FreeBSD and the Rose Attack / NewDawn
Suleiman Souhlal
ssouhlal at FreeBSD.org
Sun May 8 19:13:40 PDT 2005
Hello,
On May 7, 2005, at 10:17 AM, Gandalf The White wrote:
> Take a look at the Linux implementation, they did a pretty good
> job. It
> consists of something like:
> 0) Store the size of packet in a variable
> 1) Add up the number of bytes the fragments received and continue
> to store /
> accept fragments until ...
> 2) You get the final fragment. If you have enough bytes to look
> like you
> have the entire packet then send the fragment off for reassembly,
> otherwise
> keep accepting fragments until you get enough fragments for the whole
> packet.
The patch at http://people.freebsd.org/~ssouhlal/testing/
ip_reass-20050507.diff does just this.
Could you kindly test it?
Bye,
--
Suleiman Souhlal | ssouhlal at vt.edu
The FreeBSD Project | ssouhlal at FreeBSD.org
More information about the freebsd-net
mailing list