public inbox for newlib-cvs@sourceware.org
help / color / mirror / Atom feed
* [newlib-cygwin] Add a limit of the number of fragments per IPv6 packet.
@ 2018-08-24 13:11 Sebastian Huber
0 siblings, 0 replies; only message in thread
From: Sebastian Huber @ 2018-08-24 13:11 UTC (permalink / raw)
To: newlib-cvs
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=0e5c59050d22b22ef6a1f37163040505cb6161f0
commit 0e5c59050d22b22ef6a1f37163040505cb6161f0
Author: jtl <jtl@FreeBSD.org>
Date: Tue Aug 14 17:26:07 2018 +0000
Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of
fragments per packet. The default limit is currently 17 fragments.
Among other things, this limit serves to limit the number of fragments
the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet
to 65 fragments (64 on the queue, plus one final fragment to complete
the packet). This allows an average fragment size of 1,008 bytes, which
should be sufficient to hold a fragment. (Recall that the IPv6 minimum
MTU is 1280 bytes. Therefore, this configuration allows a full-size
IPv6 packet to be fragmented on a link with the minimum MTU and still
carry approximately 272 bytes of headers before the fragmented portion
of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket
sysctl.
Reviewed by: jhb
Security: FreeBSD-SA-18:10.ip
Security: CVE-2018-6923
Diff:
---
newlib/libc/sys/rtems/include/netinet6/in6.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/newlib/libc/sys/rtems/include/netinet6/in6.h b/newlib/libc/sys/rtems/include/netinet6/in6.h
index 37e1e93..235c990 100644
--- a/newlib/libc/sys/rtems/include/netinet6/in6.h
+++ b/newlib/libc/sys/rtems/include/netinet6/in6.h
@@ -642,7 +642,8 @@ struct ip6_mtuinfo {
#define IPV6CTL_INTRQMAXLEN 51 /* max length of IPv6 netisr queue */
#define IPV6CTL_INTRDQMAXLEN 52 /* max length of direct IPv6 netisr
* queue */
-#define IPV6CTL_MAXID 53
+#define IPV6CTL_MAXFRAGSPERPACKET 53 /* Max fragments per packet */
+#define IPV6CTL_MAXID 54
#endif /* __BSD_VISIBLE */
/*
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2018-08-24 13:11 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-24 13:11 [newlib-cygwin] Add a limit of the number of fragments per IPv6 packet Sebastian Huber
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).