| To: | herbert@xxxxxxxxxxxxxxxxxxx |
|---|---|
| Subject: | Re: [RFC/PATCH] "strict" ipv4 reassembly |
| From: | "David S. Miller" <davem@xxxxxxxxxxxxx> |
| Date: | Tue, 17 May 2005 15:13:52 -0700 (PDT) |
| Cc: | akepner@xxxxxxx, netdev@xxxxxxxxxxx |
| In-reply-to: | <E1DYAHF-0006qW-00@gondolin.me.apana.org.au> |
| References: | <20050517.104947.112621738.davem@davemloft.net> <E1DYAHF-0006qW-00@gondolin.me.apana.org.au> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Date: Wed, 18 May 2005 08:11:01 +1000 > Instead of measuring the distance using time, let's measure it > in terms of packet counts. So every time we receive a fragmented > packet, we find all waiting fragments with the same src/dst pair. > If the id is identical we perform reassembly, if it isn't we increase > a counter in that fragment. If the counter exceeds a threshold, > we drop the fragment. And you protect against purposefully built malicious fragments how? |
| Previous by Date: | Re: [RFC/PATCH] "strict" ipv4 reassembly, David S. Miller |
|---|---|
| Next by Date: | Re: [RFC/PATCH] "strict" ipv4 reassembly, Rick Jones |
| Previous by Thread: | Re: [RFC/PATCH] "strict" ipv4 reassembly, Herbert Xu |
| Next by Thread: | Re: [RFC/PATCH] "strict" ipv4 reassembly, Herbert Xu |
| Indexes: | [Date] [Thread] [Top] [All Lists] |