some days/weeks ago i made a patch for net/ipv4/ip_fw.c and the tool
ipchains to
make rulesets for matching packetsizes of ip packets.
(for example: ipchains -p udp -D 0.0.0.0/0 53 -j REJECT
--packet-size 1900:65535 reject all packets greater 1900 bytes (all
header
inclusive) with destination nameserver on any server)
it can be used for statistic purposes (or also debugging?) or to prevent
(future) DoS Attacks with oversized ip packets.
the patch in the kernel is simple (only net/ipv4/ip_fw.c and
include/linux/ip_fw.h) the patch for ipchains is a little more complex.
a documentation/supplement in the manpage and (the excellent) howtow.txt
in the ipchain package is needed - i think this is something for
somebody
who writes a more correct english ;)
now the question what you think about it:
is the patch relevant for a next kernel-version (2.2.x), for the
next development-kernel (2.3.x) or is it a "brainfart"?
where should i send the patch (diff -u)?
with best regards form germany
markus hennig
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/