[PATCH v3 00/30] backport of IP fragmentation fixes

[Stephen Hemminger <stephen@networkplumber.org>]

Took the set of patches from 4.19 to handle IP fragmentation DoS
and applied them against 4.14.69.  Most of these are from Eric.
In a couple case, it required some manual merge conflict resolution.

Tested normal IP fragmentation with iperf3 and malicious IP fragments
with fragmentsmack. Under fragmentation attack (700Kpps) the original
4.14.69 consumes 97% CPU; with this patch it drops to 5%.

v3 - send to wider audience
v2 - added patch from 4.19 linux-next to fix ip fragmentation crash

Dan Carpenter (1):
  ipv4: frags: precedence bug in ip_expire()

Eric Dumazet (22):
  inet: frags: change inet_frags_init_net() return value
  inet: frags: add a pointer to struct netns_frags
  inet: frags: refactor ipfrag_init()
  inet: frags: refactor ipv6_frag_init()
  inet: frags: refactor lowpan_net_frag_init()
  ipv6: export ip6 fragments sysctl to unprivileged users
  rhashtable: add schedule points
  inet: frags: use rhashtables for reassembly units
  inet: frags: remove some helpers
  inet: frags: get rif of inet_frag_evicting()
  inet: frags: remove inet_frag_maybe_warn_overflow()
  inet: frags: break the 2GB limit for frags storage
  inet: frags: do not clone skb in ip_expire()
  ipv6: frags: rewrite ip6_expire_frag_queue()
  rhashtable: reorganize struct rhashtable layout
  inet: frags: reorganize struct netns_frags
  inet: frags: get rid of ipfrag_skb_cb/FRAG_CB
  inet: frags: fix ip6frag_low_thresh boundary
  net: speed up skb_rbtree_purge()
  net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends
  net: add rb_to_skb() and other rb tree helpers
  net: sk_buff rbnode reorg

Florian Westphal (1):
  ipv6: defrag: drop non-last frags smaller than min mtu

Kees Cook (1):
  inet: frags: Convert timers to use timer_setup()

Peter Oskolkov (4):
  ip: discard IPv4 datagrams with overlapping segments.
  net: modify skb_rbtree_purge to return the truesize of all purged
    skbs.
  ip: add helpers to process in-order fragments faster.
  ip: process in-order fragments efficiently

Taehee Yoo (1):
  ip: frags: fix crash in ip_do_fragment()

 Documentation/networking/ip-sysctl.txt  |  13 +-
 include/linux/rhashtable.h              |   8 +-
 include/linux/skbuff.h                  |  50 +-
 include/net/inet_frag.h                 | 135 +++---
 include/net/ip.h                        |   1 -
 include/net/ipv6.h                      |  26 +-
 include/uapi/linux/snmp.h               |   1 +
 lib/rhashtable.c                        |   2 +
 net/core/skbuff.c                       |  31 +-
 net/ieee802154/6lowpan/6lowpan_i.h      |  26 +-
 net/ieee802154/6lowpan/reassembly.c     | 153 ++++---
 net/ipv4/inet_fragment.c                | 378 ++++------------
 net/ipv4/ip_fragment.c                  | 578 +++++++++++++-----------
 net/ipv4/proc.c                         |   7 +-
 net/ipv4/tcp_fastopen.c                 |   8 +-
 net/ipv4/tcp_input.c                    |  33 +-
 net/ipv6/netfilter/nf_conntrack_reasm.c | 105 ++---
 net/ipv6/proc.c                         |   5 +-
 net/ipv6/reassembly.c                   | 217 ++++-----
 net/sched/sch_netem.c                   |  14 +-
 20 files changed, 802 insertions(+), 989 deletions(-)

-- 
2.18.0