On Wed, Apr 24, 2002 at 09:07:23PM +0300, Matti Aarnio wrote:
> On Wed, Apr 24, 2002 at 01:49:33PM -0400, Jeff Garzik wrote:
> ...
> > The tulip patch is butt-ugly - the oversized allocation isn't needed,
> > and it just flat-out turns off large packet protection. That's really
> > not what you want to do, even for the best tulip cards. If an oversized
> > gram (non-VLAN) makes it into a network which such a patched tulip
> > driver, you can DoS.
>
> It all depends... At least the cisco switches I have used have
> protection by controlling on how large frames you can send, and
> having automatic enlarging of frame size for VLAN Trunking port.
>
> Of course those switches have some amounts of "jumbogram support"
> as well at port by port basis.
>
> So perhaps you can DoS your machine off the net (or your stream
> very least), but not other machines.
The DoS certainly assumes that one can send jumbo datagrams to the
target machine via a local network. There are a multitude of ways
one can prevent the DoS present in the tulip VLAN patch, what you
name is certainly one of them.
Jeff
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Apr 30 2002 - 22:00:09 EST