netdev
[Top] [All Lists]

Re: [RFC/PATCH] "strict" ipv4 reassembly

To: herbert@xxxxxxxxxxxxxxxxxxx
Subject: Re: [RFC/PATCH] "strict" ipv4 reassembly
From: "David S. Miller" <davem@xxxxxxxxxxxxx>
Date: Tue, 17 May 2005 15:13:52 -0700 (PDT)
Cc: akepner@xxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <E1DYAHF-0006qW-00@gondolin.me.apana.org.au>
References: <20050517.104947.112621738.davem@davemloft.net> <E1DYAHF-0006qW-00@gondolin.me.apana.org.au>
Sender: netdev-bounce@xxxxxxxxxxx
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 18 May 2005 08:11:01 +1000

> Instead of measuring the distance using time, let's measure it
> in terms of packet counts.  So every time we receive a fragmented
> packet, we find all waiting fragments with the same src/dst pair.
> If the id is identical we perform reassembly, if it isn't we increase
> a counter in that fragment.  If the counter exceeds a threshold,
> we drop the fragment.

And you protect against purposefully built malicious fragments how?

<Prev in Thread] Current Thread [Next in Thread>