CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	jtl <jtl@FreeBSD.org>
	Tue, 14 Aug 2018 17:54:39 +0000 (17:54 +0000)
committer	jtl <jtl@FreeBSD.org>
	Tue, 14 Aug 2018 17:54:39 +0000 (17:54 +0000)
commit	b3822a674366465673f831e3ff2b544e7292f924
tree	3b8ecff07070ac4c9d06b0d99a79b6ca6b408068	tree \| snapshot
parent	2762fee5dd30eb9f1896295c63521e86a9b98d06	commit \| diff

MFC r337780:
  Implement a limit on on the number of IPv4 reassembly queues per bucket.

  There is a hashing algorithm which should distribute IPv4 reassembly
  queues across the available buckets in a relatively even way. However,
  if there is a flaw in the hashing algorithm which allows a large number
  of IPv4 fragment reassembly queues to end up in a single bucket, a per-
  bucket limit could help mitigate the performance impact of this flaw.

  Implement such a limit, with a default of twice the maximum number of
  reassembly queues divided by the number of buckets. Recalculate the
  limit any time the maximum number of reassembly queues changes.
  However, allow the user to override the value using a sysctl
  (net.inet.ip.maxfragbucketsize).

Approved by: so
Security: FreeBSD-SA-18:10.ip
Security: CVE-2018-6923