Stephen Hemminger <step...@networkplumber.org> writes:
> On Thu, 04 Apr 2019 15:01:33 +0200
> Toke Høiland-Jørgensen <t...@redhat.com> wrote:
>
>> static u8 cake_handle_diffserv(struct sk_buff *skb, u16 wash)
>> {
>> + int wlen = skb_network_offset(skb);
>
> In theory this could be negative, you should handle that?
> Rather than calling may_pull() with a huge unsigned value.
Huh, that would imply that skb->network_header points to before
skb->head; when does that happen?
Also, pskb_may_pull() does check for len > skb->len, so I guess a
follow-up question would be, "does it happen often enough to warrant
handling at this level"?
Also, I copied that bit from sch_dsmark, so if you really thing it needs
to be fixed, I guess we should fix both...
-Toke
_______________________________________________
Cake mailing list
Cake@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cake
