----- Original Message -----
From: "A. Supreeth Reddy" <supreeth.reddy@wipro.com>
To: <linux-kernel@vger.rutgers.edu>
Sent: Thursday, June 22, 2000 9:27 AM
Subject: IP De-fragmentation
> Hi folks,
> I have been going through the ip fragmentation and de-frag code in kernel
> version 2.2.16
> net/ipv4/ip_fragment.c. I haven't been able to find the need to do the
below
> check in a for loop
> , i mean, why to check all the succeeding fragments for overlap, because
> that will never be the case.
> It could be suitably replaced with an if () check itself. Do I over-look
> something ?? I have been through
> the RFC 791 , and didn't find the need to do this.
There has been exploits to the kernel like land,nestea and others.
These abused the disability of older kernels to check for overlapping
fragments
for their own bad purposes.
That's why this is in i guess ... Some people tend to do bad things with
tcp/ip :)
Christian Stuke
teuto.net Netzdienste GmbH
e-mail: cs@teuto.net
VI cannot be improved, VI can only be removed.
...
>
****************************************************************************
> A. Supreeth Reddy
> Software Engineer
> Global R & D Solutions
> Wipro Technologies
> #37 , Castle Street , Ashok Nagar
> Bangalore - 560 025 , India
> Tel : 091-80-2367297 x309
> E-mail: supreeth.reddy@wipro.com
>
****************************************************************************
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Jun 23 2000 - 21:00:23 EST