Re: Ping with a 65510 bytes pack

Jon Lewis (jlewis@inorganic5.fdt.net)
Sun, 20 Oct 1996 13:16:03 -0400 (EDT)

This slightly modified version of Alan Cox's ping patch has been tested on
my SMP test box. Without it, I can crash it from a Win95 box, and then
softdog (I assume) reboots it. With the patch, Win95 doesn't seem able to
crash it. I'm now running this patch on 5 other systems.

Is there anything other than someone trying to crash my box that would
trigger the printk I added? One of our servers just logged this:

Oversized packet received from 205.229.51.6

That's one of our dialup user IP addresses. Are my own users trying to
crash me, or is it just a Windows IP bug? If there's no explanation other
than someone trying to crash our mail server, I'd like to terminate that
account.

--- ip_fragment.c.orig Wed Aug 7 07:00:08 1996
+++ ip_fragment.c Sat Oct 19 20:33:42 1996
@@ -47,6 +47,8 @@

atomic_t ip_frag_mem = 0; /* Memory used for fragments */

+char *in_ntoa(unsigned long in);
+
/*
* Memory Tracking Functions
*/
@@ -366,7 +368,7 @@
{
NETDEBUG(printk("Invalid fragment list: Fragment over size.\n"));
ip_free(qp);
- frag_kfree_skb(skb,FREE_WRITE);
+ kfree_skb(skb,FREE_WRITE);
ip_statistics.IpReasmFails++;
return NULL;
}
@@ -466,6 +468,19 @@
return NULL;
}
}
+
+ /*
+ * Attempt to construct an oversize packet.
+ */
+
+ if(ntohs(iph->tot_len)+(int)offset>65535)
+ {
+ skb->sk = NULL;
+ printk("Oversized packet received from %s\n",in_ntoa(qp->iph->saddr));
+ frag_kfree_skb(skb, FREE_READ);
+ ip_statistics.IpReasmFails++;
+ return NULL;
+ }

/*
* Determine the position of this fragment.

------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/hr.
________Finger jlewis@inorganic5.fdt.net for PGP public key_______