CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Jonathan T. Looney <jtl@FreeBSD.org>
	Tue, 14 Aug 2018 17:26:07 +0000 (17:26 +0000)
committer	Jonathan T. Looney <jtl@FreeBSD.org>
	Tue, 14 Aug 2018 17:26:07 +0000 (17:26 +0000)
commit	03c99d7662c291e4b918c82aec1c75973cce852d
tree	b606e3689381781b1f192029ba386135ce0c1d74	tree \| snapshot
parent	2adfd64f351d58c3a9cb8f518be4b326783b39bf	commit \| diff

Add a limit of the number of fragments per IPv6 packet.

The IPv4 fragment reassembly code supports a limit on the number of
fragments per packet. The default limit is currently 17 fragments.
Among other things, this limit serves to limit the number of fragments
the code must parse when trying to reassembly a packet.

Add a limit to the IPv6 reassembly code. By default, limit a packet
to 65 fragments (64 on the queue, plus one final fragment to complete
the packet). This allows an average fragment size of 1,008 bytes, which
should be sufficient to hold a fragment. (Recall that the IPv6 minimum
MTU is 1280 bytes. Therefore, this configuration allows a full-size
IPv6 packet to be fragmented on a link with the minimum MTU and still
carry approximately 272 bytes of headers before the fragmented portion
of the packet.)

Users can adjust this limit using the net.inet6.ip6.maxfragsperpacket
sysctl.

Reviewed by: jhb
Security: FreeBSD-SA-18:10.ip
Security: CVE-2018-6923

sys/netinet6/frag6.c		diff \| blob \| history
sys/netinet6/in6.h		diff \| blob \| history
sys/netinet6/in6_proto.c		diff \| blob \| history
sys/netinet6/ip6_var.h		diff \| blob \| history