| To: | herbert@xxxxxxxxxxxxxxxxxxx |
|---|---|
| Subject: | Re: [RFC/PATCH] "strict" ipv4 reassembly |
| From: | "David S. Miller" <davem@xxxxxxxxxxxxx> |
| Date: | Tue, 17 May 2005 16:16:41 -0700 (PDT) |
| Cc: | akepner@xxxxxxx, netdev@xxxxxxxxxxx |
| In-reply-to: | <20050517230833.GA26604@xxxxxxxxxxxxxxxxxxx> |
| References: | <E1DYAHF-0006qW-00@xxxxxxxxxxxxxxxxxxxxxxxx> <20050517.151352.41634495.davem@xxxxxxxxxxxxx> <20050517230833.GA26604@xxxxxxxxxxxxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Date: Wed, 18 May 2005 09:08:33 +1000 > On Tue, May 17, 2005 at 03:13:52PM -0700, David S. Miller wrote: > > And you protect against purposefully built malicious fragments how? > > Is it any worse than what we've got now? Good point, in both cases what ends up happening is that the queue is invalidated. In the existing case it's usually because the final UDP or whatever checksum doesn't pass. With your idea it'd be due to the artificially deflated timeout. |
| Previous by Date: | Re: [RFC/PATCH] "strict" ipv4 reassembly, Herbert Xu |
|---|---|
| Next by Date: | Re: [RFC/PATCH] "strict" ipv4 reassembly, Arthur Kepner |
| Previous by Thread: | Re: [RFC/PATCH] "strict" ipv4 reassembly, Herbert Xu |
| Next by Thread: | Re: [RFC/PATCH] "strict" ipv4 reassembly, Herbert Xu |
| Indexes: | [Date] [Thread] [Top] [All Lists] |