From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pablo Neira Ayuso Subject: Re: [PATCH nf-next] netfilter: tcp: Use TCP_MAX_WSCALE instead of literal 14 Date: Wed, 19 Apr 2017 22:38:16 +0200 Message-ID: <20170419203816.GA25446@salvia> References: <1492565022-110676-1-git-send-email-gfree.wind@foxmail.com> <20170419155822.GA8603@salvia> <1492618928.22296.2.camel@edumazet-glaptop3.roam.corp.google.com> <20170419195755.GA16404@salvia> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: gfree.wind@foxmail.com, netfilter-devel@vger.kernel.org, Gao Feng To: Eric Dumazet Return-path: Received: from mail.us.es ([193.147.175.20]:34088 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S939514AbdDSUiW (ORCPT ); Wed, 19 Apr 2017 16:38:22 -0400 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id 0CC54C106A for ; Wed, 19 Apr 2017 22:38:17 +0200 (CEST) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id F06CDDA871 for ; Wed, 19 Apr 2017 22:38:16 +0200 (CEST) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 37393DA865 for ; Wed, 19 Apr 2017 22:38:13 +0200 (CEST) Content-Disposition: inline In-Reply-To: <20170419195755.GA16404@salvia> Sender: netfilter-devel-owner@vger.kernel.org List-ID: On Wed, Apr 19, 2017 at 09:57:55PM +0200, Pablo Neira Ayuso wrote: > On Wed, Apr 19, 2017 at 09:22:08AM -0700, Eric Dumazet wrote: > > On Wed, 2017-04-19 at 17:58 +0200, Pablo Neira Ayuso wrote: > > > On Wed, Apr 19, 2017 at 09:23:42AM +0800, gfree.wind@foxmail.com wrote: > > > > From: Gao Feng > > > > > > > > The window scale may be enlarged from 14 to 15 according to the itef > > > > draft https://tools.ietf.org/html/draft-nishida-tcpm-maxwin-03. > > > > > > > > Use the macro TCP_MAX_WSCALE to support it easily with TCP stack in > > > > the future. > > > > > > Applied, thanks. > > > > Note that linux kernel is not ready yet for a TCP_MAX_WSCALE being > > changed to 15. > > > > Signed 32bit sk counters can already be abused with 1GB TCP windows, for > > malicious peers sending SACK forcing linux to increase its memory usage > > above 2GB and overflows are pretty bad. > > We have tend to use our own definitions for the TCP connection > tracking so far. This one I checked it refers RFC1323 too. > > If this semantics may change from one way to another in a way that may > break conntracking, please let me know, I can toss it here. Or I can just amend the commit here to remove the "enlarged from 14 to 15" comment, I was going to push out this now, but I'll wait a bit.