search for: ip_mf

...will fail. So, if we generate enough stranded entries in the routing cache (4096 in 2.2.3) via our malicious frags, then all further calls to dst_alloc will fail. We can get a 0 length fragment into the head of the list by doing the following: Send a fragment at offset 0, with a length of X, and IP_MF set. This creates our list. Send a 0 length fragment at offset 0, where the ip header length is equal to the ip total length, and IP_MF is set. This will be treated as coming before the fragment already in our list, because it has an offset equal to the offset of the existing fragment. It doesn...

...+size_req); } As mentioned above, fragments with an offset of 0, that are too short to provide a full transport protocol header, are treated like non-first fragments. This allows an attacker to perform the following port rewriting attack: 1. Attacker sends a fragment, with offset 0, a set IP_MF bit, and a full transport protocol header which meets the packet filter and is passed to the victim machine. 2. Attacker sends a fragment, with offset 0, a set IP_MF bit, and a length of 4 bytes. This contains the (blocked) ports that the attacker wishes to access on the victim machine...

...<sys/socket.h> #ifdef STRANGE_BSD_BYTE_ORDERING_THING /* OpenBSD < 2.1, all FreeBSD and netBSD, BSDi < 3.0 */ #define FIX(n) (n) #else /* OpenBSD 2.1, all Linux */ #define FIX(n) htons(n) #endif /* STRANGE_BSD_BYTE_ORDERING_THING */ #define IP_MF 0x2000 /* More IP fragment en route */ #define IPH 0x14 /* IP header size */ #define UDPH 0x8 /* UDP header size */ #define PADDING 0x1c /* datagram frame padding for first packet */ #define MAGIC 0x3 /* Magic Fragment Constant (tm). Should be 2 or 3 */ #define COUNT 0x...

...constant_htons(ETH_P_IP): @@ -124,6 +125,7 @@ struct iphdr *iph = skb->nh.iph; h = iph->daddr; hs = iph->saddr; + nfm = skb -> nfmark; h2 = hs^iph->protocol; if (!(iph->frag_off&htons(IP_MF|IP_OFFSET)) && (iph->protocol == IPPROTO_TCP || @@ -137,6 +139,7 @@ struct ipv6hdr *iph = skb->nh.ipv6h; h = iph->daddr.s6_addr32[3]; hs = iph->saddr.s6_addr32[3]; + nfm = skb->nfmark;...

Hi If I have a HTB class with 128kbit, and I want to put "N" users in that class ( in order to share bandwidth fairly ) , which is better for me ? esfq (hash dst) or wrr ? I would attach esfq or wrr to HTB parent class. Also I''ve readed on Jim script that over WRR put a RED qdisc, but I don''t understand it. bests andres

...nclude/dev/firewire/@/i386/ibcs2/ibcs2_socksys.h:31: i386/ibcs2/ibcs2_types.h: No such file or directory^M In file included from /usr/obj/usr/src/i386/usr/include/dev/firewire/@/i386/include/i4b_isppp.h:43,^M from :49:^M /usr/obj/usr/src/i386/usr/include/netinet/ip.h:68: warning: `IP_MF' redefined^M /usr/obj/usr/src/i386/usr/include/dev/firewire/@/contrib/ipfilter/netinet/ip_compat.h:835: warning: this is the locati on of the previous definition^M /usr/obj/usr/src/i386/usr/include/netinet/ip.h:170: warning: `IPOPT_SECUR_UNCLASS' redefined^M /usr/obj/usr/src/i386/usr/includ...

Hi again, I was just looking around for ESFQ sources, and I see that the main site is down, and only has kernel 2.6.4 patches. Is ESFQ maintained? If so, where can I find patches for 2.6.10? Thanks, -justin _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

...len) || - h->protocol != IPPROTO_UDP || - b->udph.source != htons(67) || - b->udph.dest != htons(68) || - ntohs(h->tot_len) < ntohs(b->udph.len) + sizeof(struct iphdr)) - goto drop; - - /* Fragments are not supported */ - if (h->frag_off & htons(IP_OFFSET | IP_MF)) { - printk(KERN_ERR "DHCP/BOOTP: Ignoring fragmented reply.\n"); - goto drop; - } - - /* Is it a reply to our BOOTP request? */ - len = ntohs(b->udph.len) - sizeof(struct udphdr); - if (len < 300 || /* See RFC 951:2.1 */ - b->op != BOOTP_REPLY || - b->xid !=...