ICMP spoofing protection: Is this code sane?

From: antirez (antirez@invece.org)
Date: Tue Jan 23 2001 - 13:19:54 EST

Next message: Martin Josefsson: "Re: 2.4 and ipmasq modules"
Previous message: Georg Nikodym: "Re: [OT?] Coding Style"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello!

I'm trying to implement a way to add some protection
against ICMP DF set but fragmentation required packets spoofing.
This is a netfilter hook that should implement an HMAC
based protection, but I'm not sure that my code is sane,
and before to post it to bugtraq, and crash all the boxes
of the users that will load the module, I want to learn
if it's ok.

Thanks in advance for your support.

p.s. obviously comments about the protection design used will
help as weel.

-- Salvatore Sanfilippo | <antirez@invece.org> http://www.kyuzz.org/antirez | PGP: finger antirez@tella.alicom.com

text/plain attachment: trusted-icmp.c

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/

Next message: Martin Josefsson: "Re: 2.4 and ipmasq modules"
Previous message: Georg Nikodym: "Re: [OT?] Coding Style"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Jan 23 2001 - 21:00:27 EST