/freebsd/sys/netinet6/ |
H A D | in6.h | 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923
|
H A D | frag6.c | 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923
|
H A D | ip6_var.h | 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923
|
H A D | in6_proto.c | 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923 03c99d76 Tue Aug 14 17:26:07 GMT 2018 Jonathan T. Looney <jtl@FreeBSD.org> Add a limit of the number of fragments per IPv6 packet.
The IPv4 fragment reassembly code supports a limit on the number of fragments per packet. The default limit is currently 17 fragments. Among other things, this limit serves to limit the number of fragments the code must parse when trying to reassembly a packet.
Add a limit to the IPv6 reassembly code. By default, limit a packet to 65 fragments (64 on the queue, plus one final fragment to complete the packet). This allows an average fragment size of 1,008 bytes, which should be sufficient to hold a fragment. (Recall that the IPv6 minimum MTU is 1280 bytes. Therefore, this configuration allows a full-size IPv6 packet to be fragmented on a link with the minimum MTU and still carry approximately 272 bytes of headers before the fragmented portion of the packet.)
Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket sysctl.
Reviewed by: jhb Security: FreeBSD-SA-18:10.ip Security: CVE-2018-6923
|