Subject: Re: Fragment queue size?
To: Paul Hoffman <firstname.lastname@example.org>
From: Perry E. Metzger <email@example.com>
Date: 04/20/2002 12:30:42
Paul Hoffman <firstname.lastname@example.org> writes:
> At 11:44 AM +0900 4/20/02, email@example.com wrote:
> > >How do I determine how large the queue is for fragmented IP packets
> > >on my system? Is that number changeable?
> > sysctl MIB net.inet.ip.maxfragpackets is the maximum allowable
> > reassembly queue size (counted by # of original packets, i guess).
> > to get the current queue size, you need to use kmem to see
> > variable "ip_nfragpackets" (sys/netinet/ip_input.c).
> Thanks! If I wanted to make my system more resistant to DoS attacks,
> could I set this maximum higher in this file and rebuild the kernel?
I don't know that this would be a great idea. Fragmented packets are
very rare in "real life" -- if you are getting huge numbers of them,
they're almost certainly bogus and you shouldn't be trying to keep
Perry E. Metzger firstname.lastname@example.org
NetBSD: The right OS for your embedded design. http://www.wasabisystems.com/