lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <871sev2mvx.fsf@toke.dk>
Date:   Tue, 01 May 2018 21:31:46 +0200
From:   Toke Høiland-Jørgensen <toke@...e.dk>
To:     Eric Dumazet <eric.dumazet@...il.com>,
        Eric Dumazet <eric.dumazet@...il.com>,
        Dave Taht <dave.taht@...il.com>,
        Cong Wang <xiyou.wangcong@...il.com>
Cc:     Linux Kernel Network Developers <netdev@...r.kernel.org>,
        Cake List <cake@...ts.bufferbloat.net>
Subject: Re: [PATCH net-next v6] Add Common Applications Kept Enhanced (cake) qdisc

Eric Dumazet <eric.dumazet@...il.com> writes:

> On 05/01/2018 11:53 AM, Toke Høiland-Jørgensen wrote:
>
>> *sigh* - can do, I guess. Though I'm not sure what that is going to
>> accomplish, exactly?
>
>
> I guess that nobody really wants to really review Cake if
> it is a file with 2700 lines of code and hundreds of variables/tunables.
>
> Sure, we have big files in networking land, as a result of thousands
> of changes.
>
> If you split it, then maybe the work can be split among reviewers as a
> result.
>
> Or maybe David Miller can simply merge your patch as is, and hope for
> the best, I really do not know.
>
> It seems you guys spent years/months on work on this stuff, so what is
> the big deal about presenting your work in the best possible way ?

I was objecting to what felt like an arbitrary moving of goal posts
without an explanation. Now that you give one, that is fine of course.
I'll split it an resubmit.

Could you comment on specifically what you believe is broken in this,
please, so I can fix it in the same iteration?

+static inline struct tcphdr *cake_get_tcphdr(struct sk_buff *skb)
+{
+	struct ipv6hdr *ipv6h;
+	struct iphdr *iph;
+
+	/* check IPv6 header size immediately, since for IPv4 we need the space
+	 * for the TCP header anyway
+	 */
+	if (!pskb_may_pull(skb, skb_network_offset(skb) +
+				sizeof(struct ipv6hdr)))
+		return NULL;
+
+	iph = ip_hdr(skb);
+
+	if (iph->version == 4) {
+		/* special-case 6in4 tunnelling, as that is a common way to get
+		 * v6 connectivity in the home
+		 */
+		if (iph->protocol == IPPROTO_IPV6) {
+			if (!pskb_may_pull(skb, (skb_network_offset(skb) +
+						 ip_hdrlen(skb) +
+						 sizeof(struct ipv6hdr))))
+				return NULL;
+
+			ipv6h = (struct ipv6hdr *)(skb_network_header(skb) +
+						   ip_hdrlen(skb));
+
+			if (ipv6h->nexthdr != IPPROTO_TCP)
+				return NULL;
+
+			skb_set_inner_network_header(skb,
+						     skb_network_offset(skb) +
+						     ip_hdrlen(skb));
+			skb_set_inner_transport_header(skb,
+						skb_inner_network_offset(skb) +
+						sizeof(struct ipv6hdr));
+
+		} else if (iph->protocol == IPPROTO_TCP) {
+			/* we always set the inner headers so we can use those
+			 * unconditionally in the filtering logic
+			 */
+			skb_set_inner_network_header(skb,
+						     skb_network_offset(skb));
+			skb_set_inner_transport_header(skb,
+						       skb_network_offset(skb) +
+						       ip_hdrlen(skb));
+		} else {
+			return NULL;
+		}
+
+	} else if (iph->version == 6) {
+		ipv6h = (struct ipv6hdr *)iph;
+
+		if (ipv6h->nexthdr != IPPROTO_TCP)
+			return NULL;
+
+		/* we always set the inner headers so we can use those
+		 * unconditionally in the filtering logic
+		 */
+		skb_set_inner_network_header(skb,
+					     skb_network_offset(skb));
+		skb_set_inner_transport_header(skb,
+					       skb_network_offset(skb) +
+					       sizeof(struct ipv6hdr));
+
+	} else {
+		return NULL;
+	}
+
+	if (!pskb_may_pull(skb, skb_inner_transport_offset(skb) +
+				sizeof(struct tcphdr)) ||
+	    !pskb_may_pull(skb, skb_inner_transport_offset(skb) +
+				inner_tcp_hdrlen(skb)))
+		return NULL;
+
+	return inner_tcp_hdr(skb);
+}


Thanks,

-Toke

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ