From: Michal Kubecek <mkube...@suse.cz> Date: Thu, 13 Dec 2018 03:28:00 +0100 (CET)
> Since commit 7969e5c40dfd ("ip: discard IPv4 datagrams with overlapping > segments.") IPv4 reassembly code drops the whole queue whenever an > overlapping fragment is received. However, the test is written in a way > which detects duplicate fragments as overlapping so that in environments > with many duplicate packets, fragmented packets may be undeliverable. > > Add an extra test and for (potentially) duplicate fragment, only drop the > new fragment rather than the whole queue. Only starting offset and length > are checked, not the contents of the fragments as that would be too > expensive. Check for duplicity with last (tail) fragment first as in real > life scenarios this should be the most frequent case and we would have to > iterate through the whole "run" otherwise. > > Fixes: 7969e5c40dfd ("ip: discard IPv4 datagrams with overlapping segments.") > Signed-off-by: Michal Kubecek <mkube...@suse.cz> I'll give Eric a chance to review this, thanks Michal.