Opened 10 years ago
Last modified 7 years ago
#593 new defect
IP datagram reassembly needs to flush datagrams/fragments after some time
| Reported by: | Jiri Svoboda | Owned by: | Jiri Svoboda |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | helenos/net/inet | Version: | mainline |
| Keywords: | Cc: | ||
| Blocker for: | Depends on: | ||
| See also: |
Description
Currently IP datagram reassembly will retain the datagram/fragment records forever if the datagram is not completed and delivered. This leads to increased memory usage over time and could be exploited for a DoS attack.
There needs to be some kind of a timeout mechanism so that old datagrams/fragments are discarded eventually.
Note:
See TracTickets
for help on using tickets.
Citing RFC 1122 Requirements for Internet Hosts — Communication Layers
There MUST be a reassembly timeout. The reassembly timeout value SHOULD be a fixed value, not set from the remaining TTL. It is recommended that the value lie between 60 seconds and 120 seconds. If this timeout expires, the partially-reassembled datagram MUST be discarded and an ICMP Time Exceeded message sent to the source host (if fragment zero has been received).