Subject: Re: Fragment queue size?
To: Paul Hoffman <>
From: Perry E. Metzger <>
List: tech-security
Date: 04/20/2002 12:30:42
Paul Hoffman <> writes:
> At 11:44 AM +0900 4/20/02, wrote:
> >  >How do I determine how large the queue is for fragmented IP packets
> >  >on my system? Is that number changeable?
> >
> >	sysctl MIB net.inet.ip.maxfragpackets is the maximum allowable
> >	reassembly queue size (counted by # of original packets, i guess).
> >	to get the current queue size, you need to use kmem to see
> >	variable "ip_nfragpackets" (sys/netinet/ip_input.c).
> Thanks! If I wanted to make my system more resistant to DoS attacks,
> could I set this maximum higher in this file and rebuild the kernel?

I don't know that this would be a great idea. Fragmented packets are
very rare in "real life" -- if you are getting huge numbers of them,
they're almost certainly bogus and you shouldn't be trying to keep
them around.

Perry E. Metzger
NetBSD: The right OS for your embedded design.