lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 25 Apr 2018 09:00:30 -0700
From:   Eric Dumazet <eric.dumazet@...il.com>
To:     Toke Høiland-Jørgensen <toke@...e.dk>,
        Eric Dumazet <eric.dumazet@...il.com>, netdev@...r.kernel.org
Cc:     cake@...ts.bufferbloat.net, Dave Taht <dave.taht@...il.com>
Subject: Re: [PATCH net-next v3] Add Common Applications Kept Enhanced (cake)
 qdisc



On 04/25/2018 08:22 AM, Toke Høiland-Jørgensen wrote:
> Eric Dumazet <eric.dumazet@...il.com> writes:

>> Lack of any pskb_may_pull() is really concerning.
> 
> By this you mean "check that the packet is long enough to contain the
> header we are looking for before trying to do ACK filtering", right?


skb->len is not enough, you also have skb->data_len that matters.

A qdisc can be fed with skbs that are not linear, or pretend to be TCP, but they be truncated by malicious sender.

skb might have headers or payload in the page fragments, thus we generally have to call pskb_may_pull()
to bring headers in skb->head

Quite frankly , an ack-filter does not belong to a packet scheduler.

It might be added to tcp conntrack module _if_ someone really cares.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ