ip: discard IPv4 datagrams with overlapping segments.

This behavior is required in IPv6, and there is little need to tolerate overlapping fragments in IPv4. This change simplifies the code and eliminates potential DDoS attack vectors. Tested: ran ip_defrag selftest (not yet available uptream). Suggested-by: David S. Miller <davem@davemloft.net> Signed-off-by: Peter Oskolkov <posk@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Florian Westphal <fw@strlen.de> Acked-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Peter Oskolkov <posk@google.com> 2018-08-03 01:34:37 +0200
committer: David S. Miller <davem@davemloft.net> 2018-08-06 02:16:46 +0200
commit: 7969e5c40dfd04799d4341f1b7cd266b6e47f227 (patch)
tree: 167103e66b8f8ebf96bf4ca7644c3e0f7b3bca10 /include
parent: net/tls: Mark the end in scatterlist table (diff)
download: linux-7969e5c40dfd04799d4341f1b7cd266b6e47f227.tar.xz
linux-7969e5c40dfd04799d4341f1b7cd266b6e47f227.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h
index e5ebc83827ab..f80135e5feaa 100644
--- a/include/uapi/linux/snmp.h
+++ b/include/uapi/linux/snmp.h
@@ -56,6 +56,7 @@ enum
 	IPSTATS_MIB_ECT1PKTS,			/* InECT1Pkts */
 	IPSTATS_MIB_ECT0PKTS,			/* InECT0Pkts */
 	IPSTATS_MIB_CEPKTS,			/* InCEPkts */
+	IPSTATS_MIB_REASM_OVERLAPS,		/* ReasmOverlaps */
 	__IPSTATS_MIB_MAX
 };
author	Peter Oskolkov <posk@google.com>	2018-08-03 01:34:37 +0200
committer	David S. Miller <davem@davemloft.net>	2018-08-06 02:16:46 +0200
commit	7969e5c40dfd04799d4341f1b7cd266b6e47f227 (patch)
tree	167103e66b8f8ebf96bf4ca7644c3e0f7b3bca10 /include
parent	net/tls: Mark the end in scatterlist table (diff)
download	linux-7969e5c40dfd04799d4341f1b7cd266b6e47f227.tar.xz linux-7969e5c40dfd04799d4341f1b7cd266b6e47f227.zip