[src/netbsd-1-4]: src Put a limit on the number of unassembled IP packet frag...

[he <he%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/b49bb0bcdfdd
branches:  netbsd-1-4
changeset: 471303:b49bb0bcdfdd
user:      he <he%NetBSD.org@localhost>
date:      Wed May 30 09:46:46 2001 +0000

description:
Put a limit on the number of unassembled IP packet fragments through
the introduction of net.inet.ip.maxfragpackets.  Fixes SA#2001-006.

diffstat:

 CHANGES-1.4.4 |  11 ++++++++++-
 1 files changed, 10 insertions(+), 1 deletions(-)

diffs (22 lines):

diff -r 517af0092d6d -r b49bb0bcdfdd CHANGES-1.4.4
--- a/CHANGES-1.4.4     Wed May 30 09:45:05 2001 +0000
+++ b/CHANGES-1.4.4     Wed May 30 09:46:46 2001 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: CHANGES-1.4.4,v 1.1.2.13 2001/05/26 15:01:29 he Exp $
+#      $NetBSD: CHANGES-1.4.4,v 1.1.2.14 2001/05/30 09:46:46 he Exp $
 
 A complete list of changes from NetBSD 1.4.3 to NetBSD 1.4.4:
 
@@ -320,3 +320,12 @@
 
   Make sure the machine state restored by setmcontext() is identical
   to that of sigreturn().
+
+sys/netinet/ip_input.c                         1.131,1.133 via patch
+sys/netinet/in.h                               1.53 via patch
+usr.sbin/sysctl/sysctl.8                       patch
+lib/libc/gen/sysctl.3                          1.75 via patch
+
+  Introduce net.inet.ip.maxfragpackets, which controls the maximum
+  number of IPv4 fragment reassembly queue entries.  Defends against
+  certain DoS attacks.  Fixes SA#2001-006.