM8OsB5emNPIwgHgqTx5X1k8EI12vzm1M=; b=UCGCfA4T0e/cQlRaLKCLX2gTmefeO1TgHQnm4tjNsClSPdRZMnh+JrkQ4PA/+xtpGg JPSgJPARUq3THs1jhPhqtq4ukylSuzbdpAREkCyUE+slmSyCW/2k73IGwiW+YGQT6shA 1WzfiWg+AkCzQxRQI4emOPWOZJWHMia1ZZTwUpaHw5M4ZbZyuLu56A3BQd5qoSwxKtnN RfUreAxIDXr2/sgKDDis93NEE3SxRkChbfuy/4EXuP1eIxP/CUQuNylv3eBvLw6VAg/o EaQrtNdvZsbxUJgRJMRgezh1D3NMpSb0Qcp/vYDKqRHmL43rGzGDsA0RwyN7RHpT1LEN j7fg==
X-Gm-Message-State: AOAM5324BqIktiusxbCmLGnfM9MU9ZJQZ6tUrxYYZVyxiGyXjZKnWKvO 6ZPFpxNBSMcLhsCtbCotboDa1VXf4LEspHgoGbsJ9cjWl67erg==
X-Google-Smtp-Source: ABdhPJyU/jgj3cQ6m7Xf5zLZlhy0nIcjHxHY5KPB6PNKi1HSyOjQkiZKTlZncCreCG7Vw8Bm2BqiEVCEjjTL/q5txdE=
X-Received: by 2002:a05:6e02:1381:: with SMTP id d1mr2437873ilo.45.1613958801174; Sun, 21 Feb 2021 17:53:21 -0800 (PST)
MIME-Version: 1.0
From: Dave Taht <dave.taht@gmail.com>
Date: Sun, 21 Feb 2021 17:53:09 -0800
Message-ID: <CAA93jw7Jo=adYmJBqt5DC=WUB8W3wzjOVWQj2Kd4APtnzg08aA@mail.gmail.com>
To: tsvwg IETF list <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/DB0G_n7SkYjpMjnyRwipZRn2W00>
Subject: [tsvwg] l4s and sce testing on vpns
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Feb 2021 01:53:25 -0000
The last time I paid attention to all this, I'd called for more testing. While a minority opinion at the time, in particular, I'd wanted a survey of the scope and extent of this vpn decapsulation bug in linux, to see how serious it was, and to see if it was in any other operating systems or hardware, particularly firewalling products like checkpoint, etc. I felt it would take a very, very long time to flush it out of the field, regardless Most recently endianess was fixed in this commit: 2867e1eac61016f59b3d730e3f7aa488e186e917 Author: Toke Høiland-Jørgensen <toke@redhat.com> Date: Mon Nov 30 19:37:05 2020 +0100 inet_ecn: Fix endianness of checksum update when setting ECT(1) When adding support for propagating ECT(1) marking in IP headers it seems I suffered from endianness-confusion in the checksum update calculation: In fact the ECN field is in the *lower* bits of the first 16-bit word of the IP header when calculating in network byte order. This means that the addition performed to update the checksum field was wrong; let's fix that. Fixes: b723748750ec ("tunnel: Propagate ECT(1) when decapsulating as recomme nded by RFC6040") Reported-by: Jonathan Morton <chromatix99@gmail.com> Tested-by: Pete Heist <pete@heistp.net> Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com> Link: https://lore.kernel.org/r/20201130183705.17540-1-toke@redhat.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> Has anyone done a study/survey of the effects of this fix and the original attempt? Was a detection method for L4S derived for it? There were more than a few other things I'd wanted tested since last time. I've read over the SCE and L4S related reports as of, august, or so of last year, is there new data? Have the L4S and SCE codebases been updated to modern kernels so they can be easily tested again? -- "For a successful technology, reality must take precedence over public relations, for Mother Nature cannot be fooled" - Richard Feynman dave@taht.net <Dave Täht> CTO, TekLibre, LLC Tel: 1-831-435-0729
- [tsvwg] l4s and sce testing on vpns Dave Taht
- Re: [tsvwg] l4s and sce testing on vpns Jonathan Morton