• Nicolas Dichtel's avatar
    ip6tnl/sit: drop packet if ECN present with not-ECT · f4e0b4c5
    Nicolas Dichtel authored
    This patch reports the change made by Stephen Hemminger in ipip and gre[6] in
    commit eccc1bb8 (tunnel: drop packet if ECN present with not-ECT).
    
    Goal is to handle RFC6040, Section 4.2:
    
    Default Tunnel Egress Behaviour.
     o If the inner ECN field is Not-ECT, the decapsulator MUST NOT
          propagate any other ECN codepoint onwards.  This is because the
          inner Not-ECT marking is set by transports that rely on dropped
          packets as an indication of congestion and would not understand or
          respond to any other ECN codepoint [RFC4774].  Specifically:
    
          *  If the inner ECN field is Not-ECT and the outer ECN field is
             CE, the decapsulator MUST drop the packet.
    
          *  If the inner ECN field is Not-ECT and the outer ECN field is
             Not-ECT, ECT(0), or ECT(1), the decapsulator MUST forward the
             outgoing packet with the ECN field cleared to Not-ECT.
    
    The patch takes benefits from common function added in net/inet_ecn.h.
    
    Like it was done for Xin4 tunnels, it adds logging to allow detecting broken
    systems that set ECN bits incorrectly when tunneling (or an intermediate
    router might be changing the header). Errors are also tracked via
    rx_frame_error.
    
    CC: Stephen Hemminger <shemminger@vyatta.com>
    Signed-off-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    f4e0b4c5
ip6_tunnel.c 43.5 KB