Re: Resend: [RFC/PATCH] "safer ipv4 reassembly"

Herbert Xu Tue, 16 Aug 2005 04:21:09 -0700

On Thu, Aug 04, 2005 at 05:48:17PM -0700, Arthur Kepner wrote:
>
> @@ -366,6 +376,9 @@ static struct ipq *ip_frag_create(unsign
>       qp->meat = 0;
>       qp->fragments = NULL;
>       qp->iif = 0;
> +     qp->peer = sysctl_ipfrag_max_dist ? inet_getpeer(iph->saddr, 1) : NULL;
> +     if (qp->peer) 
> +             qp->rid = atomic_read(&qp->peer->rid);


This fix is not needed.  The rid was set below in ip_frag_too_far which
is called from ip_frag_queue.

> @@ -410,6 +423,63 @@ static inline struct ipq *ip_find(struct
>       return ip_frag_create(hash, iph, user);
>  }
>  
> +/* Is the fragment too far ahead to be part of ipq? */
> +static inline int ip_frag_too_far(struct ipq *qp)
> +{
> +     struct inet_peer *peer = qp->peer;
> +     unsigned int max = sysctl_ipfrag_max_dist;
> +     unsigned int start, end;
> +
> +     int rc;
> +
> +     if (!peer || !max)
> +             return 0;
> +
> +     start = ++qp->rid;
> +     end   = atomic_inc_return(&peer->rid);

I'm not sure I understand the benefit of this change either.

> +     rc = qp->fragments && (end - start) >= max;
> +
> +     if (rc) {
> +             IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS);
> +     }

This is good.

> +static int ip_frag_reinit(struct ipq *qp)

> +     if (sysctl_ipfrag_max_dist) {
> +             if (qp->peer == NULL) {
> +                     qp->peer = inet_getpeer(qp->saddr, 1);
> +             }
> +             if (qp->peer) {
> +                     qp->rid = atomic_read(&qp->peer->rid);
> +             }
> +     }

This is unnecessary since we're taking over an existing qp
whose parameters are exactly the same as the new fragment.

> @@ -50,6 +51,7 @@ extern int inet_peer_gc_mintime;
>  extern int inet_peer_gc_maxtime;
>  
>  #ifdef CONFIG_SYSCTL
> +static int zero;
>  static int tcp_retr1_max = 255; 
>  static int ip_local_port_range_min[] = { 1, 1 };
>  static int ip_local_port_range_max[] = { 65535, 65535 };
> @@ -643,6 +645,15 @@ ctl_table ipv4_table[] = {
>               .strategy       = &sysctl_jiffies
>       },
>       {
> +             .ctl_name       = NET_IPV4_IPFRAG_MAX_DIST,
> +             .procname       = "ipfrag_max_dist",
> +             .data           = &sysctl_ipfrag_max_dist,
> +             .maxlen         = sizeof(int),
> +             .mode           = 0644,
> +             .proc_handler   = &proc_dointvec_minmax,
> +             .extra1         = &zero
> +     },

Good catch.

Thanks,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Resend: [RFC/PATCH] "safer ipv4 reassembly"

Reply via email to