On Fri, 17 Apr 1998, Michal Zalewski wrote: > I'm not sure if it's known, but I haven't found anything about it. > No matter, there's something strange in net/ipv4/ip_fragment.h (it's > probably Alan's fault): > > if(len>65535) > { > printk("Oversized IP packet from %s.\n", in_ntoa(qp->iph->saddr)); Actually, I think I have to take credit for that. I don't remember if the original (Alan's) patch printk'd at all (I don't think it did)...but I know I was the one who wanted to see claimed source addresses. Belive it or not, I caught one of our own users trying to crash our mail server about an hour after adding the fix with the printk. Can you say luserdel? Rather than use NETDEBUG to totally disable the printk, I think it might be more useful to put in some code to limit frequency of reporting...sort of like Solar Designer's secure-linux patch's security_alert() function does. ------------------------------------------------------------------ Jon Lewis <jlewisat_private> | Network Administrator | Florida Digital Turnpike | ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:49:59 PDT