Skip to content
Commit 1c449691 authored by Peter Oskolkov's avatar Peter Oskolkov Committed by Greg Kroah-Hartman
Browse files

ip: discard IPv4 datagrams with overlapping segments. 



This behavior is required in IPv6, and there is little need
to tolerate overlapping fragments in IPv4. This change
simplifies the code and eliminates potential DDoS attack vectors.

Tested: ran ip_defrag selftest (not yet available uptream).

Suggested-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarPeter Oskolkov <posk@google.com>
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Cc: Florian Westphal <fw@strlen.de>
Acked-by: default avatarStephen Hemminger <stephen@networkplumber.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
(cherry picked from commit 7969e5c4)
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 5fff99e8
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment