| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1327920477.2288.28.camel@edumazet-HP-Compaq-6005-Pro-SFF-PC>
Date: Mon, 30 Jan 2012 11:47:57 +0100
From: Eric Dumazet <eric.dumazet@...il.com>
To: Fernando Gont <fernando@...t.com.ar>
Cc: security@...nel.org, netdev <netdev@...r.kernel.org>
Subject: Re: Improved handling of IPv6 atomic fragments (FO=0, MF=0)
Le lundi 30 janvier 2012 à 07:24 -0300, Fernando Gont a écrit :
> Folks,
>
> FYI. We have published an IETF I-D that proposes an improved handling of
> IPv6 atomic fragments (IPv6 fragments that have an offset of 0, and MF=0).
>
> The I-D is available here:
> <http://tools.ietf.org/id/draft-gont-6man-ipv6-atomic-fragments-00.txt>
>
> The aforementioned behaviour eliminates fragmentation-based attacks
> against traffic that employs atomic fragments, and has already been
> implemented by OpenBSD.
>
> Thanks,
Unless I missed something, linux already does that.
ipv6_frag_rcv()
if (!(fhdr->frag_off & htons(0xFFF9))) {
/* It is not a fragmented frame */
skb->transport_header += sizeof(struct frag_hdr);
IP6_INC_STATS_BH(net,
ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_REASMOKS);
IP6CB(skb)->nhoff = (u8 *)fhdr - skb_network_header(skb);
return 1;
}
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists