As the story goes I was on IRC this morning and made the statement "Linux
cannot be nuked!" and thus came the onslaught of fragmented packets. And I
found it incredibly annoying since all I saw was a screen full of
messages about the packets i was receiving.
I figured it would be nice to have the ip of the fool who was doing this,
so I could firewall the ip. This information was not recorded anywhere
else, so I made an incredibly small mod for net/ipv4/ip_fragment.c that
shows the ip of the sender of the fragment.
I'm not done, but here's the diff so far. Could someone verify that the
ip being returned is correct? As I don't have any means of testing this
(well, okay, maybe i'm just too lazy..)
------ cut -------
--- ip_fragment.c.old Mon Sep 28 07:21:20 1998
+++ ip_fragment.c Tue Oct 6 12:12:23 1998
@@ -389,8 +389,9 @@
return skb;
out_invalid:
- NETDEBUG(printk(KERN_ERR
- "Invalid fragment list: Fragment over size.\n"));
+ NETDEBUG(printk(KERN_ERR "Invalid fragment list: Fragment over size [Sender: %d.%d.%d.%d]\n",
+ qp->iph->saddr>>24, (qp->iph->saddr<<8)>>24,
+ (qp->iph->saddr<<16)>>24, (qp->iph->saddr<<24)>>24));
kfree_skb(skb);
goto out_fail;
out_nomem:
------- cut -------
Please comment on this.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/