From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pf0-x230.google.com (mail-pf0-x230.google.com [IPv6:2607:f8b0:400e:c00::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id CE1B43BA8E for ; Thu, 26 Apr 2018 02:54:24 -0400 (EDT) Received: by mail-pf0-x230.google.com with SMTP id l27so17470509pfk.12 for ; Wed, 25 Apr 2018 23:54:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mounce.com.au; s=google; h=from:mime-version:references:in-reply-to:date:message-id:subject:to :cc:content-transfer-encoding; bh=JyqJfnaZmEh817RKqGtMAUXb0CQdWGJaRgf+JlNCwFg=; b=epY3iEWvBr2xgBvrEGynQtHrCJCcvCIcqU0IxStLV48tHN3CL+eDVep1iJ1ZGet08r KB7Df5QZ4j37Mt/gU8oQK5cpzSa8vEQYtnzAPQ3Mqqdct8yUsEdQF/KZ2Y1QsE329pu1 5DkzGhSND+bV/ClwdQUn+960e/UltF74xd6ENBhE8hmRHOYpysb2s1qdcOQsEk1wfxdZ X69h1U6oTjpmm8tMxrCCtRg52TIWqml2S/IjIIFT5jecbs5MhEvNFHugZtp8btDe1cjT 9EFimt/c9WN/Odl3xb2PUXV8VVhpsYT3fEC6VGejN4vkmALMjmbpA7af1PG8megDwXwd uJnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:references:in-reply-to:date :message-id:subject:to:cc:content-transfer-encoding; bh=JyqJfnaZmEh817RKqGtMAUXb0CQdWGJaRgf+JlNCwFg=; b=YAcKnHyQjQ2J7qFHVtZ+og5khwNZBedCpcyS8G0fPrup4Ev3YJsFz2w/YPu+7OEnG9 AMyU8fcYkDmJ7TKK411H1ZltNspMSiZG7cruNLBKH0dKwBrMwRg0Dfsbqnvz8de6pohd Fy3+zfHyUANJwTtMd8lJcCluGzciyi9PYqAt5Q9sReXVwANkTWe5cIbLu7S9YVzLuTXm hyFBLj8GCZ4YxsPdAIQYb8PQJKQQrTM303sC4e3qpS6tYYxSSouqA7aJHj+o4qFr8YqE 5Fb5CfESUctSdQvVlrHKFyjFhqNNk0VfH34m1SxFWFRnm2t53YhMrNAgwuJkMWBiAzBt PsPg== X-Gm-Message-State: ALQs6tBU6ROCt41FLwNkFpo+1P+9jwCYUxSNnfD4jvHpNfRSEUceqbF3 P9+pTiHid60skOX/Hcw6s3qGUx7dsH/JIQboEgMMuQ== X-Google-Smtp-Source: AIpwx49SQkdt5OvwmY/4QbrpFZkCLSkJ0q2vCnNxqLpbAfAp5+ntxhikLsiGTzxpnyUY2i9RfxmsLKsbsHV2TQR8yjc= X-Received: by 10.99.186.5 with SMTP id k5mr26206513pgf.39.1524725663674; Wed, 25 Apr 2018 23:54:23 -0700 (PDT) Received: from unknown named unknown by gmailapi.google.com with HTTPREST; Thu, 26 Apr 2018 08:54:22 +0200 From: Ryan Mounce Mime-Version: 1.0 (1.0) References: <87vacf3th7.fsf@toke.dk> <87po2m4gka.fsf@toke.dk> In-Reply-To: <87po2m4gka.fsf@toke.dk> Date: Thu, 26 Apr 2018 08:54:22 +0200 Message-ID: To: =?UTF-8?B?VG9rZSBIw7hpbGFuZC1Kw7hyZ2Vuc2Vu?= Cc: Cake List Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [Cake] CAKE upstreaming - testers wanted, ACK filtering rescuers needed X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2018 06:54:25 -0000 > On 26 Apr 2018, at 16:09, Toke H=C3=B8iland-J=C3=B8rgensen = wrote: > > Ryan Mounce writes: > >> I'll investigate making the ACK filtering code safe, it is my mess after= all :) >> >> Eric obviously understands this stuff a lot better than me, it looks >> like there are two issues? >> - Lack of minimum length check for TCP header, should be fairly >> straight-forward to fix >> - The possibility of unsafely filtering part of a split GSO >> super-packet? > > The issue with the ACK filter in relation to GSO was just that a GSO > segment can't contain pure ACKs, so there's no reason to check after > splitting. I've already removed that part, so it's just the length > issue. I think it's just a matter of finding the length and calling > pskb_may_pull() (and aborting if that returns false). > > -Toke Yep I think I=E2=80=99ve got all of that together now and I=E2=80=99ve subm= itted a PR against the cobalt branch. An optimisation to what I=E2=80=99ve submitted would be moving the separate TCP header length check to only the IPv4 case, and adding sizeof(tcphdr) to the initial IPv6 header length check. Not that my ACK filtering code is so efficient to begin with... Ryan