REJECT using invalid data
Kiran Kumar Immidi
immidi at spymac.com
Wed Dec 8 03:47:35 CET 2004
On Wednesday 08 December 2004 03:44, Pablo Neira wrote:
>Now I see, if state tracking is not enable there's no way to avoid this
>problem. But I guess that we should drop all malformed packets, not only
>those which have bad checksums. Would you like to give a try to the
>patch attached?
Just a comment on this;
+static u8 tcp_valid_flags[(TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG) + 1] =
This makes the array about 64 bytes long, would be better to store as an
array of valid flags rather than as a bit mask;
--
Regards,
Kiran Kumar Immidi
More information about the netfilter-devel
mailing list