diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2005-12-14 02:14:27 -0500 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-01-03 16:10:31 -0500 |
commit | 89cee8b1cbb9dac40c92ef1968aea2b45f82fd18 (patch) | |
tree | 01049841b15a9c2f3f136710382c7e4c11c1b1e5 /include | |
parent | d5228a4f49db32d22a39c653281b527ef371129c (diff) |
[IPV4]: Safer reassembly
Another spin of Herbert Xu's "safer ip reassembly" patch
for 2.6.16.
(The original patch is here:
http://marc.theaimsgroup.com/?l=linux-netdev&m=112281936522415&w=2
and my only contribution is to have tested it.)
This patch (optionally) does additional checks before accepting IP
fragments, which can greatly reduce the possibility of reassembling
fragments which originated from different IP datagrams.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Arthur Kepner <akepner@sgi.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/sysctl.h | 1 | ||||
-rw-r--r-- | include/net/inetpeer.h | 1 | ||||
-rw-r--r-- | include/net/ip.h | 2 |
3 files changed, 4 insertions, 0 deletions
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h index 4be34ef8c2f7..93fa765e47d3 100644 --- a/include/linux/sysctl.h +++ b/include/linux/sysctl.h | |||
@@ -390,6 +390,7 @@ enum | |||
390 | NET_IPV4_ICMP_ERRORS_USE_INBOUND_IFADDR=109, | 390 | NET_IPV4_ICMP_ERRORS_USE_INBOUND_IFADDR=109, |
391 | NET_TCP_CONG_CONTROL=110, | 391 | NET_TCP_CONG_CONTROL=110, |
392 | NET_TCP_ABC=111, | 392 | NET_TCP_ABC=111, |
393 | NET_IPV4_IPFRAG_MAX_DIST=112, | ||
393 | }; | 394 | }; |
394 | 395 | ||
395 | enum { | 396 | enum { |
diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h index 7fda471002b6..0965515f40cf 100644 --- a/include/net/inetpeer.h +++ b/include/net/inetpeer.h | |||
@@ -25,6 +25,7 @@ struct inet_peer | |||
25 | __u32 v4daddr; /* peer's address */ | 25 | __u32 v4daddr; /* peer's address */ |
26 | __u16 avl_height; | 26 | __u16 avl_height; |
27 | __u16 ip_id_count; /* IP ID for the next packet */ | 27 | __u16 ip_id_count; /* IP ID for the next packet */ |
28 | atomic_t rid; /* Frag reception counter */ | ||
28 | __u32 tcp_ts; | 29 | __u32 tcp_ts; |
29 | unsigned long tcp_ts_stamp; | 30 | unsigned long tcp_ts_stamp; |
30 | }; | 31 | }; |
diff --git a/include/net/ip.h b/include/net/ip.h index e4563bbee6ea..4d6294ba038e 100644 --- a/include/net/ip.h +++ b/include/net/ip.h | |||
@@ -45,6 +45,7 @@ struct inet_skb_parm | |||
45 | #define IPSKB_TRANSLATED 2 | 45 | #define IPSKB_TRANSLATED 2 |
46 | #define IPSKB_FORWARDED 4 | 46 | #define IPSKB_FORWARDED 4 |
47 | #define IPSKB_XFRM_TUNNEL_SIZE 8 | 47 | #define IPSKB_XFRM_TUNNEL_SIZE 8 |
48 | #define IPSKB_FRAG_COMPLETE 16 | ||
48 | }; | 49 | }; |
49 | 50 | ||
50 | struct ipcm_cookie | 51 | struct ipcm_cookie |
@@ -168,6 +169,7 @@ extern int sysctl_ipfrag_high_thresh; | |||
168 | extern int sysctl_ipfrag_low_thresh; | 169 | extern int sysctl_ipfrag_low_thresh; |
169 | extern int sysctl_ipfrag_time; | 170 | extern int sysctl_ipfrag_time; |
170 | extern int sysctl_ipfrag_secret_interval; | 171 | extern int sysctl_ipfrag_secret_interval; |
172 | extern int sysctl_ipfrag_max_dist; | ||
171 | 173 | ||
172 | /* From inetpeer.c */ | 174 | /* From inetpeer.c */ |
173 | extern int inet_peer_threshold; | 175 | extern int inet_peer_threshold; |