diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2005-12-14 02:14:27 -0500 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-01-03 16:10:31 -0500 |
commit | 89cee8b1cbb9dac40c92ef1968aea2b45f82fd18 (patch) | |
tree | 01049841b15a9c2f3f136710382c7e4c11c1b1e5 /net/ipv4/sysctl_net_ipv4.c | |
parent | d5228a4f49db32d22a39c653281b527ef371129c (diff) |
[IPV4]: Safer reassembly
Another spin of Herbert Xu's "safer ip reassembly" patch
for 2.6.16.
(The original patch is here:
http://marc.theaimsgroup.com/?l=linux-netdev&m=112281936522415&w=2
and my only contribution is to have tested it.)
This patch (optionally) does additional checks before accepting IP
fragments, which can greatly reduce the possibility of reassembling
fragments which originated from different IP datagrams.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Arthur Kepner <akepner@sgi.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/sysctl_net_ipv4.c')
-rw-r--r-- | net/ipv4/sysctl_net_ipv4.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index 01444a02b48b..dbf82955aabe 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c | |||
@@ -22,6 +22,7 @@ | |||
22 | extern int sysctl_ip_nonlocal_bind; | 22 | extern int sysctl_ip_nonlocal_bind; |
23 | 23 | ||
24 | #ifdef CONFIG_SYSCTL | 24 | #ifdef CONFIG_SYSCTL |
25 | static int zero; | ||
25 | static int tcp_retr1_max = 255; | 26 | static int tcp_retr1_max = 255; |
26 | static int ip_local_port_range_min[] = { 1, 1 }; | 27 | static int ip_local_port_range_min[] = { 1, 1 }; |
27 | static int ip_local_port_range_max[] = { 65535, 65535 }; | 28 | static int ip_local_port_range_max[] = { 65535, 65535 }; |
@@ -614,6 +615,15 @@ ctl_table ipv4_table[] = { | |||
614 | .strategy = &sysctl_jiffies | 615 | .strategy = &sysctl_jiffies |
615 | }, | 616 | }, |
616 | { | 617 | { |
618 | .ctl_name = NET_IPV4_IPFRAG_MAX_DIST, | ||
619 | .procname = "ipfrag_max_dist", | ||
620 | .data = &sysctl_ipfrag_max_dist, | ||
621 | .maxlen = sizeof(int), | ||
622 | .mode = 0644, | ||
623 | .proc_handler = &proc_dointvec_minmax, | ||
624 | .extra1 = &zero | ||
625 | }, | ||
626 | { | ||
617 | .ctl_name = NET_TCP_NO_METRICS_SAVE, | 627 | .ctl_name = NET_TCP_NO_METRICS_SAVE, |
618 | .procname = "tcp_no_metrics_save", | 628 | .procname = "tcp_no_metrics_save", |
619 | .data = &sysctl_tcp_nometrics_save, | 629 | .data = &sysctl_tcp_nometrics_save, |