| To: | netdev@xxxxxxxxxxx |
|---|---|
| Subject: | Re: [RFC/PATCH] "strict" ipv4 reassembly |
| From: | Rick Jones <rick.jones2@xxxxxx> |
| Date: | Tue, 17 May 2005 15:23:49 -0700 |
| Cc: | netdev-bounce@xxxxxxxxxxx |
| In-reply-to: | <20050517.151239.74747463.davem@xxxxxxxxxxxxx> |
| References: | <20050517202730.GA79960@xxxxxx> <20050517.140245.71090021.davem@xxxxxxxxxxxxx> <428A613F.1020303@xxxxxx> <20050517.151239.74747463.davem@xxxxxxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mozilla/5.0 (X11; U; HP-UX 9000/785; en-US; rv:1.6) Gecko/20040304 |
David S.Miller wrote: From: Rick Jones <rick.jones2@xxxxxx> Date: Tue, 17 May 2005 14:25:19 -0700just how much extra overhead would there be to track the interarrival time of ip datagram fragments and would that allow someone to make a guess as to how long to reasonably wait for all the fragments to arrive? (or did I miss that being shot-down already?)I spam you with fragments tightly interspaced matching a known shost/dhost/ID tuple, lowering your interarrival estimate. The legitimate fragment source can thus never get his fragments in before the timer expires. Every other one of these IP fragmentation ideas tends to have some DoS hole in it. Are the holes any larger than the existing ones? I've no idea, and perhaps the only answer is indeed to say "Then don't do that (fragment)!" rick jones |
| Previous by Date: | Re: [RFC/PATCH] "strict" ipv4 reassembly, Rick Jones |
|---|---|
| Next by Date: | Re: [RFC/PATCH] "strict" ipv4 reassembly, David Stevens |
| Previous by Thread: | Re: [RFC/PATCH] "strict" ipv4 reassembly, David S. Miller |
| Next by Thread: | Re: [RFC/PATCH] "strict" ipv4 reassembly, John Heffner |
| Indexes: | [Date] [Thread] [Top] [All Lists] |