public inbox for newlib-cvs@sourceware.org help / color / mirror / Atom feed
From: Sebastian Huber <sh@sourceware.org> To: newlib-cvs@sourceware.org Subject: [newlib-cygwin] Add a limit of the number of fragments per IPv6 packet. Date: Fri, 24 Aug 2018 13:11:00 -0000 [thread overview] Message-ID: <20180824131151.86570.qmail@sourceware.org> (raw) https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=0e5c59050d22b22ef6a1f37163040505cb6161f0 commit 0e5c59050d22b22ef6a1f37163040505cb6161f0 Author: jtl <jtl@FreeBSD.org> Date: Tue Aug 14 17:26:07 2018 +0000 Add a limit of the number of fragments per IPv6 packet. The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet. Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.) Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl. Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 Diff: --- newlib/libc/sys/rtems/include/netinet6/in6.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/newlib/libc/sys/rtems/include/netinet6/in6.h b/newlib/libc/sys/rtems/include/netinet6/in6.h index 37e1e93..235c990 100644 --- a/newlib/libc/sys/rtems/include/netinet6/in6.h +++ b/newlib/libc/sys/rtems/include/netinet6/in6.h @@ -642,7 +642,8 @@ struct ip6_mtuinfo { #define IPV6CTL_INTRQMAXLEN 51 /* max length of IPv6 netisr queue */ #define IPV6CTL_INTRDQMAXLEN 52 /* max length of direct IPv6 netisr * queue */ -#define IPV6CTL_MAXID 53 +#define IPV6CTL_MAXFRAGSPERPACKET 53 /* Max fragments per packet */ +#define IPV6CTL_MAXID 54 #endif /* __BSD_VISIBLE */ /*
reply other threads:[~2018-08-24 13:11 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20180824131151.86570.qmail@sourceware.org \ --to=sh@sourceware.org \ --cc=newlib-cvs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).