public inbox for newlib-cvs@sourceware.org
help / color / mirror / Atom feed
From: Sebastian Huber <sh@sourceware.org>
To: newlib-cvs@sourceware.org
Subject: [newlib-cygwin] Add a limit of the number of fragments per IPv6 packet.
Date: Fri, 24 Aug 2018 13:11:00 -0000 [thread overview]
Message-ID: <20180824131151.86570.qmail@sourceware.org> (raw)
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=0e5c59050d22b22ef6a1f37163040505cb6161f0
commit 0e5c59050d22b22ef6a1f37163040505cb6161f0
Author: jtl <jtl@FreeBSD.org>
Date: Tue Aug 14 17:26:07 2018 +0000
Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of
fragments per packet. The default limit is currently 17 fragments.
Among other things, this limit serves to limit the number of fragments
the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet
to 65 fragments (64 on the queue, plus one final fragment to complete
the packet). This allows an average fragment size of 1,008 bytes, which
should be sufficient to hold a fragment. (Recall that the IPv6 minimum
MTU is 1280 bytes. Therefore, this configuration allows a full-size
IPv6 packet to be fragmented on a link with the minimum MTU and still
carry approximately 272 bytes of headers before the fragmented portion
of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket
sysctl.
Reviewed by: jhb
Security: FreeBSD-SA-18:10.ip
Security: CVE-2018-6923
Diff:
---
newlib/libc/sys/rtems/include/netinet6/in6.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/newlib/libc/sys/rtems/include/netinet6/in6.h b/newlib/libc/sys/rtems/include/netinet6/in6.h
index 37e1e93..235c990 100644
--- a/newlib/libc/sys/rtems/include/netinet6/in6.h
+++ b/newlib/libc/sys/rtems/include/netinet6/in6.h
@@ -642,7 +642,8 @@ struct ip6_mtuinfo {
#define IPV6CTL_INTRQMAXLEN 51 /* max length of IPv6 netisr queue */
#define IPV6CTL_INTRDQMAXLEN 52 /* max length of direct IPv6 netisr
* queue */
-#define IPV6CTL_MAXID 53
+#define IPV6CTL_MAXFRAGSPERPACKET 53 /* Max fragments per packet */
+#define IPV6CTL_MAXID 54
#endif /* __BSD_VISIBLE */
/*
reply other threads:[~2018-08-24 13:11 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180824131151.86570.qmail@sourceware.org \
--to=sh@sourceware.org \
--cc=newlib-cvs@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).