From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg0-x22e.google.com (mail-pg0-x22e.google.com [IPv6:2607:f8b0:400e:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id D88133BA8E for ; Wed, 25 Apr 2018 21:10:45 -0400 (EDT) Received: by mail-pg0-x22e.google.com with SMTP id f132so14588808pgc.10 for ; Wed, 25 Apr 2018 18:10:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mounce.com.au; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=6vE10U7jW1RIawfUrj5VBudnu2tt80Qszii7AdctAgY=; b=nN5buoqtkwlPG1CRqafLSRKNObQxo3V55Gyg+3Wo6B9Spd3jwouxQe2xxb4Pb8pVX/ ungXg+YveRjTXaD201yXy184un5M5UHebut6/DIAKqK7V3UIVT+bIWQ/GMqlC9ZUE3bq eVPiFszo8YsLU64enpkfpauPehUZh+1VR4e/2fVDOWRAo4kPlzlaP6CLPeg/Fzg3+X6R k3OIvMUwT8DWXwKpFjXzwWpwXPGPLo9oULQeNMaXcdLTOLmLdYIb7usIP/uArLSfcLbv qiiL6doNropV2alt9TK2/jBNN7bsdV03Rrs+ukM7M8G2Jk/ALrzg5z2JQCo0H3hUIgft Aevw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=6vE10U7jW1RIawfUrj5VBudnu2tt80Qszii7AdctAgY=; b=qjztlsMbKd7k1Bf2FaIlf3r58H4SwuXcNjHlv08Is0iXSGHQk97IyFd77ANXq9ZY7k T4Meav34OUvrvRuQTanrmBjsdB/4mIb/KXZneJpZi4RnA6wdISR6Su+jJqNBoPXBDavq aeRCEFCUeAnKchQA1W7ZkTTrM4dfnXSdO6xh8tr9HUFZJLdYBiwbCScJtvVekQMpUbUW AwCrJr+nY6UDSUtTfX8+VZNoAeZlpr2zBd4FUYeF1uYP8lBhnVTdppj/mNNnr5EjHRQg zICms/R6hdI4qN1nBSSfHpMgdOEd2v9Vi8HUPAmTJ05Q/xn5eJC5tbOGEGTVEN+eDR3W W8EQ== X-Gm-Message-State: ALQs6tDqZSsiun8vOX6thDPoeNuLoCnLKaHcRUO0f0yAbxdYzKaKzOkG IOFM7nhWueISC4vg3P4GOYUvi8XS+3rt3OiV/19qbO/w X-Google-Smtp-Source: AIpwx4/CEc9mE6ZmtQnCOiVKweq89gWBSosJ2cNECJNTj5X/5mjDjSZvA23YlKTHZ0Lo7MZFbKydmKhFfWGpwJpxLQ4= X-Received: by 2002:a17:902:2927:: with SMTP id g36-v6mr28317249plb.303.1524705044787; Wed, 25 Apr 2018 18:10:44 -0700 (PDT) MIME-Version: 1.0 Received: by 10.236.155.194 with HTTP; Wed, 25 Apr 2018 18:10:29 -0700 (PDT) X-Originating-IP: [45.118.67.18] In-Reply-To: <87vacf3th7.fsf@toke.dk> References: <87vacf3th7.fsf@toke.dk> From: Ryan Mounce Date: Thu, 26 Apr 2018 10:40:29 +0930 Message-ID: To: =?UTF-8?B?VG9rZSBIw7hpbGFuZC1Kw7hyZ2Vuc2Vu?= Cc: Cake List Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [Cake] CAKE upstreaming - testers wanted, ACK filtering rescuers needed X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2018 01:10:46 -0000 I'll investigate making the ACK filtering code safe, it is my mess after al= l :) Eric obviously understands this stuff a lot better than me, it looks like there are two issues? - Lack of minimum length check for TCP header, should be fairly straight-forward to fix - The possibility of unsafely filtering part of a split GSO super-packet? Regards, Ryan Mounce ryan@mounce.com.au 0415 799 929 On 26 April 2018 at 06:15, Toke H=C3=B8iland-J=C3=B8rgensen = wrote: > For those who have not been following the discussion on the upstreaming > patches, here's an update: > > - I've just pushed patches to only split GSO packets when shaping below > one gigabit; and hopefully made the overhead compensation code deal > gracefully with GSO packets if someone for some reason wants to use > the shaper at speeds higher than that and still use the overhead > compensation code. > > - It turns out that the ACK filtering code does not properly sanity > check the packet sizes, and so can potentially crash the box running > CAKE if it receives malformed packets. So if no one steps up to fix > that within the next few days, or I'll submit the next version without > it (I'm not going to open that particular can of worms)... This > doesn't mean it can't be added back later, of course, it just means it > won't go upstream this time around. > > - NAT mode is now enabled by default; doesn't seem to be a good reason > not to as the compile time dependency already makes the module depend > on conntrack. > > > So please do test the current git version (cobalt branch, still). I'm > planning to resubmit on Friday. > > -Toke > _______________________________________________ > Cake mailing list > Cake@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cake