[newlib-cygwin] Add a limit of the number of fragments per IPv6 packet.

public inbox for newlib-cvs@sourceware.org
help / color / mirror / Atom feed

* [newlib-cygwin] Add a limit of the number of fragments per IPv6 packet.
@ 2018-08-24 13:11 Sebastian Huber
  0 siblings, 0 replies; only message in thread
From: Sebastian Huber @ 2018-08-24 13:11 UTC (permalink / raw)
  To: newlib-cvs

https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=0e5c59050d22b22ef6a1f37163040505cb6161f0

commit 0e5c59050d22b22ef6a1f37163040505cb6161f0
Author: jtl <jtl@FreeBSD.org>
Date:   Tue Aug 14 17:26:07 2018 +0000

    Add a limit of the number of fragments per IPv6 packet.
    
    The IPv4 fragment reassembly code supports a limit on the number of
    fragments per packet. The default limit is currently 17 fragments.
    Among other things, this limit serves to limit the number of fragments
    the code must parse when trying to reassembly a packet.
    
    Add a limit to the IPv6 reassembly code. By default, limit a packet
    to 65 fragments (64 on the queue, plus one final fragment to complete
    the packet). This allows an average fragment size of 1,008 bytes, which
    should be sufficient to hold a fragment. (Recall that the IPv6 minimum
    MTU is 1280 bytes. Therefore, this configuration allows a full-size
    IPv6 packet to be fragmented on a link with the minimum MTU and still
    carry approximately 272 bytes of headers before the fragmented portion
    of the packet.)
    
    Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket
    sysctl.
    
    Reviewed by:	jhb
    Security:	FreeBSD-SA-18:10.ip
    Security:	CVE-2018-6923

Diff:
---
 newlib/libc/sys/rtems/include/netinet6/in6.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/newlib/libc/sys/rtems/include/netinet6/in6.h b/newlib/libc/sys/rtems/include/netinet6/in6.h
index 37e1e93..235c990 100644
--- a/newlib/libc/sys/rtems/include/netinet6/in6.h
+++ b/newlib/libc/sys/rtems/include/netinet6/in6.h
@@ -642,7 +642,8 @@ struct ip6_mtuinfo {
 #define	IPV6CTL_INTRQMAXLEN	51	/* max length of IPv6 netisr queue */
 #define	IPV6CTL_INTRDQMAXLEN	52	/* max length of direct IPv6 netisr
 					 * queue */
-#define	IPV6CTL_MAXID		53
+#define	IPV6CTL_MAXFRAGSPERPACKET	53 /* Max fragments per packet */
+#define	IPV6CTL_MAXID		54
 #endif /* __BSD_VISIBLE */
 
 /*


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2018-08-24 13:11 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-24 13:11 [newlib-cygwin] Add a limit of the number of fragments per IPv6 packet Sebastian Huber

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).