Skip to content
Commit 7a9f904c authored by Peter Oskolkov's avatar Peter Oskolkov Committed by Bruce Ashfield
Browse files

ip: discard IPv4 datagrams with overlapping segments. 



commit 7969e5c4 upstream.

This behavior is required in IPv6, and there is little need
to tolerate overlapping fragments in IPv4. This change
simplifies the code and eliminates potential DDoS attack vectors.

Tested: ran ip_defrag selftest (not yet available uptream).

Suggested-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarPeter Oskolkov <posk@google.com>
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Cc: Florian Westphal <fw@strlen.de>
Acked-by: default avatarStephen Hemminger <stephen@networkplumber.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarPaul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: default avatarBruce Ashfield <bruce.ashfield@windriver.com>
parent abea1986
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment