[IPV4]: Safer reassembly

Another spin of Herbert Xu's "safer ip reassembly" patch for 2.6.16. (The original patch is here: http://marc.theaimsgroup.com/?l=linux-netdev&m=112281936522415&w=2 and my only contribution is to have tested it.) This patch (optionally) does additional checks before accepting IP fragments, which can greatly reduce the possibility of reassembling fragments which originated from different IP datagrams. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Arthur Kepner <akepner@sgi.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Herbert Xu <herbert@gondor.apana.org.au> 2005-12-14 02:14:27 -0500
committer: David S. Miller <davem@sunset.davemloft.net> 2006-01-03 16:10:31 -0500
commit: 89cee8b1cbb9dac40c92ef1968aea2b45f82fd18 (patch)
tree: 01049841b15a9c2f3f136710382c7e4c11c1b1e5 /include/net/ip.h
parent: d5228a4f49db32d22a39c653281b527ef371129c (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/include/net/ip.h b/include/net/ip.h
index e4563bbee6ea..4d6294ba038e 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -45,6 +45,7 @@ struct inet_skb_parm
 #define IPSKB_TRANSLATED        2
 #define IPSKB_FORWARDED         4
 #define IPSKB_XFRM_TUNNEL_SIZE  8
+#define IPSKB_FRAG_COMPLETE     16
 };
 struct ipcm_cookie
@@ -168,6 +169,7 @@ extern int sysctl_ipfrag_high_thresh;
 extern int sysctl_ipfrag_low_thresh;
 extern int sysctl_ipfrag_time;
 extern int sysctl_ipfrag_secret_interval;
+extern int sysctl_ipfrag_max_dist;
 /* From inetpeer.c */
 extern int inet_peer_threshold;
author	Herbert Xu <herbert@gondor.apana.org.au>	2005-12-14 02:14:27 -0500
committer	David S. Miller <davem@sunset.davemloft.net>	2006-01-03 16:10:31 -0500
commit	89cee8b1cbb9dac40c92ef1968aea2b45f82fd18 (patch)
tree	01049841b15a9c2f3f136710382c7e4c11c1b1e5 /include/net/ip.h
parent	d5228a4f49db32d22a39c653281b527ef371129c (diff)