I'll investigate making the ACK filtering code safe, it is my mess after all :)
Eric obviously understands this stuff a lot better than me, it looks like there are two issues? - Lack of minimum length check for TCP header, should be fairly straight-forward to fix - The possibility of unsafely filtering part of a split GSO super-packet? Regards, Ryan Mounce r...@mounce.com.au 0415 799 929 On 26 April 2018 at 06:15, Toke Høiland-Jørgensen <t...@toke.dk> wrote: > For those who have not been following the discussion on the upstreaming > patches, here's an update: > > - I've just pushed patches to only split GSO packets when shaping below > one gigabit; and hopefully made the overhead compensation code deal > gracefully with GSO packets if someone for some reason wants to use > the shaper at speeds higher than that and still use the overhead > compensation code. > > - It turns out that the ACK filtering code does not properly sanity > check the packet sizes, and so can potentially crash the box running > CAKE if it receives malformed packets. So if no one steps up to fix > that within the next few days, or I'll submit the next version without > it (I'm not going to open that particular can of worms)... This > doesn't mean it can't be added back later, of course, it just means it > won't go upstream this time around. > > - NAT mode is now enabled by default; doesn't seem to be a good reason > not to as the compile time dependency already makes the module depend > on conntrack. > > > So please do test the current git version (cobalt branch, still). I'm > planning to resubmit on Friday. > > -Toke > _______________________________________________ > Cake mailing list > Cake@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cake _______________________________________________ Cake mailing list Cake@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/cake