mbuf vulnerability
Mike Silbersack
silby at silby.com
Tue Mar 2 12:59:34 PST 2004
On Wed, 3 Mar 2004, Darren Reed wrote:
> > > "strict" requires that the sequence number in packet n should match
> > > what that sequence number of the last byte in packet n-1 - i.e. no
> > > out of order delivery is permitted.
> > >
> > > Darren
> Right, so your comment about it "not working" applies to 3.x (which
> is what comes with freebsd, currently), which is what i was hoping :)
>
> My comment was to say that with ipf4, you can address this problem.
>
> darren
Ok, that sounds correct. However, it would have an adverse performance
impact in the normal case. Have you considered having an "almost strict"
option that would allow maybe 3 or 4 out of order segments through? That
would be a great feature. :)
Mike "Silby" Silbersack
More information about the freebsd-security
mailing list