From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg0-x234.google.com (mail-pg0-x234.google.com [IPv6:2607:f8b0:400e:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id D5DE03BA8E for ; Wed, 25 Apr 2018 12:00:32 -0400 (EDT) Received: by mail-pg0-x234.google.com with SMTP id z4so741061pgu.13 for ; Wed, 25 Apr 2018 09:00:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=YmPeFTN82Ie6NW2o+rzbnJGQqGbN4Qb11mR6wesICpg=; b=Nwr/ZMaEScW+rYqTLGbHAQjNb49fBsy1bzfrmZ/jzZ5qxHmUisOuQCZLcScx31gYkn uhLnvxdEYj2cFeJgSV3Dlj6HPZSvwYs5EfWQJzipm68CYk4gjyYyhPD4uzHcsvXmZN3l 29z9uQT4fzevEfw5z1wzSejIpVXtG7pTGo9oXhIhLZo4Qs9H2L7OeFILwiBwXx2DWVpa 05CyvI+4/z3b1ilduzbe8wg/3dUux2MuOuVwrFvUoN5lx7jYO03+pUmhVu5HdD+52AyE 7sliho8pR8yguYnX+1+PU3SVvT0rhAZI5kL8qGVfkGIKt90JCI3Ir0TnwGpSCIPMzPDu B9oQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=YmPeFTN82Ie6NW2o+rzbnJGQqGbN4Qb11mR6wesICpg=; b=Qt/6TmttZvNRFAGa5lTVligUk+ylTRmxYYJ3q7tYMAO3tpwwgdsaLQ2d+exsXT5kst 7tZCL4FrNLVFjDKS3NdGl7NTYwVrSDPwJUwPeuRNi3+d+n9FETFw+GMbBXGfGMK18bUv kIFRJXjfOr6GP8dwxecmpMOUAWjPd3KXvLHByzhOpcQvvVEHkGtJrFXQioZ585Aqnn9v rsNp/sNoIvpYOJzBNq4Rk6LGJFvGrB2oxKcwG+IXzANGHkA8ohSjr4Fk4KBnfecZuKTb IaNa0jM1KgzY9Vqv1URdHaTzfrpk7w6jjsoxOTp1GC/2qSgdXzsC9r1s5JwgGOLV0s9d 1K5g== X-Gm-Message-State: ALQs6tBaS49NVr/tZK7LbsEK7pVqRBXw3IhYnRS0AyYRnvfv1E3bQi58 y9PcRDyurnh1srpTgyVc7yA= X-Google-Smtp-Source: AIpwx49GW/qghZRzU9SQbJAayFM+WSKGTK1luWOdyIE/9dDiYAX7RZ2gh8x8UIVqp5Fb1Q6KKJsuOA== X-Received: by 10.98.70.155 with SMTP id o27mr28286683pfi.124.1524672032165; Wed, 25 Apr 2018 09:00:32 -0700 (PDT) Received: from ?IPv6:2620:15c:2c1:200:55c7:81e6:c7d8:94b? ([2620:15c:2c1:200:55c7:81e6:c7d8:94b]) by smtp.gmail.com with ESMTPSA id z125sm32930506pfz.163.2018.04.25.09.00.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Apr 2018 09:00:31 -0700 (PDT) To: =?UTF-8?Q?Toke_H=c3=b8iland-J=c3=b8rgensen?= , Eric Dumazet , netdev@vger.kernel.org Cc: cake@lists.bufferbloat.net, Dave Taht References: <20180425134249.21300-1-toke@toke.dk> <878t9b5n0q.fsf@toke.dk> From: Eric Dumazet Message-ID: Date: Wed, 25 Apr 2018 09:00:30 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <878t9b5n0q.fsf@toke.dk> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Subject: Re: [Cake] [PATCH net-next v3] Add Common Applications Kept Enhanced (cake) qdisc X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Apr 2018 16:00:33 -0000 On 04/25/2018 08:22 AM, Toke Høiland-Jørgensen wrote: > Eric Dumazet writes: >> Lack of any pskb_may_pull() is really concerning. > > By this you mean "check that the packet is long enough to contain the > header we are looking for before trying to do ACK filtering", right? skb->len is not enough, you also have skb->data_len that matters. A qdisc can be fed with skbs that are not linear, or pretend to be TCP, but they be truncated by malicious sender. skb might have headers or payload in the page fragments, thus we generally have to call pskb_may_pull() to bring headers in skb->head Quite frankly , an ack-filter does not belong to a packet scheduler. It might be added to tcp conntrack module _if_ someone really cares.