Re: [PATCH net-next 1/3] ip: discard IPv4 datagrams with overlapping segments.

2018-08-02 Thread Stephen Hemminger
On Thu, 2 Aug 2018 16:33:55 -0700 Eric Dumazet wrote: > On 08/02/2018 03:54 PM, Stephen Hemminger wrote: > > On Thu, 2 Aug 2018 22:45:58 + > > Peter Oskolkov wrote: > > > >> diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h > >> index e5ebc83827ab..da1a144f1a51 100644 >

Re: [PATCH net-next 1/3] ip: discard IPv4 datagrams with overlapping segments.

2018-08-02 Thread Eric Dumazet
On 08/02/2018 03:54 PM, Stephen Hemminger wrote: > On Thu, 2 Aug 2018 22:45:58 + > Peter Oskolkov wrote: > >> diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h >> index e5ebc83827ab..da1a144f1a51 100644 >> --- a/include/uapi/linux/snmp.h >> +++ b/include/uapi/linux/snmp.h

Re: [PATCH net-next 1/3] ip: discard IPv4 datagrams with overlapping segments.

2018-08-02 Thread Stephen Hemminger
On Thu, 2 Aug 2018 22:45:58 + Peter Oskolkov wrote: > diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h > index e5ebc83827ab..da1a144f1a51 100644 > --- a/include/uapi/linux/snmp.h > +++ b/include/uapi/linux/snmp.h > @@ -40,6 +40,7 @@ enum > IPSTATS_MIB_REASMREQDS,

[PATCH net-next 1/3] ip: discard IPv4 datagrams with overlapping segments.

2018-08-02 Thread Peter Oskolkov
This behavior is required in IPv6, and there is little need to tolerate overlapping fragments in IPv4. This change simplifies the code and eliminates potential DDoS attack vectors. Suggested-by: David S. Miller Signed-off-by: Peter Oskolkov Signed-off-by: Eric Dumazet Cc: Florian Westphal ---