git.baikalelectronics.ru Git - kernel.git/commit

author	Peter Oskolkov <posk@google.com>
	Thu, 2 Aug 2018 23:34:37 +0000 (23:34 +0000)
committer	David S. Miller <davem@davemloft.net>
	Mon, 6 Aug 2018 00:16:46 +0000 (17:16 -0700)
commit	66c0c6c0ab29bf4784901cbe9d31b470e960ddcc
tree	167103e66b8f8ebf96bf4ca7644c3e0f7b3bca10	tree \| snapshot
parent	3fe04ebb68d9c6027c27cee19208a6dc7702feb2	commit \| diff

ip: discard IPv4 datagrams with overlapping segments.

This behavior is required in IPv6, and there is little need
to tolerate overlapping fragments in IPv4. This change
simplifies the code and eliminates potential DDoS attack vectors.

Tested: ran ip_defrag selftest (not yet available uptream).

Suggested-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Peter Oskolkov <posk@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Florian Westphal <fw@strlen.de>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/uapi/linux/snmp.h		diff \| blob \| history
net/ipv4/ip_fragment.c		diff \| blob \| history
net/ipv4/proc.c		diff \| blob \| history