Date: Tue, 2 Mar 2004 14:59:25 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: Darren Reed <avalon@caligula.anu.edu.au> Cc: freebsd-security@freebsd.org Subject: Re: mbuf vulnerability Message-ID: <20040302145808.R715@odysseus.silby.com> In-Reply-To: <200403021808.i22I87XN007054@caligula.anu.edu.au> References: <200403021808.i22I87XN007054@caligula.anu.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 3 Mar 2004, Darren Reed wrote: > > > "strict" requires that the sequence number in packet n should match > > > what that sequence number of the last byte in packet n-1 - i.e. no > > > out of order delivery is permitted. > > > > > > Darren > Right, so your comment about it "not working" applies to 3.x (which > is what comes with freebsd, currently), which is what i was hoping :) > > My comment was to say that with ipf4, you can address this problem. > > darren Ok, that sounds correct. However, it would have an adverse performance impact in the normal case. Have you considered having an "almost strict" option that would allow maybe 3 or 4 out of order segments through? That would be a great feature. :) Mike "Silby" Silbersack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040302145808.R715>