| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220901144810.GA31767@debian>
Date: Thu, 1 Sep 2022 16:48:47 +0200
From: Richard Gobert <richardbgobert@...il.com>
To: Eric Dumazet <edumazet@...gle.com>
Cc: David Miller <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Jonathan Corbet <corbet@....net>,
Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
David Ahern <dsahern@...nel.org>,
Alexander Aring <alex.aring@...il.com>,
Stefan Schmidt <stefan@...enfreihafen.org>,
Pablo Neira Ayuso <pablo@...filter.org>,
Jozsef Kadlecsik <kadlec@...filter.org>,
Florian Westphal <fw@...len.de>,
Martin KaFai Lau <kafai@...com>,
netdev <netdev@...r.kernel.org>,
"open list:DOCUMENTATION" <linux-doc@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>, linux-wpan@...r.kernel.org,
netfilter-devel@...r.kernel.org, coreteam@...filter.org
Subject: Re: [PATCH 2/4] net-next: ip6: fetch inetpeer in ip6frag_init
On Mon, Aug 29, 2022 at 03:20:54PM -0700, Eric Dumazet wrote:
> Sorry, this is adding yet another bottleneck, and will make DDOS
> attacks based on fragments more effective.
>
> Whole concept of 'peers' based on IPv6 addresses is rather weak, as
> hosts with IPv6 can easily
> get millions of different 'addresses'.
I understand the problem with the implementation. Since peers don't
carry much weight in IPv6, this patch can be dropped.
Powered by blists - more mailing lists