Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 31 May 2001 14:58:11 -0700 (PDT)
From:      Jesper Skriver <jesper@FreeBSD.org>
To:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: src/sys/kern uipc_accf.c uipc_mbuf.c uipc_socket2.c src/sys/netinet ip_input.c src/sys/netinet6 in6_proto.c src/sys/sys param.h
Message-ID:  <200105312158.f4VLwB659138@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

jesper      2001/05/31 14:58:11 PDT

  Modified files:
    sys/kern             uipc_accf.c uipc_mbuf.c uipc_socket2.c 
  Log:
  Move the definition of NMBCLUSTERS from src/sys/kern/uipc_mbuf.c
  to <sys/param.h>, so it's available to src/sys/netinet/ip_input.c,
  and remove the now unneeded includes of "opt_param.h".
  
  MFC after:	1 week
  
  Revision  Changes    Path
  1.5       +1 -2      src/sys/kern/uipc_accf.c
  1.77      +1 -6      src/sys/kern/uipc_mbuf.c
  1.68      +1 -2      src/sys/kern/uipc_socket2.c


  Modified files:
    sys/netinet          ip_input.c 
  Log:
  Prevent denial of service using bogus fragmented IPv4 packets.
  
  A attacker sending a lot of bogus fragmented packets to the target
  (with different IPv4 identification field - ip_id), may be able
  to put the target machine into mbuf starvation state.
  
  By setting a upper limit on the number of reassembly queues we
  prevent this situation.
  
  This upper limit is controlled by the new sysctl
  net.inet.ip.maxfragpackets which defaults to NMBCLUSTERS/4
  
  If you want old behaviour (no upper limit) set this sysctl
  to a negative value.
  
  If you don't want to accept any fragments (not recommended)
  set the sysctl to 0 (zero)
  
  Obtained from:	NetBSD (partially)
  MFC after:	1 week
  
  Revision  Changes    Path
  1.166     +32 -1     src/sys/netinet/ip_input.c


  Modified files:
    sys/netinet6         in6_proto.c 
  Log:
  Change the default value of net.inet6.ip6.maxfragpackets from
  200 to NMBCLUSTERS/4 to match the IPv4 case.
  
  MFC after:	1 week
  
  Revision  Changes    Path
  1.11      +2 -2      src/sys/netinet6/in6_proto.c


  Modified files:
    sys/sys              param.h 
  Log:
  Move the definition of NMBCLUSTERS from src/sys/kern/uipc_mbuf.c
  to <sys/param.h>, so it's available to src/sys/netinet/ip_input.c
  
  MFC after:	1 week
  
  Revision  Changes    Path
  1.92      +6 -1      src/sys/sys/param.h


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105312158.f4VLwB659138>