diff options
| author | Herbert Xu <herbert@gondor.apana.org.au> | 2005-12-14 02:14:27 -0500 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-01-03 16:10:31 -0500 |
| commit | 89cee8b1cbb9dac40c92ef1968aea2b45f82fd18 (patch) | |
| tree | 01049841b15a9c2f3f136710382c7e4c11c1b1e5 /net/ipv4/ip_output.c | |
| parent | d5228a4f49db32d22a39c653281b527ef371129c (diff) | |
[IPV4]: Safer reassembly
Another spin of Herbert Xu's "safer ip reassembly" patch
for 2.6.16.
(The original patch is here:
http://marc.theaimsgroup.com/?l=linux-netdev&m=112281936522415&w=2
and my only contribution is to have tested it.)
This patch (optionally) does additional checks before accepting IP
fragments, which can greatly reduce the possibility of reassembling
fragments which originated from different IP datagrams.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Arthur Kepner <akepner@sgi.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/ip_output.c')
| -rw-r--r-- | net/ipv4/ip_output.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index eba64e2bd397..2a830de3a699 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c | |||
| @@ -445,6 +445,7 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*)) | |||
| 445 | 445 | ||
| 446 | hlen = iph->ihl * 4; | 446 | hlen = iph->ihl * 4; |
| 447 | mtu = dst_mtu(&rt->u.dst) - hlen; /* Size of data space */ | 447 | mtu = dst_mtu(&rt->u.dst) - hlen; /* Size of data space */ |
| 448 | IPCB(skb)->flags |= IPSKB_FRAG_COMPLETE; | ||
| 448 | 449 | ||
| 449 | /* When frag_list is given, use it. First, check its validity: | 450 | /* When frag_list is given, use it. First, check its validity: |
| 450 | * some transformers could create wrong frag_list or break existing | 451 | * some transformers could create wrong frag_list or break existing |