[BACK]Return to ip_input.c CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / sys / netinet

Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.

Diff for /src/sys/netinet/ip_input.c between version 1.257 and 1.258

version 1.257, 2007/12/20 19:53:32 version 1.258, 2007/12/21 18:58:55
Line 896  ours:
Line 896  ours:
          * but it's not worth the time; just let them time out.)           * but it's not worth the time; just let them time out.)
          */           */
         if (ip->ip_off & ~htons(IP_DF|IP_RF)) {          if (ip->ip_off & ~htons(IP_DF|IP_RF)) {
                   uint16_t off;
                   /*
                    * Prevent TCP blind data attacks by not allowing non-initial
                    * fragments to start at less than 68 bytes (minimal fragment
                    * size).
                    */
                   off = htons(ip->ip_off) & ~(IP_DF|IP_EF|IP_MF);
                   if (off > 0 && off + hlen < IP_MINFRAGSIZE - 1) {
                           ipstat.ips_badfrags++;
                           goto bad;
                   }
                 /*                  /*
                  * Look for queue of fragments                   * Look for queue of fragments
                  * of this datagram.                   * of this datagram.

Legend:
Removed from v.1.257  
changed lines
  Added in v.1.258

CVSweb <webmaster@jp.NetBSD.org>