David Miller a écrit :

From: Eric Dumazet <redacted>

quoted

Welcome to the club :)

Ok, how about we put something like the following into 2.6.21?

2.6.21 really ?

Just to be clear : I had an attack two years ago, I applied your patch, 
rebooted the machine, and since then the attackers had to find another way to 
hurt the machine. Eventually, when I update the kernel of this machine, I 
forget to appply jhash patch, and attackers dont know they can try again :)

I dont consider this new hash as bug fix at all, ie your patch might enter 
2.6.22 normal dev cycle.

Maybe a *fix*, independant of the hash function (so that no math expert can 
insult us), would be to have a *limit*, say... 1000 (something insane) on the 
length of a hash chain ?

In my case, I saw lengths of about 3000 two years ago under attack, but 
machine was still usable... maybe in half power mode.