From mboxrd@z Thu Jan  1 00:00:00 1970
From: Eric Dumazet <eric.dumazet@gmail.com>
Subject: Re: [PATCH net-next v3] Add Common Applications Kept Enhanced (cake)
 qdisc
Date: Wed, 25 Apr 2018 09:00:30 -0700
Message-ID: <fd92ddfd-e2a6-6ea9-ccf6-d7eef3a5f207@gmail.com>
References: <20180425134249.21300-1-toke@toke.dk>
 <e27a6618-3a68-fa60-53a0-109b4df70482@gmail.com> <878t9b5n0q.fsf@toke.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Cc: cake@lists.bufferbloat.net, Dave Taht <dave.taht@gmail.com>
To: =?UTF-8?Q?Toke_H=c3=b8iland-J=c3=b8rgensen?= <toke@toke.dk>,
        Eric Dumazet <eric.dumazet@gmail.com>, netdev@vger.kernel.org
Return-path: <netdev-owner@vger.kernel.org>
Received: from mail-pg0-f43.google.com ([74.125.83.43]:32874 "EHLO
        mail-pg0-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1755813AbeDYQAc (ORCPT
        <rfc822;netdev@vger.kernel.org>); Wed, 25 Apr 2018 12:00:32 -0400
Received: by mail-pg0-f43.google.com with SMTP id i194so13646302pgd.0
        for <netdev@vger.kernel.org>; Wed, 25 Apr 2018 09:00:32 -0700 (PDT)
In-Reply-To: <878t9b5n0q.fsf@toke.dk>
Content-Language: en-US
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>



On 04/25/2018 08:22 AM, Toke Høiland-Jørgensen wrote:
> Eric Dumazet <eric.dumazet@gmail.com> writes:

>> Lack of any pskb_may_pull() is really concerning.
> 
> By this you mean "check that the packet is long enough to contain the
> header we are looking for before trying to do ACK filtering", right?


skb->len is not enough, you also have skb->data_len that matters.

A qdisc can be fed with skbs that are not linear, or pretend to be TCP, but they be truncated by malicious sender.

skb might have headers or payload in the page fragments, thus we generally have to call pskb_may_pull()
to bring headers in skb->head

Quite frankly , an ack-filter does not belong to a packet scheduler.

It might be added to tcp conntrack module _if_ someone really cares.