17 Sep
2018
17 Sep
'18
12:47 p.m.
On Thu, Sep 13, 2018 at 07:58:32AM -0700, Stephen Hemminger wrote:
Took the set of patches from 4.19 to handle IP fragmentation DoS and applied them against 4.14.69. Most of these are from Eric. In a couple case, it required some manual merge conflict resolution.
Tested normal IP fragmentation with iperf3 and malicious IP fragments with fragmentsmack. Under fragmentation attack (700Kpps) the original 4.14.69 consumes 97% CPU; with this patch it drops to 5%.
All now queued up, thanks for doing the backport.
greg k-h