Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 2 Mar 2004 14:59:25 -0600 (CST)
From:      Mike Silbersack <silby@silby.com>
To:        Darren Reed <avalon@caligula.anu.edu.au>
Cc:        freebsd-security@freebsd.org
Subject:   Re: mbuf vulnerability
Message-ID:  <20040302145808.R715@odysseus.silby.com>
In-Reply-To: <200403021808.i22I87XN007054@caligula.anu.edu.au>
References:  <200403021808.i22I87XN007054@caligula.anu.edu.au>

next in thread | previous in thread | raw e-mail | index | archive | help

On Wed, 3 Mar 2004, Darren Reed wrote:

> > > "strict" requires that the sequence number in packet n should match
> > > what that sequence number of the last byte in packet n-1 - i.e. no
> > > out of order delivery is permitted.
> > >
> > > Darren
> Right, so your comment about it "not working" applies to 3.x (which
> is what comes with freebsd, currently), which is what i was hoping :)
>
> My comment was to say that with ipf4, you can address this problem.
>
> darren

Ok, that sounds correct.  However, it would have an adverse performance
impact in the normal case.  Have you considered having an "almost strict"
option that would allow maybe 3 or 4 out of order segments through?  That
would be a great feature. :)

Mike "Silby" Silbersack



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040302145808.R715>