linux/net/ipv4
stephen hemminger eccc1bb8d4 tunnel: drop packet if ECN present with not-ECT
Linux tunnels were written before RFC6040 and therefore never
implemented the corner case of ECN getting set in the outer header
and the inner header not being ready for it.

Section 4.2.  Default Tunnel Egress Behaviour.
 o If the inner ECN field is Not-ECT, the decapsulator MUST NOT
      propagate any other ECN codepoint onwards.  This is because the
      inner Not-ECT marking is set by transports that rely on dropped
      packets as an indication of congestion and would not understand or
      respond to any other ECN codepoint [RFC4774].  Specifically:

      *  If the inner ECN field is Not-ECT and the outer ECN field is
         CE, the decapsulator MUST drop the packet.

      *  If the inner ECN field is Not-ECT and the outer ECN field is
         Not-ECT, ECT(0), or ECT(1), the decapsulator MUST forward the
         outgoing packet with the ECN field cleared to Not-ECT.

This patch moves the ECN decap logic out of the individual tunnels
into a common place.

It also adds logging to allow detecting broken systems that
set ECN bits incorrectly when tunneling (or an intermediate
router might be changing the header).

Overloads rx_frame_error to keep track of ECN related error.

Thanks to Chris Wright who caught this while reviewing the new VXLAN
tunnel.

This code was tested by injecting faulty logic in other end GRE
to send incorrectly encapsulated packets.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-09-27 18:12:37 -04:00
..
netfilter netfilter: combine ipt_REDIRECT and ip6t_REDIRECT 2012-09-21 12:12:05 +02:00
af_inet.c ipv4: Don't add TCP-code in inet_sock_destruct 2012-09-20 17:12:27 -04:00
ah4.c ipv4: Add redirect support to all protocol icmp error handlers. 2012-07-11 21:27:49 -07:00
arp.c ipv4/route: arg delay is useless in rt_cache_flush() 2012-09-07 14:44:08 -04:00
cipso_ipv4.c cipso: don't follow a NULL pointer when setsockopt() is called 2012-07-18 09:01:12 -07:00
datagram.c
devinet.c netlink: Rename pid to portid to avoid confusion 2012-09-10 15:30:41 -04:00
esp4.c ipv4: Add redirect support to all protocol icmp error handlers. 2012-07-11 21:27:49 -07:00
fib_frontend.c netlink: Rename pid to portid to avoid confusion 2012-09-10 15:30:41 -04:00
fib_lookup.h
fib_rules.c ipv4/route: arg delay is useless in rt_cache_flush() 2012-09-07 14:44:08 -04:00
fib_semantics.c netlink: Rename pid to portid to avoid confusion 2012-09-10 15:30:41 -04:00
fib_trie.c netlink: Rename pid to portid to avoid confusion 2012-09-10 15:30:41 -04:00
gre.c
icmp.c ipv4: Prepare for change of rt->rt_iif encoding. 2012-07-23 16:36:26 -07:00
igmp.c igmp: avoid drop_monitor false positives 2012-09-07 14:17:10 -04:00
inet_connection_sock.c tcp: fix TFO regression 2012-09-06 14:21:10 -04:00
inet_diag.c netlink: Rename pid to portid to avoid confusion 2012-09-10 15:30:41 -04:00
inet_fragment.c ipv6: unify fragment thresh handling code 2012-09-19 17:23:28 -04:00
inet_hashtables.c
inet_lro.c
inet_timewait_sock.c
inetpeer.c ipv4: Maintain redirect and PMTU info in struct rtable again. 2012-07-10 22:40:14 -07:00
ip_forward.c snmp: fix OutOctets counter to include forwarded datagrams 2012-06-07 14:50:56 -07:00
ip_fragment.c ipv6: unify fragment thresh handling code 2012-09-19 17:23:28 -04:00
ip_gre.c tunnel: drop packet if ECN present with not-ECT 2012-09-27 18:12:37 -04:00
ip_input.c net: TCP early demux cleanup 2012-07-30 14:53:21 -07:00
ip_options.c ipv4: optimize fib_compute_spec_dst call in ip_options_echo 2012-07-19 08:30:49 -07:00
ip_output.c net: use a per task frag allocator 2012-09-24 16:31:37 -04:00
ip_sockglue.c ipv4: Prepare for change of rt->rt_iif encoding. 2012-07-23 16:36:26 -07:00
ip_vti.c xfrm: remove extranous rcu_read_lock 2012-09-27 18:12:37 -04:00
ipcomp.c ipv4: Add redirect support to all protocol icmp error handlers. 2012-07-11 21:27:49 -07:00
ipconfig.c ipconfig: fix trivial build error 2012-09-25 13:22:30 -04:00
ipip.c tunnel: drop packet if ECN present with not-ECT 2012-09-27 18:12:37 -04:00
ipmr.c netlink: Rename pid to portid to avoid confusion 2012-09-10 15:30:41 -04:00
Kconfig net/ipv4: VTI support new module for ip_vti. 2012-07-18 09:36:12 -07:00
Makefile memcg: rename config variables 2012-07-31 18:42:43 -07:00
netfilter.c netfilter: properly annotate ipv4_netfilter_{init,fini}() 2012-09-03 13:56:04 +02:00
ping.c userns: Use kgids for sysctl_ping_group_range 2012-08-14 21:49:10 -07:00
proc.c tcp: TCP Fast Open Server - header & support functions 2012-08-31 20:02:18 -04:00
protocol.c inet: Sanitize inet{,6} protocol demux. 2012-06-19 18:56:21 -07:00
raw.c net: raw: revert unrelated change 2012-09-25 03:11:13 -04:00
route.c netlink: Rename pid to portid to avoid confusion 2012-09-10 15:30:41 -04:00
syncookies.c tcp: TCP Fast Open Server - support TFO listeners 2012-08-31 20:02:19 -04:00
sysctl_net_ipv4.c tcp: TCP Fast Open Server - header & support functions 2012-08-31 20:02:18 -04:00
tcp.c net: use a per task frag allocator 2012-09-24 16:31:37 -04:00
tcp_bic.c
tcp_cong.c tcp: Apply device TSO segment limit earlier 2012-08-02 00:19:17 -07:00
tcp_cubic.c
tcp_diag.c
tcp_fastopen.c tcp: TCP Fast Open Server - header & support functions 2012-08-31 20:02:18 -04:00
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c
tcp_input.c tcp: TCP Fast Open Server - record retransmits after 3WHS 2012-09-22 23:15:25 -04:00
tcp_ipv4.c net: use a per task frag allocator 2012-09-24 16:31:37 -04:00
tcp_lp.c
tcp_memcontrol.c memcg: decrement static keys at real destroy time 2012-05-29 16:22:28 -07:00
tcp_metrics.c netlink: Rename pid to portid to avoid confusion 2012-09-10 15:30:41 -04:00
tcp_minisocks.c tcp: TCP Fast Open Server - note timestamps and retransmits for SYNACK RTT 2012-09-22 15:47:10 -04:00
tcp_output.c tcp: use PRR to reduce cwin in CWR state 2012-09-03 14:34:02 -04:00
tcp_probe.c
tcp_scalable.c
tcp_timer.c tcp: TCP Fast Open Server - support TFO listeners 2012-08-31 20:02:19 -04:00
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tunnel4.c
udp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-09-15 11:43:53 -04:00
udp_diag.c netlink: Rename pid to portid to avoid confusion 2012-09-10 15:30:41 -04:00
udp_impl.h
udplite.c
xfrm4_input.c ipv4: Fix input route performance regression. 2012-07-26 15:50:39 -07:00
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c net/ipv4: VTI support rx-path hook in xfrm4_mode_tunnel. 2012-07-18 09:36:12 -07:00
xfrm4_output.c
xfrm4_policy.c ipv4: Properly purge netdev references on uncached routes. 2012-07-31 15:06:50 -07:00
xfrm4_state.c
xfrm4_tunnel.c